Privacy Policy
This policy applies to all mobile applications developed and published by Ebrahim Joy. It explains how we collect, use, and protect your personal data.
01 / Introduction
Welcome. Ebrahim Joy ("Developer", "we", "us", or "our") operates mobile applications published on the Google Play Store and Apple App Store. This Privacy Policy describes how our applications collect, use, and share information about you when you use our apps.
By downloading, installing, or using any of our applications, you agree to the terms of this Privacy Policy. If you do not agree, please do not use the application.
Applicable Apps Include
All applications requiring user registration (email/password login), Google Sign-In (OAuth 2.0), or social login. This includes apps in categories such as: Logistics, Auctions, Fintech, E-commerce, Enterprise Management, and Government Services.
02 / Information We Collect
A Basic Account Registration
When you create an account using email and password registration, we collect:
- Full Name — used to personalize your account and display your profile.
- Email Address — used for account identification, login, and transactional communications.
- Password — securely hashed using industry-standard cryptographic algorithms (bcrypt/SHA-256). We never store plaintext passwords.
- Phone Number (where required) — used for account verification, two-factor authentication, or contact purposes.
- Profile Photo (optional) — uploaded voluntarily for profile personalization.
B Google Sign-In (OAuth 2.0 / Gmail Registration)
When you choose to sign in using your Google account, we request access to the following minimum required scopes from Google's OAuth 2.0 API:
Email Address
Account ID
Display Name
Profile Label
Profile Picture URL
Avatar Image
What We Do NOT Do with Google Data
- We do not access your Google contacts, Gmail messages, Drive, or Calendar.
- We do not sell, rent, or trade your Google account information to any third party.
- We do not use your Google data for targeted advertising or analytics profiling.
- Google data is used solely to create and authenticate your in-app account.
Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
C Automatically Collected Data
- Device Information — device model, OS version, unique device identifiers (for app diagnostics only).
- Usage Analytics — anonymized data on features used and session duration (via Firebase Analytics where applicable).
- Crash Reports — error logs collected via Firebase Crashlytics to maintain app stability. No personally identifiable information is included.
- Location Data (if applicable) — only collected when you explicitly grant permission, and only used for app-specific features (e.g., tracking vehicle pickup location).
- Push Notification Tokens — Firebase Cloud Messaging (FCM) tokens used to deliver transactional push notifications.
03 / How We Use Your Information
We use collected information for the following lawful purposes:
Account Management
Creating, managing, and authenticating your account securely.
Service Delivery
Providing and improving the core features of each application.
Communications
Sending transactional emails, password resets, and system notifications.
Security & Compliance
Preventing fraud, enforcing terms, and complying with legal obligations.
App Stability
Monitoring and resolving crashes to ensure a smooth user experience.
Push Notifications
Sending bid updates, order status, and relevant app-specific alerts.
04 / Data Storage & Security
We implement industry-standard security measures to protect your personal data:
- Local Storage: Sensitive data stored on-device uses encrypted local databases (Hive, SQLite, Isar with AES-256 encryption). Session tokens are stored securely via encrypted SharedPreferences.
- Cloud Storage: Data synced to the cloud is transmitted over HTTPS (TLS 1.2+) and stored on Firebase (Google Cloud) or our backend servers with role-based access controls.
- Password Security: Passwords are never stored in plaintext. We use strong one-way hashing (bcrypt) on the server side.
- Authentication Tokens: JWT (JSON Web Tokens) with short expiry windows are used for session management. Refresh tokens are stored securely.
- Biometric Data: Where biometric authentication is used (Face ID / Touch ID), all biometric data is handled exclusively by the device's secure enclave via the OS. We never access or store raw biometric data.
⚠ Important Note
No method of transmission over the Internet or electronic storage is 100% secure. While we use commercially reasonable means to protect your personal data, we cannot guarantee absolute security. In the event of a data breach, we will notify affected users as required by applicable law.
05 / Data Sharing & Third Parties
We do not sell your personal data. We may share data with trusted third-party service providers strictly necessary for app operation:
Firebase (Google LLC)
Authentication, Crashlytics, Analytics, Cloud Messaging
Google OAuth 2.0
Social login via Google Sign-In only
Payment Processors
For apps with in-app payments (Stripe, etc.) — handled per their own privacy policy
Legal Authorities
Only when required by valid legal order or government request
06 / Data Retention
We retain your personal data only as long as necessary to fulfill the purposes described in this policy, or as required by law:
- Active accounts: Data is retained for the duration of your account's active status.
- Deleted accounts: Personal data is permanently deleted or anonymized within 30 days of account deletion request.
- Crash logs: Anonymous crash reports are retained for up to 90 days.
- Legal hold: In cases of active legal proceedings, data may be retained longer as required by the applicable jurisdiction.
07 / Your Rights
Depending on your location, you may have the following rights regarding your personal data:
🔍 Right to Access
Request a copy of the personal data we hold about you.
✏️ Right to Rectification
Request correction of inaccurate or incomplete data.
🗑️ Right to Erasure
Request deletion of your account and associated personal data.
🚫 Right to Restrict Processing
Request that we limit how we use your data in specific circumstances.
📦 Right to Data Portability
Request a structured, machine-readable export of your data.
🔔 Right to Opt-Out
Disable push notifications or withdraw consent for optional data collection at any time.
To exercise any of these rights, contact us using the information in Section 10 below.
08 / Children's Privacy
Our applications are not directed to children under the age of 13 years (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal data from a child under the applicable age, we will delete such information as quickly as possible.
If you are a parent or guardian and believe we may have collected information about your child, please contact us immediately at the address below.
09 / Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the apps we develop. When we make significant changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify you via in-app notice or email. We encourage you to review this policy periodically.
Your continued use of the application after the effective date of any update constitutes your acceptance of the revised Privacy Policy.
10 / Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
We aim to respond to all data-related inquiries within 14 business days.