Privacy Policy

Overview

Polyfence is built with privacy as our foundation. This privacy policy explains how we handle data when you use the Polyfence Flutter plugin in your applications.

Our Core Principle: Your users' location data stays on their devices. Always.

What We Collect

Anonymous Plugin Telemetry (Enabled by Default)

The Polyfence plugin sends anonymous performance metrics to help us monitor reliability and improve the plugin. This telemetry is enabled by default with a simple opt-out mechanism.

What's Collected Automatically:

For a complete field-by-field breakdown of what's sent, see our Telemetry Reference (documentation available in the plugin repository).

What We NEVER Collect

We never collect, transmit, or store:

• GPS coordinates or location data
• Zone definitions or boundaries
• Zone addresses or names
• User identifiers (names, emails, phone numbers, device IDs)
• Personal information of any kind
• User behavior patterns
• Cross-app tracking data

Privacy Guarantee: Polyfence never transmits location coordinates, zone definitions, or personal information. Your users' location data stays on their devices.

How We Use the Data

Primary Uses

What We Don't Do

• No user tracking - We cannot identify individual users from telemetry data
• No selling data - Telemetry is never sold or shared with third parties
• No cross-app tracking - We don't link data across different apps
• No marketing - Telemetry is not used for advertising or marketing purposes

Data Retention

Standard Retention Period: 24 months (2 years)

We retain telemetry data to:

• Identify long-term trends and patterns
• Debug issues reported by developers
• Measure performance improvements over time
• Support product roadmap decisions
• Track year-over-year performance with historical context
• Analyze multi-year adoption patterns

After the retention period, all telemetry data is automatically deleted from our systems.

Why 24 months? This allows us to track year-over-year trends with sufficient historical data, identify seasonal patterns and long-term trends, maintain adequate history for debugging complex issues, compare performance across multiple plugin versions, and make strategic product decisions with deeper insights.

How to Opt-Out

Developers using the Polyfence plugin can disable telemetry with one line of code:

await Polyfence.instance.initialize(
  analyticsConfig: AnalyticsConfig(
    disableTelemetry: true,
  ),
);

When telemetry is disabled:

• Zero data is transmitted to Polyfence servers
• All plugin features continue to work normally
• No network calls are made for analytics purposes

Data Security

Transmission Security

• HTTPS Only: All telemetry is transmitted over encrypted HTTPS connections
• Idempotency Protection: Duplicate sessions are automatically deduplicated
• Retry Mechanism: Failed requests are retried with exponential backoff

Storage Security

• Encrypted at rest: All telemetry data is encrypted in our database
• Access controls: Limited to authorized Polyfence team members only
• Regular audits: Security audits conducted quarterly
• No third-party access: Data is never shared with external parties

Legal Compliance

GDPR (European Union)

Legal Basis: Legitimate interest (Article 6(1)(f) GDPR)

We process telemetry data based on our legitimate interest in improving the Polyfence plugin's performance and reliability.

Why this is compliant:

• ✅ No personal data: App package names are not personal data under GDPR
• ✅ No location data: GPS coordinates are never transmitted
• ✅ Transparent: Full disclosure of data collected
• ✅ Easy opt-out: One-line opt-out mechanism provided
• ✅ Data minimization: Only essential performance metrics collected

Your Rights (for EU developers):

• Right to access: Request data we've collected from your app
• Right to erasure: Request deletion of your app's telemetry data
• Right to object: Opt-out of telemetry at any time
• Right to portability: Request your app's telemetry data in machine-readable format

To exercise these rights, contact: privacy@polyfence.io

CCPA (California)

Is this personal information? No.

Under CCPA, telemetry data does not constitute "personal information" because:

• App package names are not linked to individuals
• No user identifiers, device IDs, or location data is collected
• Data cannot be used to identify, contact, or locate an individual

Your Rights (for California developers):

• Right to know: Understand what data is collected (documented above)
• Right to delete: Request deletion of your app's telemetry data
• Right to opt-out: Disable telemetry at any time

We do not sell personal information (and we don't collect personal information in the first place).

Other Jurisdictions

We comply with privacy regulations in all jurisdictions where Polyfence is used, including:

• Canada (PIPEDA): Consent-based processing, transparent disclosure
• Brazil (LGPD): Legitimate interest basis, data minimization
• Australia (Privacy Act): APP-compliant data handling

Children's Privacy

Polyfence does not knowingly collect data from children under 13 (or applicable age in your jurisdiction).

If your application is directed at children:

• You are responsible for obtaining necessary parental consent
• Consider disabling Polyfence telemetry: disableTelemetry: true
• Review applicable regulations (COPPA, GDPR Article 8, etc.)

Third-Party Services

Analytics Infrastructure

We use the following services to store and analyze telemetry data:

Database Hosting: Supabase (PostgreSQL)

• Data is encrypted at rest and in transit
• Hosted on Supabase infrastructure with enterprise-grade security
• Bound by strict data processing agreements and Supabase's privacy policy

No third-party analytics tools: We do not use Google Analytics, Mixpanel, Amplitude, or similar services for telemetry processing.

Open Source Transparency

The Polyfence plugin is open source under the MIT License.

Verify what we send:

• Read the source code: github.com/blackabass/polyfence-plugin
• Review telemetry implementation: lib/src/services/analytics_service.dart
• Inspect network traffic: Use Charles Proxy or Wireshark to verify our claims

We believe in radical transparency—you can verify every claim in this policy by reading our code.

Changes to This Policy

We may update this privacy policy periodically to reflect:

• Changes in data collection practices
• New legal requirements
• Product improvements

How we'll notify you:

• Major changes: Email notification to registered developers + GitHub issue
• Minor changes: Update this page with new "Last Updated" date
• All changes: Documented in our CHANGELOG

Your responsibility: Review this policy periodically. Continued use of Polyfence after changes constitutes acceptance.

Polyfence.io Services (Optional)

If you use our optional Polyfence.io services (zone management, advanced analytics dashboard), additional data collection may apply. These services require explicit API key registration and are subject to separate terms.

For plugin-only users: This privacy policy is sufficient. You don't need a Polyfence.io account.

Contact Us

Privacy Questions

Email: privacy@polyfence.io
Response time: 48 hours for general inquiries, 72 hours for data requests

Data Subject Requests (GDPR/CCPA)

To exercise your rights (access, deletion, portability):

1. Email privacy@polyfence.io
2. Include your app package name
3. Specify the request type (access, delete, etc.)
4. We'll respond within 30 days

Security Concerns

Security issues: security@polyfence.io
For responsible disclosure of vulnerabilities

General Support

• GitHub Issues: github.com/blackabass/polyfence-plugin/issues
• Documentation: github.com/blackabass/polyfence-plugin