Privacy Policy

1. Information Collection

We practice data minimalism. Our complete data collection consists of:

Personal Information:

• Email address - Required for account creation and essential service communications
• Device identifier - Used exclusively to enforce our one-trial-per-device policy and two-device limit for active subscribers
• Device name/model - Used to display user-friendly device names in the device management interface
• IP address - Recorded solely when you accept this policy to establish legal proof of acceptance
• Payment information - Managed through Google Play Billing; we do not store or access payment card details
• Legal document acceptance records - Comprehensive records including device information (device ID, device name/model, platform, system version, build number), IP address, user agent, and timestamp when you accept our Terms of Service, Privacy Policy, and Refund Policy for legal compliance and dispute resolution purposes
• App usage analytics - Limited user app usage data collected through Firebase Analytics and our internal analytics system for app improvement and Google Ads optimization. No personal data is shared with third parties, and all analytics are used solely for app improvement purposes.

Google Sign-In & Auto Account Creation

When you choose “Continue with Google”, PeaceBreak uses non-sensitive OpenID Connect scopes (openid, email, profile). Through our authentication provider (Supabase), we receive your Google user ID (sub), display name, avatar URL, and email address. We use this only to authenticate you and personalize your account. We do not request or access any other Google data (e.g., contacts, calendar, Gmail).

Supabase automatically creates your PeaceBreak account when you sign in with Google, and marks your email as verified. If you delete your account and later sign in with Google again, a new account will be created. Your previous account data does not return—each new sign-in starts fresh.

Authentication data is stored securely in Supabase and follows the retention and deletion practices described in this policy.

Information We Do Not Collect:

• ❌ Detailed behavioral tracking for marketing, advertising, or data sales purposes
• ❌ Crash reports or performance monitoring data
• ❌ Audio listening preferences or detailed usage history
• ❌ Exact device location or GPS coordinates
• ❌ Social media integrations or contact information
• ❌ Advertising identifiers shared with third parties
• ❌ Personal data shared with advertising networks or data brokers

We do not sell, rent, or share your personal information with any third parties for any purpose.

2. Data Usage

We utilize your minimal data exclusively for essential service operations:

Analytics Systems for App Improvement

We use Firebase Analytics and our internal analytics system to collect limited user app usage data exclusively for app improvement purposes. Firebase Analytics data is anonymized and aggregated, and is also used for Google Ads optimization (no personal data shared with Google). Our internal analytics are stored securely and never shared with third parties.

Core Service Operations:

• Email address: Account management, authentication, and critical service notifications
• Device identifier: Enforcement of trial limitations (one trial per email address and one trial per device) and active subscriber device limits (maximum 2 active devices per account)
• Device name/model: Display user-friendly device names in the device management interface for easier device identification
• IP address: Legal compliance and verification of policy acceptance
• Payment information: Subscription status verification through Google Play Billing (no card details stored)
• Legal document acceptance records: Maintained as evidence of your acceptance of our legal terms, including device information (device ID, device name/model, platform, system version, build number), IP address, user agent, and timestamp for legal compliance and potential dispute resolution

Prohibited Data Uses:

• ❌ Selling, sharing, or renting your personal data to any third party for any purpose
• ❌ Marketing campaigns or promotional communications
• ❌ Third-party data sales, sharing, or data brokerage
• ❌ User behavior analysis or profiling for marketing, advertising, or commercial purposes
• ❌ Content personalization or recommendation systems
• ❌ Sharing analytics data with advertising networks, data brokers, or any other third parties

3. Subscription and Trial Management

Trial Policy:

• 7-day free trial available once per email address and once per device
• Manual subscription activation: payment processing initiates paid service
• Transparent cancellation available through application settings
• Email and device identifiers retained post-cancellation solely for trial abuse prevention

Device Management Policy:

• Active subscribers are limited to 2 active devices per account
• Additional devices attempting to access the service will be automatically disabled
• Users can manage their active devices through the app's device management interface
• Device information (device name/model, ID, activation date) is stored for management purposes

4. Data Security

We implement industry-standard security measures to protect your information and ensure it is never sold or shared:

• Encrypted data transmission and storage protocols
• Secure payment processing through certified third-party providers
• Regular security assessments and system updates
• Restricted access based on operational necessity
• Strict policies preventing data sales, sharing, or unauthorized access

5. Data Retention and Removal

Account Deletion Process:

• Immediate removal: Personal preferences and account configuration data
• Legal retention: Email, device identifier, and IP address maintained for trial enforcement and legal compliance
• Payment information: Managed according to payment processor retention requirements

We retain minimal data only as legally required or necessary to prevent service abuse.

6. Third-Party Service Providers

Important: We do not sell, share, or rent your personal data to third parties. The service providers listed below process your data only for essential service functions under strict contractual obligations and privacy safeguards.

We utilize certified providers with comprehensive security protocols:

• Payment processing: Google Play Billing (Google's secure payment infrastructure) - processes payment transactions only, no personal data shared for other purposes
• Data storage: Supabase (SOC 2 Type II certified) - stores your account data securely, data is never shared with other Supabase customers or third parties
• Email delivery: Brevo (GDPR compliant) - sends essential service emails only (account verification, password resets, critical notifications), email addresses are not used for marketing or shared with other parties

We do not allow these service providers to use your personal information for their own marketing or advertising purposes, and we never sell your data to them or any other entity.

7. User Rights

You maintain the following rights regarding your personal data:

Available Through the Application:

• Account creation: Provide your email address to create an account
• Account deletion: Remove your account and associated personal data through app settings
• Subscription cancellation: Cancel your subscription through app settings

Available by Email Request:

• Data access: We can provide your stored information (email, device ID, device name/model, IP address, legal document acceptance records, and analytics data if applicable)
• Data export: We can send your data in a simple format (typically JSON or plain text)
• Account assistance: Help with account-related issues within our technical capabilities

Current Limitations:

• Email address changes require manual processing and may take several business days
• Data processing objections are handled on a case-by-case basis within our technical constraints
• We operate with limited technical resources as a solo developer

Given our minimal data collection and technical setup, most data requests are straightforward but may require manual processing.

8. Policy Updates

Material changes to this policy will be communicated through the application or email notification. Continued service usage following notification constitutes acceptance of revised terms. We remain committed to our minimal data collection principles.

9. Legal Compliance

This policy complies with applicable privacy regulations including GDPR, CCPA, and state-specific privacy laws. We may adjust our practices to meet evolving legal requirements while maintaining our privacy-first approach.

Our commitment to you: We will never sell, rent, or share your personal data with third parties. This commitment is fundamental to our privacy policy and will not change.

10. Device Permission

PeaceBreak uses only the following permission and never for tracking or advertising:

• Notifications – Shows what is playing and helpful status information.

You can change notification settings anytime in your device settings.