pachli-android/PRIVACY.md

# "Pachli" and "Pachli Current" Privacy Policy

## Data access

"Pachli" and "Pachli Current" (collectively "the application") process data from your Mastodon server ("server") locally on your device.

After using the application to sign in to an account on your server your data is fetched and stored securely on your device. As you use the application additional data will be fetched and stored securely on your device.

You may use the application to share new data with your server (e.g., a new post, an image), or edit existing data (e.g., your account's profile).

You can not create an account using the application.

## Data security

All local data is processed using secure Android APIs.

All network data is encrypted using `https`.

## Data deletion

All locally cached data for an account is deleted if you do any of the following:

- Log out of the account in the application
- Clear the application's local storage
- Uninstall the application

You can not delete your Mastodon account using the application. Deleting your account must be done through your server's web interface.

## Data sharing

### If you have installed Pachli from F-Droid or GitHub releases

**None of the data used by the application is shared with the application developers or unrelated third parties.** Your data is only ever sent to your server, and handled in accordance with your server's privacy policy.

### If you have installed Pachli from Google Play

Pachli uses Google's [ML Kit](https://developers.google.com/ml-kit) to provide features that:

- Warn you if the language you have selected when editing a post appears to be different from the language you used

When Pachli does this all of the data you have provided (e.g., the content you are posting) is processed on your device, and **ML Kit does not send that data to Google servers**.

The ML Kit APIs may contact Google servers from time to time in order to receive things like bug fixes, updated models and hardware accelerator compatibility information. The ML Kit APIs also send metrics about the performance and utilization of the APIs in your app to Google. Google uses this metrics data to measure performance, debug, maintain and improve the APIs, and detect misuse or abuse, as further described in Google's [Privacy Policy](https://policies.google.com/privacy).

The specific data collected by ML Kit is in Google's [data disclosure](https://developers.google.com/ml-kit/android-data-disclosure) description.

## Data types

The application processes the following types of data.

| Data                    | Purpose                                                                                                                                                                                       |
| ----------------------- |-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Authentication token    | Generated by your server. Used to log in to your account and ensure the application can not access your username or password                                                                  |
| Account metadata        | Allow you to view and edit your account metadata, including description, relevant links, accounts you follow and follow you. Allows you to view the public account information of other users |
| Notifications           | View and manage your account's notifications, including displaying them, deleting them, and creating device notifications                                                                     |
| Timelines               | View, manage, and create posts on your Mastodon timelines (home, bookmarks, local, federated, lists, hashtags, etc)                                                                           |
| Scheduled posts         | View, manage, and create posts scheduled to send at some future time                                                                                                                          |
| Draft posts             | View, manage, and create posts you are drafting                                                                                                                                               |
| Account preferences     | Specific settings you may have configured on your account (filters, blocks, mutes, language, etc)                                                                                             |
| Application preferences | Specific settings you may have configured for the application (app theme, font, confirmations, etc)                                                                                           |

Again, **none of this data is shared with the application developers or unrelated third parties.**

## Permissions

The application requires the following permissions for the following reasons:

- `INTERNET`: Connect to your Mastodon server of choice, fetch and post content
- `ACCESS_NETWORK_STATE`: Defer work when the network is unavailable, and retry work when the network becomes available
- `POST_NOTIFICATIONS`: Show notifications from your server
- `READ_MEDIA_IMAGES` / `VIDEO` / `AUDIO`, and `READ_EXTERNAL_STORAGE`: Select media on your device if you attach it to a post
- `WRITE_EXTERNAL_STORAGE`: Save media to your device if you download it from a post
- `FOREGROUND_SERVICE`: Improve reliability when sending posts

## Contact

If you have any questions about this privacy policy please contact [team@pachli.app](mailto:team@pachli.app).
docs: Be more specific about data in the privacy policy (#136) Google wants a more specific privacy policy, per https://support.google.com/googleplay/android-developer/answer/10144311. Expand the policy to be clear about: - How data is handled at rest and over the network - How data is shared - The types of data handled 2023-09-30 12:56:48 +02:00			`# "Pachli" and "Pachli Current" Privacy Policy`
docs: Add a privacy policy (#2) While drafting the policy I noticed that the `READ_MEDIA_*` permissions could be added (for newer devices), the `ACCESS_NETWORK_STATE` permission was missing, and `VIBRATE` was unnecessary. 2023-09-05 15:35:06 +02:00
docs: Be more specific about data in the privacy policy (#136) Google wants a more specific privacy policy, per https://support.google.com/googleplay/android-developer/answer/10144311. Expand the policy to be clear about: - How data is handled at rest and over the network - How data is shared - The types of data handled 2023-09-30 12:56:48 +02:00			`## Data access`
docs: Add a privacy policy (#2) While drafting the policy I noticed that the `READ_MEDIA_*` permissions could be added (for newer devices), the `ACCESS_NETWORK_STATE` permission was missing, and `VIBRATE` was unnecessary. 2023-09-05 15:35:06 +02:00
docs: Be more specific about data in the privacy policy (#136) Google wants a more specific privacy policy, per https://support.google.com/googleplay/android-developer/answer/10144311. Expand the policy to be clear about: - How data is handled at rest and over the network - How data is shared - The types of data handled 2023-09-30 12:56:48 +02:00			`"Pachli" and "Pachli Current" (collectively "the application") process data from your Mastodon server ("server") locally on your device.`

			`After using the application to sign in to an account on your server your data is fetched and stored securely on your device. As you use the application additional data will be fetched and stored securely on your device.`

			`You may use the application to share new data with your server (e.g., a new post, an image), or edit existing data (e.g., your account's profile).`

			`You can not create an account using the application.`

			`## Data security`

			`All local data is processed using secure Android APIs.`

			All network data is encrypted using `https`.

			`## Data deletion`

			`All locally cached data for an account is deleted if you do any of the following:`

			`- Log out of the account in the application`
			`- Clear the application's local storage`
			`- Uninstall the application`

			`You can not delete your Mastodon account using the application. Deleting your account must be done through your server's web interface.`

			`## Data sharing`

feat: Warn the user if the posting language might be incorrect (#792) The user has to specify the language they're posting in, and sometimes they might get it wrong (e.g., replying to a post that also had the language set incorrectly, forgetfulness, etc). This has accessiblity issues (only following statuses in a given language fails, translation can fail, etc). Prevent this by trying to detect the language the status is written in when the user tries to post it. If the detected language and the set language do not match, and the detection is 60+% confident, warn the user the status language might be incorrect, and offer to correct it before posting. How this works differs by device and API level. - API 23 - 28, fdroid and github build flavours - Not supported. A no-op language detector is used. - API 29 and above, fdroid and github build flavours - Uses Android TextClassifier to detect the likely language - AP 23 and above, google build flavour - Uses ML Kit language identification To do this: - Add `LanguageIdentifier`, with methods to do the identification, and `LanguageIdentifier.Factory` to create the identifiers. - Inject the factory in `ComposeActivity` - Detect the language when the user posts, showing a dialog if there's a sufficiently large discrepancy. The ML Kit dependencies (language models) will be installed by the Play libraries, so there's some machinery to check that they're installed, and kick off the installation if not. If they can't be installed then the language check is bypassed. Update the privacy policy, as the ML Kit libraries may send some data to Google. 2024-07-02 20:22:17 +02:00			`### If you have installed Pachli from F-Droid or GitHub releases`

docs: Be more specific about data in the privacy policy (#136) Google wants a more specific privacy policy, per https://support.google.com/googleplay/android-developer/answer/10144311. Expand the policy to be clear about: - How data is handled at rest and over the network - How data is shared - The types of data handled 2023-09-30 12:56:48 +02:00			`None of the data used by the application is shared with the application developers or unrelated third parties. Your data is only ever sent to your server, and handled in accordance with your server's privacy policy.`

feat: Warn the user if the posting language might be incorrect (#792) The user has to specify the language they're posting in, and sometimes they might get it wrong (e.g., replying to a post that also had the language set incorrectly, forgetfulness, etc). This has accessiblity issues (only following statuses in a given language fails, translation can fail, etc). Prevent this by trying to detect the language the status is written in when the user tries to post it. If the detected language and the set language do not match, and the detection is 60+% confident, warn the user the status language might be incorrect, and offer to correct it before posting. How this works differs by device and API level. - API 23 - 28, fdroid and github build flavours - Not supported. A no-op language detector is used. - API 29 and above, fdroid and github build flavours - Uses Android TextClassifier to detect the likely language - AP 23 and above, google build flavour - Uses ML Kit language identification To do this: - Add `LanguageIdentifier`, with methods to do the identification, and `LanguageIdentifier.Factory` to create the identifiers. - Inject the factory in `ComposeActivity` - Detect the language when the user posts, showing a dialog if there's a sufficiently large discrepancy. The ML Kit dependencies (language models) will be installed by the Play libraries, so there's some machinery to check that they're installed, and kick off the installation if not. If they can't be installed then the language check is bypassed. Update the privacy policy, as the ML Kit libraries may send some data to Google. 2024-07-02 20:22:17 +02:00			`### If you have installed Pachli from Google Play`

			`Pachli uses Google's [ML Kit](https://developers.google.com/ml-kit) to provide features that:`

			`- Warn you if the language you have selected when editing a post appears to be different from the language you used`

			`When Pachli does this all of the data you have provided (e.g., the content you are posting) is processed on your device, and ML Kit does not send that data to Google servers.`

			`The ML Kit APIs may contact Google servers from time to time in order to receive things like bug fixes, updated models and hardware accelerator compatibility information. The ML Kit APIs also send metrics about the performance and utilization of the APIs in your app to Google. Google uses this metrics data to measure performance, debug, maintain and improve the APIs, and detect misuse or abuse, as further described in Google's [Privacy Policy](https://policies.google.com/privacy).`

			`The specific data collected by ML Kit is in Google's [data disclosure](https://developers.google.com/ml-kit/android-data-disclosure) description.`

docs: Be more specific about data in the privacy policy (#136) Google wants a more specific privacy policy, per https://support.google.com/googleplay/android-developer/answer/10144311. Expand the policy to be clear about: - How data is handled at rest and over the network - How data is shared - The types of data handled 2023-09-30 12:56:48 +02:00			`## Data types`

			`The application processes the following types of data.`

			`\| Data \| Purpose \|`
			`\| ----------------------- \|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------\|`
			`\| Authentication token \| Generated by your server. Used to log in to your account and ensure the application can not access your username or password \|`
			`\| Account metadata \| Allow you to view and edit your account metadata, including description, relevant links, accounts you follow and follow you. Allows you to view the public account information of other users \|`
			`\| Notifications \| View and manage your account's notifications, including displaying them, deleting them, and creating device notifications \|`
			`\| Timelines \| View, manage, and create posts on your Mastodon timelines (home, bookmarks, local, federated, lists, hashtags, etc) \|`
			`\| Scheduled posts \| View, manage, and create posts scheduled to send at some future time \|`
			`\| Draft posts \| View, manage, and create posts you are drafting \|`
			`\| Account preferences \| Specific settings you may have configured on your account (filters, blocks, mutes, language, etc) \|`
			`\| Application preferences \| Specific settings you may have configured for the application (app theme, font, confirmations, etc) \|`

			`Again, none of this data is shared with the application developers or unrelated third parties.`

			`## Permissions`
docs: Add a privacy policy (#2) While drafting the policy I noticed that the `READ_MEDIA_*` permissions could be added (for newer devices), the `ACCESS_NETWORK_STATE` permission was missing, and `VIBRATE` was unnecessary. 2023-09-05 15:35:06 +02:00
			`The application requires the following permissions for the following reasons:`

docs: Be more specific about data in the privacy policy (#136) Google wants a more specific privacy policy, per https://support.google.com/googleplay/android-developer/answer/10144311. Expand the policy to be clear about: - How data is handled at rest and over the network - How data is shared - The types of data handled 2023-09-30 12:56:48 +02:00			- `INTERNET`: Connect to your Mastodon server of choice, fetch and post content
docs: Add a privacy policy (#2) While drafting the policy I noticed that the `READ_MEDIA_*` permissions could be added (for newer devices), the `ACCESS_NETWORK_STATE` permission was missing, and `VIBRATE` was unnecessary. 2023-09-05 15:35:06 +02:00			- `ACCESS_NETWORK_STATE`: Defer work when the network is unavailable, and retry work when the network becomes available
			- `POST_NOTIFICATIONS`: Show notifications from your server
			- `READ_MEDIA_IMAGES` / `VIDEO` / `AUDIO`, and `READ_EXTERNAL_STORAGE`: Select media on your device if you attach it to a post
			- `WRITE_EXTERNAL_STORAGE`: Save media to your device if you download it from a post
			- `FOREGROUND_SERVICE`: Improve reliability when sending posts

docs: Be more specific about data in the privacy policy (#136) Google wants a more specific privacy policy, per https://support.google.com/googleplay/android-developer/answer/10144311. Expand the policy to be clear about: - How data is handled at rest and over the network - How data is shared - The types of data handled 2023-09-30 12:56:48 +02:00			`## Contact`

			`If you have any questions about this privacy policy please contact [team@pachli.app](mailto:team@pachli.app).`