Welcome to Beekeeping Diary! We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, and protect your data when you use our mobile application.

1 Information We Collect

1.1 Information You Provide Directly

When you use Beekeeping Diary, you may provide us with the following information:

• Account Information: Email address, password (encrypted), city, country, and language preference
• Beekeeping Data: Hive names, descriptions, types, locations, apiary information, inspection records, and notes
• Profile Information: Display name and any optional profile details you choose to provide
• Photos: Images of hives, bees, or related beekeeping activities (if you choose to add them)
• Communication: Messages sent to our support team

1.2 Information Collected Automatically

• Device Information: Device type, operating system version, device identifiers
• Usage Data: App features used, session duration, crash reports
• Location Data: Precise location when you add or view hive/apiary locations (only when you grant permission)
• App Preferences: Language settings, dark mode preference, notification settings

1.3 Subscription and Payment Information

When you purchase a premium subscription through Google Play Store, we receive:

• Subscription status (active, cancelled, expired)
• Subscription type (monthly or yearly)
• Purchase tokens (for verification purposes)

Important: We do NOT collect or store your credit card information or payment details. All payment processing is handled securely by Google Play Store.

2 How We Use Your Information

We use the collected information for the following purposes:

Purpose	Information Used	Legal Basis (GDPR)
Account Management	Email, password, profile data	Contract performance
Authentication	Email, password hash, session tokens	Contract performance
App Functionality	Beekeeping data, location, photos	Contract performance
Subscription Management	Subscription status, purchase tokens	Contract performance
Email Verification	Email address	Contract performance
Customer Support	Contact information, support messages	Legitimate interest
App Improvement	Usage data, crash reports	Legitimate interest
Security	Device info, session data	Legitimate interest

3 Data Storage and Security

3.1 Where Your Data is Stored

• Local Storage: Most of your data (hives, apiaries, records) is stored locally on your device using encrypted Android Room database
• Firebase: Your email address and authentication data are stored on Firebase (Google Cloud infrastructure) for account management
• No Cloud Sync: Your beekeeping data is NOT automatically synced to the cloud and remains on your device unless you choose to export it

3.2 Security Measures

We implement industry-standard security measures to protect your data:

• ✅ Password Encryption: Passwords are hashed using SHA-256 and never stored in plain text
• ✅ AES-256 Encryption: Sensitive credentials stored using Android EncryptedSharedPreferences
• ✅ HTTPS Only: All network communications use encrypted HTTPS connections
• ✅ Firebase Security: Authentication protected by Google's enterprise-grade security
• ✅ No Plaintext Passwords: Your password is never transmitted or stored in readable form
• ✅ Session Management: Automatic session expiration after 6 hours of inactivity
• ✅ Secure Backup: Cloud backups exclude sensitive authentication data

3.3 Data Retention

• Account data: Retained while your account is active
• Beekeeping data: Retained until you delete it or delete your account
• Session data: Automatically expires after 6 hours
• Crash reports: Retained for up to 90 days
• Deleted data: Permanently removed within 30 days of deletion request

4 Third-Party Services

Beekeeping Diary integrates with the following third-party services:

4.1 Firebase Authentication (Google LLC)

• Purpose: User authentication and email verification
• Data Shared: Email address, password hash
• Privacy Policy: firebase.google.com/support/privacy

4.2 Google Play Billing

• Purpose: Premium subscription management
• Data Shared: Subscription status, purchase tokens
• Privacy Policy: policies.google.com/privacy

4.3 OpenStreetMap

• Purpose: Display maps for hive and apiary locations
• Data Shared: Map tile requests (no personal data)
• Privacy Policy: openstreetmap.org/wiki/Privacy_Policy

5 Permissions Explained

Beekeeping Diary requests the following Android permissions:

Permission	Why We Need It	When It's Used
Internet	For Firebase authentication and map display	During login and map viewing
Location (Fine & Coarse)	To mark hive and apiary locations on map	Only when adding/viewing locations
Camera	To take photos of hives and bees	Only when you choose to add photos
Storage (Read & Write)	To save photos and export data	When saving images or exporting records
Vibrate	For QR code scan feedback	When scanning QR codes

Note: You can revoke these permissions at any time in your device settings.

6 Your Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or other regions with data protection laws, you have the following rights:

6.1 Right to Access

You can request a copy of all data we hold about you. Use the "Export Data" feature in the app.

6.2 Right to Rectification

You can update or correct your information at any time through the app settings.

6.3 Right to Erasure ("Right to be Forgotten")

You can request complete deletion of your account and all associated data. Go to Settings → Privacy → Delete Account in the app.

6.4 Right to Data Portability

You can export your data in JSON format for use in other applications. Use the "Export Data" feature in the app.

6.5 Right to Restrict Processing

You can request that we temporarily stop processing your data.

6.6 Right to Object

You can object to our processing of your data for specific purposes.

6.7 Right to Withdraw Consent

You can withdraw your consent for data processing at any time by deleting your account.

7 Children's Privacy

Beekeeping Diary is intended for users aged 13 and above. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us with personal information, we will delete it immediately.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

8 Shared Access and Collaboration

Beekeeping Diary allows you to share your beekeeping data with other users you explicitly invite. This feature is designed for family operations, partnerships, and team collaboration.

8.1 How Shared Access Works

• You Control Sharing: Only you can decide who has access to your data
• Permission Levels: You can grant different levels of access (view-only, edit, manage)
• Revocable: You can revoke access at any time
• Visibility: Shared users can only see data you explicitly share
• Activity Tracking: Actions by shared users may be logged for your reference

8.2 Your Responsibilities When Sharing

• You are responsible for who you grant access to
• You should only share with people you trust
• You must ensure shared users comply with our Terms of Service
• You should revoke access when it's no longer needed

8.3 Data Visible to Shared Users

When you share access, the shared user can see:

• Hive and apiary information you own
• Inspection records and notes
• Photos and documents you've uploaded
• Location data for hives and apiaries

Shared users cannot see: Your account information, payment details, or other users' personal data.

8.4 When You're a Shared User

If someone shares their data with you:

• You can only access data they explicitly share
• Your actions may be visible to the account owner
• You must respect the owner's data and privacy
• The owner can revoke your access at any time
• You cannot share the data with others without owner permission

9 Data Sharing and Disclosure

9.1 We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes. Period.

9.2 When We May Share Data

We may share your data only in the following limited circumstances:

• With Your Consent: When you explicitly authorize us to share specific information
• Legal Requirements: If required by law, court order, or government regulation
• Service Providers: With Firebase and Google Play (as described in Section 4)
• Business Transfer: In the event of a merger or acquisition (users will be notified)
• Security/Fraud Prevention: To protect our users and prevent illegal activities

10 International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. When we transfer data internationally, we ensure appropriate safeguards are in place:

• Firebase data is stored in Google Cloud locations with GDPR compliance
• We use standard contractual clauses approved by the European Commission
• All international transfers comply with applicable data protection laws

11 Cookies and Tracking

Beekeeping Diary is a native mobile app and does NOT use cookies. We do not use third-party tracking, analytics, or advertising services.

The only tracking that occurs is:

• Local app preferences (stored on your device)
• Session management (for keeping you logged in)
• Crash reporting (to fix bugs and improve the app)

12 Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons.

When we make significant changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you through the app or via email
• Request your consent if required by law

We encourage you to review this Privacy Policy periodically.

13 Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will:

• Notify affected users within 72 hours (as required by GDPR)
• Provide details about the breach and affected data
• Explain the steps we're taking to address the breach
• Offer guidance on how to protect yourself
• Report to relevant data protection authorities if required

14 Your California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information we collect
• Right to know if we sell or share personal information (we don't)
• Right to delete your personal information
• Right to non-discrimination for exercising your rights

15 Contact Us

16 Supervisory Authority

If you are located in the EEA or UK and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.