Privacy Policy

Last Updated: February 16, 2026

Welcome to Developer Community App (DevSphere) - a Flutter-based mobile platform for developers to share knowledge, discuss technical topics, showcase code, and engage with a gamified learning community.

We respect your privacy and are committed to transparency about data collection. This privacy policy explains exactly what data we collect, how it's stored, who can see it, and your rights to control it.

1. Information We Collect

1.1 Personal Information

When you create an account, we collect:

• Email address - Used for authentication and account management
• Username - Your display name visible to other users
• Profile picture - Optional image uploaded by you
• Bio - Optional short description about yourself
• GitHub username - Optional, used for GitHub integration and portfolio features
• Account creation date - Timestamp of when you joined

1.2 User-Generated Content

The following content you create is stored in our cloud database:

• Discussion threads - Title, description, tags, timestamps, and optional polls
• Posts - Title, description, code snippets, images, tags, and timestamps
• Replies and comments - Your responses to discussions and posts
• Likes - Record of posts you've liked
• Bookmarks - Lists of saved posts and discussions for quick access

1.3 Gamification Data

• Experience Points (XP) - Points earned through app engagement (starting at 100)
• Badges and achievements - Milestones unlocked through activities
• Challenge progress - Your progress in community challenges
• Leaderboard rankings - Your position based on XP and engagement

1.4 AI Chatbot Data (Local Only)

Important: Conversations with our AI chatbot assistant are stored only on your device in an encrypted local database. These conversations are never uploaded to our servers or shared with other users.

1.5 Usage Analytics

• App usage statistics - Collected via Firebase Analytics
• Device information - Model, operating system version
• IP address - Used for analytics and security purposes only
• Session duration - Time spent in the app

2. How We Use Your Information

We use your data exclusively for the following purposes:

• Account Management: Create and manage your user account with Firebase Authentication
• Community Features: Enable you to create discussions, posts with code snippets, reply to threads, and interact with other developers
• Gamification System: Track your XP points, badges, achievements, and leaderboard rankings to reward engagement
• Bookmarking: Store your saved posts and discussions for quick access
• AI Assistance: Provide local AI chatbot features using Google Gemini (API key stored securely on your device)
• GitHub Integration: Analyze public GitHub repositories and generate developer portfolios (optional)
• Analytics: Understand app usage patterns via Firebase Analytics to improve features and user experience
• Security: Detect abuse, spam, and unauthorized access through Firebase Security Rules

What we DON'T do:

• We do not send push notifications
• We do not provide direct user-to-user messaging (only public discussions and AI chatbot)
• We do not sell or share your personal data with third parties for marketing
• We do not store your raw Gemini API key on our servers (only SHA-256 hash for verification)

3. Third-Party Services

Our app integrates with the following third-party services:

3.1 Firebase (Google)

• Firebase Authentication: For secure user authentication
• Cloud Firestore: For storing user data and content
• Firebase Storage: For storing uploaded images and files
• Firebase Analytics: For app usage analytics

Firebase services are governed by Google's Privacy Policy.

3.2 AI Services (Google Gemini)

We integrate with Google Gemini API for AI chatbot assistance. When you provide your own Gemini API key:

• Your API key is stored only on your device in platform-specific secure storage (iOS Keychain / Android EncryptedSharedPreferences)
• Only a SHA-256 hash of your API key is stored in our database for verification
• Chatbot conversations are processed through Google's Gemini API according to Google's Privacy Policy
• Chat history is stored locally on your device in an encrypted Hive database and is never uploaded to our servers

3.3 GitHub API (Optional)

If you choose to link your GitHub username, we use the public GitHub API to:

• Fetch your public repository information
• Analyze repository statistics for portfolio generation
• Display public contribution data

Note: We only access publicly available GitHub data. No authentication tokens or private repository access is requested.

3.4 Cloudinary

Profile pictures and uploaded images are stored using Cloudinary cloud storage service, governed by their Privacy Policy.

4. Data Storage and Security

We implement multiple layers of enterprise-grade encryption and security measures to protect your personal data:

4.1 Encryption at Rest

• Firebase Firestore: All data stored in our cloud database is encrypted using AES-256 encryption
• Firebase Storage: Uploaded files and images are encrypted at rest with AES-256
• Local Database: Chat history stored on your device is encrypted using AES-256 with device-specific keys
• Encryption Keys: Managed by Google Cloud Key Management Service (KMS) with automatic rotation

4.2 Encryption in Transit

• HTTPS/TLS 1.2+: All data transmitted between your device and our servers is encrypted
• Certificate Pinning: Firebase uses certificate pinning to prevent man-in-the-middle attacks
• End-to-End Security: Data is encrypted from your device to our servers and never transmitted in plaintext

4.3 Authentication Security

• Firebase Authentication: Industry-standard authentication with email/password
• Password Security: Passwords are never stored in plaintext; Firebase uses secure hashing algorithms
• Secure Sessions: Authentication tokens are encrypted and automatically expire
• Account Protection: Firebase Security Rules prevent unauthorized access to user data

4.4 API Key Protection

• Secure Storage: API keys are stored in platform-specific secure storage (iOS Keychain / Android EncryptedSharedPreferences)
• Hashing: Only SHA-256 hashes of API keys are stored in our database for verification
• No Cloud Storage: Raw API keys never leave your device unencrypted

4.5 Additional Security Measures

• Regular security audits and updates
• Firebase Security Rules to restrict unauthorized access
• Rate limiting to prevent abuse
• Automated threat detection and monitoring
• Secure code practices and regular dependency updates

5. Data Sharing and Transparency

We do not sell your personal information. Here's exactly what data is visible to whom:

5.1 Publicly Visible Information

The following information is visible to all app users:

• Username, profile picture, bio, GitHub username (if set)
• Discussion threads, posts, replies, and code snippets you create
• Tags you use and timestamps on your content
• Your XP points and leaderboard position
• Number of posts, discussions, and replies you've made

5.2 Private Information (Not Shared)

The following data is private and never shown to other users:

• Your email address
• Your saved posts and discussion bookmarks
• Which posts you've liked
• Your AI chatbot conversations (stored only on your device)
• Your Gemini API key

5.3 Third-Party Service Providers

• Firebase (Google): Stores user data, authenticates users, and provides analytics
• Google Gemini: Processes AI chatbot requests when you use your own API key
• Cloudinary: Stores uploaded profile pictures and images
• GitHub: Provides public repository data when you link your GitHub username

5.4 Legal Disclosure

We may disclose your information when required by law or to:

• Comply with legal obligations or court orders
• Protect our rights, property, or safety
• Prevent fraud, spam, or abuse

6. Your Rights and Choices

You have the following rights regarding your personal data:

• Access: Request a copy of your personal data stored in our database
• Correction: Update your username, profile picture, bio, and GitHub username through profile settings
• Deletion: Request deletion of your account and associated data (see Data Retention below)
• Portability: Request an export of your posts, discussions, and profile data in JSON format
• API Key Control: Your Gemini API key can be changed or deleted at any time from profile settings

To exercise these rights, contact us at vansh.panchal7@proton.me with your request.

7. Data Structure Transparency

For complete transparency, here's exactly what data fields we store in our Firebase Firestore database:

7.1 User Profile Collection

Each user account contains:

• Username - Your display name (string)
• Email - Your email address (string, private)
• Uid - Unique user identifier (string)
• profilePicture - URL to your profile image (string)
• XP - Experience points (number, starts at 100)
• Saved - Array of saved post IDs (array, private)
• SavedDiscussion - Array of saved discussion IDs (array, private)
• createdAt - Account creation timestamp (timestamp)
• bio - Profile bio (string, optional)
• github - GitHub username (string, optional)
• profileDominantColor - Color value for UI theming (number, optional)
• geminiKeyHash - SHA-256 hash of Gemini API key (string, optional)
• geminiKeySetAt - When API key was last updated (timestamp, optional)

7.2 Discussions Collection

Each discussion thread contains:

• Title - Discussion title (string)
• Description - Discussion content (string)
• Uid - Creator's user ID (string)
• Tags - Topic tags (array of strings)
• docId - Unique document ID (string)
• Timestamp - Creation time (timestamp)
• Report - Moderation flag (boolean)
• hasPoll - Whether discussion includes a poll (boolean)
• poll - Poll object with options and votes (object, if hasPoll is true)
• Replies - Subcollection of replies (see below)

7.3 Explore Posts Collection

Each post contains:

• Title - Post title (string)
• Description - Post content (string)
• code - Code snippet (string, optional)
• Uid - Creator's user ID (string)
• Tags - Topic tags (array of strings)
• docId - Unique document ID (string)
• likes - Array of user IDs who liked (array, private)
• likescount - Total like count (number)
• Timestamp - Creation time (timestamp)
• Report - Moderation flag (boolean)

7.4 Replies Subcollection

Each reply contains:

• username - Replier's username (string)
• profilePicture - Replier's profile image URL (string)
• reply - Reply text (string)
• timestamp - Reply time (timestamp)
• uid - Replier's user ID (string)

7.5 Local Storage (Your Device Only)

• Hive Database (Encrypted): AI chatbot conversation history
• Secure Storage (Encrypted): Your Gemini API key, encryption keys
• GetStorage Cache: Temporary cache of user data and Firestore collections for faster loading

8. Children's Privacy

Our app is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately at vansh.panchal7@proton.me and we will delete the account.

9. Data Retention

Active Accounts: We retain your data for as long as your account is active.

Account Deletion: When you request account deletion, we will:

• Delete your User profile document (username, email, profile picture, XP, saved lists, bio, GitHub username)
• Delete your Gemini API key hash
• Preserve public content: Posts, discussions, and replies you created will remain visible but will show "[Deleted User]" as the author to maintain community continuity
• Remove your email and private data from these public posts
• Clear all analytics data associated with your account within 60 days

Local Data: AI chatbot conversations stored on your device can be deleted by:

• Uninstalling the app (automatically deletes local data)
• Clearing app data in device settings

Legal Retention: We may retain certain data if required by law, to resolve disputes, or enforce our terms.

10. International Data Transfers

Your data is stored in Google Firebase cloud servers, which may be located in different countries:

• Firebase Firestore: Data is stored in Google Cloud data centers (region configured by us)
• Firebase Storage: Profile pictures and images stored in Google Cloud Storage
• Cloudinary: Additional image hosting with international CDN

By using our app, you consent to the transfer of your data to these locations. Google complies with GDPR and international data protection standards.

11. Changes to This Privacy Policy

We may update this privacy policy to reflect changes in our practices or legal requirements. When we make significant changes:

• We will update the "Last Updated" date at the top of this page
• We may display an in-app notification highlighting the changes
• Continued use of the app after changes constitutes acceptance

We recommend reviewing this policy periodically to stay informed about how we protect your data.

12. Cookie and Analytics Policy

Our mobile app does not use browser cookies. However:

• Firebase Analytics: Collects anonymous usage data (app opens, screen views, crashes) to improve the app. This uses device identifiers but does not personally identify you.
• Local Cache: GetStorage library caches data locally for faster app performance. This data never leaves your device unless explicitly synced to Firebase.

You cannot opt out of Firebase Analytics as it's essential for app stability monitoring and bug fixes. However, no personally identifiable information is tracked beyond your User UID.