DiscRadar Privacy Policy
1. Introduction
DiscRadar takes your privacy seriously. This Privacy Policy explains what personal data we collect, why we collect it, who we share it with, how long we keep it, and what rights you have under the General Data Protection Regulation (GDPR) and other applicable laws, including Google Play data safety requirements.
By creating an account or using DiscRadar, you confirm that you have read and understood this policy.
Data controller: DiscRadar (operator of the DiscRadar mobile application).
Contact: privacy@discradar.app (replace with your official support email before publication)
2. Age rating
DiscRadar is not directed at children under 13. You must be 13 years of age or older to create an account and use the app. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with data, contact us and we will take steps to delete it.
3. Data encryption
All data sent between the DiscRadar app and our backend services is encrypted in transit using industry-standard HTTPS and TLS. Firebase Authentication, Cloud Firestore, Firebase Storage, and Firebase Cloud Messaging use encrypted connections by default.
Data at rest on Google Cloud infrastructure is protected by Google’s platform security measures. Local caches on your device (see Section 11) are stored in the app’s private storage area and are not shared with other apps.
4. Identifiers & account data (Table A)
| What we collect | Why we collect it | Shared with |
|---|---|---|
| Firebase user ID (UID) | Sign-in, security, linking your data to your account | Google (Firebase Authentication) |
| Email address | Account recovery, moderation, feedback, ban enforcement | Google (Firebase Auth); stored on your profile in Firestore when applicable |
| Sign-in provider (email/password, Google, Facebook) and OAuth tokens exchanged at login | Authentication only; tokens are handled by Firebase Auth, not stored in chat messages | Google (Firebase Auth); Meta (Facebook Login) when you choose Facebook sign-in |
| Display name | Shown in profiles, pins, and chats | Other signed-in DiscRadar users |
| Friend code (4-digit) | Lets friends find and add you | Other signed-in users who search your code |
| FCM device token | Push notifications (new pins on followed courses, chat messages, friend DMs) | Google (Firebase Cloud Messaging). Notification previews may include sender name and a short excerpt of message text. |
Legal basis (GDPR): Performance of a contract (providing the service); legitimate interests (security and abuse prevention). Push notifications rely on your device permission (consent where required).
5. Profile & optional data (Table B)
| What we collect | Why we collect it | Shared with |
|---|---|---|
| Profile photo | Personalise your profile and chats | Other users when your profile or messages are shown; stored in Firebase Storage |
| City, age, gender, bio, disc golf club, rating | Optional profile fields you choose to add | Other signed-in users on profile and chat views |
blockedUserIds (list of user IDs you blocked) |
Safety: hide blocked users’ pins on your map | Stored in Firebase; used for app-side filtering (not published as a public list) |
Legal basis: Contract; legitimate interest (community safety).
6. Location data (Table C) — sensitive
| What we collect | Why we collect it | Shared with |
|---|---|---|
| Device GPS (when you grant location permission) | Centre the map on your position; proximity alerts (“bell”) for new pins within about 1 km of courses you follow | Processed on your device; not sold to advertisers. Map tiles are loaded from Google Maps (see Section 12). |
| Pin coordinates (latitude/longitude + geohash) when you create a pin | Show players on the shared map, link pins to disc golf courses | All authenticated DiscRadar users can see active pins on the map |
Important disclosure: Location permission and pin placement are core to the map and bell experience. If you deny location access, the app can still work with a default map view, but GPS-centred map behaviour and proximity alerts will be limited. Pin locations you place are visible to other players by design.
Legal basis: Contract; consent for device location where required by your OS.
7. User-generated content (Table D)
| What we collect | Why we collect it | Shared with |
|---|---|---|
| Pin text (“chat description”), skill level, game type | Core gameplay and map markers | Authenticated users |
| Pin & group chat messages (text up to ~2,000 characters) | Communication on a pin | Chat participants; push previews via FCM |
| Friend direct messages (text up to ~280 characters) | Private messaging between friends | Recipient; Firebase; push previews via FCM |
| Chat images (JPEG) | Rich chat on pins | Firebase Storage (chat_images/…); URLs in Firestore; participants in the chat |
Legal basis: Contract; legitimate interest (moderation and safety).
8. Retention (data storage duration)
| Data type | Retention |
|---|---|
| Active map pins | Automatically expire and drop out of active queries after approximately 4 hours from creation. |
| Pin and friend chat messages | Retained in Firestore until deleted by users (where allowed), pin/account cleanup, or moderation. Needed for chat history and safety. |
| Reports, ban records, feedback | Retained as long as necessary for moderation, legal compliance, and support (admin access only where rules restrict). |
| FCM tokens | Updated while you use the app; removed when you delete your account or disable notifications. |
| Local caches (Hive, SharedPreferences) | Stay on your device until you clear app data or uninstall. |
9. Social graph (Table E)
| What we collect | Why we collect it | Shared with |
|---|---|---|
Friends list (friends_list: UID, display name, friend code, photo URL) |
Friends feature and chat | Your friends (mutual list updates); Firebase |
| Friend requests (pending) | Add friends by code | Sender and recipient; Firebase |
Friend code lookup (friend_codes) |
Map 4-digit code → user | Firebase (authenticated users only) |
Friend DM threads (friend_chats) |
1:1 messaging | Recipient; Firebase |
10. Moderation & compliance (Table F)
| What we collect | Why we collect it | Shared with |
|---|---|---|
User reports (reporterId, reportedUserId, pinId, details) |
Community safety and admin review | Admins via Firestore |
Ban records (banned_users, banned_emails) |
Enforce suspensions | Firebase; checked at sign-in |
| In-app feedback (topic, description, email, userId) | Support and product improvement | Admins via Firestore; archived copies may move to feedbacks_SAVED |
11. Technical & local data (Table G)
| What | Where it stays | Shared with third parties? |
|---|---|---|
| Language choice, translation cache, sound preferences, friend-request cooldown timestamps | Your device (SharedPreferences) | No (not uploaded as a separate export) |
| Cached friends list for faster UI | Your device (Hive) | No |
| Google ML Kit on-device translation | UI strings translated locally; language models may be downloaded from Google | Google (model delivery only). No ad tracking. |
| Firebase App Check | Fraud and abuse prevention | Google (integrity signals) |
Bundled UI translations for English and Norwegian ship inside the app. Other languages may be generated on-device via ML Kit and cached locally.
12. International transfers & subprocessors (Table H)
DiscRadar uses cloud services that may process data outside your country, including outside the European Economic Area (EEA).
| Subprocessor | Service | Notes |
|---|---|---|
| Google LLC / Google Cloud | Firebase Authentication, Cloud Firestore, Firebase Storage, FCM, App Check, Google Sign-In, Google Maps Platform, ML Kit | Transfers may rely on Standard Contractual Clauses (SCCs) and, where applicable, the EU–US Data Privacy Framework. |
| Meta Platforms | Facebook Login (optional) | OAuth for sign-in only when you choose Facebook. |
| Google Cloud Functions | Server-side push triggers | Deployed in europe-west1 (Belgium) for Firestore-triggered notifications. |
We do not sell your personal data. We do not use Firebase Analytics, Crashlytics, or third-party advertising SDKs in the current app build.
13. Account deletion
You may delete your account from Settings in the app. After you re-authenticate, our AccountDeletionService and AccountDeletionCleanup remove your data from our servers in this order (while your sign-in session is still valid):
- Pins you created — pin documents, their chat messages, and any chat images in Firebase Storage.
- Chat messages you sent — text messages you posted in pin group chats and friend direct messages are permanently deleted from Firestore (including messages on pins owned by other users). Any image attachments linked to those messages are removed from Storage where applicable.
- Social and activity data — your friends list document, incoming and outgoing friend requests, course-follow records, your public friend-code mapping, and feedback you submitted through the app. You are removed from friends’ contact lists where possible.
- Participation metadata on pins — your user ID is removed from
participantIdsandunreadForUserson pins you joined. - Profile and files — your
users/{uid}profile (including notification tokens), avatar (users/avatars/{uid}.jpg), and legacy profile images in Storage. - On-device cache — locally cached friends data (Hive) for your account is cleared.
- Sign-in account — your Firebase Authentication user is deleted and you are signed out.
Chat threads after deletion
- Your text messages are deleted, not merely hidden. Other participants will no longer see message content you sent.
- Thread summaries / metadata only: If you were the last sender in a friend DM thread, we anonymize the chat summary fields (for example
lastSenderIdis set to a genericdeleted_accountvalue,lastSenderDisplayNameto “Deleted user”, and preview text is cleared). We do not keep your display name or photo in those summary fields. - Other users’ messages in conversations you took part in remain unchanged — that content belongs to them.
Reports, ban records, or archived moderation copies may be retained as described in Section 8.
14. Your rights & contact
If you are in the EEA/UK, you may have the right to:
- Access your personal data
- Rectify inaccurate data (edit profile in-app)
- Erase your data (account deletion)
- Restrict or object to certain processing
- Data portability (where applicable)
- Withdraw consent (e.g. disable location or notifications in device settings)
- Lodge a complaint with a supervisory authority (in Norway: Datatilsynet, datatilsynet.no)
To exercise your rights, contact us at privacy@discradar.app or use the in-app Feedback form.
We may update this policy from time to time. Material changes will be reflected in the app and, where required, by notice to users.