EquiWork Privacy Policy
Last Updated: May 2026
Data Controller: Ivaanova Tech (ivaanovatech@gmail.com)
1. What Data We Collect
Local data (stored ONLY on your device, never uploaded)
- Work session timestamps (start/end times, break/lunch/commute states)
- Work location preference (WFH / Office / Hybrid — not GPS coordinates)
- Break durations and types
- Work-life balance scores (computed locally)
- Achievement / Brag Doc entries (titles and free-text)
- Work settings (weekly hours, work days, work pattern, reminders, quiet hours)
- Activity log entries
- Daily check-in scores and notes (when not synced — see Cloud data below)
- Burnout assessment results (when not synced — see Cloud data below)
Account data (whenever you sign in — free, trial, or paid)
If you create an account in EquiWork (email/password or Google Sign-In), we receive:
- Email address (from email/password signup or Google Sign-In)
- Display name and profile photo URL (Google Sign-In only, if you grant the permission)
- Firebase Authentication user ID (an internal opaque identifier)
You can use the app without an account (free, on-device only). Signing in is required to enable cloud backup, restore on a new device, and subscription management.
Cloud data (only when you enable Cloud Backup in Settings)
When Cloud Backup is enabled, we store the following in Google Firebase Firestore (region: asia-south1, Mumbai, India):
- Daily summaries — aggregated per-day totals: work minutes, break minutes, commute minutes, WLB score, location breakdown. We do not upload raw start/stop timestamps of individual sessions.
- Daily check-ins — your subjective wellbeing score, mood label, optional free-text note, and the insight selected. This may include reflections about how you feel at work; treat it as sensitive.
- Work Pulse Assessment results — scores from EquiWork's original 12-item self-reflection assessment (Energy Depletion, Work Detachment, Cognitive Overload, Emotional Strain). This is wellbeing data and is treated with the same sensitivity as health data under GDPR Article 9 even though it is not a clinical diagnosis.
- Achievements — titles and timestamps you choose to record.
- Profile fields — your chosen display name, optional company name, profile photo path/URL, and a subset of work settings (weekly hours, work days, work pattern, location preference).
Analytics & diagnostics
By default, the app sends anonymous usage analytics and crash reports to Google Firebase. You can turn analytics off at any time under Settings → Privacy Controls → Analytics.
- Firebase Analytics (opt-out via in-app toggle):
- Default events:
app_open, app_remove, screen_view, first_open
- Custom events: lifecycle and feature usage such as
work_session_started, paywall_viewed, pdf_export_completed, onboarding_completed, trial_started, trial_expired, checkin_baseline_completed, burnout_test_started, notification_permission_denied (~40 event types in total)
- User properties:
subscription_tier, trial_status
- Firebase Analytics also derives approximate location (country/region) from IP address, plus device model, OS version, app version, and language. We do not collect precise location.
- Default Analytics retention: 14 months (configurable in Firebase Console).
- Firebase Crashlytics (release builds only):
- Stack traces, breadcrumbs, device model, OS version, app version
- One custom key:
subscription_tier
- No raw user identifiers, emails, or auth tokens are attached
- Default retention: ~90 days
Purchase data
- Subscription status and entitlements managed by Adapty (adapty.io)
- When you sign in, your Firebase Authentication user ID is sent to Adapty so your subscription can be linked across devices
- Purchase receipts are processed by Google Play and (in future) Apple App Store
- We do not see, store, or process your payment card details
A note on methodology and AI use
The Work Pulse Assessment is an original instrument developed by EquiWork. It is not derived from any published clinical or academic scale. We do not use AI, large language models, or any third-party model service to generate insights, suggestions, or reflection content; all surfaced text comes from a curated static library or deterministic templates composed from your own data.
2. What We Never Collect
- GPS location or precise coordinates
- Contacts, photos (other than the profile photo you choose), or files
- Browsing history, keystrokes, or screen content
- Your employer's data, internal systems, or networks
- Activity from other apps
- Advertising identifiers (we explicitly remove the Android
AD_ID permission)
3. How We Use Your Data
| Purpose | Data used | Lawful basis (GDPR) |
| Provide the core time-tracking feature | Local session data | Contract |
| Compute WLB / Mind / burnout scores | Local data, optionally cloud-synced | Contract |
| Generate PDF reports | Local data | Contract / your direction |
| Cloud backup and multi-device restore | Cloud data | Consent (you toggle Cloud Backup on) |
| Subscription management | Email, Firebase UID, purchase receipts | Contract |
| Improve the app and prioritise features | Firebase Analytics events | Consent (opt-out toggle) |
| Detect and fix crashes | Crashlytics reports | Legitimate interest |
| Service security (App Check, abuse prevention) | App Check tokens | Legitimate interest |
4. Who We Share Data With
| Service | Purpose | Data shared | Processor location |
| Google Firebase (Auth, Firestore, App Check, Analytics, Crashlytics) — policy |
Backup, authentication, analytics, crash reporting |
Cloud data items above; analytics events; crash diagnostics |
Firestore: asia-south1 (Mumbai, India). Analytics & Crashlytics: Google global infrastructure (primarily US/EU). |
| Adapty (policy) |
Subscription entitlement management |
Firebase Authentication user ID; purchase receipts; subscription status |
United States |
| Google Play Billing (policy) |
Payment processing |
Purchase transactions |
Google global infrastructure |
| Apple App Store (future iOS release) (policy) |
Payment processing |
Purchase transactions |
Apple global infrastructure |
We never share data with employers, advertisers, data brokers, or any other third parties beyond those listed above. We do not sell personal data.
For users in the EU/EEA and UK, transfers of personal data to processors outside your country (including India and the United States) are made under the European Commission's Standard Contractual Clauses (SCCs) and the relevant supplementary measures of each processor (Google Cloud DPA, Adapty DPA).
5. Data Retention & Deletion
- Local data: kept until you delete the app, clear app data, or use Settings → Privacy Controls → Delete All Data.
- Cloud data (Firestore): kept until you delete your account via Settings → Delete Account, or until you turn Cloud Backup off (which removes the synced copy).
- Account deletion: triggered from in-app, removes Firebase Authentication record, all Firestore documents, secure storage, and local Isar database. If the deletion is interrupted (network failure, force-quit), the app automatically retries it on the next launch until completion.
- Firebase Crashlytics: Google's default retention is approximately 90 days for crash data.
- Firebase Analytics: default retention is 14 months for event-level data; aggregated reporting may persist longer per Google's standard policies.
- Adapty: subscription records are retained per Adapty's data-retention policy (see adapty.io/privacy).
If you have already uninstalled the app
To delete your cloud data without reinstalling, email ivaanovatech@gmail.com from the address associated with your account. We may ask a brief verification question to confirm ownership. Cloud data will be purged within 7 business days of verification.
6. Your Rights
Under GDPR (EU/EEA), UK GDPR, and India's DPDP Act, you have the right to:
- Access — view your data via the in-app Activity Log, Analytics, and Settings screens.
- Correct — edit time entries, settings, and check-in entries inside the app.
- Delete — Settings → Delete Account permanently erases your cloud data and Firebase Auth account; Settings → Privacy Controls → Delete All Data clears local storage.
- Export — PDF export contains your work history; ask us at the email below for a structured-format (CSV/JSON) export of cloud data.
- Withdraw consent — turn off Analytics and/or Cloud Backup at any time in Settings.
- Data portability — PDF and CSV/JSON exports are provided on request.
- Object — to legitimate-interest processing (crash reports) by uninstalling the app.
- Lodge a complaint — you may complain to your local data-protection authority (e.g. ICO in the UK, CNIL in France, the Data Protection Board of India).
To exercise any of these rights, use the in-app features or email us at the address below. We aim to respond within 30 days.
7. Data Security
- Subscription data is encrypted at rest using the platform keystore (Android Keystore / iOS Keychain) via
flutter_secure_storage.
- All network communication uses HTTPS/TLS.
- Firebase App Check (Android Play Integrity) gates Firestore and Auth API access against client tampering.
- Cloud data is stored in Firebase Firestore with Google's enterprise security controls and per-user access rules (default deny; only the document owner can read/write their own data).
- Android system backup via USB/ADB is disabled (
allowBackup="false", dataExtractionRules excludes all domains).
- No personal data is written to the device's external/shared storage in plaintext.
- Release builds are R8-minified, obfuscated, and ship with
--split-debug-info so reverse engineering is meaningfully harder.
8. Children
EquiWork is not directed at children. We do not knowingly collect personal data from anyone under the age of 13, or under the age of digital consent set by your local jurisdiction (which varies between 13 and 16 in EU member states). If you believe a child has provided us with personal data, please contact us at the email below and we will delete it.
9. International Data Transfers
EquiWork is operated from India by Ivaanova Tech.
- Cloud Firestore (your daily summaries, check-ins, achievements, profile fields): stored in Google's
asia-south1 region (Mumbai, India).
- Firebase Analytics & Crashlytics (usage events and crash reports): processed on Google's global infrastructure, primarily in the United States and EU.
- Adapty (subscription management): processed on Adapty's infrastructure in the United States.
- Google Play / Apple Store payment processing: processed on the respective platform's global infrastructure.
If you are located in the EU/EEA or UK, your personal data is transferred outside your country to processors that have committed to either the European Commission's Standard Contractual Clauses, an approved certification scheme (e.g. EU-US Data Privacy Framework where applicable), or other safeguards required by applicable data-protection law.
10. Changes to This Policy
We may update this privacy policy from time to time. The "Last Updated" date at the top will change. Continued use of the app after changes constitutes acceptance of the updated policy. For material changes (new categories of data collected, new processors, new transfer regions), we will notify you via an in-app notice before the change takes effect.
11. Contact
For privacy questions, data subject requests, or concerns:
Email: ivaanovatech@gmail.com
We do not currently maintain a Data Protection Officer or an EU/UK Article 27 representative. If your enquiry concerns EU/UK data subject rights and you do not receive a response within 30 days, you may also contact your local supervisory authority.
This privacy policy applies to the EquiWork Time Track mobile application (Android, with iOS planned), available on Google Play and the Apple App Store. App version covered: v1.0.5+28 and later, until superseded.