SaltyPlanner

Plan your events together, effortlessly

Back to SaltyPlanner

Privacy Policy

Effective Date: February 1, 2026

This Privacy Policy describes how SilverBacon collects, uses, and shares information when you use the SaltyPlanner mobile application.

1. Consent and The Google UMP

For users in the European Economic Area (EEA), the UK, and Switzerland, we use the Google User Messaging Platform (UMP). On your first launch, you will be asked to provide consent for data collection and personalized ads. You can change these choices at any time in the App settings.

2. Information We Collect

We collect information to provide scheduling and voting features:

  • Account Data: When you sign up via Email or Google Login, we collect your email address, username, and basic profile information to identify your account.
  • Availability Data: We store the dates and times you mark as "available" so that other users in your group can see them for scheduling.
  • Voting Data: We store your votes on specific dates to help determine meeting/event times.
  • Group Data: We store information about groups you create or join, including group names, member lists, and your role within groups.
  • Event Data: We store events created from completed votes, including event titles, dates, times, and notes.
  • Push Notification Tokens: We collect and store Firebase Cloud Messaging (FCM) tokens in both your user account and group member records to send you push notifications about group activities, events, and votes. You can manage notification preferences per group in the app settings.
  • FCM Topic Subscriptions: When you join a group, your FCM token is automatically subscribed to that group's notification topic. This allows you to receive push notifications for group activities. When you leave a group, you are automatically unsubscribed from that topic.
  • Notification Preferences: We store your per-group notification settings to respect your preferences for receiving notifications.
  • Subscription Data: We process your tier status (Free, Ads, Silver, Gold). Payment processing is handled by Google Play Store, and we do not store your credit card details.
  • Purchase Verification: We verify subscription purchases using the Google Play Billing API to ensure the authenticity of transactions and to manage your subscription tier and expiration dates accurately.
  • Promo Code Data: If you redeem a promo code, we store the code, tier granted, redemption date, and expiration date in your account to manage your subscription tier.
  • Promo Code Expiration: When a promo code expires, your tier will automatically revert to your previous tier (or free tier if you have no active subscription). This change occurs automatically when the promo code expiration date is reached.
  • Promo Code Usage Limits: Promo codes may have maximum usage limits. When a promo code reaches its usage limit, it is automatically deleted and can no longer be redeemed. Each user can typically only redeem a specific promo code once.
  • Join Codes: Groups use 10-character join codes for invitations. When you create or join a group, the join code is stored with the group data.
  • Local Device Storage: The app stores some data locally on your device using AsyncStorage, including your language preference, notification settings (global and per-group), time picker style preference, and authentication persistence data. This local data is only stored on your device and is not synced to our servers.

Email Verification: Email/password accounts require email verification before you can create groups or join groups. Google accounts are automatically verified. We store your email verification status.

Account Linking: If you sign up with email/password and later sign in with Google using the same email address, your accounts will be automatically linked. This allows you to use either authentication method to access your account.

Password Reset: If you forget your password, you can request a password reset link via email. We use Firebase Authentication to send reset emails; we do not store or have access to your password.

Age Verification: During account registration, we collect your birthday to verify that you meet the minimum age requirement of 13 years. Your birthday is stored securely in your device's local storage only. It is not stored on our servers and is never transmitted to our servers or shared with third parties. We use this information temporarily during registration to ensure COPPA compliance. Your birthday is not shared with other users and is only used for age verification purposes.

Security and Age Verification: To prevent unauthorized access by underage users, we collect and store a one-way cryptographic hash (SHA-256) of your Android Security ID when a user under 13 attempts to register. This hashed identifier is stored securely in our database for 3 days from the time the block is created to enforce age restrictions and comply with COPPA requirements. The identifier is automatically deleted after expiration using Firestore's Time-to-Live (TTL) policy. Deletion jobs run continuously in the background and typically complete within 24-72 hours after the expiration date. This collection only occurs when an under-13 registration attempt is detected on Android devices. iOS devices do not have this identifier collected.

Device Permissions: The app requests notification permissions when you first launch it to enable push notifications. You can manage notification preferences globally and per-group in the app settings. The app may send you notifications about group activities, new votes, and reminders for events scheduled for tomorrow.

Calendar Export: The app allows you to export completed vote results to your device's calendar. On Android, this uses the system's calendar intent to let you choose which calendar app to use. On iOS, this shares an ICS (iCalendar) file that you can add to your calendar. The app does not request calendar read permissions and does not access or read your existing calendar data. Calendar export is optional and only occurs when you explicitly choose to export an event.

3. Third-Party Services

We use the following third-party services to operate the app:

Firebase Services (Google)

We use Google Firebase for authentication, data storage, cloud functions, and push notifications. Firebase may process:

  • Authentication credentials (email, Google account information)
  • User data stored in Firestore (groups, events, votes, availability)
  • Push notification tokens

Privacy Link: Google Privacy Policy

Google AdMob (Advertising)

This App uses Google AdMob to serve advertisements in certain tiers. AdMob may collect:

  • Advertising IDs (AAID/IDFA)
  • IP addresses and device information
  • Usage data to serve personalized or non-personalized ads

Privacy Link: Google Advertising Privacy & Terms

4. Data Storage and Sharing

Storage: Your account, availability, voting, group, and event data are stored on secure Firebase servers (Google Cloud) to enable syncing across devices.

Visibility: Your availability, votes, username, and group participation are visible to the people you choose to coordinate with in your groups. Group admins can see member lists and manage group settings.

Sharing: We do not sell your personal data. Data is only shared with third-party service providers (Firebase, AdMob, Google Auth) to make the app work. These providers are bound by their own privacy policies and data processing agreements.

Data Retention and Automatic Cleanup: To keep our database efficient, we automatically delete availability data and events that are older than 1 day. This scheduled cleanup runs daily and helps maintain app performance. Your active groups, account data, and recent availability/events are not affected.

5. Account Deletion and Subscription Management

Instant Deletion: If you choose to delete your account from within the App, all your personal data (including email, username, availability, group memberships, events you created, and notification preferences) is deleted from our servers immediately and cannot be recovered. Note: If you are a group admin, you should transfer admin rights or delete groups before account deletion, as groups you created may become inaccessible.

Vote Data Preservation: To maintain vote history integrity for groups, your votes are not fully deleted. Instead, your username in existing votes is changed to "Deleted User" so that vote results remain accurate for other group members. This is the only data that persists after account deletion.

Group Auto-Deletion: If all members leave a group (including when the last member leaves), the group and all its associated data (events, availability, votes) are automatically deleted. This ensures that empty or abandoned groups do not remain in our system.

Data Deletion When Leaving a Group: When you leave a group, your member record and all your availability data for that group are immediately deleted. Your FCM token is also automatically unsubscribed from the group's notification topic. However, your vote data in existing votes is preserved (your username is changed to "Deleted User") to maintain vote history integrity for the group, similar to account deletion behavior. This ensures that your data is removed from groups you no longer participate in while preserving the accuracy of vote results for other group members.

Loss of Access: Upon deletion, you will immediately lose access to all premium features (Silver/Gold tiers) and your account history.

Subscription Cancellation: IMPORTANT: Deleting your app account does not automatically cancel your paid subscription. Since payments are handled by the Google Play Store, you must manually cancel your subscription in your Store account settings to avoid future charges.

Manage/Cancel subscriptions: Google Play Subscription Center

No Refunds: Deleting your account does not trigger a refund for the current billing period. You will not be entitled to a prorated refund for any unused time in your current tier.

Website Requests: You can request account and data deletion through our Account & Data Deletion Request form. Alternatively, you can use the in-app "Delete Account" button.

6. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process your personal data based on the following legal bases:

  • Contract Performance: We process account, group, availability, and voting data to provide the app's core scheduling and voting features, which are necessary to fulfill our contract with you.
  • Consent: We process data for personalized advertising based on your consent, which you can manage through the Google User Messaging Platform (UMP) in the app settings.
  • Legitimate Interests: We process hashed Android Security IDs for age verification and fraud prevention to comply with COPPA requirements and protect our service from unauthorized access.

7. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights regarding your personal data under the General Data Protection Regulation (GDPR):

  • Right to Access: You can request a copy of all personal data we hold about you. You can access much of this data directly through the app, or contact us for a complete copy.
  • Right to Rectification: You can request correction of inaccurate or incomplete data. You can update your username and email directly in the app settings.
  • Right to Erasure: You can request deletion of your personal data. You can delete your account directly in the app settings, which will immediately delete your data (except vote data preserved as "Deleted User" for group integrity).
  • Right to Restrict Processing: You can request that we limit how we use your data in certain circumstances.
  • Right to Data Portability: You can request your data in a machine-readable format. Contact us to receive an export of your data.
  • Right to Object: You can object to certain types of data processing, such as processing for advertising purposes. You can manage ad consent preferences in the app settings.
  • Right to Withdraw Consent: You can withdraw consent for data processing at any time. For advertising consent, you can change your preferences in the app settings.
  • Right to Lodge a Complaint: You have the right to file a complaint with your local data protection authority if you believe we have violated your data protection rights.

To exercise these rights, please contact us at support@silverbacon.app. We will respond to your request within 30 days. For security purposes, we may need to verify your identity before processing certain requests. We will verify your identity by confirming information associated with your account (such as your email address or account details).

8. Your Rights (CCPA - California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You can request information about what personal information we collect, use, and disclose. This Privacy Policy provides detailed information about our data practices.
  • Right to Delete: You can request deletion of your personal information. You can delete your account directly in the app settings, which will immediately delete your data (except vote data preserved as "Deleted User" for group integrity).
  • Right to Opt-Out: We do not sell your personal information to third parties. If we did, you would have the right to opt-out of such sales.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights. You will receive the same quality of service regardless of whether you exercise your privacy rights.

To exercise these rights, please contact us at support@silverbacon.app. For security purposes, we may need to verify your identity before processing certain requests. We will verify your identity by confirming information associated with your account (such as your email address or account details).

We do not sell your personal information.

9. International Data Transfers

Your data is stored on Google Cloud servers, which may be located outside your country of residence, including in the United States. For users in the EEA, UK, and Switzerland, we rely on Google's Standard Contractual Clauses (SCCs) and other appropriate safeguards to ensure your data is protected in accordance with GDPR requirements. Google is certified under various data protection frameworks and maintains robust security measures to protect your data.

10. Data Breach Notification

In the event of a data breach that may affect your personal information, we will notify you and relevant authorities as required by law. For users in the EEA, UK, and Switzerland, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, and affected users without undue delay if the breach poses a high risk to their rights and freedoms. We maintain security measures to prevent breaches, but in the unlikely event one occurs, we will act promptly to mitigate the impact and notify affected users.

11. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, contact us at: support@silverbacon.app