feat: add privacy policy, store privacy declarations, and iOS privacy manifest

Author: Lalit Sharma

PRIVACY_POLICY.md

@@ -0,0 +1,101 @@
+# Privacy Policy
+
+**Eclipse Timer**
+**Effective Date:** February 16, 2026
+**Last Updated:** February 16, 2026
+
+Eclipse Timer ("the App") is developed by lallimaven. This Privacy Policy explains what data the App accesses, how it is used, and your choices.
+
+---
+
+## 1. Information We Collect
+
+### 1.1 Location Data
+
+The App requests access to your device's location **only when you choose** to use the "Use GPS" feature. Your geographic coordinates (latitude and longitude) are used **entirely on-device** to compute eclipse contact times for your location.
+
+- **Your location is never transmitted to any server.**
+- **Your location is never stored persistently.** It is held in memory only while the App is running.
+- You can use the App without granting location permission by manually placing a pin on the map.
+
+### 1.2 Crash and Diagnostic Data
+
+The App uses [Sentry](https://sentry.io) to collect crash reports and error diagnostics **in production builds only** (not during development). This data may include:
+
+- Device model, operating system version, and app version
+- Stack traces and error messages
+- General device state at the time of a crash (e.g., available memory)
+
+Crash data **does not include** your location, personal information, or any content you create in the App. Sentry's privacy practices are described at [https://sentry.io/privacy/](https://sentry.io/privacy/).
+
+### 1.3 Network Requests
+
+The App loads eclipse preview images (animated GIFs) directly from NASA's public Eclipse website (`https://eclipse.gsfc.nasa.gov`). These are standard HTTP image requests. The App does not send any personal data, location data, or device identifiers in these requests.
+
+### 1.4 Notifications
+
+The App can schedule **local notifications** to remind you of upcoming eclipse events. These notifications are created and delivered entirely on your device. No notification data is sent to any server.
+
+### 1.5 User Preferences
+
+Your settings (notification preferences, favorite locations) are stored **on-device only** using AsyncStorage. This data is never transmitted off your device.
+
+---
+
+## 2. Information We Do NOT Collect
+
+- **No personal information:** The App does not collect your name, email address, phone number, or any account credentials.
+- **No analytics or tracking:** The App does not use analytics SDKs, advertising identifiers, or tracking pixels.
+- **No advertising:** The App contains no ads and does not share data with advertising networks.
+- **No user accounts:** The App does not require or support user registration or login.
+- **No third-party data sharing:** Beyond Sentry crash diagnostics (see section 1.2), no data leaves your device.
+
+---
+
+## 3. Data Retention
+
+- **Location data** is not stored. It exists in memory only during active use.
+- **User preferences** remain on your device until you clear the App's data or uninstall it.
+- **Crash reports** are retained by Sentry according to their data retention policy (typically 90 days).
+
+---
+
+## 4. Children's Privacy
+
+The App does not knowingly collect any personal information from children under 13 (or the applicable age in your jurisdiction). The App does not require any personal information to function.
+
+---
+
+## 5. Your Choices
+
+- **Location:** You can deny or revoke location permission at any time in your device's Settings. The App functions fully without location access.
+- **Notifications:** You can disable notifications in your device's Settings or within the App's Notification Settings screen.
+- **Crash reporting:** Crash reports are only sent in production builds. There is no opt-out toggle at this time, but crash data contains no personally identifiable information.
+
+---
+
+## 6. Changes to This Policy
+
+If we update this Privacy Policy, we will revise the "Last Updated" date at the top. Continued use of the App after changes constitutes acceptance of the updated policy.
+
+---
+
+## 7. Contact
+
+If you have questions about this Privacy Policy, you can reach us at:
+
+- **GitHub:** [https://github.com/lallimaven/eclipse-timer](https://github.com/lallimaven/eclipse-timer)
+
+---
+
+## 8. Summary Table
+
+| Data Type | Collected? | Transmitted Off-Device? | Purpose |
+|-----------|-----------|------------------------|---------|
+| Location (lat/lon) | At runtime, in memory only | ❌ No | Compute eclipse times for your position |
+| Crash diagnostics | Yes (production only) | ✅ Yes (to Sentry) | Fix bugs and improve stability |
+| NASA preview images | Fetched from NASA servers | N/A (read-only fetch) | Display eclipse preview animations |
+| Notification schedule | Created locally | ❌ No | Remind you of eclipse events |
+| User preferences | Stored on-device | ❌ No | Remember your settings between sessions |
+| Personal information | ❌ No | ❌ No | — |
+| Advertising/tracking IDs | ❌ No | ❌ No | — |

apps/mobile/app.json

@@ -12,7 +12,32 @@
     ],
     "ios": {
       "bundleIdentifier": "com.lallimaven.eclipse-timer",
-      "buildNumber": "1"
+      "buildNumber": "1",
+      "infoPlist": {
+        "NSLocationWhenInUseUsageDescription": "Eclipse Timer uses your location to compute precise eclipse contact times for where you are. Your location stays on-device and is never sent to a server."
+      },
+      "privacyManifests": {
+        "NSPrivacyAccessedAPITypes": [
+          {
+            "NSPrivacyAccessedAPIType": "NSPrivacyAccessedAPICategoryUserDefaults",
+            "NSPrivacyAccessedAPITypeReasons": ["CA92.1"]
+          }
+        ],
+        "NSPrivacyCollectedDataTypes": [
+          {
+            "NSPrivacyCollectedDataType": "NSPrivacyCollectedDataTypePreciseLocation",
+            "NSPrivacyCollectedDataTypeLinked": false,
+            "NSPrivacyCollectedDataTypeTracking": false,
+            "NSPrivacyCollectedDataTypePurposes": ["NSPrivacyCollectedDataTypePurposeAppFunctionality"]
+          },
+          {
+            "NSPrivacyCollectedDataType": "NSPrivacyCollectedDataTypeCrashData",
+            "NSPrivacyCollectedDataTypeLinked": false,
+            "NSPrivacyCollectedDataTypeTracking": false,
+            "NSPrivacyCollectedDataTypePurposes": ["NSPrivacyCollectedDataTypePurposeAppFunctionality"]
+          }
+        ]
+      }
     },
     "splash": {
       "image": "./assets/splash-icon.png",

documents/store-privacy-declarations.md

@@ -0,0 +1,108 @@
+# App Store & Play Store — Privacy Declarations
+
+> Reference document for filling out the Apple App Privacy labels and Google Play Data Safety forms.
+> Keep in sync with `PRIVACY_POLICY.md`.
+
+---
+
+## Apple App Store — App Privacy Labels
+
+When submitting to App Store Connect, select the following in the **App Privacy** section:
+
+### Data Types Collected
+
+| Data Type | Category | Collected | Linked to Identity | Used for Tracking |
+|-----------|----------|-----------|-------------------|-------------------|
+| Precise Location | Location | ✅ Yes | ❌ No | ❌ No |
+| Crash Data | Diagnostics | ✅ Yes | ❌ No | ❌ No |
+
+### For each data type:
+
+#### Precise Location
+- **Usage purpose:** App Functionality
+- **Linked to user identity:** No
+- **Used for tracking:** No
+- **Notes:** Location is used entirely on-device to compute eclipse contact times. It is never transmitted to any server or stored persistently.
+
+#### Crash Data
+- **Usage purpose:** App Functionality (bug fixing)
+- **Linked to user identity:** No
+- **Used for tracking:** No
+- **Notes:** Crash reports are sent to Sentry and contain stack traces, device model, and OS version. No personally identifiable information is included.
+
+### Data NOT Collected
+Check "No" for all of the following categories:
+- Contact Info (name, email, phone, address)
+- Health & Fitness
+- Financial Info
+- Sensitive Info
+- Contacts
+- User Content
+- Browsing History
+- Search History
+- Identifiers (user ID, device ID)
+- Purchases
+- Usage Data (only crash data, not usage analytics)
+- Other Data
+
+### iOS Privacy Manifest (`NSPrivacyAccessedAPITypes`)
+
+The following API usage reasons are declared in `app.json` → `expo.ios.privacyManifests`:
+
+| API Category | Reason Code | Justification |
+|-------------|-------------|---------------|
+| `NSPrivacyAccessedAPICategoryUserDefaults` | `CA92.1` | AsyncStorage uses UserDefaults to persist user preferences (notification settings, favorite locations). |
+
+---
+
+## Google Play Store — Data Safety Section
+
+When filling out the **Data Safety** form in Google Play Console:
+
+### Overview Answers
+- **Does your app collect or share any of the required user data types?** Yes
+- **Is all of the user data collected by your app encrypted in transit?** Yes (HTTPS for NASA GIF fetches and Sentry)
+- **Do you provide a way for users to request that their data is deleted?** Not applicable — no personal data is stored on servers. On-device data is cleared by uninstalling the app.
+
+### Data Types
+
+#### Location → Approximate location
+- **Collected:** No (precise location is used, see below)
+
+#### Location → Precise location
+- **Collected:** Yes
+- **Shared with third parties:** No
+- **Is this data processed ephemerally?** Yes — location is used in memory only, never stored
+- **Is this data required for your app, or can users choose whether it's collected?** Optional — users can place a pin manually
+- **Purpose:** App functionality
+
+#### App info and performance → Crash logs
+- **Collected:** Yes
+- **Shared with third parties:** Yes — Sentry (crash reporting service provider)
+- **Is this data processed ephemerally?** No — retained by Sentry per their retention policy (~90 days)
+- **Is this data required for your app, or can users choose whether it's collected?** Required (automatic in production builds)
+- **Purpose:** App functionality (bug fixing), Analytics (crash analysis)
+
+#### Device or other IDs
+- **Collected:** No
+
+### Data NOT Collected or Shared
+Select "No" for all of the following:
+- Personal info (name, email, address, phone, etc.)
+- Financial info
+- Health info
+- Messages
+- Photos & videos
+- Audio files
+- Files & docs
+- Calendar
+- Contacts
+- App activity (app interactions, search history, installed apps)
+- Web browsing
+- Device or other IDs
+
+### Additional Disclosures
+- The app does **not** use advertising libraries or advertising IDs.
+- The app does **not** contain any ads.
+- The app is **not** designed for children.
+- The app does **not** share data with third parties except Sentry for crash reporting.

documents/tech-debt.md

@@ -200,7 +200,7 @@
 | ID | Item | Severity | Details |
 |----|------|----------|---------|
 | SP-01 | **Location permission requested without prior explanation** | 🟡 Medium | ✅ Resolved 2026-02-16: added a custom `Alert.alert` rationale dialog explaining on-device-only location use before the OS permission prompt. |
-| SP-02 | **No privacy policy or data usage disclosure** | � High | App requests location and loads remote GIFs (NASA). Both App Store and Play Store **require** a privacy policy URL during submission. Blocks store listing. |
+| SP-02 | **No privacy policy or data usage disclosure** | 🟠 High | ✅ Resolved 2026-02-16: wrote `PRIVACY_POLICY.md`, created `documents/store-privacy-declarations.md` with Apple App Privacy and Google Play Data Safety declarations, added iOS privacy manifest to `app.json`. Remaining: host the policy at a public URL and link in store listings. |
 | SP-03 | **External URL (NASA GIF) loaded without HTTPS validation** | 🟢 Low | The URL is constructed dynamically. A malformed date could produce a broken URL — no sanitization. |
 
 ---
@@ -272,7 +272,7 @@
 | CI-02 | Automate EAS Build jobs in CI for Android/iOS artifacts |
 | CI-03 | Configure app signing / keystore (blocks store submission) |
 | CI-05 | ✅ Resolved 2026-02-16: integrated @sentry/react-native with Sentry.wrap + ErrorBoundary |
-| SP-02 | Write & host privacy policy (required by both stores) |
+| SP-02 | ✅ Resolved 2026-02-16: privacy policy written, store privacy declarations documented, iOS privacy manifest added |
 
 ### 🟡 Medium — Plan Next
 | ID | Summary |
@@ -367,10 +367,10 @@
 
 | # | Step | Relates To | Status |
 |---|------|-----------|--------|
-| 3.1 | **Write a privacy policy** covering: location data (used locally, not transmitted), network requests (NASA GIF URLs), notification permissions, no analytics/tracking. Host on a public URL (GitHub Pages works). | SP-02 | ⬜ Not started |
-| 3.2 | **Add the privacy policy URL** to `app.json` → `expo.ios.privacyManifests` (if targeting iOS 17+) and to both store listings. | SP-02 | ⬜ Not started |
-| 3.3 | **Prepare Apple App Privacy labels** (App Store Connect) — declare Location (used for functionality), no data collected for tracking. | SP-02 | ⬜ Not started |
-| 3.4 | **Prepare Google Play Data Safety section** — declare location access, notification permissions, no data shared with third parties. | SP-02 | ⬜ Not started |
+| 3.1 | **Write a privacy policy** covering: location data (used locally, not transmitted), network requests (NASA GIF URLs), notification permissions, Sentry crash reporting, no analytics/tracking. Hosted at `PRIVACY_POLICY.md` — deploy to a public URL (e.g., GitHub Pages) before store submission. | SP-02 | ✅ Done 2026-02-16 |
+| 3.2 | **Add the privacy policy URL** to `app.json` → `expo.ios.privacyManifests` (iOS 17+ privacy manifest with `NSPrivacyAccessedAPITypes` and `NSPrivacyCollectedDataTypes`). Also added `infoPlist.NSLocationWhenInUseUsageDescription`. Deploy public URL and link in store listings. | SP-02 | ✅ Done 2026-02-16 |
+| 3.3 | **Prepare Apple App Privacy labels** — documented in `documents/store-privacy-declarations.md`. Declares Precise Location (app functionality, not linked, not tracking) and Crash Data (app functionality, not linked, not tracking). | SP-02 | ✅ Done 2026-02-16 |
+| 3.4 | **Prepare Google Play Data Safety section** — documented in `documents/store-privacy-declarations.md`. Declares precise location (ephemeral, optional), crash logs (shared with Sentry), no personal info / ads / tracking. | SP-02 | ✅ Done 2026-02-16 |
 
 ### Phase 4 — Store Metadata & Assets (required for listing)