Table4 App Privacy Policy

Last Updated: 18-09-2021

1. Definitions

User: A person that has an account on Table4

You: Referring to you as a user of the app

PII (Personally Identifiable Information): Any information that can be linked to a user as an individual.

Store: referring to PII that we collect about you and keep on our databases

Temporary Data: Data containing PII that is necessary for the functionality of the app

We/us/our: Table4

Table4: referring to the app and developer of Table4 (Robin Titus)

2. Intro

The Privacy Policy is written to explain to the user all aspects related to their data while using Table4. By using the Table4 app, you accept and agree to all the conditions set out in this document.

3. Limitations

The use of Table4 is done at the user's own risk. In no event shall Table4 be held liable for any damages in the form of but not limited to security risks.

4. PII Details

Table4 does not intend using a target advertising business model. The Personally Identifiable Information we collect is the minimum necessary for the functionality of the app.

A user is required to sign in to use Table4’s services. This serves to verify a legitimate user as well as to provide a personalised experience and allow the user to interact with other users via Table4. There are currently two types of users on Table4: A ‘Phone Authenticated User’ and a ‘Google Authenticated User’. Different PII is required and collected in different ways for each user type (see additional points below).

4.1.1. Phone Authenticated User – Firebase Note:

Note: Table4 uses Firebase (a Google subsidiary) to conduct phone authentication. By entering in your number, you are also allowing Google to store and use your number to, according to Google: “improve our spam and abuse prevention across Google services, including but not limited to Firebase”. This is laid out in their terms and conditions but it was a point worth highlighting to Table4 users.

Table4 regards Firebase as a reliable and trustworthy service. It is also a popular service used by major companies such as Trivago, Duolingo, Venmo, Alibaba and Lyft to name a few.

If a user is not comfortable with sharing their number, then they can alternatively opt to sign in via their Gmail account.

4.1.2. Phone Authenticated User – General PII Information

A phone authenticated user submits their phone number in order to receive an SMS with a verification code. By entering in the correct code, they confirm their identify. Table4 collects and stores this user’s phone number. The only additional PII that Table4 collects is the user’s name, however, this does not necessarily have to be the user’s real name. Only the user’s phone number is stored in a designated authenticated database system. All other information related to the user is stored in a separate ‘regular’ database. This is deliberate as these two different systems are protected by their own independent security protocols.

4.2. Google Authenticated User

A Google Authenticated user signs into their Gmail account using an oauth2 standard protocol flow. After a user signs in, Table4 is able to access their Gmail account’s Name, email address, profile picture and localization (language preference). However, the only PII stored is a user’s gmail address (for identity) as well as their first name (as a profile name that others using Table can see when you connect with them). Only the user’s email address is stored in a designated authenticated database system. All other information related to the user is stored in a separate ‘regular’ database. This is deliberate as these two different systems are protected by their own independent security protocols.

4.3. Additional Identifiable Info Details

In addition, ‘non-PII’ that we also record include the date you signed up and your chosen currency symbol. Future updates to the app could introduce profile pictures which would also be stored.

We may introduce more or other authentication / authorization systems in the future which could require additional PII to be collected. If this does happen then this privacy policy document will be updated to explain those changes.

5. Temporary Data

For the app to function as intended, a user creates temporary data while using the app. This data is stored temporarily for the maximum duration that it could be useful. This temporary data includes information such as which users you linked up with (i.e., when you scan their QR code); and what you ordered. All temporary data older than 2 days old (at that specific point in time when the regular ‘clean up function’ is run) gets deleted.

6. Security Info

Table4 strives to use commercially acceptable means of protecting your data. Table4 makes use of multiple security protocols. Strict access control and data validation measures are in place to ensure that only authorised users can read and write to sections of the database that are relevant to them. Data that is not necessary to keep gets deleted. Rate limiters are also in place to ensure that the app’s resources are used as intended. But remember that no method of transmission over the internet, or method of electronic storage is 100% secure and reliable, and Table4 cannot guarantee its absolute security. It is illegal to try and gain unauthorised access to the database and if unauthorised access occurs with malicious intent, it would be reported to law enforcement authorities.

7. App Permissions

Table4 requires certain permissions from your device to function. The only permission that we require and also use is the Camera permission. This is necessary to use your phone's camera with Table4's in-app camera functionality to scan QR codes and take a picture of the bill. Table4 does not access your camera roll. Additional permissions are also required but not used by the app. This is because Table4 was created using a "managed workflow" system that standardises certain features (e.g. requiring a standardised set of permissions). Future updates to the managed workflow system will allow us to require less permissions from you in future updates of the Table4 app.

8. 3rd Party information

Table4 makes use of the following 3^rd party service providers: Google Play Services; Firebase; Google Analytics for Firebase; Firebase Crashlytics; and Expo. These 3^rd parties serve one or more of the following functions: To facilitate the Table4 app; To provide a service on our behalf; To perform service-related services; or To assist us in analysing how our service is used. These third party services may collect information used to identify you. The reason is to perform the tasks assigned to them on our behalf. However, they are obligated not to disclose or use the information for any other purpose.

Link to privacy policy of third party service providers used by the app:

https://www.google.com/policies/privacy/

https://firebase.google.com/policies/analytics

https://firebase.google.com/support/privacy/

https://expo.io/privacy

Table4 will not sell any of your Personal Identifiable Information to any 3rd party as we plan on implementing a Freemium business model in the future. We are open to the idea of working with de-personalised information in the future to assist us with research on how to further develop Table4.

9. Where to find the Privacy Policy

To access the Privacy Policy, touch the left side of the screen and swipe to the right. This will open a drawer navigation menu. Then you can tap on 'Privacy Policy'. You can also tap on the profile icon at the bottom right of your screen and then tap on ‘Docs’.

10. Changes to Privacy Policy

If changes to the Privacy Policy occur, a user will be greeted with the new Privacy Policy upon opening the app. The user will need to accept it if they want to continue using the app.

This document was created with the assistance of https://app-privacy-policy-generator.firebaseapp.com/.

[END]