Privacy Policy

1. Data Controller

The data controller responsible for processing your personal data under this Privacy Policy:

Information	Details
Title	The developer or operator operating the Treegram application
Email	info@treegram.app

2. Data We Collect

Treegram collects personal data in the following categories to provide its services:

2.1 Account and Identity Information

When you register for our application, we collect the following information:

Data Type	Requirement	Description
Email Address	Required	Account creation and authentication
Password	Required	Account security (stored encrypted)
User ID (UID)	Automatic	System-generated unique identifier
Username	Required	Unique name for your profile

Google Sign-In

If you sign up using Google Sign-In, the following information is retrieved from Google:

• Email address
• Name
• Google User ID

2.2 Profile Information

You may provide the following information when creating and updating your profile:

Data Type	Requirement	Description
Name	Required	Your name displayed to other users
Username	Required	Your unique username
Profile Photo	Required	Photo displayed on your profile
Date of Birth	Required	Your birth date
Bio (About Me)	Optional	Short text describing yourself

About Bio Field: You may optionally fill in the "Bio (About Me)" field on your profile. This field contains user-provided content. We recommend not sharing sensitive personal data. Bio information is visible to your friends and profile visitors.

2.3 Social Interaction Data

Social data generated while using the application:

• Posts: Text and images you share
• Comments: Comments you make on posts
• Likes: Content you like
• Friend List: Other users you connect with
• Friend Requests: Requests you send and receive

2.4 Family Tree Data

The following data is collected when using the family tree feature:

• Tree Information: Tree name, creation date, ownership information
• Family Members: Full name, birth date, death information (if any), family relationships
• Member Photos: Images added to family members
• Family Media: Photos and documents uploaded to the family tree
• Membership Information: Users invited to and joining the tree
• Tree Messages: Messages and notes shared within the tree
• Trees You're Invited To: Family trees you've been invited to by others are stored as a list associated with your account (e.g., invitedTrees). This information is used to provide access to the relevant trees, manage invitation status, and facilitate in-app navigation.

Family Tree Permissions

Permissions within family trees vary based on ownership status:

Permission	Owner	Invited Member
Edit tree information	Yes	No
Add/edit family members	Yes	Yes
Add media	Yes	Yes
Write messages	Yes	Yes
Delete all media	Yes	No (only their own)
Delete all messages	Yes	No (only their own)
Invite members	Yes	No
Link members to friends	Yes	No
Delete the tree	Yes	No

2.5 Notification Data

For in-app and push notifications:

• Notification type and content
• Sender and recipient information
• Notification status (read/unread)
• Timestamp
• FCM Token: Device token for push notifications (stored per device)

2.6 Location Data

2.7 Usage Statistics

We collect usage statistics to improve the application:

Data	Purpose	Storage
Daily usage duration	Service improvement	Locally on device + server
Session count	Performance analysis	Locally on device + server
First/Last seen	Account activity tracking	Server

This data is stored locally on your device (Hive database) and periodically sent to the server. While this data can be associated with your user ID, it is not used for individual behavior analysis or marketing purposes. It is only used to generate aggregate statistics for overall application performance.

2.8 Activity Records

We keep references of your activities within the application for account management and data deletion purposes:

• Posts and media you've created
• Family trees you own or are a member of
• Comments you've made
• Friend connections
• Reports and support requests you've submitted

These references are used only for account management and complete data deletion upon request.

2.9 Technical Data

Automatically collected for application operation:

• Device type and operating system
• Application version
• Session information
• Error logs (anonymous)
• Language preference

3. Data Collection Methods

3.1 Data We Collect Directly From You

• Information you provide during account creation
• Information you enter during profile editing
• Content you provide when creating posts, comments, and shares
• Information you enter when creating and editing family trees
• Information you share during customer support communication
• Reports and feedback you submit

3.2 Automatically Collected Data

• Timestamps generated during application use
• Login/logout records
• Authentication data generated by Firebase Authentication
• FCM tokens for push notifications
• IP-based location data (country/city level)
• Usage statistics

3.3 Data Received From Third Parties

When you register using Google Sign-In:

• Email and name from Google account

4. Purposes of Data Use

We process your personal data for the following purposes:

4.1 Service Delivery

• Creating and managing your account
• Verifying your identity and ensuring your security
• Providing family tree features
• Enabling social networking features
• Sending notifications (in-app and push)
• Determining language preferences (using location data)

4.2 Communication

• Informing you about important service updates
• Sending account security alerts
• Responding to your support requests
• Sending email for account operations (password reset, account deletion confirmation)

4.3 Development and Improvement

• Monitoring and improving application performance
• Detecting and fixing errors
• Improving user experience
• Developing new features
• Analyzing usage statistics

4.4 Security and Compliance

• Preventing fraud and abuse
• Detecting suspicious activities
• Complying with legal obligations
• Enforcing terms of use
• Rate limiting (bot protection)

4.5 Legal Basis

Purpose	Legal Basis
Account management	Performance of contract
Security measures	Legitimate interest
Legal compliance	Legal obligation
Location detection	Legitimate interest (service improvement)
Usage statistics	Legitimate interest (service improvement)
Marketing (if any)	Consent

5. Data Storage and Security

5.1 Data Security Measures

We implement the following security measures to protect your data:

Technical Measures:

• Data transfer with TLS/SSL encryption
• Password protection with hash algorithms
• Access control with Firebase Security Rules
• Secure authentication mechanisms
• hCaptcha bot protection on web forms
• Rate limiting for API requests

Administrative Measures:

• Restricting data access permissions
• Regular review of security policies
• Security assessment of third-party service providers
• Administrative audit logs

5.2 Rate Limiting

To prevent abuse, we implement rate limiting on specific operations:

• Account deletion requests: 3 requests per hour per IP
• Support requests: 5 requests per hour per IP
• Contact form submissions: 10 requests per day per IP

For rate limiting, your IP address is stored in hashed form and automatically deleted after the limit period.

5.3 Data Storage Location

Your data is stored on Google Firebase infrastructure. Firebase runs on Google Cloud Platform, and data may be stored in the following locations:

• United States
• European Union (if Firebase EU region is selected)

5.4 In Case of Security Breach

If a data breach is detected:

1. We will immediately assess the breach
2. We will make necessary legal notifications (within 72 hours under GDPR)
3. We will inform affected users
4. We will take necessary measures to minimize damage

6. Data Sharing and Third Parties

6.1 Service Providers

We work with the following third-party service providers to deliver our services:

Service Provider	Purpose	Data Processed	Privacy Policy
Google Firebase	Authentication, database, file storage, push notifications	All user data	Firebase Privacy
Google Cloud Platform	Infrastructure services	All user data	Google Privacy
ip-api.com	IP-based location detection	IP address only	ip-api Legal
SendGrid	Email delivery	Email address, name	Twilio Privacy
hCaptcha	Bot protection	Browser data, IP address	hCaptcha Privacy

6.2 Sharing With Other Users

The following information may be visible to other users:

• Public: Your name, username, profile photo (in search results)
• With Friends: Your posts, comments, profile information
• With Family Tree Members: Information within the tree, shared media, messages

Family Tree Content Visibility

Content visibility in family trees works as follows:

• Trees you own: Tree members can see all added media and messages
• Trees you're invited to: Media and messages you add can be seen by other members who are not your friends
• Linking tree members: You can link members in your family tree to your friends

6.3 Legal Requirements

We may share your data with authorities in the following situations:

• Legal obligation (court order, prosecutor's request)
• Protection of public safety
• Fraud or crime prevention
• Protection of our rights

6.4 Sale or Merger

In the event of sale, merger, or acquisition of our company, your data may be transferred as part of this transaction. We will inform you in advance in such cases.

7. Cookies and Similar Technologies

7.1 Local Storage

The Treegram mobile application uses the following local storage methods instead of cookies:

Technology	Purpose	Data
Shared Preferences	Application settings	Theme, language preference
Firebase Auth Token	Session management	Authentication token
Hive Local Database	Usage statistics	Daily activity records

Hive Database Details: To improve application performance and user experience, we may store certain usage metrics locally on your device (e.g., pending minutes, session count, first/last seen time, last activity time, and inactivity threshold for session separation). This data is periodically transferred to the server and can be cleared through app settings or account deletion.

7.2 Website Cookies

The Treegram website (treegram.app) uses the following cookies:

Cookie	Purpose	Duration
Firebase Auth	User session	Session
hCaptcha	Bot protection	Session

7.3 Analytics

We use Firebase Analytics to improve app performance and user experience. This tool collects app usage statistics (page views, feature usage, error reports, etc.). The collected data is used for aggregate analysis and helps us improve service quality.

8. Your Rights

8.1 Your Rights Under GDPR

If you reside in the European Union, you have the following rights under GDPR:

1. Right to Information: Learn whether your personal data is being processed
2. Right of Access: Request access to your processed personal data
3. Right to Rectification: Request correction of incomplete or incorrect data
4. Right to Erasure: Request deletion of your personal data
5. Right to Data Portability: Receive your data in a structured format
6. Right to Restriction: Request temporary suspension of processing
7. Right to Object: Object to automated processing results
8. Right to Lodge Complaint: Apply to the competent data protection authority

8.2 Your Rights Under CCPA (California Residents)

If you are a California resident, you have additional rights:

• Right to Know: Learn what personal data is collected and how it's used
• Right to Delete: Request deletion of your personal data
• Right to Opt-Out: Opt out of sale of personal data (Note: We do not sell data)
• Right to Non-Discrimination: Receive equal service regardless of privacy choices

8.3 How to Exercise Your Rights

To exercise your rights:

• Email: info@treegram.app
• In-App: Settings > Account > Privacy options

Your request will be answered within 30 days at the latest. We may request additional information to verify your identity.

8.4 Account Deletion

To delete your account and all your data:

Via App:

1. Go to Settings > Account > Delete Account
2. Re-authenticate (password or Google)
3. Select a reason (optional)
4. Confirm the request

Via Website:

1. Visit treegram.app/delete-account
2. Enter your email and username
3. Click the link in the confirmation email

9. Children's Privacy

9.1 Age Limit

You must be at least 16 years old to use Treegram services. Use of the platform by persons under 16 is prohibited.

9.2 Protection of Children's Data

We do not knowingly collect personal data from anyone we know or reasonably suspect is under 16.

If we discover that a person under 16 is using the platform, we will immediately delete the account and related data.

9.3 Children's Information in Family Trees

In the family tree feature, users can enter children's information (name, birth date) as family members. This information:

• Is only visible to family tree members
• Is entered by adult users
• Can be deleted or updated at any time

10. International Data Transfer

10.1 Transfer Mechanisms

Your data may be transferred outside the European Economic Area (EEA) due to Google Firebase infrastructure. For these transfers:

• Google's compliance with Standard Contractual Clauses (SCC)
• EU-US Data Privacy Framework certification
• Appropriate security measures

10.2 Third-Party Services Location

Service	Location	Safeguards
Firebase/GCP	USA/EU	SCC, Privacy Framework
ip-api.com	Various	No personal data stored
SendGrid	USA	SCC, Privacy Framework
hCaptcha	USA	SCC

10.3 Protection Level

For transfers outside the EEA, we take necessary measures to ensure your data is processed at the protection level specified in this policy.

11. Data Retention Periods

11.1 General Principles

We retain your personal data for the period required by the collection purpose or within legal obligations.

11.2 Category-Based Retention Periods

Data Category	Retention Period
Account Information	Until account is deleted + 30 days waiting period
Profile Information	Until account is deleted
Posts	Until user deletes or account closes
Comments	Until user deletes or account closes
Family Tree Data	Until tree is deleted or owner account closes
FCM Tokens	Until logout or device change
Location Data	Until account is deleted
Usage Statistics	1 year (anonymous aggregate data may be kept longer)
Rate Limit Records	1 hour (IP hashes)
Deletion Request Tokens	1 hour

11.3 After Account Deletion

When your account is deleted:

• Immediately deleted: Profile information, account data, FCM tokens, family trees you own
• Anonymized: Comments, likes in others' content, and usage statistics
• May be retained: De-identified statistical data

12. Authorized Personnel Access

12.1 Administrative Panel

Our management team, by default, only views aggregate statistics (total user count, daily registration count, etc.). Individual user data is only accessed for the following legitimate reasons:

• Responding to support requests
• Reviewing and resolving reports
• Processing account deletion requests
• Investigating security incidents
• Responding to legal requests

12.2 Data Accessible by Admins

Data Type	Purpose
Profile information	Support and account verification
Reports	Reviewing reported content
Support requests	Responding to your requests
Account deletion requests	Processing deletion process
General statistics	Service improvement

12.3 Audit Logs (Admin Action Logs)

For security and abuse prevention purposes, certain actions performed through the admin panel may be recorded in audit logs:

• Content removal or editing
• User warnings or bans
• Report review and resolution
• Access permission changes
• Processing of account deletion requests

These logs may contain action type, date-time, the authorized account performing the action, and related record references. Audit logs are accessed and retained only for security and legal compliance purposes.

12.4 Security Measures

• Admin access is controlled via Firebase Custom Claims
• All admin actions are logged
• Least privilege principle is applied

13. Policy Changes

13.1 Update Procedure

We may update this Privacy Policy from time to time. When changes are made:

1. We will change the "Last Updated" date
2. We will inform via email if necessary

13.2 Effective Date of Changes

The updated policy takes effect on the date of publication. Continuing to use the service after changes means you accept the updated policy.

13.3 Previous Versions

Access to previous versions of this policy can be provided upon request.

14. Contact

14.1 For Your Questions

If you have questions about our privacy policy or data processing practices:

• Email: info@treegram.app
• Contact Form: treegram.app/contact

14.2 Right to Complain

If you are not satisfied with our data processing practices, you have the right to file a complaint with the competent data protection authority:

• European Union: Data Protection Authority in your country
• United Kingdom: Information Commissioner's Office (ICO)
• United States: Federal Trade Commission (FTC)