Privacy Policy for Roshi

Effective Date: March 15, 2026

Last Updated: March 15, 2026

Introduction

Roshi ("we", "us", "our", or "Company") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application, "Roshi" (the "Application").

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use the Application.

1. Information We Collect

1.1 Information You Provide

Authentication Data:

• When you sign in via Google Sign-In, we receive and store your Google account information, including your email address and profile picture.
• We do not store your Google password; authentication is handled securely by Google.

Community Content:

• When you create, post, or comment in Community Circles, we collect and store the text content, timestamps, and metadata associated with your posts and comments.
• Your user profile information within circles (username, profile picture, status) is stored and displayed to other circle members.

Subscription & Payment Information:

• When you upgrade to a Premium subscription, payment processing is handled by RevenueCat and the app store (Google Play or Apple App Store).
• We do not directly collect or store your credit card information—this is securely managed by RevenueCat and the respective app stores.
• We do receive and store subscription status, purchase dates, and subscription expiration information.

Preferences & Settings:

• Your app settings, breathing pattern preferences, meditation session history, and notification preferences are stored locally on your device and synced to our Firebase database.
• Custom breathing patterns, notes, and personalized meditation selections are stored.

Google Drive Sync Data (Optional):

• If you enable backup/export to Google Drive, we obtain permission to store your meditation session data, breathing history, and custom patterns on your Google Drive account.
• This data is encrypted in transit and managed according to Google Drive's privacy standards.

1.2 Information Collected Automatically

Device Information:

• Device type, operating system version, OS language, and device model
• Unique device identifiers (Android Advertising ID, IDFA on iOS)
• IP address (collected by Firebase)

Usage & Activity Data:

• App session duration and frequency of app use
• Features accessed and user interactions within the app
• Crash logs and error reports (via Firebase)
• Analytics events related to feature usage

Notification Preferences:

• Whether you have enabled or disabled push notifications and in-app notifications
• Notification delivery status and engagement metrics

Location Data:

• We do not intentionally collect precise location data. However, your IP address may be used to derive approximate location for localized content delivery.

2. How We Use Your Information

2.1 Primary Uses

• Service Delivery: To provide and maintain the Application, including authentication, community features, and subscription management.
• Community Features: To enable you to post, share, and interact within Community Circles with other users.
• Personalization: To customize your experience, such as remembering your breathing preferences and meditation history.
• Push Notifications: To send you circle activity notifications, meditation reminders, and subscription-related messages (if enabled).
• Backup & Sync: To synchronize your session data across devices and enable Google Drive backup.
• Analytics & Improvement: To analyze app usage patterns, identify bugs, and improve the Application's features and performance.
• Subscription Management: To process and manage your Premium subscription.
• Customer Support: To respond to your inquiries and provide technical support.

2.2 Legal & Safety

• To comply with legal obligations, enforce our Terms of Service, and protect against fraud and abuse.
• To respond to lawful requests from government authorities.

3. Third-Party Services & Data Sharing

3.1 Firebase (Google Cloud)

Services Used:

• Firebase Authentication: Secure sign-in via Google
• Cloud Firestore: Database for community posts, comments, user profiles, and settings
• Firebase Cloud Messaging: Push notification delivery
• Firebase Cloud Functions: Backend services for community features
• Firebase Crash Reporting & Analytics: App performance monitoring

Data Shared: User authentication tokens, community content, user profiles, app usage events, crash logs

Privacy Policy: Google Firebase Privacy Policy

3.2 Google Sign-In

Data Shared: Email address, display name, profile picture, basic identity information

Privacy Policy: Google Privacy Policy

3.3 RevenueCat

Services Used: Subscription management and payment processing for Premium features

Data Shared: Subscription status, purchase history, app version, and device type

Privacy Policy: RevenueCat Privacy Policy

3.4 Google Drive (Optional)

Data Shared: Only if you enable backup; includes meditation session data, breathing patterns, and custom content

Privacy Policy: Google Drive Privacy Policy

3.5 App Store (Google Play / Apple App Store)

Services Used: App distribution, subscription billing, device identifiers for analytics

Data Shared: Device identifiers (Android Advertising ID, IDFA), app version, subscription information

Privacy Policies:

• Google Play Privacy Policy
• Apple Privacy Policy

3.6 Flutter & Analytics SDKs

Services Used: App performance monitoring, crash reporting, and metrics collection

Data Shared: Device information, app usage, error logs

4. Data Security

We implement industry-standard security measures to protect your data:

• Encryption in Transit: All data transmitted between your device and our servers is encrypted using HTTPS/TLS.
• Encryption at Rest: Sensitive data stored in Firebase is encrypted at rest by Google Cloud.
• Authentication: Secure authentication via OAuth 2.0 (Google Sign-In).
• Access Control: Only authorized personnel can access user data, subject to strict confidentiality agreements.

However, please note:

• No security system is perfect. While we employ strong protective measures, we cannot guarantee absolute security.
• Jailbroken or rooted devices are at higher risk of data compromise; we recommend keeping your device secure.

5. Data Retention

• Community Data: Posts, comments, and circle memberships are retained as long as your account is active and for 90 days after account deletion (allowing account recovery).
• Subscription Data: Purchase history is retained for 7 years to comply with tax and financial regulations.
• Crash Logs & Analytics: Raw event data is retained for 35 days; aggregated analytics are retained indefinitely.
• Google Drive Backups: You control the retention of data backed up to Google Drive; deletion follows Google Drive's retention policies.

6. Your Privacy Rights

6.1 Access & Portability

You have the right to:

• Request access to your personal data
• Download a copy of your data
• Know what data we hold about you

6.2 Correction & Deletion

You have the right to:

• Correct inaccurate data
• Request deletion of your account and associated data (subject to legal retention requirements)
• Delete posts and comments from Community Circles

6.3 Opt-Out & Preferences

You can:

• Disable push notifications in app settings
• Turn off analytics via app settings
• Disable community notifications while keeping meditation features active
• Revoke Google Drive backup permissions

6.4 How to Exercise Your Rights

To exercise any of these rights, contact us at: admin@mabidtechnologies.com or via in-app settings.

7. Specific Data Practices by Feature

7.1 Community Circles

Data Collected:

• Posts, comments, and their timestamps
• Your username, profile picture, and bio within circles
• Circle membership and roles (member, moderator)
• Read/engagement status of posts and comments

Sharing:

• Community content is shared with all members of the circle you post in.
• Other circle members can see your profile information and posts.
• Circle moderators may access moderation logs.

Control:

• Delete your posts and comments at any time.
• Leave circles to stop receiving notifications.
• Adjust who can see your community profile in settings.

7.2 Breathing Sessions & Meditation History

Data Collected:

• Session duration, date, and selected breathing pattern
• Meditation audio selections and session length
• Preferences and custom patterns you create

Storage:

• Primary storage is local on your device.
• Synced to Firebase if you enable cloud sync.
• Optionally backed up to Google Drive.

Sharing:

• This data is private and not shared with other users or circles.
• No analytics are shared; only aggregate anonymized session counts may be analyzed.

7.3 Push Notifications

Data Collected:

• Whether notifications are enabled/disabled
• Notification delivery and open rates
• Circle activity that triggers notifications

Opt-Out:

• Disable community notifications in settings.
• Disable all notifications in device settings.

8. Children's Privacy

The Application is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us with personal data, we will promptly delete such information and terminate the child's account.

If you are a parent or guardian and believe your child has provided information to us, please contact us immediately at admin@mabidtechnologies.com.

9. International Data Transfers

If you are located outside the United States, please note that your data may be transferred to, stored in, and processed in the United States. By using the Application, you consent to the transfer of your information to countries that may have different data protection laws than your country of origin.

We rely on standard contractual clauses and other lawful mechanisms to ensure adequate safeguards when transferring data internationally.

10. California Privacy Rights (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to Access: You can request information about the categories and specific pieces of personal information we have collected.
• Right to Delete: You can request that we delete the personal information we have collected from you.
• Right to Opt-Out: You can opt-out of the "sale" of personal data (as defined by CCPA).
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise any of these rights, contact us at admin@mabidtechnologies.com. We will respond within 45 days.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Posting the updated Privacy Policy in the Application
• Updating the "Last Updated" date at the top of this document
• Sending you an email notification (for significant changes)

Your continued use of the Application following these changes constitutes your acceptance of the updated Privacy Policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

• Email: admin@mabidtechnologies.com

Response Time: We will respond to all privacy requests within 30 days.

13. Apology for Over-Sharing

We want to be transparent: we collect more data than strictly necessary for core meditation features. However, we do this to:

• Enable community features and prevent spam/abuse
• Provide push notifications and subscription management
• Improve the app through analytics and crash reporting

You can opt-out of non-essential data collection via app settings or by not using community features. Your meditation and breathing sessions are primarily local; the app works offline.

End of Privacy Policy