Privacy Policy for Lifeline

Effective Date: October 2, 2025

Thank you for using Lifeline! Your privacy is very important to us. This Privacy Policy explains what data we collect, how we use it, how we protect it, and your rights regarding your personal information.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Email address - for account identification and communication
• Display name - to personalize your experience
• User ID (UID) - a unique identifier generated by Firebase
• Profile photo (optional) - if you choose to upload one
• Country/region (optional) - for localization preferences
• Language preference - for app localization

If you sign in with Google or Apple:

• We receive your email, name, and profile photo from these services
• We do not have access to your Google/Apple account password

1.2 Memory Content

We store the content you create in Lifeline:

• Text data: titles, descriptions, reflection notes, CBT steps, emotional assessments
• Media files: photos, videos, and audio notes
• Timestamps: dates when memories occurred and were created
• Music data: linked Spotify track information (title, artist, album)
• Location tags (if you choose to add them)
• Weather data (if integrated with your memories)
• People tags (connections between memories and individuals)

1.3 Encrypted Content

If you enable end-to-end encryption with a master password:

• Sensitive fields are encrypted on your device before being sent to our servers
• We cannot access or read your encrypted content
• Encrypted content includes fields you mark as "private"
• Important: We cannot recover encrypted data if you forget your master password

1.4 Device and Usage Data

We automatically collect:

• Device information: device model, operating system version, unique device identifiers
• App usage data: features used, screens visited, app performance metrics
• Crash reports: technical data when the app crashes or encounters errors
• Analytics data: anonymized usage patterns to improve the app

This data is collected through:

• Firebase Analytics
• Firebase Crashlytics
• Firebase Performance Monitoring

1.5 Local Data

Data stored on your device:

• Isar database: local cache of your memories for offline access and faster performance
• Media files: photos, videos, and audio files stored in app-specific directories
• Thumbnails: compressed versions of images for quick display
• Preferences: app settings and configuration

1.6 Notification Data

If you enable notifications:

• Reminder schedules: dates and times for reflection prompts
• Push notification tokens: to send notifications to your device

1.7 Subscription Information

For Premium subscribers:

• Purchase receipts: transaction IDs from App Store or Google Play
• Subscription status: active, expired, or canceled
• Purchase date and renewal date

We do not collect or store your payment card information. All payments are processed by Apple or Google.

2. How We Use Your Information

We use your data to:

2.1 Provide the Service

• Store and synchronize your memories across devices
• Display your content in the timeline visualization
• Process and compress media files
• Enable search and organization features
• Send reminders and notifications

2.2 Improve the Service

• Analyze app usage patterns
• Identify and fix bugs and crashes
• Optimize performance and loading times
• Develop new features based on user needs

2.3 Communicate with You

• Send important account notifications
• Respond to your support requests
• Notify you of policy changes
• Provide information about new features (if you opt in)

2.4 Ensure Security

• Detect and prevent fraud or abuse
• Enforce our Terms of Service
• Protect against unauthorized access

2.5 Comply with Legal Obligations

• Respond to legal requests and court orders
• Comply with applicable laws and regulations

3. Data Storage and Security

3.1 Cloud Storage

Your data is stored on Firebase servers operated by Google Cloud Platform:

• Location: Multi-region storage for reliability
• Security: Industry-standard encryption in transit (TLS) and at rest
• Access control: Strict Firestore security rules ensure only you can access your data
• Backups: Automatic backups for disaster recovery

3.2 End-to-End Encryption

When you enable encryption:

• Your master password is used to generate encryption keys
• Encryption is performed on your device before data is sent to servers
• We use AES-256 encryption with secure key derivation (PBKDF2)
• Only you can decrypt your sensitive data

3.3 Biometric Authentication

If you enable Face ID or Touch ID:

• Biometric data never leaves your device
• We do not have access to your fingerprints or face data
• Biometrics are used only to unlock the app locally

3.4 Security Measures

We implement multiple security layers:

• Firebase App Check to prevent unauthorized API access
• SSL/TLS encryption for all network communications
• Regular security audits and updates
• Rate limiting to prevent abuse

4. Data Sharing and Third-Party Services

4.1 We Do Not Sell Your Data

We will never sell, rent, or trade your personal information to third parties for marketing purposes.

4.2 Third-Party Services We Use

Firebase (Google Cloud)

• Purpose: Authentication, database, storage, analytics, crash reporting
• Data shared: Account info, memory content, usage data
• Privacy policy: https://firebase.google.com/support/privacy

Spotify

• Purpose: Search for music tracks to link to memories
• Data shared: Search queries only (no personal data)
• Privacy policy: https://www.spotify.com/privacy

Apple App Store / Google Play

• Purpose: Payment processing for Premium subscriptions
• Data shared: Purchase information
• Privacy policies: Apple and Google

Image Processing Services

• Purpose: Compress images and generate thumbnails
• Processing: Performed locally on your device
• No data shared with external services

4.3 When We May Share Data

We may share your information only in these limited circumstances:

• With your consent: When you explicitly authorize sharing
• Legal requirements: To comply with laws, court orders, or legal processes
• Safety and security: To protect rights, property, or safety of users
• Business transfers: In case of merger, acquisition, or sale (with notice to you)

5. Data Retention

5.1 Active Accounts

We retain your data for as long as your account is active to provide the Service.

5.2 After Account Deletion

When you delete your account:

• Immediate: Your data is marked for deletion and inaccessible to you
• Within 30 days: Permanently deleted from active servers
• Within 90 days: Purged from all backups
• Anonymized analytics: May be retained indefinitely for service improvement

5.3 Legal Retention

We may retain certain data longer if required by law or to resolve disputes.

6. Your Rights and Choices

6.1 Access and Export

You can:

• View all your data within the app
• Export your memories and media files
• Request a copy of your personal data

6.2 Correction and Update

You can update your:

• Display name
• Email address
• Profile photo
• Language and country preferences

6.3 Deletion

You can:

• Delete individual memories
• Delete your entire account (permanently deletes all data)
• Request data deletion by contacting us

6.4 Opt-Out Options

You can disable:

• Notifications: In app settings or device settings
• Analytics: By enabling encryption (limits some analytics)
• Biometric unlock: In app security settings

6.5 Do Not Track

We respect Do Not Track signals. If your browser sends DNT, we will not track your activity.

7. Children's Privacy

Lifeline is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13. If we discover that we have collected data from a child under 13, we will delete it immediately.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

8. International Data Transfers

Your data may be transferred to and stored on servers located outside your country of residence. By using Lifeline, you consent to these transfers. We ensure appropriate safeguards are in place to protect your data.

9. GDPR Rights (For EU Users)

If you are located in the European Union, you have additional rights under the General Data Protection Regulation (GDPR):

9.1 Your Rights

• Right of access: Request copies of your personal data
• Right to rectification: Correct inaccurate or incomplete data
• Right to erasure: Request deletion of your data ("right to be forgotten")
• Right to restrict processing: Limit how we use your data
• Right to data portability: Receive your data in a portable format
• Right to object: Object to processing of your data
• Right to withdraw consent: Withdraw consent at any time

9.2 Legal Basis for Processing

We process your data based on:

• Consent: You agree to our data practices
• Contract: Necessary to provide the Service
• Legitimate interests: Improve and secure the Service

9.3 Data Protection Officer

For GDPR-related inquiries, contact us at: founder@theplacewelive.org

10. CCPA Rights (For California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

• Right to know: What personal information we collect and how we use it
• Right to delete: Request deletion of your personal information
• Right to opt-out: Opt-out of sale of personal information (we do not sell data)
• Right to non-discrimination: Equal service regardless of privacy choices

11. Data Security Incidents

In the event of a data breach that affects your personal information:

• We will notify you within 72 hours of discovering the breach
• We will provide details about what data was affected
• We will describe steps we are taking to address the breach
• We will recommend actions you can take to protect yourself

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy in the app
• Sending an email notification to your registered email
• Displaying an in-app notice

Your continued use of Lifeline after changes indicates acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your data, please contact us:

Email: founder@theplacewelive.org

Response time: We aim to respond to all inquiries within 7 business days.

14. Transparency Report

We are committed to transparency. Upon request, we can provide information about:

• Number of data requests received from authorities
• Types of data requested
• Our responses to such requests

---

*This Privacy Policy was last updated on October 2, 2025. Previous versions are available upon request.*

By using Lifeline, you acknowledge that you have read and understood this Privacy Policy and agree to our data practices as described.