Privacy Policy — Proword for Android
Effective date: 2026-06-14
App package: dev.oleksi.proword
Contact: support@oleksi.dev
This policy describes how the Android version of Proword (the “App”)
collects, uses, and shares information. The iOS version of Proword is
covered by a separate policy at
oleksi.dev/proword-policy.
If anything below is unclear or you would like to exercise the rights set
out in the Your rights section, please email support@oleksi.dev.
1. Who we are
Proword is published by an independent developer (“we”, “our”, “us”):
- Contact: support@oleksi.dev
- Phone: +38063-777-9997
- Developer URL: https://oleksi.dev
We are the data controller for the personal data we collect through the
Android app.
2. Data we collect
2.1 Account data — required for sign-in
We require sign-in to sync your subscription state and protect against
abuse of our cloud services.
| Data | Source | Stored where | Purpose |
|---|---|---|---|
| Google account name, email, profile image URL | Google Sign-In (you choose which account) | Firebase Authentication (Google), plus the Firebase user ID cached on the device | Authenticate you, recover access on reinstall |
| Firebase user ID (UID) | Generated by Firebase on first sign-in | Device app-private storage (DataStore); Firebase | Identify you across sessions |
2.2 Diagnostic & usage data — required for app stability and improvement
| Data | Provider | Purpose |
|---|---|---|
| Crash stack traces, device model, OS version, app version, locale | Firebase Crashlytics (Google) | Detect and fix crashes |
| Anonymous app-interaction events (screen views, button taps, practice/game completions, paywall views) | Firebase Analytics (Google) | Understand which features work and which break |
| Firebase Installation ID | Firebase (Google) | Tie analytics + crash reports to one install (not to your identity) |
Event names are prefixed android_* and contain no personally
identifying content (no email, no name, no typed words).
2.3 Attribution & subscription data
Proword contains no advertising of any kind. The app ships with zero ad
placements — no banners, no interstitials, no rewarded ads. The data in this
section is collected solely for subscription management and (when a paid
marketing campaign is active) to attribute app installs to the correct
campaign so we do not pay for the same install twice.
| Data | Provider | When | Purpose |
|---|---|---|---|
| Anonymous app-event signals (install, purchase, key milestones) | Meta Facebook SDK, TikTok Business SDK | Only when a corresponding ad campaign is active and you reached the app through one | Attribute installs to ad campaigns |
| Subscription state (anonymous purchase token, product SKU, expiration) | Google Play Billing (Google) | Always for premium users | Gate premium features without storing payment data ourselves |
We never see your card number, billing address, or any other payment
detail. All payments are handled by Google Play.
2.4 Push notification token
If you enable practice or streak reminders, we register a Firebase Cloud
Messaging (FCM) token so we can send the local reminder you opted into.
The token is held by Google and tied to your install; we do not store it
elsewhere.
2.5 Data sent to Google Gemini (AI features)
When you add a new word, the App may ask Google’s Gemini model for an
example sentence, a phonetic transcription, and alternative translations.
We send:
- The word you typed (e.g. “cat”)
- The source and target language codes (e.g. “en” → “uk”)
The request is routed via Firebase AI Logic (Google Cloud), which
authenticates the call with your Firebase account so the request cannot be
spoofed by other parties. Google processes the prompt to produce a
response and, per Google’s
Generative AI terms,
does not use your prompts to train its models when accessed via this
API. We do not store the prompt or the response on our servers — the
response is shown to you and cached on your device only.
2.6 Data sent for image search
When you search for an image to attach to a word, your search term (the
English version of the word you typed) is sent to our private Cloud
Function (pixabaySearch, hosted on Firebase / Google Cloud) which
forwards it to Pixabay. The function authenticates your device via
Firebase App Check + Firebase Auth so only the Android app can call it.
We do not store search terms server-side. Pixabay’s privacy policy is at
https://pixabay.com/service/privacy/.
2.7 Speech (microphone)
The pronunciation exercise uses Android’s built-inSpeechRecognizer API. The raw audio is not stored or transmitted by
Proword — only the recognized text comes back to the app. On most
devices the recognition itself runs on-device; on some devices the
platform may send audio to a Google speech service to perform the
recognition. That handoff is controlled by Android, not by Proword, and
is governed by Google’s privacy policy. You can revoke microphone access
at any time in your device’s app permissions.
2.8 Translation (on-device)
Word translations use Google ML Kit Translation, which runs on your
device after the language pack is downloaded over Wi-Fi on first use. The
translated text does not leave your device.
2.9 Local data (stays on your device)
The following data is stored only in app-private storage on your device
and is never transmitted to us or to a third party:
- Words and translations you added
- Practice progress, streaks, game scores
- App preferences (selected languages, reminder times)
- Onboarding answers (purpose for learning, daily-goal, level)
Uninstalling the App deletes all of it.
3. How we use the data
- Run the App — authenticate you, sync subscription state, generate
AI examples and translations. - Fix bugs and crashes — Crashlytics tells us when something
breaks so we can ship a fix. - Improve the product — anonymous Analytics events tell us which
features are used and where users get stuck. - Measure marketing — if you reached the App through a paid ad,
the corresponding ad SDK reports back to the network so we don’t
pay for the same install twice.
We do not sell your personal information. We do not “share” your
personal information for cross-context behavioural advertising as
defined by California’s CPRA. Proword contains no advertising — we do
not pass your data to ad buyers.
4. Third-party services we use
| Service | Purpose | Privacy policy |
|---|---|---|
| Google (Firebase Auth, Analytics, Crashlytics, FCM, AI Logic, Cloud Functions, ML Kit, Play Billing, User Messaging Platform, Speech, TTS) | Authentication, analytics, crash reporting, push, AI features, image-search proxy, translation, payments, consent management, speech | https://policies.google.com/privacy |
| Pixabay | Image search results | https://pixabay.com/service/privacy/ |
| Meta (Facebook Android SDK) | Ad attribution — active only when a Meta ad campaign is running | https://www.facebook.com/about/privacy |
| TikTok (TikTok Business SDK) | Ad attribution — active only when a TikTok ad campaign is running | https://www.tiktok.com/legal/privacy-policy |
| Google User Messaging Platform | Consent management for EEA / UK / California users | https://policies.google.com/privacy |
5. Legal bases for processing (GDPR, UK GDPR, LGPD, DPDP)
- Contract performance — account data, subscription state, AI
enrichment, image search. Without these we cannot provide the App. - Legitimate interest — diagnostics, crash reporting, anonymous
product analytics. You can object by emailing us. - Consent — ad-attribution measurement in the EEA / UK / California
(collected via the Google UMP consent form, required by Meta and
TikTok attribution SDKs), push notifications (collected via the
Android system permission), microphone (collected via the Android
system permission). You can withdraw consent at any time in the App
settings or your device settings.
6. International transfers
Data is processed on Google Cloud infrastructure, which may include data
centres in the United States and other regions Google operates from.
Transfers from the EEA/UK rely on Google’s Standard Contractual Clauses
(details).
7. Data retention
- Account data — kept until you delete your account (Section 8).
- Analytics events — retained per Firebase Analytics defaults (up to
14 months). - Crash logs — retained per Firebase Crashlytics defaults (90 days).
- Local on-device data — until you uninstall the App.
8. Your rights
You can exercise these rights regardless of where you live. Some rights
are jurisdiction-specific (GDPR in the EEA/UK, CPRA in California,
LGPD in Brazil, DPDP in India, etc.) but we will honour them globally.
- Access — email support@oleksi.dev and ask for a copy of the
personal data we hold about you. We will respond within 30 days. - Correction — your name and email come from your Google account;
update them at https://myaccount.google.com. - Deletion — see Section 9. You can delete your account from inside
the App and from a public web URL with no install required. - Restriction / objection — email support@oleksi.dev with the
request and the reason; we will pause non-essential processing
(analytics, marketing attribution) within 7 days. - Portability — your on-device data is yours; export by emailing
support@oleksi.dev. - Opt out of ad-attribution measurement — in the EEA/UK/California,
use the consent form shown on first launch (you can re-open it from
Settings). This controls whether Meta and TikTok attribution SDKs
receive anonymous event signals when a paid campaign is active. - Complain to a supervisor — EU/UK residents can complain to their
national data protection authority.
9. Account deletion
- In-app: Settings → Account → Delete account. This deletes
your Firebase Auth user, clears all on-device data (Room database,
DataStore), and signs you out. - From the web (no install required): open
https://oleksi.dev/proword-delete-account/ and follow the
instructions. We process web deletion requests within 30 days.
After deletion: anonymized analytics and crash events generated before
deletion may remain in Firebase Analytics / Crashlytics for their
retention windows above; they cannot be linked back to you.
10. Children
Proword is not directed at children under 13. We do not knowingly
collect personal information from a child under 13. If you believe a
child has provided personal information, email support@oleksi.dev and
we will delete it.
We are not enrolled in Google Play’s Designed-for-Families programme.
11. Security
- All network traffic uses HTTPS / TLS.
- On-device data lives in app-private storage; other apps cannot read
it. - Cloud calls to our Cloud Functions are signed with Firebase App
Check (Play Integrity) so unattested clients cannot reach our
backends. - The Pixabay and Gemini API keys are held in Google Secret Manager
and Firebase project credentials respectively — neither ships
inside the App. - We follow Google’s recommended security practices for Firebase
Cloud Functions and Cloud Run.
No system is perfectly secure. If you suspect a security issue, please
email support@oleksi.dev and we will respond promptly.
12. Changes to this policy
We will update the “Effective date” at the top of this page and post a
notice in the App’s What’s New screen when this policy changes
materially. Continued use of the App after the change means you accept
the updated policy.
13. Contact
For privacy questions or to exercise any of the rights above:
- Email: support@oleksi.dev
- Phone: +38063-777-9997
Last updated: 2026-06-14.