# Privacy Policy for Document Expiry
**Effective Date:** 2026-04-11
**Developer:** Muhammad Ilyas
**Contact:** muhammadilyas15@gmail.com
## 1. Introduction
Document Expiry ("we", "our", "the app") is a personal document organizer that helps you track important documents and their expiry dates — such as passports, national IDs, driver's licenses, insurance policies, visas, work permits, warranties, and certificates — and sends you timely renewal reminders.
This Privacy Policy explains how Document Expiry handles your information when you use the app. **No account or sign-in is required to use Document Expiry. All of your documents, photos, and personal details are stored only on your device.**
By using Document Expiry, you agree to the practices described in this policy.
## 2. Information We Collect
### 2.1 Information You Provide (Stored On-Device Only)
You can voluntarily enter the following information for each document you add to the app. All of it is stored **exclusively on your device** in a local Room database:
**Document records (`Document` entity):**
- Title / name of the document
- Category (e.g., Passport, ID, License, Insurance, Visa, Warranty, Certificate)
- Issuer / issuing authority
- **Document number** (passport number, ID number, license number, visa number, policy number, etc.)
- Issue date and expiry date
- Front and back photos of the document
- Free-form notes
- Reminder lead time (number of days before expiry)
- Archive status, creation and last-updated timestamps
**Document categories (`DocumentCategory` entity):**
- Category name and icon (pre-seeded categories plus any custom categories you create)
### 2.2 Sensitive Personal Identifiers — Important Notice
Document numbers (passport, national ID, driver's license, visa, insurance policy number, etc.) are **highly sensitive personal identifiers**. Document Expiry treats this data with extra care:
- Document numbers and photos are stored **only in the app's private local database and app-private internal storage** on your device.
- They are **never uploaded to our servers, never synced to the cloud, never shared with advertisers, and never transmitted over the network by the app** under normal use.
- The only way this information leaves your device is if **you explicitly choose** to share or export it yourself (for example, using the system share sheet to send a document to another app).
- We, the developer, have **no access** to your documents, photos, or document numbers at any time.
- Because the data lives on your device, **you are responsible for securing your device** (screen lock, device encryption, trusted backups). Uninstalling the app permanently deletes all data stored by the app.
### 2.3 Information Collected Automatically
When you use the app, the following limited technical data may be collected by third-party SDKs (see Section 5) for crash reporting, analytics, and advertising:
- Device model, manufacturer, OS version, app version, language, and region
- Anonymous / resettable advertising identifiers
- Crash logs and stack traces (no document content is included)
- Aggregated usage events (screens opened, feature usage) via Firebase Analytics
- Approximate (IP-based) location used by the ad SDK for ad serving and regulatory compliance
This automatically collected data is **never linked to the contents of your documents**.
## 3. How We Use Your Information
On-device data (documents, photos, notes, categories) is used solely to:
- Display, search, filter, and organize your documents inside the app
- Compute expiry status (valid / expiring soon / expired)
- Schedule and deliver local reminder notifications before documents expire
- Enforce the free-tier limits on the number of documents and custom categories
- Allow you to share or export individual documents when you choose to
Automatically collected technical data is used to:
- Diagnose crashes and improve app stability (Firebase Crashlytics)
- Understand aggregated feature usage (Firebase Analytics)
- Display advertisements to free-tier users (Google AdMob)
- Process in-app purchases and subscriptions (Google Play Billing)
- Obtain and record consent where required (Google UMP)
- Deliver in-app update prompts (Google Play In-App Update)
## 4. Data Storage and Security
### 4.1 Local Storage Only
- All documents, photos, categories, and settings are stored **locally on your device** using an on-device Room (SQLite) database and SharedPreferences.
- Front and back document photos are saved to the **app's private internal storage** and are only accessible by Document Expiry. Other apps cannot read them.
- Document Expiry **does not include any cloud sync, online account, or server-side backup** for your document data. We do not operate a backend that stores your documents.
### 4.2 No Cloud Storage of User Content
Document Expiry does **not** use Firebase Authentication, Firebase Firestore, Firebase Storage, or any other cloud database. Your documents never leave your device through the app.
### 4.3 Security Measures
- Document data and photos live inside the app's sandboxed, private storage area which is isolated from other apps.
- All network traffic initiated by bundled SDKs (ads, analytics, crash reporting, billing, updates) uses HTTPS/TLS encryption.
- The app respects Android's runtime permission model.
- No password or credential is stored by the app.
## 5. Third-Party Services
We do **not** sell, rent, or trade any of your personal information. However, the app integrates the following third-party SDKs which may process limited technical data as described above:
| Service | Purpose | Data Accessed | Privacy Policy |
|---------|---------|---------------|----------------|
| Google AdMob | Advertising (free tier) | Advertising ID, device info, approximate location, ad interactions | https://policies.google.com/privacy |
| Google UMP (User Messaging Platform) | Consent for personalized ads / GDPR | Consent choices | https://policies.google.com/privacy |
| Firebase Analytics | Aggregated usage analytics | Device info, app events | https://firebase.google.com/support/privacy |
| Firebase Crashlytics | Crash reporting | Crash logs, device state, stack traces | https://firebase.google.com/support/privacy |
| Google Play Billing | Subscriptions and one-time purchases | Purchase tokens and subscription status | https://policies.google.com/privacy |
| Google Play In-App Update | Prompting in-app updates | App version information | https://policies.google.com/privacy |
| Glide | Local image loading / rendering | None (on-device only) | N/A |
### 5.1 Advertising
- Free-tier users see advertisements served by Google AdMob.
- AdMob may use advertising identifiers and limited device data to deliver and measure ads.
- You can opt out of personalized advertising via **Settings > Google > Ads** on your device (or the equivalent setting).
- Purchasing a Premium subscription (monthly / yearly) or the one-time Lifetime upgrade removes all advertisements.
## 6. Photos and Camera
Document Expiry lets you attach a front and a back photo to each document so you can visually identify it later.
- Photos are captured or picked **only when you explicitly choose to add them** through the app's UI. The app uses Android's Photo Picker (`PickVisualMedia`) and/or the camera.
- Captured/selected photos are saved to the app's **private internal storage** via `FileProvider`. They are not placed in your public gallery and are not visible to other apps.
- Photos are **never uploaded to any server** by the app.
- You can delete any photo at any time by editing or deleting the corresponding document. Uninstalling the app permanently deletes all photos it stored.
## 7. Notifications
Document Expiry uses **local notifications only** to remind you about documents that are about to expire or have expired.
- Reminders are scheduled on-device using Android's WorkManager, based on each document's expiry date and your configured lead time.
- No notification content is sent from or through any remote server. The app does **not** use Firebase Cloud Messaging or any push-notification service.
- On Android 13 and above, the app requests the `POST_NOTIFICATIONS` runtime permission. You can grant or deny it, and you can disable notifications at any time from the Android system settings for the app.
## 8. Children's Privacy
Document Expiry is not directed at children under the age of 13. We do not knowingly collect any personal information from children under 13. If you believe a child has used the app to enter personal information, simply uninstall the app to remove that data from the device.
## 9. Your Rights and Choices
Because your data stays on your device, **you are fully in control of it** at all times:
- **View** — every document you entered is visible inside the app.
- **Edit** — you can update any field of any document at any time.
- **Delete** — you can delete individual documents, photos, or custom categories. You can also clear all app data via Android's system Settings > Apps > Document Expiry > Storage > Clear data, or simply uninstall the app to erase everything.
- **Export / Share** — you can share a document through the Android share sheet when you choose to.
- **Notifications** — disable anytime from app or system settings.
- **Ads** — opt out of ad personalization via device settings, or upgrade to Premium / Lifetime to remove ads entirely.
## 10. GDPR and Regional Rights
If you are located in the European Economic Area (EEA), the United Kingdom, or another region with similar laws, you have the following rights with respect to personal data:
- Right to access
- Right to rectification
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to processing
Because Document Expiry stores your documents exclusively on your device and the developer has no access to them, **you can exercise most of these rights directly inside the app** (view, edit, delete) or by uninstalling the app.
For any technical data handled by third-party SDKs (Firebase, AdMob), the app uses Google's User Messaging Platform (UMP) to collect and record your consent for personalized ads in compliance with GDPR / ePrivacy requirements.
For any remaining questions, contact us at muhammadilyas15@gmail.com.
## 11. Data Retention
- Documents, photos, categories, and settings are retained on your device until **you** delete them or uninstall the app.
- Crash reports collected by Firebase Crashlytics are retained for up to 90 days.
- Analytics data collected by Firebase Analytics is retained per Google's standard retention policies (up to 14 months).
- Billing records are retained by Google Play per Google's policies.
## 12. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Effective Date" at the top and, where appropriate, post a notice inside the app. Your continued use of Document Expiry after any changes constitutes acceptance of the updated policy.
## 13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please contact us:
**Email:** muhammadilyas15@gmail.com
**Developer:** Muhammad Ilyas