SilverBacon

Privacy Policy - SaltyPlanner

Back to SaltyPlanner

Privacy Policy

Effective Date: April 6, 2026

This Privacy Policy describes how SilverBacon collects, uses, and shares information when you use the SaltyPlanner mobile application.

1. Consent and The Google UMP

We use the Google User Messaging Platform (UMP) for advertising consent where Google and our AdMob configuration require it. That may include users in the European Economic Area (EEA), the UK, Switzerland, and other regions (for example certain U.S. states), depending on Google's rules and your location. A consent form may appear when you first use features that need it, when UMP determines a form is required, or when you open ad privacy settings in the app. You can change advertising-related choices in the App settings.

2. Information We Collect

We collect information to provide scheduling and voting features:

  • Local Device Storage: The app stores data locally on your device using AsyncStorage, including your language preference, notification settings (global and per-group), time picker style preference, and authentication persistence data. The app also stores: whether you have completed the first-run data/consent disclosure, tutorial preferences (whether enabled and which steps shown), a local availability cache for faster loading, your first day of week preference for the calendar, theme preference (light/dark/system), setup completion flags, optional flags used after OAuth setup, timestamps used to limit how often we prompt you about app updates, data used to limit how often you can resend email verification, ad interstitial frequency capping (timestamps), and local keys related to age or advertising consent flows where those features run. This local data stays on your device and is not uploaded as a full backup to our servers (server-side fields are described separately below).
  • Join Codes: Groups use 10-character join codes for invitations. When you create or join a group, the join code is stored with the group data.
  • Promo Code Usage Limits: Promo codes may have maximum usage limits. When a promo code reaches its usage limit, it is automatically deleted and can no longer be redeemed. Each user can typically only redeem a specific promo code once.
  • Promo Code Expiration: When a promo code expires, your tier will automatically revert to your previous tier (or free tier if you have no active subscription). This change occurs automatically when the promo code expiration date is reached.
  • Promo Code Data: If you redeem a promo code, we store the code, tier granted, redemption date, and expiration date in your account to manage your subscription tier.
  • Purchase Verification: We verify subscription purchases using the Google Play Billing API (Android). On iOS we verify purchases using Apple's services, which may include the legacy verifyReceipt flow and/or verification of a signed App Store transaction (for example StoreKit 2-style transaction data). We may store purchase tokens, receipt or transaction identifiers, or signed transaction payloads needed to re-verify your subscription; we do not store full payment card details.
  • Subscription Data: We process your tier status (Free, Ads, Silver, Gold). Payment processing is handled by the Google Play Store (Android) or the Apple App Store (iOS). We do not store your credit card details.
  • Notification Preferences: We store your per-group notification settings to respect your preferences for receiving notifications.
  • FCM Topic Subscriptions: When you join a group, your FCM token is automatically subscribed to that group's notification topic. This allows you to receive push notifications for group activities. When you leave a group, you are automatically unsubscribed from that topic.
  • Push Notification Tokens: We collect and store Firebase Cloud Messaging (FCM) tokens in both your user account and group member records to send you push notifications about group activities, events, and votes. You can manage notification preferences per group in the app settings.
  • Event Data: We store events created from completed votes, including event titles, dates, times, and notes.
  • Group Data: We store information about groups you create or join, including group names, member lists, and your role within groups.
  • Voting Data: We store your votes on specific dates to help determine meeting/event times.
  • Availability Data: We store the dates and times you mark as "available" so that other users in your group can see them for scheduling.
  • Account Data: When you sign up via Email, Google Login, or Sign in with Apple, we collect your email address, username, and basic profile information to identify your account. Sign in with Apple may provide a private relay email; we store whatever email Apple provides for your account.

Email Lookup for Sign-In: When you start Google sign-in, the app may query our user database by email (before or as part of sign-in) to tell whether an account with that email already exists, so new users can be guided through the correct onboarding steps.

Email Verification: Email/password accounts require email verification before you can create groups or join groups. Google and Sign in with Apple accounts are treated as verified by the provider. We store your email verification status.

Account Linking: If you sign up with email/password and later sign in with Google or Sign in with Apple using the same email address, your accounts may be automatically linked where we can match the email. This allows you to use either authentication method to access your account.

Password Reset: If you forget your password, you can request a password reset link via email. We use Firebase Authentication to send reset emails; we do not store or have access to your password.

Age (Minimum 13): You must confirm that you meet the minimum age (13) and accept the Terms and Privacy Policy to register or complete OAuth onboarding. We do not require a date of birth for standard email registration or for the current Google/Apple onboarding flow. If a date of birth is collected in a future or optional flow, we may store it only on the device, or on our servers when needed for that feature (for example to support age-related advertising settings). We do not share date of birth with other users.

Advertising Consent and Legacy Age Fields: On the Ads tier, advertising consent is handled primarily through Google UMP and AdMob as described in Section 1. Your account record may still contain legacy fields (such as birthday, isVerifiedAdult, wasUnder18, or confirmedOver18) from older app versions or experimental flows; we do not rely on those fields for the current Ads-tier consent behavior in the shipping app.

Device Permissions: The app requests notification permissions when you first launch it to enable push notifications. You can manage notification preferences globally and per-group in the app settings. The app may send you notifications about group activities, new votes, and reminders for events scheduled for tomorrow.

Calendar Export: The app lets you export times to your device's calendar from completed votes and from scheduled events shown in group calendar/availability views. On Android, this uses the system's calendar intent so you can choose a calendar app. On iOS, this shares an ICS (iCalendar) file you can add to your calendar. The app does not request calendar read permissions and does not read your existing calendar. Export only happens when you explicitly choose it.

3. Third-Party Services

We use the following third-party services to operate the app:

Firebase Services (Google)

We use Google Firebase for authentication, data storage, cloud functions, and push notifications. Firebase may process:

  • Push notification tokens
  • User data stored in Firestore (groups, events, votes, availability)
  • Authentication credentials (email, Google account information, Sign in with Apple account information)

Privacy Link: Google Privacy Policy

Google AdMob (Advertising)

This App uses Google AdMob to serve advertisements in certain tiers. AdMob may collect:

  • Usage data to serve personalized or non-personalized ads
  • IP addresses and device information
  • Advertising IDs (AAID/IDFA)

Privacy Link: Google Advertising Privacy & Terms

4. Data Storage and Sharing

Storage: Your account, availability, voting, group, and event data are stored on secure Firebase servers (Google Cloud) to enable syncing across devices.

Visibility: Your availability, votes, username, and group participation are visible to the people you choose to coordinate with in your groups. Group admins can see member lists and manage group settings.

Sharing: We do not sell your personal data. Data is shared with third-party service providers (including Firebase/Google Cloud, Google Sign-In, Sign in with Apple, and AdMob) as needed to operate authentication, hosting, notifications, and ads. These providers are bound by their own privacy policies and data processing agreements.

Data Retention and Automatic Cleanup: To keep our database efficient, a scheduled job runs daily and deletes availability records and event records whose scheduled calendar date is more than approximately one day in the past (relative to the job run). Ongoing and future dates for active groups are not removed by this cleanup. If other in-app help text mentions a different retention window, this policy describes the server-side cleanup that actually runs.

5. Account Deletion and Subscription Management

Instant Deletion: If you choose to delete your account from within the App, all your personal data (including email, username, availability, group memberships, events you created, and notification preferences) is deleted from our servers immediately and cannot be recovered. Note: If you are a group admin, you should transfer admin rights or delete groups before account deletion, as groups you created may become inaccessible.

Vote Data Preservation: To maintain vote history integrity for groups, vote documents are not fully erased. Your display name in votes is replaced with a neutral label (for example "Deleted User"). Technical identifiers tied to votes (such as internal user IDs used to record who created a vote or cast a choice) may remain in those documents so tallies and history stay consistent. Other members do not see your email or profile after deletion.

Group Auto-Deletion: If all members leave a group (including when the last member leaves), the group and all its associated data (events, availability, votes) are automatically deleted. This ensures that empty or abandoned groups do not remain in our system.

Data Deletion When Leaving a Group: When you leave a group, your member record and all your availability data for that group are immediately deleted. Your FCM token is also automatically unsubscribed from the group's notification topic. Existing votes may keep technical vote structure with your display name anonymized and the same identifier considerations as under Vote Data Preservation above.

Loss of Access: Upon deletion, you will immediately lose access to all premium features (Silver/Gold tiers) and your account history.

Subscription Cancellation: IMPORTANT: Deleting your app account does not automatically cancel your paid subscription. Payments are handled by the Google Play Store (Android) or the Apple App Store (iOS). You must manually cancel your subscription in your Store account settings to avoid future charges.

Manage/Cancel subscriptions: Google Play Subscription Center (Android). On iOS, cancel via Settings → Apple ID → Subscriptions or App Store Subscription settings.

No Refunds: Deleting your account does not trigger a refund for the current billing period. You will not be entitled to a prorated refund for any unused time in your current tier.

Website Requests: You can request account and data deletion through our Account & Data Deletion Request form. Alternatively, you can use the in-app "Delete Account" button.

6. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process your personal data based on the following legal bases:

  • Consent: We process data for personalized advertising based on your consent, which you can manage through the Google User Messaging Platform (UMP) in the app settings.
  • Contract Performance: We process account, group, availability, and voting data to provide the app's core scheduling and voting features, which are necessary to fulfill our contract with you.

7. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights regarding your personal data under the General Data Protection Regulation (GDPR):

  • Right to Lodge a Complaint: You have the right to file a complaint with your local data protection authority if you believe we have violated your data protection rights.
  • Right to Withdraw Consent: You can withdraw consent for data processing at any time. For advertising consent, you can change your preferences in the app settings.
  • Right to Object: You can object to certain types of data processing, such as processing for advertising purposes. You can manage ad consent preferences in the app settings.
  • Right to Data Portability: You can request your data in a machine-readable format. Contact us to receive an export of your data.
  • Right to Restrict Processing: You can request that we limit how we use your data in certain circumstances.
  • Right to Erasure: You can request deletion of your personal data. You can delete your account directly in the app settings, which will immediately delete your data subject to vote history retention described under Vote Data Preservation.
  • Right to Rectification: You can request correction of inaccurate or incomplete data. You can update your username in the app settings (subject to fair-use limits described in our Terms). The sign-in email address is managed through your authentication provider (for example Google, Apple, or Firebase email verification flows); contact us if you need help aligning account details.
  • Right to Access: You can request a copy of all personal data we hold about you. You can access much of this data directly through the app, or contact us for a complete copy.

To exercise these rights, please contact us at support@silverbacon.app. We will respond to your request within 30 days. For security purposes, we may need to verify your identity before processing certain requests. We will verify your identity by confirming information associated with your account (such as your email address or account details).

8. Your Rights (CCPA - California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights. You will receive the same quality of service regardless of whether you exercise your privacy rights.
  • Right to Opt-Out: We do not sell your personal information to third parties. If we did, you would have the right to opt-out of such sales.
  • Right to Delete: You can request deletion of your personal information. You can delete your account directly in the app settings, which will immediately delete your data subject to vote history retention described under Vote Data Preservation.
  • Right to Know: You can request information about what personal information we collect, use, and disclose. This Privacy Policy provides detailed information about our data practices.

To exercise these rights, please contact us at support@silverbacon.app. For security purposes, we may need to verify your identity before processing certain requests. We will verify your identity by confirming information associated with your account (such as your email address or account details).

We do not sell your personal information.

9. International Data Transfers

Your data is stored on Google Cloud servers, which may be located outside your country of residence, including in the United States. For users in the EEA, UK, and Switzerland, we rely on Google's Standard Contractual Clauses (SCCs) and other appropriate safeguards to ensure your data is protected in accordance with GDPR requirements. Google is certified under various data protection frameworks and maintains robust security measures to protect your data.

10. Data Breach Notification

In the event of a data breach that may affect your personal information, we will notify you and relevant authorities as required by law. For users in the EEA, UK, and Switzerland, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, and affected users without undue delay if the breach poses a high risk to their rights and freedoms. We maintain security measures to prevent breaches, but in the unlikely event one occurs, we will act promptly to mitigate the impact and notify affected users.

11. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, contact us at: support@silverbacon.app