Privacy Policy
Last updated: January 2025
Welcome to FieldEco, an ecological field data collection application designed for researchers, students, and nature enthusiasts. Your privacy is important to us. This Privacy Policy explains how we collect, use, store, and protect your personal information.
Key Points:
- Your data is stored locally on your device and automatically synced to the cloud when signed in (available on all tiers)
- We only collect data necessary for ecological field research functionality
- You control your data - export and delete anytime
- Designed for users of all ages, including children with parental supervision
Table of Contents
See also: Cookie Policy (website)
1. Information We Collect
FieldEco collects the following types of information to enable ecological field data collection:
1.1 Personal Information (from Account Registration)
FieldEco offers three ways to create an account. The data collected depends on which method you choose:
From Email/Password Sign-Up:
- Email Address: Required for account creation and authentication
- Password: Securely hashed by Firebase; we never see or store your plain text password
- User ID: Unique identifier generated by Firebase
From Google Sign-In:
| Data Type | What We Collect | Purpose |
|---|---|---|
| Email Address | Your Google account email | User authentication and account identification |
| Name | Your full name from Google account | Personalizing the app experience |
| Profile Photo | Your Google profile picture URL | User identification in the app interface |
| User ID | Unique identifier from Google | Linking your data to your account |
From Apple Sign-In (iOS only):
- Email Address: May be hidden via Apple's "Hide My Email" feature (we receive a relay address)
- Name: Optional; you can choose to hide your name from the app
- User ID: Unique Apple identifier for your account
1.2 Location Data
FieldEco collects precise GPS location data for ecological research purposes:
- Latitude and Longitude: Precise geographic coordinates of observation locations
- Altitude: Elevation data for observations
- Location Accuracy: GPS accuracy measurements in meters
- Reverse Geocoded Address: Human-readable address derived from GPS coordinates
- Timestamps: Date and time when GPS coordinates were captured
Types of Location Tracking:
- One-Time GPS Acquisition: Single GPS reading for individual observations
- Continuous GPS Tracking: Active tracking during transect surveys to record your walking path
- GPS Optimization: The app may take 15-30 seconds to achieve optimal GPS accuracy
Important: GPS coordinates are embedded in photos and audio recordings you create. Location data is attached to all observations and stored in your project database.
1.3 Photos and Images
When you use the camera features:
- Photos Taken: Images captured using your device camera for field observations
- Gallery Photos: Images selected from your device photo gallery
- Photo Metadata: File size, dimensions, timestamp, GPS coordinates
- EXIF Data: GPS coordinates and timestamp embedded in photo file metadata
- Photo Notes: Optional text descriptions you add to photos
- Watermarked Photos: Photos branded with timestamp and GPS coordinates for documentation
1.4 Audio Recordings
- Audio Files: Recordings captured using your device microphone
- Audio Metadata: Duration, format, sample rate, bit rate, file size
- GPS Location: Coordinates where recording was made
- Audio Notes: Optional text descriptions
- Timestamps: When recording was created
Audio Recording Purposes:
- Sound level measurements for acoustic ecology
- Bird call documentation
- Animal vocalizations (mammals, amphibians, insects)
- Ambient soundscape recordings
1.5 Ecological Field Data
Data you enter during field observations:
- Project Information: Project names, descriptions, dates, locations
- Species Data: Scientific names, common names, taxonomic groups, counts
- Observation Data: Behavior, abundance, phenology stages, measurements
- Survey Metadata: Surveyor name, survey duration, methods used
- Environmental Conditions: Weather data, habitat characteristics
- Transect Data: Distance measurements, GPS tracks, waypoints
- Trap Data: Trap types, capture information, bait used
1.6 Weather Data
We fetch weather data from Open-Meteo (a free, third-party weather API):
- Data Sent to Open-Meteo: Your GPS coordinates (latitude/longitude)
- Data Received: Temperature, wind speed/direction, humidity, cloud cover, precipitation, barometric pressure, UV index
- Purpose: Recording environmental conditions at time of observation
1.7 Device Information
- File Paths: Local storage paths for photos and audio files
- App Permissions: Record of permissions granted (camera, location, microphone, storage)
- App Version: Version of FieldEco you're using
- Device ID: Unique identifier for subscription device management (to prevent abuse)
- Device Name: For identifying your devices in multi-device scenarios
- Platform: Whether you're using iOS or Android
- Last Active: Timestamp of when the device last used the app (for device management)
1.8 What We DO NOT Collect
- Browsing history or app usage analytics
- Device identifiers (IMEI, MAC address, etc.)
- Contacts, calendar, or other personal device data
- Payment information (handled by Google Play Store and Apple App Store)
- Background location when app is closed
- Sensitive personal data (health, religion, political views, etc.)
2. How We Use Your Information
We use collected information solely for the following purposes:
| Data Type | How We Use It |
|---|---|
| Google Account Info | User authentication, displaying your name/photo in the app |
| GPS Location | Recording observation locations, creating GPS tracks, geocoding addresses, fetching weather data |
| Photos | Visual documentation, canopy cover analysis, species identification |
| Audio | Sound level measurements, animal vocalization documentation |
| Field Data | Storing your ecological observations, generating exports, providing data analysis |
| Weather Data | Recording environmental conditions alongside observations |
Data Processing Location
All core data processing for app functionality happens locally on your device. We do not operate our own data servers. However, we use trusted third-party services as described in Section 4.
We do NOT:
- Operate our own data servers (third-party services like Firebase, Sentry, and RevenueCat handle specific functions as disclosed)
- Use your field research data for any purpose other than providing app functionality to you
- Use your data for advertising, marketing, or profiling
- Sell or rent your data to anyone
- Share your ecological observations with any third party
3. Legal Basis for Processing (GDPR)
Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:
| Data Type | Legal Basis | Justification |
|---|---|---|
| Account data (email, name) | Contract (Art. 6(1)(b)) | Required to provide the service |
| GPS location data | Consent (Art. 6(1)(a)) | User grants device permission |
| Photos & audio | Consent (Art. 6(1)(a)) | User grants device permission |
| Field observations | Contract (Art. 6(1)(b)) | Core app functionality |
| Error logs (Sentry) | Consent (Art. 6(1)(a)) | Opt-in error reporting |
| Subscription/payment | Contract (Art. 6(1)(b)) | Billing and entitlements |
| Device ID | Legitimate Interest (Art. 6(1)(f)) | Enforce subscription device limits |
Automated Decision-Making
FieldEco does not use automated decision-making or profiling that produces legal effects or similarly significant effects on users. All data processing is for providing the field research functionality you request.
4. Data Storage and Security
3.1 Local Storage
Your data is stored locally on your device:
- SQLite Database: Contains all project data, observations, species info, user profile
- Photos Folder: Original and watermarked photos in app documents directory
- Audio Folder: Audio recordings in M4A format
- Secure Storage: Google OAuth tokens stored securely
3.2 Cloud Storage
Cloud sync is available on all subscription tiers (Free, Pro, Ultimate):
- Service Provider: Firebase (Google Cloud Platform)
- Data Synced: Projects, observations, species data, and metadata
- Encryption: Data is encrypted in transit (HTTPS) and at rest (Google Cloud encryption)
Firebase Storage (Photos & Audio)
- Media Files: Photos and audio recordings are uploaded to Firebase Storage for cloud backup
- Access Controls: Media files are secured with Firebase security rules limiting access to the owner only
- Storage Location: Files are stored on Google Cloud servers
- Retention: Media files remain until you delete the observation or your account
3.3 Security Measures
- HTTPS Only: All network communications use encrypted HTTPS connections
- OAuth 2.0: Industry-standard authentication protocol for Google Sign-In
- Sandboxed Storage: App data isolated from other apps by Android/iOS security
- Cloud Encryption: Cloud-synced data is encrypted at rest and in transit
3.4 Data Encryption
Note: The local SQLite database is currently not encrypted at the application level. Your device's built-in security (lock screen, encryption) protects app data. We rely on Android/iOS system-level security. Enable device encryption and use a strong lock screen password.
5. Third-Party Services
FieldEco integrates with the following third-party services. We have Data Processing Agreements (DPAs) in place with our key service providers to ensure your data is protected:
5.1 Authentication Services
FieldEco uses Firebase Authentication (by Google) as our authentication backend, supporting multiple sign-in methods:
Firebase Authentication (Email/Password)
- Service Provider: Google LLC (Firebase)
- Purpose: User account creation and authentication
- Data Stored: Email address, securely hashed password, user ID
- Security: Passwords are hashed using industry-standard algorithms; we never see your plain text password
- DPA: Firebase Data Processing Terms
- Firebase Privacy: https://firebase.google.com/support/privacy
Google OAuth (Sign-In)
- Service Provider: Google LLC
- Purpose: User authentication via Google account
- Data Shared: None initiated by us. You authorize Google to share your email, name, and profile photo with FieldEco
- Data Retention: Access tokens stored locally on your device
- Google's Privacy Policy: https://policies.google.com/privacy
Apple Sign-In (iOS only)
- Service Provider: Apple Inc.
- Purpose: User authentication on iOS devices
- Data Shared: You authorize Apple to share your email and name with FieldEco. You can choose to hide your email using Apple's relay service
- Apple's Privacy Policy: https://www.apple.com/legal/privacy/
5.2 Open-Meteo Weather API
- Service Provider: Open-Meteo (open-source weather service)
- Purpose: Fetching current weather conditions for observation locations
- Data Shared: GPS coordinates (latitude/longitude) only
- No API Key Required: Free, public service with no user tracking
- Open-Meteo Terms: https://open-meteo.com/en/terms
5.3 Mapbox (Maps)
- Service Provider: Mapbox, Inc.
- Purpose: Displaying maps for location selection, track visualization, and offline maps
- Data Shared: Your location when using map features, map tile requests
- Offline Maps: Map tiles can be downloaded and stored locally on your device (Ultimate tier)
- Mapbox Privacy Policy: https://www.mapbox.com/legal/privacy
5.4 Cloud Sync & Subscription Services
For cloud sync and subscription management, we use:
- RevenueCat: Subscription management and billing
- Firebase (Google): Cloud backup and sync for all your field data (available on all tiers)
Cloud sync happens automatically when you're signed in to keep your data backed up.
RevenueCat (Subscription Management)
- Service Provider: RevenueCat, Inc.
- Purpose: Subscription billing and entitlement management
- Data Collected: User ID, email, subscription status, purchase history, device info
- DPA: RevenueCat Data Processing Agreement
- RevenueCat Privacy Policy: https://www.revenuecat.com/privacy
5.5 Sentry (Error Tracking) - Optional
Opt-In Only: Sentry error reporting is disabled by default. You can enable it in Privacy Settings if you want to help us improve app stability. When disabled, no data is sent to Sentry.
- Service Provider: Functional Software, Inc. (Sentry)
- Purpose: Error tracking, crash reporting, and performance monitoring to improve app stability
- Data Shared (when enabled): User ID, email (for error context), app version, error details, session data
- Data NOT Shared: Location data, photos, audio, field observations, or any research data
- DPA: Sentry Data Processing Agreement
- Sentry Privacy Policy: https://sentry.io/privacy/
5.6 Data Processing Agreements Summary
We maintain Data Processing Agreements (DPAs) with all our key service providers that handle personal data:
| Service | DPA Link |
|---|---|
| Firebase (Google) | Firebase Data Processing Terms |
| RevenueCat | RevenueCat DPA |
| Sentry | Sentry DPA |
| Mapbox | Mapbox DPA |
| Apple (Sign-In) | Apple Privacy Policy |
6. Your Data Rights
You have full control over your data:
6.1 Right to Access
- View Your Data: All data is visible within the app (projects, observations, photos, audio)
- Export Your Data: Use "Export" feature in Settings to download all your information in Excel + ZIP format
6.2 Right to Delete (Right to Erasure)
- Delete Individual Observations: Swipe to delete from any data collection screen
- Delete Projects: Delete entire projects (removes all associated data)
- Delete Account: Use "Delete My Account" in Privacy Settings to permanently remove all data
6.3 Right to Portability
- Export data in standard formats: Excel (.xlsx), with organized photos and audio files
- Share exports via email, cloud storage, or any app you choose
- Future premium: Advanced export formats (GeoJSON, KML, CSV, Shapefile)
6.4 Right to Revoke Permissions
- Revoke camera, microphone, location, or storage permissions anytime in device Settings
- Logout to disconnect Google account
- App will request permissions again when needed
6.5 Right to Object
- You can refuse to provide data (GPS, photos, audio) - though some features require it
- Opt out of weather data fetching (can enter conditions manually)
7. Consent Management
FieldEco uses a consent-based approach for optional features:
7.1 Withdrawal of Consent
You may withdraw your consent at any time by:
- Device Permissions: Disable location, camera, or microphone permissions in your device settings
- Error Reporting: Disable Sentry in the app's Privacy Settings
- Account Deletion: Delete your account to remove all data
Important: Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal. Some features may not work without certain permissions (e.g., GPS tracking requires location permission).
7.2 Re-Consent on Policy Updates
When we make material changes to our Terms of Service or Privacy Policy, the app will prompt you to review and accept the updated terms before continuing to use FieldEco. This ensures you are always informed of how your data is handled.
7.3 Managing Your Preferences
In the app's Settings → Privacy & Data section, you can:
- Enable or disable error reporting (Sentry)
- Export all your data
- Delete your account and all associated data
- View which permissions the app is using
8. Children's Privacy
FieldEco is rated "Everyone" and is suitable for users of all ages, including children.
For Parents and Guardians
- Age Requirement: Users under 13 should use the app with parental supervision
- Google Account: Google requires users to be 13+ to create accounts. Children under 13 may use supervised Google accounts (Family Link) or parent accounts
- Data Collection: Same data is collected for all users (GPS, photos, audio, field data)
- No Social Features: App does not include chat, social sharing, or user-to-user communication
- Educational Use: Designed for science education and youth environmental programs
Parental Controls
- Monitor app permissions in device settings
- Review exported data to see what your child is collecting
- Delete account anytime
Compliance
FieldEco complies with:
- COPPA (USA): Children's Online Privacy Protection Act - No collection of children's personal information for marketing
- GDPR (EU): Parental consent required for children under 16 in applicable regions
9. Data Retention and Deletion
9.1 Specific Retention Periods
| Data Type | Retention Period | Notes |
|---|---|---|
| Field Observations | Until deleted | You control deletion |
| Photos & Audio | Until deleted | You control deletion |
| User Account | Until deleted | You control deletion |
| Inactive Accounts | 24 months | After last login, with prior notice |
| Device Records | 90 days | After device last active |
| Error Logs (Sentry) | 90 days | Sentry default retention |
| Webhook/Audit Logs | 12 months | For troubleshooting |
| GDPR Deletion Logs | 3 years | Anonymized, for compliance audit |
| Backups | 30 days | After deletion request |
9.2 Automatic Deletion
- App Uninstall: Android/iOS automatically deletes all local app data (database, photos, audio, tokens)
- Export Cache: Temporary export files deleted after sharing
- Cloud Data: When you delete your account, our Cloud Function removes all your cloud data (Firestore, Storage, Auth)
9.3 Cloud Backup
Cloud sync is available on all tiers: Your data is automatically synced to Firebase when you're signed in. If you uninstall the app or switch devices, your data will be restored when you sign in again. We still recommend exporting important projects regularly.
10. International Users & Data Transfers
10.1 India Users
- Data stored locally on your device in India
- Google OAuth may transfer data to Google servers globally
- Open-Meteo weather API requests may be routed internationally
- Compliance with Information Technology Act, 2000 and IT Rules 2011
- Compliance with Digital Personal Data Protection Act, 2023 (DPDPA)
10.2 European Union (GDPR)
If you are in the EU/EEA, you have additional rights under the General Data Protection Regulation (GDPR):
- Legal Basis: See Section 3 for the legal basis for each type of data processing
- Data Protection Contact: For privacy inquiries, contact privacy@fieldeco.app or support@fieldeco.app
- Right to Complain: You may file a complaint with your local supervisory authority (Data Protection Authority)
- Right to Rectification: You can update your profile information in the app at any time
- Right to Restriction: You can request restriction of processing by disabling specific features
International Data Transfers
When your data is transferred outside the EU/EEA, we ensure adequate protection through:
- Standard Contractual Clauses (SCCs): Our service providers (Google/Firebase, RevenueCat, Sentry) implement EU-approved Standard Contractual Clauses
- Adequacy Decisions: Where applicable, transfers to countries with EU adequacy decisions
- Technical Measures: Encryption in transit and at rest
10.3 United States (CCPA/CPRA)
California residents have additional rights under the California Consumer Privacy Act:
- Right to Know: What personal information we collect and how it's used
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: We do not sell your personal information
- Non-Discrimination: We will not discriminate against you for exercising your rights
10.4 Other Regions
FieldEco complies with applicable data protection laws in all jurisdictions where it operates, including:
- Brazil: Lei Geral de Proteção de Dados (LGPD)
- UK: UK GDPR and Data Protection Act 2018
- Australia: Privacy Act 1988 and Australian Privacy Principles
11. Data Breach Notification
In the event of a personal data breach that affects your information:
Our Commitment
- Notification Timeline: We will notify affected users within 72 hours of becoming aware of a breach that poses a risk to your rights and freedoms
- Notification Method: Via email to your registered email address
- Regulatory Reporting: We will report the breach to the relevant supervisory authority (Data Protection Authority) as required by law
What We Will Tell You
In the event of a breach, our notification will include:
- Nature of the breach and what happened
- Categories and approximate number of data records affected
- Likely consequences of the breach
- Measures taken or proposed to address the breach
- Measures you can take to protect yourself
- Contact point for more information
Our Security Measures
We implement technical and organizational measures to prevent breaches:
- Encrypted data transmission (HTTPS/TLS)
- Firebase Security Rules restricting data access
- Regular security reviews of our codebase
- Principle of least privilege for data access
- No storage of plain-text passwords
12. Changes to This Policy
- We may update this Privacy Policy to reflect new features (e.g., cloud sync, collaboration)
- Material changes will be notified via in-app notification
- Continued use after changes indicates acceptance
- Version history available at the top (Last Updated date)
13. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or your data:
- Privacy Email: privacy@fieldeco.app
- General Support: support@fieldeco.app
- Subject Line: "FieldEco Privacy Inquiry" or "GDPR Request"
- Data Requests: We will respond within 30 days (or sooner as required by law)
- Website: https://fieldeco.app
For EU residents: You have the right to lodge a complaint with your local Data Protection Authority if you believe your rights have been violated.
FieldEco - Ecological Field Data Collection
Empowering researchers and conservationists worldwide
Your data, your device, your research.
© 2025 The Green Concept. All rights reserved.