Android
Privacy Policy
Опубликовано на английском.
Effective date: 2026-06-14
App package: dev.oleksi.proword
Contact: support@oleksi.dev
This policy describes how the Android version of Proword (the "App") collects, uses, and shares information. The iOS version of Proword is covered by a separate policy at proword.app/privacy/ios.
If anything below is unclear or you would like to exercise the rights set out in the Your rights section, please email support@oleksi.dev.
1. Who we are
Proword is published by an independent developer ("we", "our", "us"):
- Contact: support@oleksi.dev
- Phone: +38063-777-9997
- Developer URL: https://oleksi.dev
We are the data controller for the personal data we collect through the Android app.
2. Data we collect
2.1 Account data — required for sign-in
We require sign-in to sync your subscription state and protect against abuse of our cloud services.
| Data | Source | Stored where | Purpose |
|---|---|---|---|
| Google account name, email, profile image URL | Google Sign-In (you choose which account) | Firebase Authentication (Google), plus the Firebase user ID cached on the device | Authenticate you, recover access on reinstall |
| Firebase user ID (UID) | Generated by Firebase on first sign-in | Device app-private storage (DataStore); Firebase | Identify you across sessions |
2.2 Diagnostic & usage data — required for app stability and improvement
| Data | Provider | Purpose |
|---|---|---|
| Crash stack traces, device model, OS version, app version, locale | Firebase Crashlytics (Google) | Detect and fix crashes |
| Anonymous app-interaction events (screen views, button taps, practice/game completions, paywall views) | Firebase Analytics (Google) | Understand which features work and which break |
| Firebase Installation ID | Firebase (Google) | Tie analytics + crash reports to one install (not to your identity) |
Event names are prefixed android_* and contain no personally
identifying content (no email, no name, no typed words).
2.3 Attribution & subscription data
Proword contains no advertising of any kind. The app ships with zero ad placements — no banners, no interstitials, no rewarded ads. The data in this section is collected solely for subscription management and (when a paid marketing campaign is active) to attribute app installs to the correct campaign so we do not pay for the same install twice.
| Data | Provider | When | Purpose |
|---|---|---|---|
| Anonymous app-event signals (install, purchase, key milestones) | Meta Facebook SDK, TikTok Business SDK | Only when a corresponding ad campaign is active and you reached the app through one | Attribute installs to ad campaigns |
| Subscription state (anonymous purchase token, product SKU, expiration) | Google Play Billing (Google) | Always for premium users | Gate premium features without storing payment data ourselves |
We never see your card number, billing address, or any other payment detail. All payments are handled by Google Play.
2.4 Push notification token
If you enable practice or streak reminders, we register a Firebase Cloud Messaging (FCM) token so we can send the local reminder you opted into. The token is held by Google and tied to your install; we do not store it elsewhere.
2.5 Data sent to Google Gemini (AI features)
When you add a new word, the App may ask Google's Gemini model for an example sentence, a phonetic transcription, and alternative translations. We send:
- The word you typed (e.g. "cat")
- The source and target language codes (e.g. "en" → "uk")
The request is routed via Firebase AI Logic (Google Cloud), which authenticates the call with your Firebase account so the request cannot be spoofed by other parties. Google processes the prompt to produce a response and, per Google's Generative AI terms, does not use your prompts to train its models when accessed via this API. We do not store the prompt or the response on our servers — the response is shown to you and cached on your device only.
2.6 Data sent for image search
When you search for an image to attach to a word, your search term (the
English version of the word you typed) is sent to our private Cloud
Function (pixabaySearch, hosted on Firebase / Google Cloud) which
forwards it to Pixabay. The function authenticates your device via
Firebase App Check + Firebase Auth so only the Android app can call it.
We do not store search terms server-side. Pixabay's privacy policy is at https://pixabay.com/service/privacy/.
2.7 Speech (microphone)
The pronunciation exercise uses Android's built-in
SpeechRecognizer API. The raw audio is not stored or transmitted by
Proword — only the recognized text comes back to the app. On most
devices the recognition itself runs on-device; on some devices the
platform may send audio to a Google speech service to perform the
recognition. That handoff is controlled by Android, not by Proword, and
is governed by Google's privacy policy. You can revoke microphone access
at any time in your device's app permissions.
2.8 Translation (on-device)
Word translations use Google ML Kit Translation, which runs on your device after the language pack is downloaded over Wi-Fi on first use. The translated text does not leave your device.
2.9 Local data (stays on your device)
The following data is stored only in app-private storage on your device and is never transmitted to us or to a third party:
- Words and translations you added
- Practice progress, streaks, game scores
- App preferences (selected languages, reminder times)
- Onboarding answers (purpose for learning, daily-goal, level)
Uninstalling the App deletes all of it.
3. How we use the data
- Run the App — authenticate you, sync subscription state, generate AI examples and translations.
- Fix bugs and crashes — Crashlytics tells us when something breaks so we can ship a fix.
- Improve the product — anonymous Analytics events tell us which features are used and where users get stuck.
- Measure marketing — if you reached the App through a paid ad, the corresponding ad SDK reports back to the network so we don't pay for the same install twice.
We do not sell your personal information. We do not "share" your personal information for cross-context behavioural advertising as defined by California's CPRA. Proword contains no advertising — we do not pass your data to ad buyers.
4. Third-party services we use
| Service | Purpose | Privacy policy |
|---|---|---|
| Google (Firebase Auth, Analytics, Crashlytics, FCM, AI Logic, Cloud Functions, ML Kit, Play Billing, User Messaging Platform, Speech, TTS) | Authentication, analytics, crash reporting, push, AI features, image-search proxy, translation, payments, consent management, speech | https://policies.google.com/privacy |
| Pixabay | Image search results | https://pixabay.com/service/privacy/ |
| Meta (Facebook Android SDK) | Ad attribution — active only when a Meta ad campaign is running | https://www.facebook.com/about/privacy |
| TikTok (TikTok Business SDK) | Ad attribution — active only when a TikTok ad campaign is running | https://www.tiktok.com/legal/privacy-policy |
| Google User Messaging Platform | Consent management for EEA / UK / California users | https://policies.google.com/privacy |
5. Legal bases for processing (GDPR, UK GDPR, LGPD, DPDP)
- Contract performance — account data, subscription state, AI enrichment, image search. Without these we cannot provide the App.
- Legitimate interest — diagnostics, crash reporting, anonymous product analytics. You can object by emailing us.
- Consent — ad-attribution measurement in the EEA / UK / California (collected via the Google UMP consent form, required by Meta and TikTok attribution SDKs), push notifications (collected via the Android system permission), microphone (collected via the Android system permission). You can withdraw consent at any time in the App settings or your device settings.
6. International transfers
Data is processed on Google Cloud infrastructure, which may include data centres in the United States and other regions Google operates from. Transfers from the EEA/UK rely on Google's Standard Contractual Clauses (details).
7. Data retention
- Account data — kept until you delete your account (Section 8).
- Analytics events — retained per Firebase Analytics defaults (up to 14 months).
- Crash logs — retained per Firebase Crashlytics defaults (90 days).
- Local on-device data — until you uninstall the App.
8. Your rights
You can exercise these rights regardless of where you live. Some rights are jurisdiction-specific (GDPR in the EEA/UK, CPRA in California, LGPD in Brazil, DPDP in India, etc.) but we will honour them globally.
- Access — email support@oleksi.dev and ask for a copy of the personal data we hold about you. We will respond within 30 days.
- Correction — your name and email come from your Google account; update them at https://myaccount.google.com.
- Deletion — see Section 9. You can delete your account from inside the App and from a public web URL with no install required.
- Restriction / objection — email support@oleksi.dev with the request and the reason; we will pause non-essential processing (analytics, marketing attribution) within 7 days.
- Portability — your on-device data is yours; export by emailing support@oleksi.dev.
- Opt out of ad-attribution measurement — in the EEA/UK/California, use the consent form shown on first launch (you can re-open it from Settings). This controls whether Meta and TikTok attribution SDKs receive anonymous event signals when a paid campaign is active.
- Complain to a supervisor — EU/UK residents can complain to their national data protection authority.
9. Account deletion
- In-app: Settings → Account → Delete account. This deletes your Firebase Auth user, clears all on-device data (Room database, DataStore), and signs you out.
- From the web (no install required): open https://proword.app/delete-account and follow the instructions. We process web deletion requests within 30 days.
After deletion: anonymized analytics and crash events generated before deletion may remain in Firebase Analytics / Crashlytics for their retention windows above; they cannot be linked back to you.
10. Children
Proword is not directed at children under 13. We do not knowingly collect personal information from a child under 13. If you believe a child has provided personal information, email support@oleksi.dev and we will delete it.
We are not enrolled in Google Play's Designed-for-Families programme.
11. Security
- All network traffic uses HTTPS / TLS.
- On-device data lives in app-private storage; other apps cannot read it.
- Cloud calls to our Cloud Functions are signed with Firebase App Check (Play Integrity) so unattested clients cannot reach our backends.
- The Pixabay and Gemini API keys are held in Google Secret Manager and Firebase project credentials respectively — neither ships inside the App.
- We follow Google's recommended security practices for Firebase Cloud Functions and Cloud Run.
No system is perfectly secure. If you suspect a security issue, please email support@oleksi.dev and we will respond promptly.
12. Changes to this policy
We will update the "Effective date" at the top of this page and post a notice in the App's What's New screen when this policy changes materially. Continued use of the App after the change means you accept the updated policy.
13. Contact
For privacy questions or to exercise any of the rights above:
- Email: support@oleksi.dev
- Phone: +38063-777-9997
Last updated: 2026-06-14.