You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
| User-owned app data, including schedules, preparation data, notification schedules, user settings, alarm settings, alarm status, device records, FCM tokens, and session tokens | Delete immediately by database cascade or equivalent cleanup | Account deletion request |
23
+
| General feedback linked to the user account | Delete immediately by database cascade or equivalent cleanup | Account deletion request |
24
+
| Optional account deletion feedback | Retain for up to 1 year | Service quality review and deletion-related support issues |
25
+
| Operational logs, monitoring records, and security records | Retain for up to 90 days | Service operation, debugging, security, and abuse prevention |
26
+
| Database backups or disaster recovery snapshots | Retain for no longer than 30 days under normal backup rotation | Disaster recovery |
27
+
| Legal, compliance, or active security investigation records | Retain only as long as required for the legal/compliance/investigation purpose | Legal compliance or active security investigation |
28
+
29
+
## Backend Confirmation Needed
30
+
31
+
Before #434 privacy policy approval, backend/environment owners should confirm:
32
+
33
+
- The account deletion endpoints still hard-delete the local OnTime account row.
Copy file name to clipboardExpand all lines: docs/Google-Play-Data-Safety.md
+58-18Lines changed: 58 additions & 18 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,21 +1,25 @@
1
1
# Google Play Data Safety Worksheet
2
2
3
-
This worksheet advances release issue #441 under parent track #464. It is not a
4
-
final Google Play declaration and must not be pasted into Play Console until the
5
-
open prerequisites below are resolved.
3
+
This worksheet advances release issue #441 under parent track #464. The Google
4
+
Play Data safety questionnaire was completed and saved in Play Console on
5
+
2026-05-10 using the answers recorded below. The privacy policy URL was also
6
+
saved in Play Console on 2026-05-10. The app-content submission is still blocked
7
+
by separate Play Console requirements outside the Data safety form.
6
8
7
9
## Status
8
10
9
-
Current status: externally blocked.
11
+
Current status: Data safety questionnaire saved in Play Console; app-content
12
+
submission externally blocked.
10
13
11
14
Blocking prerequisites:
12
15
13
16
| Input | Source issue | Status on 2026-05-10 | Why it blocks submission |
14
17
| --- | --- | --- | --- |
15
-
| Approved privacy policy text|#434|Open, manual | Google Play requires a privacy policy and the Data safety answers must match it. |
16
-
| Backend deletion and retention truth |#439|Open, manual/backend | Data deletion support, retention exceptions, and associated data deletion are server-side facts. |
17
-
| External account deletion request URL |#440|Open, manual | Play requires an outside-app deletion path for apps with accounts. |
18
+
| Approved and hosted privacy policy URL|#434/#435/#437|Hosting/Play entry complete; #434 approval still open | Public URL is `https://ontime-back.duckdns.org/privacy-policy` and is saved in Play Console. Product/legal approval of final text remains tracked by #434. |
19
+
| Backend deletion and retention truth |#439|Closed with static backend evidence | Data deletion support, retention exceptions, and associated data deletion are documented; production retention enforcement still needs owner confirmation before final submission. |
20
+
| External account deletion request URL |#440|Closed | Public URL is `https://ontime-back.duckdns.org/account-deletion`; Play Console delete account URL field is saved in the Data safety draft. |
18
21
| Manifest permission audit |#442| Closed | Evidence is available in `docs/Android-Manifest-Permissions.md`. |
22
+
| Target audience and content | Play Console app content | Open, manual | Play Console preview says submission requires target age group and other content information. |
19
23
| Final release SDK/provider set |#441 prerequisite | Pending owner confirmation | SDK data collection must match the shipped release build. |
20
24
21
25
Google's current guidance says developers are responsible for complete and
@@ -70,23 +74,59 @@ deletion support must be approved by the release owner.
70
74
| Firebase Cloud Messaging SDK | The app uses `firebase_core` and `firebase_messaging`. Firebase documentation says Cloud Messaging collects app version automatically and depends on Firebase Installations; FID and Firebase user agent handling must be considered. | SDK-collected data, device or other identifiers, app info and performance | Source-backed dependency, final SDK review pending |
71
75
| Google Play services core SDKs | Google Play services base/basement/tasks may be present through dependencies. Google's disclosure page says the listed core SDKs do not collect end-user data, but app owners remain responsible for the overall disclosure. | SDK review | Dependency review pending |
72
76
73
-
## Answers That Must Stay Pending
77
+
## Saved Play Console Answers
74
78
75
-
Do not finalize these fields until the owners listed below provide the missing
76
-
facts.
79
+
Entered in Play Console by `jjoonleo@gmail.com` on 2026-05-10.
80
+
81
+
Security and deletion:
82
+
83
+
- Required user data types collected or shared: Yes.
84
+
- Data encrypted in transit: Yes.
85
+
- Account creation methods: Username and password, OAuth.
| App activity | Other user-generated content | Collected | Not ephemeral | Optional | App functionality |
101
+
| Device or other IDs | Device or other IDs | Collected | Not ephemeral | Required | App functionality |
102
+
103
+
Play Console preview showed:
104
+
105
+
- Data shared: no data shared with third parties.
106
+
- Data collected: Personal info, App info and performance, App activity, Device
107
+
or other IDs.
108
+
- Data deletion: account and associated data can be deleted via the saved
109
+
account deletion URL.
110
+
- Security practices: data is encrypted in transit.
111
+
- Remaining blocker shown by Play Console before final app-content submission:
112
+
target audience/content.
113
+
114
+
## Answers That Still Need Owner Confirmation
115
+
116
+
The Play Console draft is saved, but the owners below should still confirm these
117
+
facts before final release submission.
77
118
78
119
| Field or decision | Required owner input |
79
120
| --- | --- |
80
-
| Whether each collected data type is required or optional | Product owner and source review. |
81
121
| Whether any data is shared outside service-provider processing | Backend owner, Firebase/Google configuration owner, and privacy owner. |
82
122
| Backend retention period for accounts, schedules, preparations, feedback, FCM tokens, device registrations, alarm status, and logs | Backend owner. |
83
123
| Whether deletion requests delete or anonymize each associated data type, and within what time window | Backend owner and privacy owner. |
84
124
| Whether any data is retained for legal compliance, security, abuse prevention, or operations | Backend owner and legal/product owner. |
85
-
| Final privacy policy URL and exact text | Product/legal owner and #434/#435. |
86
-
| External account deletion request URL and page content |Web/backend owner and #440. |
125
+
| Final privacy policy text approval | Product/legal owner and #434. Hosted URL is `https://ontime-back.duckdns.org/privacy-policy`. |
126
+
| External account deletion request URL and page content |Closed in #440: `https://ontime-back.duckdns.org/account-deletion`. |
87
127
| Final active auth providers for Android release | Release owner. Current source supports normal, Google, and Apple paths; Kakao dependencies are present but no active release flow was found in the checked auth path. |
88
128
| Firebase optional exports such as FCM delivery metrics to BigQuery or Analytics-linked notification interaction events | Firebase project owner. No Analytics dependency was found in `pubspec.yaml`, but console settings must still be checked. |
89
-
| Play Console submission | Play Console owner. |
129
+
| Play Console app-content submission | Play Console owner after target audience/content is complete. |
90
130
91
131
## Pre-Submission Checklist
92
132
@@ -99,10 +139,10 @@ facts.
99
139
used in app and Play Console.
100
140
6. Verify the public account deletion URL works without installing or opening
101
141
the app and explains deleted and retained data.
102
-
7.Enter the Data safety form in Play Console from this worksheet plus approved
103
-
owner answers.
104
-
8.Save the final submitted answers back into release documentation, replacing
105
-
or appending to this worksheet.
142
+
7.Confirm the saved Data safety answers above still match the approved policy
143
+
and final release build.
144
+
8.Send the saved changes for review from Publishing overview after the
0 commit comments