PazBy

Privacy Policy

Last updated: 19 May 2026

The short version

PazBy is a location-radar app that runs entirely on your phone. We do not operate a server, we do not have user accounts, and we do not collect your location data. Your saved places stay on your device unless you choose to back them up to your own Google Drive — and even then they're encrypted with a passphrase only you know.

1. Who runs PazBy

PazBy is an independently-developed Android app. Inquiries: developer@pazby.app.

2. What data the app uses on your phone

None of this is transmitted to any server we operate.

Location

The app reads your device's precise location (foreground and, with your permission, background) to detect when you enter or leave your saved zones. Approximate/coarse location isn't sufficient — geofencing the radius around a saved place requires meter-level accuracy. Locations are evaluated in-memory and not stored on any server we operate. Anonymous Entered-event rows (timestamp + place name + lat/lng) stay in the local SQLCipher-encrypted database to power the optional daily-digest notification, and are deleted when you delete the app.

Activity recognition (optional)

If granted, the app uses Google Play Services' Activity Recognition API to detect when you stop moving (so the radar can deep-sleep). Only coarse state (STILL, WALKING, IN_VEHICLE, ON_BICYCLE) is used; it is never stored.

Wi-Fi connection state (optional)

The app reads whether your phone is connected to any Wi-Fi network (not which one) to inform battery-saving logic. SSID names are not read or stored.

Saved places

Names, coordinates, radius, reminder text, per-zone notification preferences — stored in a SQLCipher-encrypted database on your device.

3. What data leaves your device, and when

By default, none. Two opt-in features can send data off-device:

Google Drive backup (opt-in)

An encrypted file is uploaded to your own Google Drive's hidden AppData folder via the https://www.googleapis.com/auth/drive.appdata OAuth scope. This scope grants access only to a per-app, app-private folder that other apps (and even you, browsing Drive in a web browser) cannot see — it is NOT general access to your Drive files. PBKDF2-HMAC-SHA256 derives an AES-256-GCM key from a passphrase only you know. We cannot decrypt these files. Backups never pass through any server operated by us.

Crash reports (release builds only)

Firebase Crashlytics sends an anonymous report with stack trace and basic device info. It does not contain location, saved places, or any personal identifier.

Play Store purchase (one-time)

PazBy is a one-time $2.99 purchase via Google Play Billing. When you buy it, Google handles the transaction end-to-end — we do not see your payment card number, billing address, or any other personal payment information. Google sends us only an anonymous confirmation token that the purchase happened, which the app uses to unlock paid features locally. No subscription, no recurring charges, no ads.

4. What we do NOT collect

  • No account. There is nothing to sign in to.
  • No collection, transmission, sale, or sharing of your location data.
  • No advertising SDKs.
  • No analytics SDKs (Google Analytics, Mixpanel, Amplitude, Facebook).
  • No cross-app or cross-site tracking.

5. Third-party services

  • Google Maps SDK for Android — displays the map. Subject to Google's privacy policy.
  • Google Play Services Activity Recognition — movement state.
  • Google Drive REST API (drive.appdata scope) — only when you initiate backup or restore.
  • Google Play Billing — handles the one-time purchase. Subject to Google's privacy policy.
  • Firebase Crashlytics — anonymous crash reporting on release builds.
  • Android system Geocoder — built-in address lookup.

6. Permissions, explained

  • Fine location — for the radar.
  • Background location — for the radar to work when your phone is locked.
  • Post notifications (Android 13+) — to show arrival alerts.
  • Activity recognition (optional) — to deep-sleep when stationary.
  • Ignore battery optimizations (optional) — to keep the radar alive.

7. Data retention and deletion

Saved places and event logs stay on your device until you delete them in-app or uninstall PazBy. Uninstalling removes all local data. To delete a Drive backup, open Google Drive on the web → gear icon → Settings → Manage apps → PazBy → Disconnect.

8. Children's privacy

PazBy is not directed at children under 13. We do not knowingly collect data from children (or anyone).

9. Changes to this policy

Updates posted here with a new "Last updated" date. Material changes flagged in the app itself.

10. Contact

Questions, concerns, or data requests: developer@pazby.app.