9.6 KiB
Google Play Data Safety Form — Kordant Android
Last updated: 2026-06-01
Package:com.kordant.android
Instructions: Use this document to fill out the Play Console Data Safety section at
Play Console → Your app → App content → Data safety
Section 1: Data Collection & Sharing
Q1: Does your app collect or share any of the required user data types?
Answer: ✅ Yes
Q2: Is all of the user data collected by your app encrypted in transit?
Answer: ✅ Yes
All API communication uses TLS 1.2+ enforced via network_security_config.xml.
Clear text traffic is blocked at the platform level.
Q3: Do you provide a way for users to request that their data is deleted?
Answer: ✅ Yes
Users can delete their data via:
- In-app: Settings → Delete Account (calls backend API + clears all local data)
- Email: privacy@kordant.com with data deletion request
- Backend: Account deletion endpoint (
/api/trpc/user.delete) - Local effect:
clearAllData()on EncryptedSharedPreferences + DataStore + CacheManager
Q4: Has your app been independently reviewed against a global security standard?
Answer: ⚠️ No (planned before production launch)
External security audit by a third party is planned but not yet completed.
Section 2: Data Type Declarations
2.1 Location
Do you collect precise or approximate location? Answer: ❌ No
Evidence: No ACCESS_FINE_LOCATION or ACCESS_COARSE_LOCATION permission in AndroidManifest.xml.
2.2 Personal Info
Do you collect any personal info? Answer: ✅ Yes
| Data Type | Collected | Shared | Ephemeral | Purposes |
|---|---|---|---|---|
| Name | ✅ Yes | ❌ No | ❌ No | App functionality, Personalization, Account management |
| Email address | ✅ Yes | ❌ No | ❌ No | App functionality, Personalization, Account management |
| Phone number | ✅ Yes | ❌ No | ❌ No | App functionality, Personalization |
| User IDs | ✅ Yes | ❌ No | ❌ No | App functionality, Account management |
| Address | ✅ Yes | ❌ No | ❌ No | App functionality (HomeTitle property monitoring) |
| Other info (avatar) | ✅ Yes | ❌ No | ❌ No | Personalization |
Details:
- Name, email, and user ID collected at account registration (mandatory)
- Phone number collected optionally for spam call detection
- Address collected optionally for property monitoring
- Stored encrypted in
EncryptedSharedPreferencesand on the backend server - Shared only with the app's backend API via TLS-encrypted connections
2.3 Financial Info
Do you collect financial info? Answer: ❌ No (on-device)
Stripe Checkout and billing portal are handled via web views. Payment card data goes directly to Stripe and never touches the Kordant Android app.
Exception: Subscription tier and billing status are retrieved from the backend API (/api/trpc/billing.*), but no raw financial data (credit card numbers, bank accounts) is collected by the app.
2.4 Health & Fitness
Do you collect health or fitness data? Answer: ❌ No
2.5 Messages
Do you collect messages? Answer: ❌ No
No SMS, MMS, or in-app messaging data is collected.
2.6 Photos & Videos
Do you collect photos or videos? Answer: ❌ No
The app loads images from URLs (avatars, property photos) via Coil image loader, but does not capture or store photos/videos. No CAMERA or storage permissions are declared.
2.7 Audio Files
Do you collect audio files? Answer: ✅ Yes
| Data Type | Collected | Shared | Ephemeral | Purposes |
|---|---|---|---|---|
| Voice recordings | ✅ Yes | ❌ No | ❌ No | App functionality (VoicePrint) |
| Audio analysis results | ✅ Yes | ❌ No | ❌ No | App functionality (VoicePrint) |
Details:
- Voice recordings are collected as part of the VoicePrint feature for voice-based caller identification
- User must explicitly enroll and grant
RECORD_AUDIOpermission - Recordings are sent to the backend for voice analysis
- Analysis results are stored for matching incoming calls
- Not shared with third parties
- Stored encrypted in transit (TLS) and at rest on the backend
2.8 Files & Docs
Do you collect files or documents? Answer: ❌ No
2.9 Calendar
Do you collect calendar events? Answer: ❌ No
2.10 Contacts
Do you collect contacts? Answer: ❌ No
The app does not access the device contacts book. No READ_CONTACTS permission.
Note: Call screening receives incoming phone numbers via the Android telecom system, but does not read the user's contact list.
2.11 App Activity
Do you collect app activity data? Answer: ✅ Yes
| Data Type | Collected | Shared | Ephemeral | Purposes |
|---|---|---|---|---|
| App interactions | ✅ Yes | ❌ No | ❌ No | Analytics, Fraud prevention |
| Installed apps (security check) | ✅ Yes | ❌ No | ✅ Ephemeral | Fraud prevention, Security |
| In-app search history | ✅ Yes | ❌ No | ❌ No | Analytics, Personalization |
| Other user-generated content | ✅ Yes | ❌ No | ❌ No | App functionality |
Details:
- App interactions tracked via API calls and analytics (startup timing, feature usage)
- Installed apps list checked only during root detection (
SecurityChecker.kt) — checked ephemerally, not stored - Watchlist items, property addresses, and exposure reports are user-generated content
- App activity is used for fraud prevention (root detection) and improving the service
2.12 Web Browsing
Do you collect web browsing history? Answer: ❌ No
2.13 App Info & Performance
Do you collect app info and performance data? Answer: ✅ Yes
| Data Type | Collected | Shared | Ephemeral | Purposes |
|---|---|---|---|---|
| Crash logs | ✅ Yes | ✅ Yes (Firebase) | ❌ No | Analytics, Fraud prevention |
| Performance data | ✅ Yes | ❌ No | ❌ No | Analytics |
| Other diagnostics | ✅ Yes | ❌ No | ❌ No | Analytics |
Details:
- Crash logs are collected via Firebase Crashlytics and sent to Google's Firebase servers
- Performance data includes app startup timing (
StartupTracker.kt) - Diagnostics include ANR traces and network request timing
- Crashlytics is enabled for both debug and release builds
2.14 Device & Other IDs
Do you collect device IDs? Answer: ✅ Yes
| Data Type | Collected | Shared | Ephemeral | Purposes |
|---|---|---|---|---|
| Device ID / FCM token | ✅ Yes | ❌ No | ❌ No | Analytics, App functionality |
Details:
- FCM device token is collected for push notification delivery
- A unique request ID is generated for each API call (
X-Request-IDheader) - Device platform and app version are sent with every API request
- No Android Advertising ID or device serial number is collected
Section 3: Data Sharing Declaration
Do you share user data with third parties?
Answer: ✅ Yes — Limited sharing
| Third Party | Data Shared | Purpose | Type |
|---|---|---|---|
| Firebase Crashlytics (Google) | Crash logs, device info, app version | Crash analytics | SDK |
| Firebase Cloud Messaging (Google) | Device token, notification delivery data | Push notifications | SDK |
| Google Sign-In (Google) | OAuth tokens, profile info | Authentication | SDK |
| Stripe | N/A on device (payment processed via web) | Payment processing | Web view |
Do you sell user data?
Answer: ❌ No
The app does not sell user data to any third party.
Section 4: Security Practices Summary
| Practice | Status | Notes |
|---|---|---|
| Encryption in transit | ✅ TLS 1.2+ | All API traffic; cleartext blocked by network_security_config.xml |
| Encryption at rest | ✅ AES-256-GCM | EncryptedSharedPreferences with MasterKey in Android Keystore |
| User data deletion | ✅ Available | In-app account deletion + privacy@kordant.com |
| Security review | ⚠️ Pending | External audit planned before production launch |
Section 5: Play Console Entry Map
Use the following to navigate directly to the right sections:
- Play Console → Select app → App content → Data safety
- Click "Start" (or "Manage" if already started)
- Follow the sections above for each question
- For "Does your app collect or share any of the required user data types?" → Answer Yes
- Fill in each data type section as documented above
- In Security practices, check:
- Data encrypted in transit (TLS 1.3)
- Data encrypted at rest (EncryptedSharedPreferences)
- User can request data deletion
- For Independent security review → Leave unchecked (pending)
- Add Privacy Policy URL:
https://kordant.com/privacy
Section 6: Validation After Submission
After completing the form in Play Console, verify:
- Every question has an answer (no blanks)
- Crashlytics data sharing is accurately declared
- FCM data collection is accurately declared
- Google Sign-In data collection is accurately declared
- Voice recording collection is accurately declared
- No location data is declared (since not collected)
- "Data shared with third parties" accurately reflects Firebase/Google
- "Data encrypted in transit" is checked
- "User can request data deletion" is checked
- Privacy policy URL is linked and accessible
- Answers match the data collection audit document