Privacy Policy

Hexalian LLC (“we,” “us,” or “our”) operates the Zifora mobile application (the “App”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use Zifora.

1. Information We Collect

1.1 Information You Provide Directly

• Account information: If you create an account or sign in with Google Sign-In, we collect your email address and authentication credentials via Firebase Authentication. Account creation is optional and only required for Cloud Sync.
• Asset data: Names, categories (Home, Vehicle, Documents, Health, Financial), brands, models, purchase dates, warranty dates, and notes for items you track.
• Task data: Maintenance task names, intervals, costs, priorities, due dates, and odometer readings (for vehicle assets).
• Completion records: Dates, actual costs, notes, odometer readings, and photos associated with task completions.
• Photos: Images captured via camera or selected from gallery for assets and completion records. Photos are stored locally on your device in the app’s private directory. If you enable Cloud Sync and have a Pro subscription, photos are also uploaded to Firebase Storage under your authenticated account to keep them synchronized across your devices. Cloud Sync for text data (assets, tasks, completions) is free for all users with an account. You can disable Cloud Sync at any time to stop uploads.
• Onboarding preferences: Category selections and initial asset configurations.

1.2 OCR Receipt Scanning Data

1.3 Voice Input Data

1.4 Location Data

• Approximate location: If you enable the Weather Notifications feature (Pro), Zifora requests coarse (approximate) location access to retrieve a 3-day weather forecast from the Open-Meteo API (a free, open-source weather API).
• How it is used: Your latitude and longitude coordinates are sent to Open-Meteo to retrieve weather forecasts. This determines whether outdoor maintenance tasks should be rescheduled due to rain, snow, or extreme temperatures.
• Not stored permanently: Your precise location is not saved to the database or transmitted to any other service. The weather forecast result is cached locally for up to 6 hours.
• Opt-in only: Location access is requested only when you enable Weather Notifications in Settings. You can revoke this permission at any time in your device settings.
• Low accuracy: We request only coarse/low-accuracy location — sufficient for weather forecasts, not precise enough to identify your exact address.

1.5 Information Collected Automatically

• Device information: Device type, operating system version, unique device identifiers (for ad serving and crash reporting).
• Crash reports: Firebase Crashlytics automatically collects crash logs, stack traces, device state, and OS version when the app crashes. This helps us identify and fix bugs. Crashlytics data collection is disabled in debug/development builds and only active in production.
• Analytics data: Firebase Analytics collects anonymized usage data including app opens, screen views, feature usage, and session duration. This data is aggregated and does not identify individual users.
• Usage data: App interaction patterns, features used, session duration (collected through Google AdMob and RevenueCat SDKs).
• Advertising data: AdMob may collect device advertising identifiers to serve personalized or non-personalized ads to free-tier users. Ads include banner ads and app open ads.
• Subscription data: RevenueCat collects purchase history, subscription status, and transaction identifiers to manage your subscription.

1.6 Family Sharing Data

• If you use the Family Sharing feature (Pro), Zifora stores a list of family member email addresses and display names in Firebase Firestore to enable shared access to assets and tasks.
• Family sharing is invitation-based. You send invitations by email, and the recipient must accept from within the app.
• Family members can view your assets and tasks but cannot modify them.
• You can remove a family member at any time, which revokes their access immediately.

1.7 Information We Do NOT Collect

• We do not collect your name, phone number, or physical address through the App.
• We do not access your contacts, call logs, or SMS.
• We do not transmit, store, or process the full text content of scanned receipts — only the extracted cost value is saved locally.
• We do not record or store audio from voice input — only the recognized text is processed.

2. How We Use Your Information

• Provide and maintain the App’s core functionality (asset tracking across 5 categories, task scheduling, smart notifications, maintenance streak tracking).
• Process OCR receipt scans on-device to auto-fill completion costs.
• Process voice commands on-device to create maintenance tasks hands-free.
• Generate smart maintenance insights based on your completion patterns (processed entirely on-device).
• Retrieve weather forecasts based on your approximate location to provide weather-aware maintenance reminders (Pro feature, opt-in).
• Process and manage subscriptions through RevenueCat.
• Display advertisements to free-tier users through Google AdMob (banner and app open ads).
• Send local notifications for maintenance reminders, warranty expirations, and smart insights (entirely on-device).
• Synchronize data across devices via Firebase Firestore when Cloud Sync is enabled (free for all users, opt-in only).
• Authenticate users via Firebase Authentication for Cloud Sync access.
• Generate PDF maintenance reports and calendar exports (ICS format) on-device.
• Power the Android home screen widget showing upcoming tasks (on-device only).
• Monitor app stability and diagnose crashes via Firebase Crashlytics (production builds only).
• Analyze anonymized usage patterns via Firebase Analytics to improve the user experience.
• Improve and optimize the App’s performance and user experience.

3. Data Storage and Security

3.1 Local Storage

• All user-created data (assets, tasks, completions, photos) is stored locally on your device using an encrypted SQLite database (SQLCipher with a 256-bit AES encryption key stored in your device’s secure keychain). This means your data is encrypted at rest and cannot be read even if someone accesses the raw database file.
• App preferences (theme, language, notification time) are stored using on-device SharedPreferences.
• Photos are stored in the app’s private document directory on your device. When Cloud Sync is enabled, photos are also uploaded to Firebase Storage under your account.
• We do not transmit this data to any server unless you explicitly enable Cloud Sync.

3.2 Cloud Sync (Free Feature — Opt-In)

• When you enable Cloud Sync, your asset data, maintenance tasks, and completion records are synced to Firebase Firestore under your authenticated account.
• Cloud data is stored in isolated user-scoped collections — only you can access your data.
• When Cloud Sync is enabled, photos are uploaded to Firebase Storage in addition to text data and cost metadata. Photos are stored under your authenticated account and are accessible only by you. If you disable Cloud Sync, photos remain on your device only.
• You can disable Cloud Sync at any time in Settings.
• You can request deletion of all cloud data by contacting us or by deleting your account within the app.

3.3 Security Measures

• All network communications use HTTPS/TLS encryption.
• Local database is encrypted using SQLCipher (AES-256) with a cryptographic key stored in your device’s secure keychain (Android Keystore / iOS Keychain).
• Firebase Authentication handles secure token management.
• Cloud Firestore data is protected by comprehensive security rules that restrict access to authenticated users’ own data, with field-level validation.
• Subscription entitlement status is cached securely using encrypted storage.
• We implement commercially reasonable security measures to protect your data. However, no electronic storage is 100% secure.

4. Third-Party Services

The App integrates the following third-party services, each with their own privacy policies:

Service	Purpose	Data Handling	Privacy Policy
Google AdMob	Ad serving (free tier only)	Banner & app open ads; may collect device advertising ID	policies.google.com/privacy
RevenueCat	Subscription management	Purchase history, subscription status, transaction IDs	revenuecat.com/privacy
Firebase Authentication	User authentication (Cloud Sync)	Email address, auth tokens (encrypted)	firebase.google.com/support/privacy
Cloud Firestore	Cloud data sync (Pro, opt-in)	Asset, task, and completion data under authenticated user scope	firebase.google.com/support/privacy
Google ML Kit	OCR receipt scanning	100% on-device — no data sent to Google servers	developers.google.com/ml-kit/terms
Google Sign-In	Authentication option	Google account email	policies.google.com/privacy
Firebase Crashlytics	Crash reporting (production only)	Crash logs, stack traces, device model, OS version	firebase.google.com/support/privacy
Firebase Analytics	Anonymized usage analytics	App events, screen views, session duration (aggregated, non-identifying)	firebase.google.com/support/privacy
Open-Meteo	Weather forecasts (Pro, opt-in)	Approximate latitude/longitude sent to retrieve 3-day forecast; no account or personal data sent	open-meteo.com/en/terms
Speech-to-Text (device native)	Voice input for task creation	Audio processed by device OS speech engine; Zifora only receives recognized text	Subject to Google or Apple privacy policies

5. Children’s Privacy

Zifora is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn that we have collected such information, we will delete it promptly.

6. Your Rights

Depending on your jurisdiction, you may have the following rights:

6.1 All Users

• Access: View and export all personal data we hold about you (via in-app PDF/ICS export).
• Deletion: Delete your data at any time (Settings > Delete All Data, or Settings > Delete Account).
• Portability: Export your data as PDF reports or ICS calendar files from within the app.
• Opt-out of ads: Opt out of personalized advertising (see Section 7).
• Account deletion: Delete your account and all associated cloud data (Settings > Delete Account), or via our web-based deletion page.

6.2 European Users (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you additionally have the right to:

• Rectification: Request correction of inaccurate personal data.
• Restriction: Request restriction of processing of your personal data.
• Object: Object to processing based on legitimate interests.
• Complaint: Lodge a complaint with your local data protection supervisory authority.

Our legal basis for processing is: (a) contract performance (providing the App), (b) legitimate interests (analytics, crash reporting), and (c) consent (location access, voice input, Cloud Sync).

6.3 California Users (CCPA/CPRA)

California residents have the right to know what personal information is collected, request deletion, and opt out of the “sale” or “sharing” of personal information. We do not sell your personal information. See Section 9 for details.

Since all core data is stored locally on your device, you maintain full control. You can delete all data by uninstalling the App or using Settings > Delete All Data within the app.

If you have an account with Cloud Sync enabled, you can delete your account and all cloud data via Settings > Delete Account, or contact supportapps@hexalian.com.

To exercise any of these rights, contact us at supportapps@hexalian.com. We will respond within 30 days.

7. Ad Personalization

Free-tier users see banner ads and app open ads served by Google AdMob. Pro subscribers see no ads. You can opt out of personalized ads:

• Android: Settings > Google > Ads > Reset/Delete advertising ID
• iOS: Settings > Privacy > Tracking > Disable “Allow Apps to Request to Track”

8. Data Retention

• Local data: Retained on your device until you delete it (via in-app deletion, clearing app data, or uninstalling).
• Cloud data: Retained in Firestore while your account exists. Deleted upon account deletion request.
• Subscription data: Managed by RevenueCat and the respective app store (Apple/Google). Subject to their retention policies.
• OCR data: Not retained. The extracted cost value is saved in the completion record; all other scanned text is discarded immediately after processing.
• Voice input data: Not retained by Zifora. Recognized text is processed in real-time to extract task details and then discarded. Audio is processed by the device OS speech engine.
• Location data: Not stored permanently. Used only in real-time for weather forecast retrieval; the forecast is cached locally for up to 6 hours.
• Crash reports: Retained by Firebase Crashlytics for up to 90 days per Google’s policies.
• Analytics data: Retained by Firebase Analytics for up to 14 months per Google’s default retention settings.
• Family sharing data: Retained in Firestore while the family relationship exists. Deleted when either party removes the other, or upon account deletion.

9. Do Not Sell My Personal Information

We do not sell your personal information to third parties. Advertising data shared with Google AdMob for ad serving is not considered a “sale” under applicable law, but you may opt out using the methods described in Section 7.

10. International Users

Zifora is available in 6 languages (English, Spanish, Portuguese, French, Italian, and German). Regardless of your location, the same privacy protections apply. If Cloud Sync is enabled, your data is stored in Firebase servers, which may be located in the United States or other regions per Google Cloud’s infrastructure.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be indicated by the “Last Updated” date at the top. We encourage you to review this periodically.

12. Contact Us