BuildUP
BuildUP Privacy Policy
Legal Documentation

Privacy Policy

Effective: April 26, 2026 Version 1.0 Developer: Eduardo (Individual) Platform: Android & iOS
Contents
  1. 1 Introduction & Overview
  2. 2 Data Collection & Storage
  3. 3 Your Rights & Data Management
  4. 4 Security, Compliance & Contact
1

Introduction & Overview

Who we are

BuildUP is an Android and iOS application for habit tracking and focus management. It is developed and maintained by a single individual developer. This Privacy Policy explains, in plain language, what data BuildUP collects, how it is used, where it is stored, and what rights you hold over it.

By using BuildUP, you agree to the terms described in this document. If you do not agree, please discontinue use and contact us at support@buildup-app.com to request deletion of your data.

Privacy commitment
  • We do not use analytics or behavioural tracking tools
  • We do not serve advertisements in the application
  • We never sell or transfer your personal data to third parties
  • Your focus blocker data is stored locally on your device only
  • Premium access is funded by subscription, not by monetising your data
  • We do not use your data to train machine-learning or AI models

At a Glance

Data Collected
Account info, habits, billing status, bug reports
Storage
Local device + optional cloud (Firestore)
Who Can Access
You only — and the developer for support
Can You Delete?
Yes — anytime, from Settings > Account
Third Parties
Firebase, Google Play Billing, Google Sign-In
Jurisdiction
GDPR, CCPA, LGPD, PIPEDA compliant
Data controller
Developer
Eduardo — Individual
Support Email
support@buildup-app.com
Privacy Email
privacy@buildup-app.com
App Platform
Android (Google Play) · iOS (App Store)
↑ Back to top
Page 2 of 4
2

Data Collection & Storage

What We Collect

Authentication Data

Data Type Purpose Storage Retention
Email address Account login, password reset, support Firebase Auth (cloud) Until account deletion
Display name Personalisation (optional, from Google) Firestore (cloud) Until account deletion
Auth method Secure session management Firebase Auth (cloud) Until account deletion

Habit Tracking Data

Habit name, frequency, reminder time, completion records, and progress statistics are collected to power the core functionality of the app. This data is stored locally in a Room database on your device, and optionally backed up to Firestore if you enable cloud sync.

Premium & Billing Data

BuildUP stores your premium status, Google Play purchase token, and expiry date to verify access to paid features. We never process or store your payment card details — all payment handling is managed exclusively by Google Play Billing.

Bug Report Data

When you submit a bug report via Settings > Report Bug, we collect your description, reproduction steps, email address, app version, Android or iOS version, device manufacturer/model, and locale. This data is stored in Firestore and retained for 12 months.

Focus Blocker Data

This data never leaves your device. All focus blocker configuration — including blocked apps, time limits, allowed applications, blocked websites, and session timers — is stored locally in Android SharedPreferences / iOS UserDefaults and your device's local database. It is never transmitted to our servers or any third party.

The Accessibility Service is used to monitor the currently active app in real time, solely to enforce your focus rules. This monitoring is processed in memory only and is not logged, recorded, or transmitted.

You may disable the Accessibility Service at any time in Android Settings Android Settings > Accessibility > BuildUPgt; Accessibility Android Settings > Accessibility > BuildUPgt; BuildUP (Android) or iOS Settings Android Settings > Accessibility > BuildUPgt; Accessibility Android Settings > Accessibility > BuildUPgt; BuildUP (iOS). The focus blocker feature will stop functioning, but all other app features remain available.

Local vs. Cloud Storage

Local (Device Only) Cloud (Firestore)
What is stored Habit data, focus blocker config, reminders, accessibility logs Account profile, habit data (if sync enabled), billing status, bug reports
Technology Room Database + SharedPreferences Firebase Firestore (Google Cloud)
Encryption Android / iOS OS file-level encryption TLS in transit; Google-managed keys at rest
Who can access You only (on your device) You only (enforced by Firestore security rules)
On app uninstall Permanently deleted Remains until account deletion is requested

Permissions Explained

Permission Why We Need It
POST_NOTIFICATIONS Deliver habit reminders at your scheduled times (Android 13+ / iOS)
PACKAGE_USAGE_STATS Detect which app is in the foreground to enforce focus blocker rules
RECEIVE_BOOT_COMPLETED Restart reminder scheduler after the device reboots
WAKE_LOCK Keep the CPU active during focus enforcement in low-power mode
BIND_ACCESSIBILITY_SERVICE Enable the focus blocker service (requires explicit user consent)
Internet Authentication, cloud sync, bug reporting, premium verification
You may revoke any permission at any time in Android Settings Android Settings > Apps > BuildUP > Permissionsgt; Apps Android Settings > Apps > BuildUP > Permissionsgt; BuildUP Android Settings > Apps > BuildUP > Permissionsgt; Permissions, or iOS Settings Android Settings > Apps > BuildUP > Permissionsgt; BuildUP. Some features will become unavailable, but the app will continue to function.

Third-Party Services

Firebase (by Google)

Used for authentication, cloud database (Firestore), and crash reporting. Data is processed under Google's Privacy Policy. Firebase security rules ensure that no user can access another user's data.

Google Privacy Policy ↗

Google Play Billing

Handles payment processing for premium purchases. We receive only the purchase status, token, and expiry date. We do not see or store card numbers, billing addresses, or any payment method details.

Google Sign-In

An optional login method. When used, Google shares your email and display name with us. You control which information is shared through your Google account settings.

What We Do Not Collect

BuildUP explicitly does not collect: analytics or usage metrics, advertising identifiers, location data, contact lists, calendar data, health or medical information, device identifiers (IMEI/IMSI), biometric data, or browser history beyond blocked domain enforcement.
↑ Back to top
Page 3 of 4
3

Your Rights & Data Management

GDPR, CCPA, LGPD and equivalent laws

Your Privacy Rights

Right to Access
Request all data we hold about you in a machine-readable format (JSON or CSV).
Right to Deletion
Request permanent deletion of your account and all associated data.
Right to Portability
Receive your habit data in a portable format to use with other services.
Right to Correction
Update or correct inaccurate personal data held about you.
Right to Restrict
Limit how we process your data — for example, disabling cloud sync.
Right to Object
Object to specific types of data processing at any time.

We respond to all rights requests within 30 days of receipt. To submit a request, contact privacy@buildup-app.com.

How to Delete Your Account

Method 1 — In-App (Immediate)

  1. 1Open the BuildUP app
  2. 2Navigate to Settings
  3. 3Tap Account
  4. 4Tap Delete Account
  5. 5Confirm deletion — all cloud data is removed immediately; local data is cleared on next launch

Method 2 — Email Request (within 30 days)

  1. 1Email support@buildup-app.com
  2. 2Use subject: "Request: Delete My Account"
  3. 3Include the email address associated with your account
  4. 4We will verify your identity and confirm deletion within 30 days
Please note: Billing records may be retained for up to 7 years as required by tax law. These records do not include habit data and cannot be linked to your usage history after account deletion.

Data Retention

Data Type Active Retention After Account Deletion
Habit data While account is active Permanently deleted within 30 days
Authentication data While account is active Deleted immediately
Focus blocker config On device only Deleted on app uninstall
Premium / billing status Until subscription ends + 1 year Kept for 7 years (tax/legal requirement)
Bug reports 12 months Anonymised after 6 months; deleted after 12 months
Accessibility logs 30-day rolling window (device only) Auto-cleared; not transmitted

Exporting Your Data

You may export all your habit data at any time in a portable format.

  1. 1Open the BuildUP app
  2. 2Navigate to Settings > Privacy
  3. 3Tap Export My Data
  4. 4Select format: JSON or CSV
  5. 5The file downloads to your device

Cloud Sync

Cloud Sync is disabled by default. You choose whether to enable it in Settings > Cloud Sync. Even when active, your data is encrypted in transit and accessible only to your authenticated account.

You may disable cloud sync at any time. We recommend exporting your data before doing so if you wish to keep a local backup.

↑ Back to top
Page 4 of 4
4

Security, Compliance & Contact

How we protect your data

Security Measures

In Transit
HTTPS / TLS 1.2+ for all server communication
At Rest (Cloud)
Google-managed encryption keys (Firestore)
At Rest (Device)
Android / iOS OS file-level encryption
Access Control
Firestore security rules — read/write restricted per authenticated user
Audit Logs
Firestore access logs retained for 24 months
Code Security
No hardcoded credentials; server-side input validation

Breach Notification

In the event of a confirmed data breach, we will notify all affected users within 72 hours by email. The notification will specify the nature of the breach, the data involved, and the corrective actions being taken. We will cooperate fully with applicable regulatory authorities.

International Compliance

GDPR — European Union

BuildUP complies with the General Data Protection Regulation for all EU and EEA users, including lawful basis for processing, explicit consent, data subject rights, and 72-hour breach notification. A Data Processing Agreement is available upon request.

CCPA — California, United States

California residents hold the right to know, delete, and opt out of data sales. BuildUP does not sell personal information. The right to non-discrimination for exercising privacy rights is honoured in full.

LGPD — Brazil

BuildUP complies with Lei Geral de Proteção de Dados, including user rights to access, correction, deletion, and portability, and does not transfer data in ways that contravene LGPD transfer restrictions.

PIPEDA — Canada

Collection is consent-based, data accuracy and security requirements are met, and personal information is accessible on request in accordance with PIPEDA.

Children's Privacy

BuildUP is not directed at children under the age of 13. We do not knowingly collect personal information from children. If we become aware that a user is under 13, the account will be deleted immediately and the parent or guardian notified.

In jurisdictions where a higher minimum age applies (e.g., age 16 under GDPR), parental consent is required for users below that age.

Changes to This Policy

We may update this Privacy Policy as the application evolves or as legal requirements change.

  • Minor changes — updated quietly with a revised "Effective" date
  • Material changes — notified by email to all registered users prior to taking effect
  • Continued use of BuildUP following an update constitutes acceptance of the revised policy

Contact

Privacy Requests
privacy@buildup-app.com
Support & Bug Reports
support@buildup-app.com
Response Time
Within 10 business days
In-App Reporting
Settings > Report Bug

Frequently Asked Questions

Local data (habits, focus blocker configuration) is permanently deleted from your device. Cloud data (account profile, synced habits) remains in Firestore until you explicitly delete your account via Settings > Account > Delete Account. If you reinstall and sign back in, your cloud data will be restored.
Completely. All focus blocker data — including blocked apps, time limits, allowed applications, and blocked websites — is stored only on your device. It is never transmitted to our servers or any third party. We have no visibility into which apps or websites you have chosen to restrict.
No. We do not use Google Analytics, Firebase Analytics events, Mixpanel, Segment, Amplitude, or any equivalent service. Crash reports (via Firebase Crashlytics) are collected solely for bug detection and stability improvements, not for behavioural analysis.
Habit data and authentication credentials are deleted within 30 days. Bug reports are anonymised after 6 months and deleted after 12. Billing records are retained for 7 years in accordance with tax law — these records are not linked to your personal profile or usage history after deletion.
Yes, at any time. Navigate to Android Settings > Accessibility > Services > BuildUP and toggle the service off. The focus blocker feature will stop functioning; however, habit tracking, reminders, and all other features remain fully available.
No. BuildUP contains no advertising and uses no ad networks. Your habit data is not used to build behavioural profiles, is not shared with marketers, and is not used to train advertising models. Premium features are funded exclusively by one-time in-app purchases.
We will notify all affected users by email within 72 hours, specifying the data involved, when the breach occurred, and the corrective steps being taken. We will also notify the relevant regulatory authority and cooperate fully with any investigation.
Intellectual Property & Licence

Application Integrity & Anti-Tampering Policy

BuildUP is proprietary software distributed exclusively through authorised channels. By installing or using the application, you agree to the following terms in full. Violation of any provision constitutes a material breach of your licence and may result in civil and criminal liability.

Authorised Distribution

BuildUP is licensed, not sold. The sole authorised distribution channel is the Google Play Store. Any copy of BuildUP obtained from an unofficial source — including third-party APK repositories, torrent sites, mirror sites, or direct file sharing — is unlicensed and may be modified, malicious, or incomplete. Installing such copies voids any support entitlement and may expose your device to security risks.

Prohibited Conduct

The following actions are strictly prohibited and constitute a violation of this licence, applicable copyright law, and international trade treaties:
Category Prohibited Actions
Reverse Engineering Decompiling, disassembling, deobfuscating, or otherwise attempting to derive the source code, algorithms, or internal logic of BuildUP by any means
Modification & Tampering Altering, patching, or modifying the application binary, its resources, assets, configuration files, or any embedded data
Licence Bypass Circumventing, disabling, or spoofing the in-app purchase verification system, premium status checks, or any licence enforcement mechanism to obtain paid features without payment
Cracking & Piracy Creating, distributing, or using a cracked, patched, or modified version of BuildUP that bypasses any protection, restriction, or paywall
Repackaging & Redistribution Repackaging, re-signing, forking, or redistributing BuildUP — in whole or in part — under any name, with or without modification, through any channel
Emulation & Instrumentation Hooking into the application process using frameworks such as Frida, Xposed, LSPosed, Magisk modules, or equivalent tools to intercept, modify, or replay internal function calls, network requests, or billing responses
Root / Privilege Abuse Using root access, ADB commands, or system-level privileges to manipulate BuildUP's local database, SharedPreferences, or internal state in ways not intended by the application
Anti-Circumvention Circumventing any technical protection measure (TPM) in violation of the Digital Millennium Copyright Act (DMCA), EU Copyright Directive (EUCD), or equivalent national legislation

Consequences & Enforcement

Violations of this policy are taken seriously. The following actions may be taken, individually or in combination, at our sole discretion:

Severity Consequence
Immediate Permanent revocation of your licence to use BuildUP without notice or refund
Immediate Suspension or permanent termination of your account and deletion of associated data
Immediate Reporting of the violation to Google Play, app store platforms, and relevant hosting providers via DMCA takedown or equivalent notices
Civil Civil legal action seeking injunctive relief and monetary damages, including actual damages, statutory damages, and recovery of legal costs
Civil Claims for unjust enrichment where premium features were obtained without payment
Criminal Referral to law enforcement authorities where conduct constitutes criminal copyright infringement, computer fraud, or unauthorised access under applicable law
Criminal Cooperation with investigations under the Computer Fraud and Abuse Act (CFAA), EU Directive on Attacks Against Information Systems, or equivalent national statutes

Premium Feature Integrity

BuildUP's premium features are protected by server-side purchase verification through Google Play Billing. Purchase tokens are validated against Google's servers on each session. Any attempt to spoof, replay, or fabricate a valid purchase token constitutes fraud and may result in legal action in addition to account termination.

We actively monitor for licence violations. Detection methods include server-side token validation, integrity attestation (Google Play Integrity API), and anomaly detection on purchase patterns. Accounts flagged for fraudulent premium activation will be terminated without refund or appeal.

Accessibility Service Integrity

The Accessibility Service granted to BuildUP is provided by the user for the sole purpose of enforcing focus blocker rules. Any attempt to exploit, hijack, or extend the Accessibility Service's scope beyond its declared function — whether through hooking frameworks, malicious overlay apps, or other means — constitutes a violation of this policy and Android platform terms.

Reporting a Violation

If you become aware of a cracked version of BuildUP being distributed, a piracy repository, or any other violation of this policy, please report it promptly. Reports are treated confidentially.

Report Piracy / Cracking
security@buildup-app.com
DMCA Notices
legal@buildup-app.com
Subject Line
"Piracy Report: [brief description]"

Legal Basis

These provisions are enforceable under, among others: the Berne Convention for the Protection of Literary and Artistic Works, the WIPO Copyright Treaty, the Digital Millennium Copyright Act (DMCA), the EU Software Directive (2009/24/EC), the EU Copyright Directive (2001/29/EC), and applicable national copyright and computer misuse legislation. Statutory damages for wilful copyright infringement under US law may reach USD $150,000 per work infringed.

Legal

Disclaimers

  • Warranty: BuildUP is provided on an "as is" basis, without warranty of any kind. We are not liable for data loss resulting from device failure, operating system issues, or uninstallation.
  • User responsibility: You are responsible for maintaining backups of your data. We recommend exporting your data regularly via Settings > Privacy > Export My Data.
  • Third-party terms: Firebase, Google Play, and Google Sign-In are subject to their own terms of service and privacy policies. We encourage you to review them.
  • Service changes: We reserve the right to modify or discontinue features with reasonable notice to users.
  • Governing law: This policy is governed by the applicable laws of the developer's jurisdiction. Disputes will be resolved through direct communication in the first instance.
↑ Back to top