# 25. Privacy Policy & Data Safety Form

meta:
  id: android-production-25
  feature: android-production
  priority: P1
  depends_on: []
  tags: [compliance, play-store, privacy, production]

objective:
- Complete the Google Play Data Safety form and ensure privacy policy compliance for Android app

deliverables:
- Data Safety form completed in Play Console
- Privacy policy page live
- Data collection audit
- Security practices documentation

steps:
1. Audit data collection:
   - Review all data collected by app:
     - Contact info (name, email)
     - Voice recordings (VoicePrint)
     - Phone numbers (SpamShield)
     - Device info (for analytics)
     - Location (if used)
   - Review third-party SDK data collection:
     - Firebase Analytics
     - Firebase Crashlytics
     - FCM
     - Any other SDKs
2. Complete Data Safety form:
   - Log into Play Console → App content → Data safety
   - Answer all questions accurately:
     - Does app collect/share data?
     - Types of data collected
     - Purposes of collection
     - Whether data encrypted in transit
     - Whether deletion requested
     - Independent security review (if applicable)
3. Declare data types:
   - Location (approximate or precise)
   - Personal info (name, email, phone)
   - Financial info (if in-app purchases)
   - Health and fitness (not applicable)
   - Messages (not applicable)
   - Photos and videos (document scans)
   - Audio files (voice recordings)
   - Files and docs (not applicable)
   - Calendar (not applicable)
   - Contacts (not applicable)
   - App activity (analytics)
   - App info and performance (crash logs)
   - Device IDs (for analytics)
4. Document security practices:
   - Data encrypted in transit (TLS 1.3)
   - Data encrypted at rest (EncryptedSharedPreferences)
   - User can request deletion
   - Independent security review (if available)
5. Link privacy policy:
   - Ensure privacy policy URL is accessible
   - Link from Play Store listing
   - Link from app settings
6. Update for changes:
   - Re-audit when adding new features
   - Update Data Safety form for new data collection
   - Update privacy policy

tests:
- Compliance: Data Safety form complete and accurate
- Legal: Privacy policy reviewed
- Technical: Data collection matches declaration

acceptance_criteria:
- Data Safety form 100% complete in Play Console
- All data types accurately declared
- Collection purposes clearly stated
- Encryption in transit declared
- Deletion mechanism declared
- Privacy policy URL live and accessible
- Privacy policy covers all data collection
- Third-party SDK data collection documented
- Security practices documented
- Form accurate and honest (no false claims)

validation:
- Play Console → Data Safety section complete
- Review answers → all accurate
- Check privacy policy → covers all declared data
- Test deletion request → process works
- Verify encryption → TLS 1.3 active

notes:
- Google strictly enforces Data Safety form accuracy
- False claims can lead to app suspension
- Update form whenever adding new data collection
- Privacy policy must be accessible without login