Privacy Notice
Last updated: 1 April 2025
1. Who we are
In Short: Bodhi is an independent iOS application for daily Buddhist wisdom.
Bodhi is developed and operated by Bodhi ("we", "us", "our"). We are committed to protecting your privacy and being transparent about how we handle your data.
2. What data we collect
In Short: We collect only what is necessary to deliver a synced, personalised experience.
| Data | Purpose | Where stored |
|---|---|---|
| Authentication credentials Email address or Apple ID token |
Account creation and sign-in | Firebase Auth |
| Saved cards & reflections Card IDs, reflection text, timestamps |
Syncing your jewel collection and reflections across devices | Cloud Firestore |
| App preferences Notification time, dark mode, haptics |
Preserving your settings | Cloud Firestore |
| Streak data App visit dates (last 30 days) |
Displaying your daily practice streak | Cloud Firestore |
| Push notification token APNs device token |
Daily teaching reminder at your chosen time | Device only |
3. What we do not collect
In Short: We do not track you, profile you, or sell your data.
- We do not collect your name, phone number, or physical address
- We do not use analytics, tracking pixels, or advertising SDKs
- We do not sell, rent, or share your personal data with third parties
- We do not build behavioural profiles or serve targeted advertising
- We do not track your location
4. How we use your data
In Short: Authentication, cloud sync, and local notifications. Nothing else.
Authentication. We use Firebase Authentication (by Google) to manage sign-in securely. You may sign in with email or Apple Sign-In. We do not store your password — Firebase handles credential management with industry-standard encryption.
Cloud sync. When signed in, your saved cards, reflections, preferences, and streak data are synced to Google Cloud Firestore. This allows your collection to persist across devices. Data is transmitted over TLS-encrypted connections.
Push notifications. If you enable daily reminders, we schedule local notifications on your device. The notification token stays on your device and is not sent to our servers.
5. Third-party services
In Short: Firebase for auth and storage, Apple for notifications.
- Firebase Authentication — account management (Firebase Privacy)
- Cloud Firestore — data storage (Google Cloud DPA)
- Apple Push Notification Service — local notification scheduling
We do not integrate advertising networks, crash reporting, or behavioural analytics.
6. Data retention
In Short: We keep your data as long as your account exists.
Your data is retained for the lifetime of your account. If you request account deletion, we will remove all associated data within 30 days. Local data can be removed by uninstalling the app.
7. Data security
In Short: TLS in transit, AES-256 at rest.
All data in transit is encrypted via TLS. Data at rest in Cloud Firestore is encrypted by Google using AES-256. Access to our Firebase project is restricted to authorised personnel only.
8. Your rights
In Short: You can access, correct, or delete your data at any time.
Depending on your jurisdiction, you may have the right to:
- Access — request a copy of your personal data
- Rectification — correct inaccurate data
- Erasure — request deletion of your account and data
- Portability — receive your data in a structured format
- Restriction — limit how we process your data
- Objection — object to processing based on legitimate interests
To exercise these rights, email cheuk.coding@gmail.com. We will respond within 30 days.
9. Children's privacy
In Short: Bodhi is not intended for children under 13.
We do not knowingly collect data from children under 13. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.
10. Changes to this policy
In Short: We will update the date at the top when changes are made.
We may update this Privacy Notice from time to time. Material changes will be communicated through the app or by updating the date above. Continued use of Bodhi after changes constitutes acceptance.
Questions?
If you have any questions about this policy or your data, we're happy to help.