Privacy Policy

Rock Identifier: Mineral Scan · Effective date: April 8, 2026 · Last updated: April 8, 2026

This Privacy Policy describes how Vadim Kuznetsov ("we", "us", or "our") collects, uses, and shares your personal information when you use the Rock Identifier: Mineral Scan Android application (the "App"). It also explains your rights under the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), and other applicable laws.

1. Who We Are

The data controller responsible for your personal data is:

Name: Vadim Kuznetsov (individual developer)
Email: [email protected]

For all privacy-related inquiries, including exercising your rights under GDPR or CCPA, please contact us at the email above.

2. What Data We Collect

2.1 Photos and Camera Data

When you use the mineral identification feature, you may take or upload a photo of a rock or mineral. That image is transmitted to our backend server solely for AI-based identification processing. Once the identification result is returned to your device, the image is permanently deleted from our servers. We do not store, retain, or share your photos.

2.2 Analytics and Crash Data

We use the following third-party services to understand how the App is used and to diagnose technical issues:

Firebase Analytics (Google LLC) — collects pseudonymized usage events, session data, and device information.
Firebase Crashlytics (Google LLC) — collects crash reports including device model, OS version, and app state at the time of crash.
Google Analytics (Google LLC) — collects aggregated behavioral data to understand feature usage.

These services may collect pseudonymous device identifiers, IP address, app version, OS version, language, and usage events. This data is pseudonymous — it cannot directly identify you by name, but it is associated with a device identifier. For more information, see Google's Privacy Policy.

2.3 Purchase and Subscription Data

Premium features and subscriptions are processed entirely through Google Play. We do not receive or store your payment card details. We receive only a confirmation of purchase status (active/inactive subscription) from Google Play to unlock premium features.

2.4 Data We Do NOT Collect

Name, email address, or any account information — the App has no account or login system
Precise or approximate location / GPS data
Contacts, microphone, or files outside the identification feature
Any data from children — see Section 10

3. How We Use Your Data

Purpose	Data Used	Legal Basis (GDPR)
Rock/mineral identification	Photos (temporarily)	Performance of contract (Art. 6(1)(b))
App analytics and performance monitoring	Pseudonymized usage data, device data	Consent (Art. 6(1)(a))
Crash diagnosis and bug fixes	Crash reports, device info	Legitimate interests (Art. 6(1)(f))
Subscription management	Purchase status from Google Play	Performance of contract (Art. 6(1)(b))
Legal compliance	As required	Legal obligation (Art. 6(1)(c))

4. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data. We share data only with the following parties and only to the extent necessary:

Google LLC — Firebase Analytics, Firebase Crashlytics, and Google Analytics. Google acts as a data processor under its own terms and Data Processing Agreements. Note that Google may use analytics data for its own purposes in accordance with its Privacy Policy.
Google Play — processes all in-app purchases. Subject to Google's own Privacy Policy.
Our backend server — receives photos temporarily for AI identification processing only. Images are deleted immediately after a result is returned.
Legal authorities — if required by law, court order, or to protect the rights and safety of users.

If we ever sell or transfer our business, your data may be part of that transfer. You will be notified in advance.

5. International Data Transfers

Our backend servers and third-party services (Google LLC) may process your data outside the European Economic Area (EEA), including in the United States. These transfers are covered by:

Google's Standard Contractual Clauses (SCCs) approved by the European Commission
Google's participation in the EU–U.S. Data Privacy Framework

You can request details of the relevant safeguards by contacting us at [email protected].

6. Data Retention

Photos: Deleted from our servers immediately after identification is complete (typically within seconds).
Analytics data: Retained according to Google's default retention policies (up to 14 months for Firebase Analytics).
Crash reports: Retained for up to 90 days in Firebase Crashlytics.
Purchase records: Retained for the period required by applicable tax and accounting laws (typically 7 years in the EU).

7. Your Rights Under GDPR (EEA / UK Users)

If you are located in the European Economic Area or the United Kingdom, you have the following rights under the GDPR:

Access Request a copy of the personal data we hold about you.
Rectification Request correction of inaccurate or incomplete data.
Erasure Request deletion of your personal data ("right to be forgotten").
Restriction Request that we restrict the processing of your data in certain circumstances.
Portability Receive your data in a structured, machine-readable format.
Objection Object to processing based on legitimate interests.
Withdraw Consent Where processing is based on consent (e.g. analytics), withdraw it at any time without affecting prior processing. See Section 11 for how to do this.

To exercise any of these rights, email us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority. In Austria, this is the Datenschutzbehörde (DSB).

8. Your Rights Under CCPA/CPRA (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

Know The right to know what personal information we collect, use, disclose, and share.
Delete The right to request deletion of your personal information, subject to certain exceptions.
Correct The right to correct inaccurate personal information.
Opt-Out The right to opt out of the sale or sharing of personal information. We do not sell or share personal information for cross-context behavioral advertising.
Non-Discrimination We will not discriminate against you for exercising your CCPA rights.

Categories of Personal Information Collected (CCPA Disclosure)

Category	Examples	Collected?
Identifiers	Email address, account ID	No
Internet / network activity	App usage events, crash reports	Yes
Commercial information	Subscription status	Yes
Biometric data	Fingerprints, facial recognition	No
Geolocation data	GPS or precise location	No
Sensitive personal information	Photos (transient, immediately deleted after processing)	Temporarily

To submit a CCPA request, email [email protected] with the subject line "CCPA Request". We will respond within 45 days. We may ask you to verify your identity before processing the request.

9. Security

We implement appropriate technical and organizational measures to protect your personal data, including:

Encrypted data transmission (HTTPS/TLS) for all server communication
Restricted access to backend systems
Immediate deletion of uploaded images after processing

No method of transmission over the internet is 100% secure. In the event of a data breach affecting your rights and freedoms, we will notify you and relevant authorities as required by law within 72 hours of becoming aware of the breach.

10. Children's Privacy

The App does not knowingly collect personal information from children under 13 years of age (or under 16 in certain EU member states). If we become aware that a child under the applicable age has provided us with personal information without parental consent, we will delete that information promptly. If you believe your child has provided us with personal information, please contact us at [email protected].

11. Consent and Analytics Opt-Out

When you first launch the App, you will be presented with a consent dialog for analytics data collection in compliance with GDPR requirements. This consent is voluntary — the App's core identification features work without it. You may withdraw your analytics consent at any time through the App's settings. You may also limit analytics data collection by adjusting your Android device's advertising settings under Settings → Google → Ads → Delete advertising ID.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via in-app notification. The updated policy will be effective from the date listed at the top of this page. Continued use of the App after the effective date constitutes acceptance of the revised policy.

13. Contact Us

For any questions, concerns, or to exercise your privacy rights:

Vadim Kuznetsov
Email: [email protected]

We aim to respond to all legitimate requests within 30 days.