Privacy Policy for FridgeFinder
Effective Date: November 15, 2025
Last Updated: November 15, 2025
Introduction
FridgeFinder ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application ("App"). By using FridgeFinder, you agree to the collection and use of information in accordance with this policy.
Contact Information:
FridgeFinder
Email: privacy@communityfridgefinder.com
Website: https://communityfridgefinder.com
Privacy-First Approach: We collect only the minimum data necessary to operate our service. We do NOT use analytics, advertising networks, or behavioral tracking. Your location is NEVER stored on our servers.
Table of Contents
- Information We Collect
- What We Do NOT Collect
- How We Use Your Information
- Third-Party Service Providers & Data Sharing
- Data Security
- Data Retention & Deletion
- Your Privacy Rights
- App Permissions Explained
- Children's Privacy (COPPA)
- International Users & Data Transfers
- U.S. State Privacy Rights (CCPA/CPRA)
- European Users (GDPR)
- Changes to This Policy
- Contact Us
We collect only the information necessary to provide our services. Here's what we collect and why:
1.1 Account Information
When you create an account, we collect:
- Phone Number or Email Address: Used for authentication via Firebase Authentication. You choose either phone number (with SMS verification) or Google Sign-In.
- Username: A display name you choose for your account
- Volunteer Status: Whether you're registering as a volunteer or food finder
- Zip Code (Volunteers only): Required for volunteers to support non-profit funding reporting. This is NOT shared with third parties and is used solely for internal grant reporting purposes.
Legal Basis (GDPR): Necessary for performance of contract (account creation and service delivery)
Linked to Identity: Yes
1.2 Location Data
IMPORTANT: Your location is NEVER stored on our servers. Location data is processed in real-time on your device only and is immediately discarded. We do not maintain any location history.
What we collect: Your device's precise GPS location (latitude and longitude)
How we collect it:
- When App is Open: Real-time location with updates every 10 meters when the map is active
- Background Location (Volunteers Only): If you enable geofencing, we monitor your location in the background (updates every 50 meters) to send notifications when you're near a fridge that needs help (within 400 meters/~4 city blocks)
Why we collect it:
- Display your location on the map
- Calculate distances to nearby community fridges
- Sort fridges by proximity
- Send geofencing notifications to volunteers when near fridges needing assistance
Your Control:
- You can deny location permissions and still use the app (with limited functionality)
- You can disable background location/geofencing at any time in settings
- You can disable location access entirely in your device settings
Legal Basis (GDPR): Legitimate interest (providing core map functionality) and Consent (for background geofencing)
Linked to Identity: No (location is never stored or associated with your account)
Used for Tracking: No
1.3 Photos and User-Generated Content
What we collect: Photos you voluntarily upload when submitting fridge status reports
How we handle photos:
- Photos are compressed to WebP format at 85% quality (reduces file size)
- EXIF metadata (including GPS coordinates) is removed during compression
- Photos are uploaded to our secure servers and stored on AWS S3
- Photos are publicly visible in fridge profiles to help the community
Additional content: Optional text notes you add to status reports
Permissions required:
- Android: CAMERA, READ_MEDIA_IMAGES
- iOS: NSCameraUsageDescription, NSPhotoLibraryUsageDescription
Your Control: Photo uploads are completely optional. You can submit status reports without photos.
Legal Basis (GDPR): Consent (voluntary upload)
Linked to Identity: Yes (when you submit a report)
1.4 Device and Technical Information
What we collect:
- Firebase Cloud Messaging (FCM) Token: A unique token generated by Firebase to send push notifications to your device
- Device Type and OS Version: To ensure app compatibility
- App Version: To provide appropriate features and support
Legal Basis (GDPR): Legitimate interest (technical operation of the app)
Linked to Identity: FCM token is linked to your account; device info is not
1.5 Usage and Subscription Data
What we collect:
- Subscribed Fridges: Which community fridges you follow for notifications
- Notification Preferences: Your preferences for notification types (e.g., when fridges are empty, need cleaning, restocked)
- Status Reports: Reports you submit about fridge conditions (condition, food level, notes, photos)
- Volunteer Points: A gamification score based on your status report submissions
- Last Login Time: When you last accessed the app (for account activity monitoring, not behavioral tracking)
Legal Basis (GDPR): Necessary for performance of contract (providing notification and engagement features)
Linked to Identity: Yes
1.6 Local Device Storage
What we store locally on your device:
- App preferences (theme, API environment selection)
- Map filter settings
- Cached map tiles (for offline viewing)
This data never leaves your device and is deleted when you uninstall the app.
2. What We Do NOT Collect
We prioritize your privacy. Here's what we do NOT collect:
- NO Advertising Identifiers: We do not collect IDFA (iOS) or GAID (Android) for advertising or tracking
- NO Analytics or Behavioral Tracking: We do not use Firebase Analytics, Google Analytics, or any analytics SDK. We do not track your usage patterns or behavior
- NO Location History: Your location is never stored, tracked over time, or used for profiling
- NO Contact List Access: We never access your contacts, messages, or call logs
- NO Biometric Data: We do not collect fingerprints, face recognition data, or other biometric information
- NO Sensitive Personal Data: We do not collect racial or ethnic origin, political opinions, religious beliefs, sexual orientation, health data, or genetic data
- NO Sale of Data: We do not sell, rent, or trade your personal information to third parties
- NO Cross-App Tracking: We do not track your activity across other apps or websites
- NO Microphone Access: We do not access your microphone
- NO Clipboard Access: We do not read your clipboard
3. How We Use Your Information
We use the collected information for the following purposes:
- Provide and maintain the App: Including account management, authentication, and core features
- Display nearby fridges: Using real-time location to show fridges on the map and calculate distances
- Send notifications: Based on your subscription preferences (fridge updates, status changes, geofencing alerts)
- Process user-generated content: Display status reports and photos to help the community
- Improve the App: Fix bugs, ensure compatibility, and enhance user experience
- Communicate with you: Respond to your inquiries and provide customer support
- Comply with legal obligations: Respond to lawful requests and prevent fraud
4. Third-Party Service Providers & Data Sharing
We do NOT sell, rent, or trade your personal data. We share data only with trusted service providers necessary to operate the App:
| Service Provider |
Purpose |
Data Shared |
Privacy Policy |
| Firebase (Google) |
Authentication, database, push notifications, cloud functions |
Email/phone, user ID, FCM token, user profile data, status reports |
Google Privacy Policy |
| Google Sign-In |
OAuth authentication |
Email address (if you choose Google Sign-In) |
Google Privacy Policy |
| MapTiler |
Map tiles for display |
Anonymous map tile requests (no personal data) |
MapTiler Privacy Policy |
| AWS S3 (optional) |
Photo storage |
Photos you upload (publicly accessible) |
AWS Privacy Notice |
Data Processing Agreement: Our service providers (Firebase/Google) have Data Processing Agreements in place and comply with GDPR requirements for data transfers.
When we may disclose data:
- Legal requirements: If required by law, regulation, legal process, or governmental request
- Protect rights: To protect our rights, property, or safety, and that of our users or the public
- Enforce policies: To enforce our Terms of Service
- With your consent: In any other circumstances with your explicit consent
5. Data Security
We implement appropriate technical and organizational measures to protect your data:
- Encryption in Transit: All data transmitted between your device and our servers uses HTTPS/TLS encryption
- Encryption at Rest: Data stored in Firebase Realtime Database is encrypted at rest by Google
- Authentication Security: Firebase Authentication uses industry-standard OAuth 2.0 and phone verification
- Access Controls: Firebase Security Rules restrict data access to authenticated users and their own data
- No Password Storage: We do not store passwords; authentication is handled by Firebase/Google
- EXIF Stripping: Photo metadata (including GPS coordinates) is removed before upload
- Regular Updates: We keep our SDKs and dependencies up-to-date with security patches
Data Breach Notification: In the unlikely event of a data breach affecting your personal information, we will notify you and applicable regulatory authorities as required by law.
6. Data Retention & Deletion
Retention Periods
| Data Type |
Retention Period |
Reason |
| Account Information |
Until account deletion |
Required for service delivery |
| Location Data |
NOT stored (real-time only) |
N/A |
| FCM Tokens |
Until account deletion or sign-out |
Push notification delivery |
| Status Reports |
Indefinitely (anonymized after account deletion) |
Community benefit and historical record |
| Photos |
Indefinitely (publicly accessible) |
Community benefit and historical record |
| Local Storage |
Until app uninstall |
Device-local only |
Account Deletion Process
You can delete your account at any time from the Profile > Settings screen:
- Navigate to Profile > Settings > Delete Account
- Re-authenticate with your phone number or Google account (security verification)
- Confirm deletion
What gets deleted:
- Your user profile (email, phone, username, zip code, points)
- Your Firebase Authentication account
- Your FCM token
- Your subscription preferences
- Your notification settings
What is NOT deleted:
- Status Reports: Anonymized and retained for community historical record (user identification removed)
- Photos: Remain publicly accessible as part of community fridge profiles
- Location Data: Not applicable (never stored)
7. Your Privacy Rights
You have the following rights regarding your personal data:
Rights Available to All Users
- Access: View your account information in the Profile screen
- Correction: Update your username, zip code, and notification preferences in Settings
- Deletion: Delete your account and associated data (see Section 6)
- Opt-Out of Notifications: Disable push notifications in Settings or device settings
- Opt-Out of Geofencing: Disable background location monitoring in Settings
- Withdraw Consent: Revoke location permissions in device settings
How to Exercise Your Rights
- In-App: Most rights can be exercised through the Profile > Settings screen
- Email: Contact us at privacy@communityfridgefinder.com for assistance
- Response Time: We will respond to requests within 30 days (45 days for CCPA requests)
8. App Permissions Explained
The App requests the following permissions. You can manage these in your device settings at any time.
Android Permissions
| Permission |
Why We Need It |
When Requested |
| ACCESS_FINE_LOCATION |
Display your location on map, calculate distances |
When you open the map |
| ACCESS_COARSE_LOCATION |
Approximate location for map display |
When you open the map |
| ACCESS_BACKGROUND_LOCATION |
Geofencing notifications (volunteers only) |
When you enable geofencing |
| CAMERA |
Take photos for status reports |
When you tap "Take Photo" |
| READ_MEDIA_IMAGES |
Select photos from your library |
When you tap "Choose Photo" |
| POST_NOTIFICATIONS |
Send push notifications |
When you subscribe to a fridge |
| INTERNET |
Connect to our servers |
Required for app operation |
iOS Permissions
| Permission |
Description |
When Requested |
| Location (When In Use) |
"FridgeFinder needs your location to show nearby community fridges on the map and calculate distances. Your location is never stored or shared." |
When you open the map |
| Location (Always) |
"FridgeFinder needs background location access to send you notifications when you're near a community fridge that needs volunteers or has fresh food available." |
When you enable geofencing |
| Camera |
Take photos for status reports |
When you tap "Take Photo" |
| Photo Library |
Select photos for status reports |
When you tap "Choose Photo" |
| Notifications |
Receive push notifications about fridges |
When you subscribe to a fridge |
9. Children's Privacy (COPPA Compliance)
Age Restriction: FridgeFinder is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13.
If you are a parent or guardian: If you believe your child under 13 has provided personal information to us, please contact us immediately at privacy@communityfridgefinder.com. We will delete the information within 30 days of verification.
Age Verification: We do not actively verify the age of users but rely on honest self-reporting during account creation.
10. International Users & Data Transfers
Data Storage Location: Your data is stored on Firebase servers, which may be located in the United States or other countries where Google operates data centers.
International Transfers: If you are accessing FridgeFinder from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers and service providers are located. The United States may have data protection laws that are different from those in your country.
GDPR Safeguards: For users in the European Economic Area (EEA), UK, or Switzerland, we rely on:
- Standard Contractual Clauses: Firebase/Google uses EU-approved Standard Contractual Clauses for data transfers
- Adequacy Decisions: Where applicable, we rely on EU Commission adequacy decisions
- Data Processing Agreement: Firebase acts as a data processor under our Data Processing Agreement
11. U.S. State Privacy Rights (CCPA/CPRA)
For California Residents: The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide California residents with specific rights regarding their personal information.
Categories of Personal Information We Collect
- Identifiers: Phone number, email, username, unique user ID
- Geolocation Data: Precise location (real-time only, not stored)
- Visual Information: Photos you upload
- Internet/Network Activity: FCM token, device type, OS version, app version
- Inferences: Volunteer points (derived from your activity)
Your California Privacy Rights
- Right to Know: Request disclosure of what personal information we collect, use, and disclose
- Right to Delete: Request deletion of your personal information (subject to exceptions)
- Right to Correct: Request correction of inaccurate personal information
- Right to Opt-Out of Sale/Sharing: We do NOT sell or share your personal information for cross-context behavioral advertising
- Right to Limit Use of Sensitive Personal Information: We do not use or disclose sensitive personal information for purposes beyond providing our services
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
How to Exercise CCPA Rights
Email us at privacy@communityfridgefinder.com with the subject line "California Privacy Request". We will verify your identity and respond within 45 days.
Authorized Agents: You may designate an authorized agent to make requests on your behalf. We may require written proof of authorization.
Other States: Residents of Virginia, Colorado, Connecticut, Utah, and other states with privacy laws have similar rights. Contact us using the same process.
12. European Users (GDPR)
For EEA, UK, and Swiss Residents: The General Data Protection Regulation (GDPR) provides you with specific rights regarding your personal data.
Legal Bases for Processing
- Contract Performance: Account creation, authentication, core app features
- Legitimate Interest: Technical operation, security, fraud prevention
- Consent: Background location (geofencing), photo uploads, marketing communications (if any)
- Legal Obligation: Compliance with applicable laws
Your GDPR Rights
- Right of Access: Obtain a copy of your personal data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure ("Right to be Forgotten"): Request deletion of your data
- Right to Restrict Processing: Limit how we use your data
- Right to Data Portability: Receive your data in a structured, machine-readable format
- Right to Object: Object to processing based on legitimate interest
- Right to Withdraw Consent: Withdraw consent for geofencing or photo uploads at any time
- Right to Lodge a Complaint: File a complaint with your local data protection authority
Data Protection Officer
For GDPR-related inquiries, contact our privacy team at privacy@communityfridgefinder.com
EU Representative
If required by law, we will appoint an EU representative. Contact information will be updated here.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or app features.
How we notify you:
- We will post the updated policy in the app and on our website
- We will update the "Last Updated" date at the top of this policy
- For material changes, we may send an in-app notification or email
Your continued use: By continuing to use the App after changes take effect, you accept the updated Privacy Policy.
Version History:
- Version 2.0 - November 15, 2025: Comprehensive update for GDPR, CCPA, COPPA compliance; added detailed data collection disclosures
- Version 1.0 - December 2024: Initial privacy policy
Privacy Summary:
✓ No analytics or tracking | ✓ Location never stored | ✓ No data sales | ✓ Minimal data collection
✓ GDPR compliant | ✓ CCPA compliant | ✓ COPPA compliant | ✓ Easy account deletion
© 2025 FridgeFinder. All rights reserved.
Building community, respecting privacy.