# Privacy Policy — GitaLock
**Effective Date:** April 23, 2026
**Last Updated:** April 23, 2026
**Developer:** indiedevloper@gmail.com
**App:** GitaLock (com.gitascreen.mindapplock)
---
## 1. Overview
GitaLock is a mindfulness app that presents Bhagavad Gita shlokas as an intentional pause before you open other apps on your device. This policy explains what data we collect, why, and how it is handled.
We are committed to minimizing data collection. Most of the app's functionality works entirely on-device.
---
## 2. Information We Collect
### 2.1 Data Stored Locally on Your Device
The following information is stored only on your device using Android DataStore (it never leaves your device unless you are signed in, see §2.2):
| Data | Purpose |
|------|---------|
| Current streak & longest streak | Track your daily shloka practice |
| Karma points & gates completed | Gamification / motivation |
| Shloka sequence position | Resume from where you left off |
| Language preference (English / Hindi) | Display shlokas in your chosen language |
| Reminder time & schedule (start/end hours) | Control when the gate is active |
| Skip duration setting | Personalize gate behavior |
| Whether you have completed the Gita once | Unlock milestone reward |
None of this data identifies you personally.
### 2.2 Data Collected via Firebase (when signed in)
If you create an account or sign in, we use **Firebase Authentication** (Google) to manage your identity. This involves:
- A unique user ID (UID) assigned by Firebase — not your name or email unless you sign in with Google/email
- Sync of your progress data (streak, karma, shloka position) to **Firebase Firestore** so it is restored if you reinstall the app or switch devices
Firebase data is stored on Google's servers. See [Google's Privacy Policy](https://policies.google.com/privacy) for details.
### 2.3 Crash Reports
We use **Firebase Crashlytics** to automatically collect crash and error reports when the app crashes. These reports contain:
- Device model and Android version
- App version
- Stack trace of the crash
- A randomized installation ID (not linked to your account)
Crash reports do **not** contain personal data, shloka history, or app usage patterns beyond the crash itself.
### 2.4 Remote Configuration
We use **Firebase Remote Config** to deliver app configuration updates (e.g., feature flags) without requiring a full app update. No personal data is sent or collected through this service.
---
## 3. Permissions and What They Are Used For
GitaLock requests the following Android permissions:
| Permission | Why We Need It |
|------------|---------------|
| `PACKAGE_USAGE_STATS` | Detect when you open another app so we can show the shloka gate |
| `SYSTEM_ALERT_WINDOW` | Draw the gate screen over other apps |
| `BIND_ACCESSIBILITY_SERVICE` | Alternative method to detect app launches for the gate |
| `FOREGROUND_SERVICE` / `FOREGROUND_SERVICE_SPECIAL_USE` | Keep the monitoring service running while you use your phone |
| `RECEIVE_BOOT_COMPLETED` | Restart the service automatically after your device reboots |
| `POST_NOTIFICATIONS` | Send daily shloka reminder notifications |
| `SCHEDULE_EXACT_ALARM` | Deliver reminders at your chosen time |
| `REQUEST_IGNORE_BATTERY_OPTIMIZATIONS` | Prevent Android from killing the service in the background |
| `INTERNET` / `ACCESS_NETWORK_STATE` | Sync progress to Firebase when signed in |
| `VIBRATE` | Haptic feedback on gate interactions |
**We do not use the Accessibility Service to read any text, passwords, or personal content from other apps.** It is used solely to detect when an app is launched.
---
## 4. What We Do NOT Collect
- We do not collect your name, email address (unless used as sign-in credential), phone number, or any contact information
- We do not read messages, calls, photos, or files on your device
- We do not track your location
- We do not display ads and do not share data with advertising networks
- We do not sell your data to any third party
- We do not collect a list of the specific apps you open
---
## 5. Data Retention
- **Local data** remains on your device until you uninstall the app or clear app data
- **Firebase account data** is retained until you delete your account. To request deletion, email us at indiedevloper@gmail.com
- **Crashlytics data** is retained by Google for 90 days per their standard policy
---
## 6. Children's Privacy
GitaLock is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can delete it.
---
## 7. Third-Party Services
GitaLock uses the following third-party services, each governed by their own privacy policies:
- **Firebase (Google):** Authentication, Firestore database, Crashlytics, Remote Config — [Google Privacy Policy](https://policies.google.com/privacy)
---
## 8. Data Security
Progress data synced to Firebase is protected using Firebase's built-in security rules and Google's encryption in transit (TLS) and at rest. Local data is stored in Android's sandboxed app storage, inaccessible to other apps.
---
## 9. Your Rights
You may:
- **Access or export** your data by contacting us
- **Delete your account and data** by emailing indiedevloper@gmail.com
- **Opt out of crash reporting** by disabling the app's internet permission via Android settings
- **Use the app offline** — all core features work without an internet connection or account
---
## 10. Changes to This Policy
We may update this policy as the app evolves. The "Last Updated" date at the top of this page reflects the most recent revision. Continued use of the app after changes constitutes acceptance of the updated policy.
---
## 11. Contact
For privacy questions or data deletion requests:
**Email:** indiedevloper@gmail.com
**App:** GitaLock on Google Play