Privacy Policy

1. Introduction & Core Principle

This Privacy Policy governs the mobile application Dera — Daily Diary & Journal(“the App”), developed for Android.

Our absolute core principle is: Your thoughts are yours alone. Dera is designed as a local-first application. We do not maintain centralized servers to store, process, or inspect your personal diary entries, mood ratings, drawings, or voice logs.

2. Types of Data Processed

a) Journal Entries and Diary Content (Local-Only)

All diary text content, mood ratings, custom notebook categories, tag labels, draft text, attached photos, sketches, and voice notes are stored strictly on your local device. This sensitive personal data is sandboxed within the App's private local database directory. It is never uploaded to, hosted on, or accessed by our servers.

b) Google Account & Gmail Login (Firebase Auth)

The App provides an optional cloud feature that enables you to sign in using your Google (Gmail) account. This is implemented via Firebase Authentication.

• Purpose of Sign-In: Logging in is used solely to authenticate your identity, secure your user token, verify VIP premium entitlement, and establish a secure tunnel to sync backups with your personal cloud account.
• Credential Security: The authentication process is fully managed by Google OAuth services. Dera never receives, reads, or stores your Google/Gmail account password, nor do we collect profile info. All credentials are fully secure and managed directly under Google API Services User Data Policy.

c) Google Drive API Sync & Backup/Restore

Once authenticated, you may choose to back up and restore your diaries using your own private Google Drive account. This operates via the official Google Drive API.

• The appDataFolder Scope: Dera requests access strictly to the sandboxed `https://www.googleapis.com/auth/drive.appdata` scope (Google Drive Application Data Folder). This is a dedicated, hidden folder specifically reserved for our App within your personal cloud drive.
• Strict Sandboxing: Because Dera only uses the sandboxed `appDataFolder` scope, Dera has no permission or ability to view, list, modify, or delete any other files, folders, documents, photos, or data on your general Google Drive. You can read more about how Google enforces this security boundary in the Google Drive AppData API Guide.
• Data Integrity: Your database backups inside Google Drive contain only the encrypted/secured diary texts, tags, moods, and attachments you choose to sync. We do not inspect or hold duplicate copies on our servers.

3. Third-Party Service Providers & Compliance Links

To maintain operations, provide crash detection, and support the App's development in full compliance with the Google Play Developer Content Policy, we integrate selected Google services:

a) Google AdMob (Advertising)

For users on the free tier of the App, Google AdMob serves advertisements. AdMob may collect and process device identifiers (advertising ID), location information, and interaction logs. These metrics are processed according to Google's rules to deliver appropriate ads, prevent fraud, and run analytics. You can learn how Google handles this data or adjust personalization settings by visiting the Google AdMob Privacy Guide.

b) Firebase (Analytics, Auth & Crashlytics)

We use Firebase to authenticate users, analyze app stability, and measure feature usage under Google's strict security framework.

• Firebase Auth: Secures and manages user credentials for Gmail Sign-in token verification.
• Analytics & Crashlytics: Collects anonymous session telemetry (e.g., active durations, buttons tapped) and precise technical crash logs when a bug occurs. These logs contain no sensitive text, diary content, or profile names.
• Compliance: Firebase handles all telemetry in accordance with the Firebase Privacy and Security Terms.

4. Device Permissions Requested

To support specific features, Dera requests the following permissions from your Android operating system:

• Storage / Media: To allow you to select and attach local photographs from your gallery into your diary entries.
• Microphone: To record voice logs when you explicitly tap the voice-memo button in the editor. Voice processing is processed strictly locally.
• Biometric Credentials: To enable instant unlock of your secure diary using your fingerprint or facial scan. Biometric data is stored by the secure hardware chip of your phone and is never shared with the App or sent over the internet.

5. GDPR and CCPA Compliance

Dera complies with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Under these frameworks, you are the absolute data controller:

• Right to Access & Export: You can export all your diary logs as local JSON files or human-readable Markdown directories at any time, directly within the App Settings.
• Right to Erasure (Delete): You can completely purge all local entries from the App Settings. If you have active Google Drive backups, you can also permanently delete the AppDataFolder backup database directly through your Google Drive settings or Google Account Security page.
• Data Portability: Since we do not host your database, you can transfer your local JSON backups to any other device or compatible service without restriction.

6. Children's Privacy

Dera is not structured to attract, and does not knowingly collect personal identifiable information from, children under the age of 13. If you believe a child has provided us with personal information through external channels (e.g., support emails), please contact us, and we will delete it promptly.

7. Changes to this Privacy Policy

We may update our Privacy Policy from time to time to align with new app features or changing regulatory frameworks. Any changes will be posted on this page with an updated “Last Updated” timestamp. You are encouraged to review this policy periodically.

8. Contact Us

If you have questions about this Privacy Policy, please contact our data compliance coordinator at privacy@derajournal.com or general support at support@derajournal.com.