TipPressure — Privacy Policy

Who we are

TipPressure (“we”, “us”) provides a mobile app that helps people discover places and share tipping-pressure feedback.

Scope

This policy covers the TipPressure Android app and our minimal web resources (e.g., the account-deletion page).

1) Data we collect and why

1.1 Account & identifiers

• Email address and basic profile via Firebase Authentication (Google Sign-In or Email/Password).
• User ID (UID) generated by Firebase.
• Why: create and secure your account; let you submit/manage reviews; restore access.

1.2 Content you provide

• Reviews/ratings/notes you submit.
• Saved places and in-app preferences.
• Why: show your content, compute aggregates, sync across sessions.

1.3 Location, maps, and place search (foreground only)

• Precise/approximate location while you are using the app to show the map, center nearby results, or search for restaurants and other places.
• Mapbox receives the map viewport, search text or selected category, coordinates needed for map tiles/search/discover results, IP address, and device/app metadata when Mapbox maps or search features are used.
• We do not track location in the background and do not run geofences.
• We do not store your live location in our database; it’s used transiently for the current map/search request. We may store coarse usage counters tied to your account or installation ID to enforce Mapbox quota and anti-abuse limits.

1.4 Device & app metadata

• Device model, OS/app version, basic network info.
• Why: keep the app working, prevent abuse (App Check / Play Integrity), and troubleshoot issues.

1.5 Analytics, diagnostics & performance (Firebase Analytics + Crashlytics + Performance Monitoring)

• App-open, login, search/detail, session, and stability events; crash reports and stack traces; device state (model, OS/app version), app logs related to the crash; network/render timing and HTTP URL patterns (no payloads) to measure performance.
• Why: understand basic app usage, fix crashes, improve stability, and spot slowness. Controlled by Settings → Privacy → Share data usage (off by default); we respect that toggle for Firebase Analytics, Crashlytics, and Performance Monitoring.

1.6 Advertising (Google AdMob)

• When ad banners are enabled, including banner placements shown with the map experience, the ads SDK may use Advertising ID, IP address, coarse location, device/app metadata, and ad interaction signals to load, personalize where permitted, limit, and measure ads.
• Google’s consent form is checked at app launch only when at least one banner placement is enabled and Google requires an ad privacy message for your region.
• Ad privacy choices are managed through Google’s form when it is required, and Android device settings may let you reset or limit use of your Advertising ID.

2) Data sources, SDKs, and third parties

• Firebase (Google): Authentication, Firestore (data storage), Cloud Functions for server-side Mapbox token/quota requests, App Check / Play Integrity (anti-abuse), Firebase Analytics (basic app events; honors your Share data usage toggle), Crashlytics (crash reporting; honors your toggle), and Performance Monitoring (aggregated app/network timing; honors the same toggle).
• Maps & places: Mapbox maps, Search, and Discover power the in-app map and nearby place search. Mapbox may receive map viewport, coordinates, search/category queries, IP address, user agent, device identifiers made available by the SDK, and diagnostic data needed to provide maps and search results. We use temporary Mapbox tokens requested through Firebase Cloud Functions rather than embedding a secret token in the app.
• Fallback/legacy place sources: OpenStreetMap/Overpass (HTTPS) and map/tile providers may still be used for some place or map data. When used, those providers receive your IP address, user agent, and the coordinates needed to answer the query.
• Advertising: Google AdMob (ads SDK present; Google’s consent flow is checked before ad requests only when banner placements are enabled and a Google ad privacy message is required). Ads may appear with the map experience but are served by Google, not Mapbox.
• External intents: If you tap “Open in Maps,” we pass the venue to your chosen maps app; their privacy policy applies.

3) How we use data (legal bases)

• Provide the service (account, sign-in, show nearby venues, submit/manage reviews). Legal basis: contract/performance at your request.
• Security & abuse prevention (rate limits, App Check / Play Integrity). Legal basis: legitimate interests.
• Communications (account or legal notices; deletion confirmations). Legal basis: legitimate interests / legal obligations.
• Maps and place search: display Mapbox maps, fetch Mapbox Search/Discover results, issue temporary Mapbox tokens, and enforce usage limits for cost control and abuse prevention. Legal basis: contract/performance at your request; legitimate interests for security, quota, and abuse prevention.
• Advertising (if enabled): show, limit, personalize where permitted, and measure ads; where required, Google’s ad privacy form collects the applicable consent before ad requests. Legal basis: consent where required; legitimate interests where consent is not required.

4) Sharing and disclosure

We don’t sell personal data. We share only with:

• Service providers/processors (Google/Firebase; Google AdMob; Mapbox; fallback map/tile/Overpass providers) to run, secure, measure, and monetize the app.
• Legal/safety if required by law, to protect rights, or investigate abuse.
• Other users: content you submit (e.g., reviews) may be visible in the app; we don’t show your email.
• Business transfers: if TipPressure is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, data may be disclosed or transferred as part of that transaction, subject to this policy and applicable law.
• Aggregate or de-identified insights: we may share statistics that do not identify you, such as city-level trend summaries or aggregate tipping-pressure metrics.

Legal or takedown notices: send to legal@tippressure.com so we can review and respond.

5) Retention

• Account & reviews: kept until you delete your account or remove the review.
• Location used for map/search: processed in-session for map display and place results; your live location is not stored in our database.
• Mapbox quota and temporary-token records: retained for a limited period necessary to operate, audit, and control map/search usage.
• Security logs/anti-abuse signals: retained for a limited period necessary to protect the service.
• Minimal records may be retained if required for fraud prevention or legal obligations.

6) Your choices & rights

• Delete account: in-app via Settings → Privacy → Delete account, or via https://delete.tippressure.com if you prefer submitting online.
• Export data or access/correction: email privacy@tippressure.com; we’ll provide JSON/CSV.
• Ad privacy: when ad banners are enabled and Google requires a privacy options form for your region, manage those choices in Settings → Privacy → Manage Google ad privacy choices.
• Map/location choices: you can deny location permission and still search manually, though nearby results and centering on your location may be limited.
• Rights available to you (e.g., access, correction, deletion, portability, objection, and opt-out of certain targeted advertising or data sales/sharing where required) depend on your region (EU/EEA/UK, certain US states). We’ll honor valid requests.
• California/US: We do not currently “sell” or “share” personal information as defined by CPRA for cross-context behavioral advertising. If that changes, we will update this policy before doing so and provide required opt-out controls such as a “Do Not Sell or Share My Personal Information” mechanism.

7) International transfers

We use Google Cloud/Firebase, Google AdMob, and Mapbox; data may be processed outside your country. Standard contractual protections offered by those providers apply where required.

8) Children

Not intended for children under 13 (or the age required in your jurisdiction). We don’t knowingly collect data from children.

9) Security

We use industry-standard protections and Google App Check/Play Integrity to reduce abuse. No system is perfectly secure.

10) Changes

We’ll post updates here and change the effective date. For material changes, we’ll notify you in-app or on our website.