Birdex Privacy Policy

Privacy Policy for BirdexLast Updated: February 9, 2026
Effective Date: February 9, 20261. IntroductionBirdex ("we," "our," "us," or "the App") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Birdex mobile application on iOS and Android.By using Birdex, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not use the App.2. Information We Collect2.1 Account InformationBirdex offers platform-specific sign-in:iOS: When you create an account using Apple Sign-In, we collect your Apple ID identifier, email address (if you choose to share it), and display name. We do not store your Apple ID password. Authentication is handled securely by Apple.Android: When you create an account using Google Sign-In, we collect your Google account identifier, email address, and display name. We do not store your Google account password. Authentication is handled securely by Google.Both sign-in methods flow through Supabase Auth, our unified backend authentication service.2.2 Bird Sighting DataWhen you log bird sightings, we collect and store:- Bird species information (which bird you identified)
- Sighting count (number of birds observed)
- Date and time of the sighting
- Location data (GPS coordinates — only when you actively log a sighting and grant permission)
- Location name (human-readable place name, if provided)
- Observation notes (optional text you add)
- Photos (optional images you upload)2.3 Location DataBirdex collects precise location data only when you actively create a bird sighting and grant location permissions.- Location is NOT tracked in the background
- Location is only collected when you log a sighting or save a location
- Location data is stored with your sighting records to show where you spotted birds
- You can control location permissions in your device settings:
iOS: Settings > Birdex > Location
Android: Settings > Apps > Birdex > Permissions > LocationLocation data is used to:
- Record where you saw birds
- Display your sightings on a map within the app
- Store your saved locations for quick selection when logging future sightingsWe do NOT:
- Track your location continuously or in the background
- Share your location with third parties
- Use location for advertising or analytics2.4 Saved LocationsYou may choose to save frequently used birding locations for convenience. Saved locations include a user-defined name, GPS coordinates (latitude/longitude), and an optional description or address. Saved locations are stored on our servers and are only accessible to you.2.5 Photos and MediaWhen you upload photos of bird sightings:- Photos are compressed and resized before upload to reduce file size (maximum 1 MB)
- Photos are stored securely in cloud storage (Supabase Storage)
- Photos are associated with your sighting records
- Photos are only visible to you (not shared publicly or with other users)
- On Android, EXIF orientation data is used to correctly display your photos; on iOS, original photo metadata may be preservedWe do NOT:
- Access photos outside of the app's sighting logging feature
- Share your photos with third parties
- Use your photos for any purpose other than displaying your bird sightings2.6 Social and Friends DataBirdex includes optional social features. If you choose to use them, we collect and display:- Friend code (a unique, shareable code used to connect with other players)
- Friend relationships (who you have added as a friend and who has added you)
- Friend requests (sent and received, including sender display name, avatar, and level)
- Limited profile information visible to friends: display name, avatar, level, species count, badges count, sightings count, and photos count
- Leaderboard data: your rank, level, and species count compared to friends and globallySocial features are opt-in. You must actively add friends using friend codes. Your bird sightings, photos, location data, and detailed progress remain private and are never shared with other users.2.7 Usage and Diagnostic DataWe automatically collect certain technical information for diagnostic and improvement purposes:On both platforms:
- Crash reports (via Sentry) — helps us identify and fix bugs
- Error logs — helps us improve app stability
- Device information — OS version and device model (anonymized)
- App performance metrics — loading times and feature usage patterns
- Session data — when you use the app and for how longOn iOS only:
- Anonymized analytics events (via Mixpanel) — screen views, session duration, and feature usage. Events are tracked using your anonymous user ID only (no personally identifiable information). Mixpanel data is stored on EU servers (EU data residency). We do not use Mixpanel for advertising, profiling, or tracking across other apps.2.8 Game Progress DataWe store your game progress and achievements:- Player level and experience points (XP)
- Card collection progress (which birds you've seen and card levels)
- Achievement badges (earned and uncollected)
- In-app currency (seeds balance)
- Login streaks (current and best streaks)
- Daily quest progress and completion
- Daily quiz attempts, hints used, and completion
- Avatar customization (selected avatar and unlock status)
- Card cosmetics (background and pattern customizations applied to bird cards)
- Cosmetic inventory (items purchased or unlocked with in-game currency)
- Favorite birds (stored locally on your device)
- Global rank and percentile among all players2.9 Giveaway and Promotional DataIf you view in-app giveaways or promotions, we record whether you have seen a particular giveaway (to avoid repeat display). No entry forms, payment details, or additional personal data are collected through giveaways.2.10 Offline DataIf you log a sighting while offline, sighting data (including any photo) is temporarily stored on your device in a local queue. Data is automatically synced to our servers when your internet connection is restored. The local queue is cleared after successful sync.2.11 Data We Do NOT CollectBirdex does NOT collect:- Contacts or address book
- Calendar data
- Health or fitness data
- Financial or payment information
- Precise location in the background
- Data from other apps
- Advertising identifiers (IDFA on iOS or Android Advertising ID)
- Passwords (authentication is handled by Apple or Google)3. How We Use Your Information3.1 Provide Core App Functionality
- Authenticate your account via Apple Sign-In (iOS) or Google Sign-In (Android)
- Store and display your bird sightings
- Calculate rewards, XP, and player progression
- Track your card collection and achievements
- Display your sightings on maps
- Manage your profile and settings
- Enable social features (friends, leaderboard)3.2 Improve the App
- Fix bugs and crashes
- Analyze app performance and usage patterns (anonymized)
- Develop new features based on user behavior
- Optimize user experience3.3 Ensure Security and Integrity
- Prevent fraud and abuse
- Verify user authenticity via server-side validation
- Protect against unauthorized access
- Maintain data integrity and prevent manipulation3.4 Legal Compliance
- Comply with applicable laws and regulations
- Respond to legal requests and prevent harm
- Enforce our Terms of Service4. Data Storage and Security4.1 Where Your Data is StoredYour data is securely stored using Supabase, a third-party cloud database and authentication service built on PostgreSQL and hosted on secure servers.- Database: PostgreSQL with PostGIS (for geographic location data)
- Storage: Supabase Cloud Storage (for photos and media assets)
- Authentication: Supabase Auth (with Apple Sign-In on iOS and Google Sign-In on Android)4.2 Local Storage on Your DeviceBirdex stores limited data locally on your device:iOS: UserDefaults for preferences and session state; Keychain for authentication tokens; offline sighting queue as a local file; image cache (up to 50 MB in memory, 200 MB on disk).Android: SharedPreferences for preferences, favorite birds, and onboarding status; offline sighting queue for pending sightings; image cache managed by the Coil library.Local data is not encrypted beyond the protections provided by your device's operating system.4.3 Security MeasuresWe implement industry-standard security measures:- Encryption in transit: All data transmission uses HTTPS/TLS encryption
- Encryption at rest: Data stored on servers is encrypted
- Secure authentication: Platform-specific sign-in with cryptographic token validation
- Server-side validation: All game logic executed server-side to prevent tampering
- Access controls: Strict database row-level security policies
- User ID hashing: Sentry error logs use hashed user identifiers for privacy
- Certificate pinning: iOS implements SSL/TLS certificate pinning for additional security
- Photo upload validation: File paths are validated to prevent path traversal attacks
- Regular security updates: Dependencies and infrastructure kept up to date4.4 Data RetentionWe retain your data for as long as your account is active, as necessary to provide our services, or as required by law to resolve disputes.You may request deletion of your account and all associated data at any time by contacting us (see Section 11).5. Third-Party ServicesBirdex integrates with the following third-party services:5.1 Supabase (Database and Storage)
Purpose: Backend database, authentication, and file storage
Data shared: All user data, sightings, photos, and game progress
Privacy Policy: supabase.com/privacy5.2 Sentry (Crash Reporting)
Purpose: Error tracking, crash reporting, and performance monitoring
Data shared: Crash logs, error messages, device information, hashed user IDs, performance samples (20% of sessions)
Data NOT shared: Network connectivity errors, HTTP 404 errors, and rate limit errors are filtered out before sending
Privacy Policy: sentry.io/privacy5.3 Apple Sign-In (iOS Authentication)
Purpose: User authentication on iOS
Data shared: Apple ID token, email (if you choose to share)
Privacy Policy: apple.com/legal/privacy5.4 Google Sign-In (Android Authentication)
Purpose: User authentication on Android
Data shared: Google account token, email, display name
Privacy Policy: policies.google.com/privacy5.5 Google Play Services (Android)
Purpose: Location services (Fused Location Provider), in-app review prompts, and app version management
Data shared: Location coordinates (only when logging sightings), app review interactions
Privacy Policy: policies.google.com/privacy5.6 Mixpanel (Analytics — iOS Only)
Purpose: Anonymized usage analytics to understand feature engagement and improve the app
Data shared: Anonymous user ID (UUID only), screen views, session duration, feature interaction events. No personally identifiable information is sent to Mixpanel.
Data residency: EU servers
Privacy Policy: mixpanel.com/legal/privacy-policy5.7 What We Do NOT Use
- Advertising networks or ad trackers
- Social media sharing integrations
- Third-party cookies
- Facebook, Google Analytics, or similar profiling services6. Data Sharing and Disclosure6.1 We Do NOT Sell Your DataWe do not sell, rent, or trade your personal information to third parties for marketing or advertising purposes.6.2 Limited SharingWe may share your information only in the following circumstances:- Service Providers: With Supabase, Sentry, Mixpanel, Apple, and Google to provide app functionality (as described in Section 5)
- Legal Requirements: If required by law, court order, or governmental request
- Safety and Security: To protect the rights, property, or safety of Birdex, our users, or the public
- Business Transfers: In connection with a merger, acquisition, or sale of assets (users will be notified)6.3 Social FeaturesIf you choose to use Birdex's social features:- Your display name, avatar, level, and species count are visible to users you have added as friends
- Your friend code can be shared by you with others to allow them to send you a friend request
- Your rank may appear on the friends leaderboard visible to your friends
- Your bird sightings, photos, location data, notes, and detailed progress are never shared with other usersIf you do not add any friends, no other user can see your profile or data.7. Your Rights and Choices7.1 Access Your Data
You can view all your data within the app: profile information, bird sightings and photos, card collection and progress, achievement badges, and friends list and leaderboard.7.2 Correct Your Data
You can update your display name and avatar customization within the app.7.3 Delete Your Data
You have the right to request account deletion (permanently delete your account and all associated data) or a data export (receive a copy of your data in a portable format). To request deletion or export, contact us at the email provided in Section 11.7.4 Revoke PermissionsYou can control app permissions at any time:iOS:
- Location: Settings > Birdex > Location
- Camera: Settings > Birdex > Camera
- Photos: Settings > Birdex > PhotosAndroid:
- Location: Settings > Apps > Birdex > Permissions > Location
- Camera: Settings > Apps > Birdex > Permissions > CameraRevoking permissions may limit certain app features (e.g., you cannot log sightings with location if location permission is denied).7.5 Withdraw Consent
You may stop using the app at any time and request account deletion to withdraw consent for data processing.8. Children's PrivacyBirdex is NOT intended for children under the age of 13 (or the minimum age in your jurisdiction).We do NOT knowingly collect personal information from children under 13. If we discover that we have collected data from a child under 13, we will delete it immediately.Parents/Guardians: If you believe your child has provided personal information to us, please contact us immediately.9. International Data TransfersBirdex is operated from and uses servers located in various jurisdictions. Your data may be transferred to, stored, and processed in countries outside your country of residence.By using Birdex, you consent to the transfer of your information to countries that may have different data protection laws than your jurisdiction.We ensure that all data transfers comply with applicable data protection laws, including GDPR (for EU users) and other regional regulations. Mixpanel analytics data (iOS) is stored on EU servers.10. Region-Specific Privacy Rights10.1 California Residents (CCPA)If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):- Right to Know: Request disclosure of personal information we collect, use, and share
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: Opt-out of the sale of personal information (we do NOT sell data)
- Right to Non-Discrimination: We will not discriminate against you for exercising your rightsTo exercise these rights, contact us at the email in Section 11.10.2 European Economic Area (GDPR)If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR):- Right to Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of your data ("right to be forgotten")
- Right to Restrict Processing: Limit how we use your data
- Right to Data Portability: Receive your data in a portable format
- Right to Object: Object to processing of your data
- Right to Withdraw Consent: Withdraw consent for data processing at any timeLegal Basis for Processing (GDPR):
- Consent: You consent to data collection when using the app
- Contractual Necessity: To provide the app's core functionality
- Legitimate Interests: To improve the app and ensure securityTo exercise your rights, contact us at the email in Section 11.10.3 Other JurisdictionsIf you reside in a jurisdiction with specific privacy laws (e.g., Brazil's LGPD, Australia's Privacy