Privacy Policy

This Privacy Policy explains how Crowfy ("Crowfy", "we", "us") collects, uses, and protects your personal data when you use the Crowfy website and app, and the rights you have under the EU General Data Protection Regulation (GDPR). By using Crowfy you agree to the practices described here.

1. Data Controller

Crowfy is operated by Adam Husain, an independent solo developer, acting as the data controller for the personal data described in this policy. For any privacy request or question, please use our contact form.

2. What We Collect and Why

• Account identity. When you sign in with Google or Apple, we receive your name, email address, profile photo, and a unique user ID. This is used to create and secure your account and to attribute your contributions.
• WiFi contributions. Networks and passwords you submit, along with your submitter ID and submission status. This is the core community data that powers Crowfy.
• Usage records. WiFi unlocks, transactions, and leaderboard display data tied to your account, used to operate features and prevent abuse.
• Approximate location. With your browser permission, your device location is used on your device to find nearby WiFi. We do not store your continuous location history on our servers.
• Analytics. Firebase/Google Analytics (measurement ID G-QP1P366RTX) collects aggregated device, app, and usage information to help us understand and improve the product.
• Contact submissions. The name, email, message, and browser user-agent you provide via the contact form, used solely to respond to and triage your enquiry.

3. Legal Bases for Processing

We process personal data on the following GDPR legal bases: performance of a contract (providing the Crowfy service and your account); your consent (location access, analytics, and optional features, which you may withdraw at any time); and our legitimate interests (securing the service, preventing abuse, and improving the product), balanced against your rights.

4. Third Parties and Processors

We rely on a small number of processors and third-party services: Google Firebase (authentication, database, hosting, analytics), Google Sign-In and Apple Sign In (authentication), and the LinkedIn profile badge embedded on our About page. The LinkedIn badge loads a script from LinkedIn and may set LinkedIn cookies; it is governed by LinkedIn's own privacy policy. We do not sell your personal data.

5. Data Retention

We keep personal data only as long as necessary for the purposes above or as required by law. Account and contribution data is retained while your account is active; contact-form messages are kept only as long as needed to handle your enquiry. You can request deletion at any time.

6. Your GDPR Rights

If you are in the EU/EEA you have the right to access, rectify, erase, restrict, or object to the processing of your personal data, the right to data portability, and the right to withdraw consent at any time without affecting prior processing. You also have the right to lodge a complaint with your local data protection supervisory authority. To exercise any of these rights, use our contact form.

7. International Transfers

Our service providers (including Google and Apple) may process data outside the EU/EEA. Where this happens, transfers are protected by appropriate safeguards such as the European Commission's Standard Contractual Clauses or an adequacy decision.

8. Children

Crowfy is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us data, please contact us so we can remove it.

9. Changes to This Policy

We may update this policy from time to time. Material changes will be reflected by updating the "Last updated" date above. Continued use of Crowfy after changes constitutes acceptance of the revised policy.

10. Contact

For any privacy-related request or question, please reach us through the Crowfy contact form.