PRIVACY POLICY
Last Updated: April 25, 2026
Contact: mbirdtraining@gmail.com

======================================================================

The mBirdBreeder application (“the App”) is a bird-management tool designed for bird breeders, hobbyists and pet-bird owners. It helps users record, organise and track their birds, breeding pairs, eggs, health treatments, aviary layout and related statistics.

IMPORTANT — The App is a record-keeping and management tool only. It does not provide veterinary, medical or professional breeding advice. Each user is solely responsible for the care, health and welfare of their own birds and pets. The developer assumes no liability for any decisions made or actions taken based on data displayed in the App.

By creating an account or using the App you agree to this Privacy Policy.

1. INFORMATION WE COLLECT

1.1 Account Information

When you create an account we collect:

• Email address
• Display name (if provided)
• Profile photo URL (if provided)
• Google account information (if you sign in via Google OAuth 2.0)
• Account creation and last-update timestamps
• Email verification status (for email+password accounts)

1.2 Bird & Breeding Data

The App stores data you voluntarily enter, including:

• Bird profiles (species, subspecies, name, ring number, sex, birth date, colour mutation, status, notes, custom incubation days)
• Bird photos uploaded from your device
• Breeding pairs and pairing records
• Egg records (laying date, candling date, expected and actual hatch date, fertility status, notes)
• Pedigree relationships (parent–offspring, up to 3 generations)
• Health and treatment records (medications, vitamins, diseases, veterinary visits, dosages, scheduled care dates)
• Aviary structure (rooms, aviaries/cage-groups, individual cages, bird assignments)

1.3 Subscription & Purchase Data

Stored server-side in Google Firebase:

• Subscription status, purchase token, expiry date, payment state and auto-renewing flag (Cloud Firestore, under your user account)
• Premium status flag (Firebase Auth Custom Claims, attached to your authentication token)
• Trial usage record: start date, end date, duration (Cloud Firestore)
• Purchase token ownership record (Cloud Firestore, write-protected) — used solely to prevent the same purchase being claimed by multiple Firebase accounts
Cached locally on your device for offline access:

• Subscription state (free, trial active, premium active, premium expired)
• Trial start and end dates
• Premium expiry date
• Bird count used for access-tier enforcement
Server-side subscription verification is performed by Cloud Functions that validate purchases against the Google Play API. All payment processing is handled entirely by Google Play. We never collect, store or access payment-card details or financial information.

1.4 App Preferences

Stored locally on your device only (Hive key-value database):

• Language preference (English, Spanish, Greek, Portuguese, Thai, Arabic) and first-language-chosen flag
• Theme preference (light / dark mode)
• In-app review prompt data (first open date, action count, last prompt date)
• A flag recording whether the optional battery-optimization exemption dialog has been shown (premium users only)

1.5 Device & Technical Information

The App uses Firebase Crashlytics to collect crash reports in release builds. When a crash or non-fatal error occurs, Crashlytics may collect:

• Crash logs and stack traces
• Device model, manufacturer and OS version
• App version and build number
• Free memory and disk space at the time of the crash
Crashlytics data is used exclusively to identify and fix software defects. It is not used for advertising, profiling or behavioural tracking. Crash reporting is automatically disabled in debug/development builds.

1.6 Usage Analytics

The App uses Firebase Analytics to collect aggregated, non-identifying usage data that helps us understand how the App is used and improve it:

• Automatically collected events (e.g. app open, screen views, app updates) provided by the Firebase Analytics SDK
• Limited device and locale information (e.g. device model, OS version, country, language) collected by the SDK
Analytics is enabled by default at app start. We do not use Analytics for individual user profiling, behavioural targeting or marketing. We do not combine Analytics data with personally identifying breeding data. Aggregated insights are used solely to monitor App performance and prioritise improvements.

Additional limited technical information may be collected by the third-party services listed in Section 4.

2. HOW WE USE YOUR DATA

We use your data exclusively to:

• Provide and operate the App’s core features (bird management, breeding tracking, health records, statistics, pedigree, aviary layout)
• Authenticate your account and protect access to your data
• Verify your email address (for email+password accounts only)
• Synchronise your data in real time across devices via cloud services
• Verify and manage your subscription status server-side via Cloud Functions and enforce access tiers (free / trial / premium)
• Store your premium status as a Custom Claim in your Firebase Auth token for fast access-tier resolution
• Schedule local push notifications for hatch-day, candling-day and treatment/care reminders (premium feature)
• Display advertisements to free-tier users (see Section 5)
• Collect crash reports to identify and fix software defects (release builds only, see Section 1.5)
• Collect aggregated usage analytics to understand App engagement and prioritise improvements (see Section 1.6)
• Prompt for an optional in-app review at appropriate moments
We do NOT use your data for individual user profiling, automated decision-making, behavioural targeting or marketing purposes.

3. DATA STORAGE & SECURITY

3.1 Cloud Storage

Your account and breeding data are stored securely in Google Firebase:

• Firebase Authentication — manages credentials, login sessions, email verification status and premium status (Custom Claims)
• Cloud Firestore — stores breeding data (birds, pairs, eggs, treatments, rooms, cages) under user-scoped subcollections, plus subscription records (purchase status, trial usage) in write-protected subcollections managed exclusively by Cloud Functions
• Firebase Storage — stores bird photos you upload (compressed, max 1,200 px width, ≤ 5 MB per file, image files only)
Firestore Security Rules enforce strict per-user isolation: each user can only read and write their own data. Subscription data is additionally write-protected — only server-side Cloud Functions can create or modify subscription records. Purchase-token ownership records and Cloud Functions configuration are completely blocked from client access.

Storage Security Rules enforce: authenticated access only, user-scoped paths, maximum file size of 5 MB, and image-only content type validation.

3.2 Local Storage

App preferences, review data and a local cache of subscription state are stored on your device in a local Hive database. The active local boxes are:

• app_settings — language and theme preferences
• subscription — offline cache of subscription state (premium flag, trial/expiry dates, bird count)
• review_data — in-app review prompt tracking
• app_prefs — miscellaneous flags (e.g. whether the battery-optimization explanation dialog has been shown)
Subscription data cached locally is used solely as an offline fallback; the authoritative subscription status is maintained server-side in Firebase Auth Custom Claims.

3.3 Remote Configuration

Firebase Remote Config is used to manage operational parameters (e.g. free-tier bird limit, default notification time, Google Play product IDs, the Privacy Policy text and the Terms of Use text). These parameters contain no personal data and are fetched on each app start.

3.4 Security Measures

• User-scoped access control via Firebase Security Rules
• Secure token-based authentication with automatic token refresh
• Re-authentication required before sensitive operations (account deletion)
• HTTPS-only enforcement via Android network security configuration (cleartext traffic prohibited)
• Code obfuscation and resource shrinking via ProGuard/R8 in release builds
• Photos stored in user-scoped storage paths inaccessible to other users, with server-enforced 5 MB size limit and image-only content type validation
• Subscription data write-protected in Firestore — only Cloud Functions can modify subscription records
• Server-side purchase verification via Google Play API (prevents client-side tampering)
• First-verify-wins purchase token ownership: a purchase token validated under one Firebase account cannot later be claimed by a different account
• Password policy enforcement: minimum 8 characters with uppercase, digit and special character requirements
• Login rate limiting to protect against brute-force attempts
• Email verification for email+password accounts (dedicated verify-email screen with cooldown-protected resend)
• Input sanitization for user-provided names (HTML stripping, length limits)
• Application backup disabled at the OS level (allowBackup=”false”) to prevent extraction of cached data

4. THIRD-PARTY SERVICES

The App integrates the following third-party services, each governed by their own privacy policies:

4.1 Firebase (Google)

• Purpose: Authentication, cloud database, file storage, remote configuration, crash reporting, server-side functions, usage analytics
• Data shared: Account info, breeding data, photos, subscription status, crash reports, aggregated analytics events
• Privacy Policy: https://firebase.google.com/support/privacy

4.2 Google Sign-In

• Purpose: Optional OAuth 2.0 authentication
• Data shared: Google account info (email, name, profile photo)
• Privacy Policy: https://policies.google.com/privacy

4.3 Google AdMob

• Purpose: Displaying ads to free-tier users
• Data that may be collected by Google: Device identifiers, usage data, advertising data
• Privacy Policy: https://policies.google.com/privacy
Premium and trial users do not see ads.

4.4 Google Play Billing

• Purpose: Processing subscription purchases (Pro monthly and yearly plans)
• Data handled by Google: Payment and transaction information
• Privacy Policy: https://policies.google.com/privacy

4.5 Firebase Crashlytics

• Purpose: Crash reporting and error tracking in release builds
• Data collected: Crash logs, stack traces, device model, OS version, app version, memory and storage state at time of crash
• Data is used exclusively to identify and fix software defects
• Crash reporting is disabled in debug/development builds
• Privacy Policy: https://firebase.google.com/support/privacy

4.6 Firebase Analytics

• Purpose: Aggregated usage analytics to monitor App performance and engagement
• Data collected: Automatic events (app open, screen views, app updates), device model, OS version, locale and country
• Data is aggregated and used for product improvement only — not for individual profiling, behavioural targeting or marketing
• Privacy Policy: https://firebase.google.com/support/privacy

4.7 Firebase Cloud Functions

• Purpose: Server-side subscription verification (Google Play API validation), trial management, premium status enforcement
• Data processed: Purchase tokens, subscription status, user identifiers
• Functions run on the Node.js 22 runtime in the europe-west1 region (Belgium)
• No user data is shared with third parties through Cloud Functions
• Privacy Policy: https://firebase.google.com/support/privacy

5. ADVERTISING

The free version of the App displays banner ads through Google AdMob. Google may collect device identifiers, usage data and advertising data to serve relevant ads. For details visit: https://policies.google.com/privacy

Users with an active premium subscription or free trial do not see any ads.

You can manage your ad-personalisation preferences through your Google Account: https://adssettings.google.com

6. SUBSCRIPTIONS & IN-APP PURCHASES

The App offers the following plans via Google Play Billing:

• Pro Monthly — billed monthly + applicable VAT (live retail price displayed in the App at checkout)
• Pro Yearly — billed yearly + applicable VAT (live retail price displayed in the App at checkout)
• Free Trial — 7 days, once per account
Reference retail prices at the time of writing are €1.99 / month and €19.99 / year (plus VAT). Live prices are fetched from Google Play and may vary by country and currency. The App also includes offline fallback prices used only when the Billing API has not yet returned live values.

Premium features include: unlimited birds, ad-free experience, push notifications for hatch/candling/treatment reminders, pedigree tree view.

Free-tier users are limited to a configurable number of birds (default 15, adjustable via Firebase Remote Config) and see ads.

All payments are processed by Google Play. We do not store or access your payment information.

IMPORTANT: Deleting your account within the App does NOT automatically cancel your Google Play subscription. You must cancel it separately through the Google Play Store to avoid continued charges.

7. NOTIFICATIONS

The App uses local push notifications (not cloud-based) to send reminders for:

• Expected hatch dates
• Recommended candling dates
• Scheduled treatment/care dates
Notifications are scheduled locally on your device. The default time is 07:00 in your local timezone; this may be adjusted remotely via Firebase Remote Config. Notifications are available only to premium/trial users.

On Android 13 and above, notification permission is requested at runtime the first time you open the App.

Premium users may additionally be asked once to grant a battery-optimization exemption (REQUEST_IGNORE_BATTERY_OPTIMIZATIONS). This permission is requested only because some Android device manufacturers aggressively suspend scheduled alarms in low-power modes. Granting it allows hatch/candling/treatment reminders to fire reliably at the configured time. The permission can be revoked at any time in Android system settings.

No notification data is sent to any external server.

8. DATA SHARING

We do not sell, rent or share your personal data with third parties for their own purposes.

Data may be disclosed only:

• To Google Firebase services as described in Section 4, solely to operate the App (including Crashlytics for crash reporting, Firebase Analytics for aggregated usage data, and Cloud Functions for subscription management)
• To Google AdMob for ad serving to free-tier users
• To the Google Play Developer API for server-side subscription verification (purchase tokens only)
• When required by law, regulation or legal process
• To protect our rights, safety or property

9. YOUR RIGHTS

You have the right to:

• Access — View all your data within the App at any time
• Rectify — Edit any breeding record, bird profile or account detail
• Delete — Request complete deletion of your account and all associated data
• Withdraw consent — Stop using the App at any time
You can exercise these rights directly within the App or by contacting us at the email address in Section 18.

10. DATA DELETION

You can delete your account from within the App (Settings → Delete Account).

When you delete your account, the following data is permanently and irreversibly removed:

• All Firestore data (birds, pairs, eggs, treatments, rooms, cages, subscription records)
• All uploaded photos from Firebase Storage
• Your user profile document
• Your admin whitelist entry (if applicable)
• Your Firebase Authentication account (including Custom Claims)
• Local subscription cache on your device
The following is preserved locally for usability:

• Language and theme preferences (stored on your device only, contain no personal data)
Important:

• Deleted data cannot be recovered under any circumstances.
• Re-authentication may be required to complete account deletion.
• Google Play subscriptions must be cancelled separately by you.

11. DATA RETENTION

• Your data is retained for as long as your account remains active.
• We do not delete data unless you explicitly request it or delete your account.
• No automatic expiration, archival or purging takes place.
• Treatment and health records are preserved permanently while your account exists.

12. INTERNATIONAL DATA TRANSFERS

Your data is processed and stored on Google’s servers, which may be located outside your country of residence. Cloud Functions run in the europe-west1 region (Belgium). By using the App you consent to the transfer of your data to Google’s infrastructure. Google complies with applicable data-protection frameworks. For details see Google’s data-processing terms.

13. CHILDREN’S PRIVACY

The App is not intended for children under the age of 13 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal data from children. If we discover that we have collected data from a child without appropriate consent, we will delete that data promptly.

14. DISCLAIMER OF LIABILITY

The App is provided as a record-keeping and management tool for bird breeders and pet-bird owners. It is NOT a substitute for professional veterinary care or expert breeding guidance. Users are solely responsible for:

• The health, welfare and living conditions of their birds
• Any breeding, medical or care decisions made using information displayed in the App
• Compliance with local, national and international laws regarding animal husbandry and protected species
The developer disclaims all liability for injury, loss, damage or death of any animal that may result — directly or indirectly — from the use of the App.

15. CALIFORNIA PRIVACY RIGHTS (CCPA)

If you are a California resident you have the right to:

• Know what personal data we collect and how it is used
• Request deletion of your personal data
• Opt out of the sale of personal data (we do not sell personal data)
• Non-discrimination for exercising your privacy rights

16. EUROPEAN PRIVACY RIGHTS (GDPR)

If you are located in the European Economic Area (EEA) you have additional rights, including:

• Right to access, rectify or erase your personal data
• Right to restrict or object to processing
• Right to data portability
• Right to lodge a complaint with a supervisory authority
Legal bases for processing:

• Consent — account creation and voluntary data entry
• Contract performance — providing the App’s services
• Legitimate interest — App security, operational integrity and aggregated usage analytics for product improvement

17. CHANGES TO THIS POLICY

We may update this Privacy Policy to reflect changes in the App, legal requirements or our practices. The current version of the Privacy Policy text is delivered to the App via Firebase Remote Config and can be updated without an app update. The “Last updated” date at the top will be revised accordingly. Continued use of the App after changes constitutes acceptance of the updated policy.

18. CONTACT

If you have questions, concerns or requests regarding this Privacy Policy or your personal data, contact us at:

Email: mbirdtraining@gmail.com