Breava ("we," "our," or "us") operates the Breava mobile application (the "App") and the website Breava Official Site. This document serves as our comprehensive Privacy Policy. It details how we collect, process, store, share, and protect your information when you use our services.
This policy is designed to satisfy the strict requirements of the Apple App Store Review Guidelines (Section 5.1 - Privacy), the Google Play Developer Policies (Data Safety and User Data), the General Data Protection Regulation (GDPR), and the California Consumer Privacy Act as amended by the CPRA (CCPA/CPRA).
1. Categories of Data We Collect
To provide our services, maintain app performance, and ensure platform security, we collect both personal and non-personal data. We practice strict data minimization, meaning we only gather information that is fundamentally necessary for the App to function.
A. Information You Explicitly Provide
- Account Registration Data: Full name, email address, username, password, and profile preferences created during registration.
- User-Generated Content: Any text, images, or assets you upload, submit, or transmit through the App's core features.
- Customer Support Communications: Records of your correspondence, email addresses, and metadata when you contact us via support channels.
B. Data Collected Automatically via App Architecture
- Device Identification Parameters: Hardware model, unique device identifiers (e.g., Apple IDFV or Android ID), operating system type and version, and browser specifications.
- Network and Connection Metrics: IP address, internet service provider (ISP), mobile network operator, mobile country code, and system language settings.
- Usage and Engagement Logs: In-app interaction records, feature click-stream data, session durations, timestamp indicators, and navigation patterns.
- Diagnostic and Performance Infrastructure: Crash dumps, memory allocation failures, ANR (App Not Responding) metrics, and overall app performance diagnostics.
C. Sensitive Device Permissions (Runtime Requests)
In strict accordance with Apple iOS and Google Android operating system architectures, the App will explicitly request your authorization before accessing the following hardware and software ecosystems:
- Camera and Photo Library: Required only if you select or capture visual assets to upload to your profile or share via App features.
- Notifications: Required to deliver push notifications regarding real-time system state changes, transaction confirmations, and app milestones.
- Storage (Read/Write): Required to cache essential local assets or export user documents generated inside the App interface.
2. Legal Basis and Purpose of Processing Data
We do not use your information indiscriminately. We process your information under the following legal frameworks:
- Contractual Necessity: To create your account, authenticate your sessions, maintain system up-time, and deliver the core utilities of the Breava ecosystem.
- Legitimate Business Interests: To identify application instability, patch software vulnerabilities, optimize user interfaces, prevent platform abuse, and mitigate fraudulent threats.
- Legal Compliance obligations: To satisfy tax requirements, anti-fraud checks, security audits, or enforceable government mandates.
- Consent: When you explicitly authorize a specific operation, such as opt-in marketing or opting into background performance telemetry tracking.
3. Data Retention and Storage Management
We retain your personal information only for as long as your Breava account remains active, or as long as necessary to fulfill the operational purposes detailed in Section 2.
- Active Data Retention: Account details and content remain stored in production systems while your account is open.
- System Backups: Data stored in system backups is isolated, heavily encrypted, and automatically overwritten or hard-deleted over a standard rolling window (typically not exceeding 30 to 90 days).
- Anonymization Practices: When the retention period expires or upon a verified deletion request, your data is either permanently erased or thoroughly anonymized so it can no longer be associated with you.
4. Comprehensive Account and Data Deletion
Both the Apple App Store (Guideline 5.1.1(v)) and the Google Play Console mandate that apps allowing account creation must also offer a distinct way to delete that account.
How to Delete Your Account and Data:
- In-App Mechanical Deletion: Open the Breava App, navigate to Settings > Account Profile, scroll to the bottom, and tap Delete Account. Confirm the prompt.
- Web Portal Request: If you cannot access the App, visit our Breava Support Portal and fill out the Data Deletion Request form.
- Direct Email Inquiry: Send an explicit request to support@breava.com from the email address registered to your Breava account.
Processing Timelines and Effects:
- Upon receipt of a verified deletion command, your account is immediately deactivated.
- All personal profiles, identification tags, and user content are purged from our live production databases within 7 business days.
- Cached components and residual reference logs are removed from backups within 30 days.
- Exception: We only retain specific transactional indices if legally required by tax authorities, regulatory oversight bodies, or ongoing fraud prevention investigations.
5. Third-Party Data Disclosures and Transmissions
We do not sell, rent, or trade your personal data. We only share your data with third-party service providers who comply with strict data protection agreements.
- Cloud Infrastructure and Hosting: We leverage secure cloud providers to host databases and manage network traffic.
- Analytics and Error Monitoring Vendors: Tools like Google Analytics for Firebase or Apple Crashlytics are integrated into the App. These tools process anonymized app telemetry to identify crashes, bugs, and performance problems.
- Operational SDK Implementations: All third-party software development kits integrated into the source code are configured to comply with Apple's App Tracking Transparency (ATT) framework and Google's Play Family Policies.
6. Children's Privacy Protections (COPPA, GDPR-K, Google Play Rules)
The Breava App is strictly intended for individuals who meet the legal age requirements of their jurisdiction.
- Age Threshold: We do not market to or knowingly collect data from children under 13 years old (or under 16 years old within the European Economic Area).
- Enforcement Actions: If we discover that we have inadvertently collected data from a minor without verified parental consent, we will purge the account records from our servers immediately.
7. Global Privacy Rights (GDPR / CCPA / CPRA)
Depending on your geographic location, you possess specific statutory rights regarding your personal information:
- Right of Access and Portability: You can request a readable copy of all data we store about you.
- Right to Rectification: You can update or correct inaccurate data through your profile settings or by contacting us.
- Right to Erasure ("Right to be Forgotten"): You can demand the permanent deletion of your data as outlined in Section 4.
- Right to Opt-Out of Tracking: On iOS devices, you can deny tracking permissions via the native App Tracking Transparency prompt. On Android devices, you can reset your Advertising ID or opt out of personalized ads in your system settings.
To exercise these rights, submit an inquiry to support@breava.com. We do not discriminate against you for exercising your legal privacy choices.
8. Contact Information
For any inquiries, legal notices, or feedback regarding this Privacy Policy, please reach out to us:
