Google Play Data Safety Form — Declaration Guide
App: Purry Notes
Developer: Marat Kinzibulatau
Last Updated: March 26, 2026
This document serves as a reference for completing the Data Safety section in Google Play Console. It maps Purry Notes’ actual data practices to Google’s required categories.
Overview Declarations
| Question |
Answer |
Notes |
| Does your app collect or share any of the required user data types? |
Yes |
Email, name, user IDs, audio, photos, files, device IDs |
| Is all of the user data collected by your app encrypted in transit? |
Yes |
All network calls use HTTPS/TLS |
| Do you provide a way for users to request that their data is deleted? |
Yes |
In-app “Delete Account” + email request |
| Does this app follow the Google Play Families Policy? |
Yes |
App targets ages 6+ |
| Has this app been independently security reviewed? |
No |
Not yet |
Data Types Declaration
1. Location
| Sub-type |
Collected |
Shared |
Notes |
| Approximate location |
No |
— |
App does not request location permission |
| Precise location |
No |
— |
App does not request location permission |
2. Personal Info
| Sub-type |
Collected |
Shared |
Ephemeral |
Required |
Purpose |
| Name |
Yes |
No |
No |
Optional |
Account management |
| Email address |
Yes |
No |
No |
Required |
Account management |
| User IDs |
Yes |
No |
No |
Required |
Account management, App functionality |
| Address |
No |
— |
— |
— |
— |
| Phone number |
No |
— |
— |
— |
— |
| Race and ethnicity |
No |
— |
— |
— |
— |
| Political or religious beliefs |
No |
— |
— |
— |
— |
| Sexual orientation |
No |
— |
— |
— |
— |
| Other personal info |
No |
— |
— |
— |
— |
Details for collected items:
- Name: Received from Google/Apple Sign-In. Stored in Firebase and locally. Optional — user does not need to provide it. Purpose: Display in app profile.
- Email address: Received from Google/Apple Sign-In or entered during email/password registration. Stored in Firebase and cached locally. Purpose: Account identification and login.
- User IDs: Firebase-generated unique identifier. Not tied to any other product or service. Purpose: Associate notes with the correct user account.
3. Financial Info
| Sub-type |
Collected |
Shared |
Notes |
| User payment info |
No |
— |
In-app purchases handled by Google Play billing (Google manages payment data) |
| Purchase history |
Yes |
No |
Purchase type, amount, date, and token usage stored in Firebase for subscription management |
| Credit score |
No |
— |
— |
| Other financial info |
No |
— |
— |
4. Health and Fitness
| Sub-type |
Collected |
Shared |
| Health info |
No |
— |
| Fitness info |
No |
— |
5. Messages
| Sub-type |
Collected |
Shared |
| Emails |
No |
— |
| SMS or MMS |
No |
— |
| Other in-app messages |
No |
— |
6. Photos and Videos
| Sub-type |
Collected |
Shared |
Ephemeral |
Required |
Purpose |
| Photos |
Yes |
Yes (conditional) |
No |
Optional |
App functionality |
| Videos |
No |
— |
— |
— |
— |
Details:
- Photos: Users can capture photos via camera or select from gallery to embed in notes. Photos are stored locally on the device only. Photos may be sent to Google Cloud Vision API if the user explicitly requests text extraction (OCR). Photos are also included in Google Drive backups if the user explicitly initiates a backup. Purpose: App functionality — embedding images in notes, optional text extraction.
7. Audio Files
| Sub-type |
Collected |
Shared |
Ephemeral |
Required |
Purpose |
| Voice or sound recordings |
Yes |
Yes (conditional) |
No |
Optional |
App functionality |
| Music files |
No |
— |
— |
— |
— |
| Other audio files |
No |
— |
— |
— |
— |
Details:
- Voice recordings: Users can record voice memos within notes. Recordings are stored locally on the device. Audio is shared with ElevenLabs ONLY when the user explicitly taps the “Transcribe” button to convert speech to text. This is entirely user-initiated and optional. The audio is sent via a secure Firebase Cloud Function proxy over HTTPS.
8. Files and Docs
| Sub-type |
Collected |
Shared |
Ephemeral |
Required |
Purpose |
| Files and docs |
Yes |
No |
Yes |
Optional |
App functionality |
Details:
- Files and docs: Users can import notes from external files (HTML, JSON, DOCX, ENEX, Markdown, plain text). Files are read, parsed, and converted to notes. The original files are processed ephemerally — they are read into memory, parsed, and then the memory is released. Only the extracted note content is stored locally. The original files are not retained.
9. Calendar
| Sub-type |
Collected |
Shared |
| Calendar events |
No |
— |
10. Contacts
| Sub-type |
Collected |
Shared |
| Contacts |
No |
— |
11. App Activity
| Sub-type |
Collected |
Shared |
Ephemeral |
Required |
Purpose |
| App interactions |
No |
— |
— |
— |
— |
| Search history |
Yes |
No |
No |
Optional |
App functionality |
| Installed apps |
No |
— |
— |
— |
— |
| Other user-generated content |
Yes |
No |
No |
Optional |
App functionality |
| Other actions |
No |
— |
— |
— |
— |
Details:
- Search history: Recent search queries are stored locally on the device in SharedPreferences for user convenience (quick re-search). Limited to a small number of recent searches. Never transmitted off-device.
- Other user-generated content: Notes content (text, checklists, doodles) created by the user. Stored locally on the device in Hive database. Never transmitted off-device unless user explicitly uses backup or export.
12. Web Browsing
| Sub-type |
Collected |
Shared |
| Web browsing history |
No |
— |
13. App Info and Performance
| Sub-type |
Collected |
Shared |
| Crash logs |
No |
— |
| Diagnostics |
No |
— |
| Other app performance data |
No |
— |
14. Device or Other IDs
| Sub-type |
Collected |
Shared |
Ephemeral |
Required |
Purpose |
| Device or other identifiers |
Yes |
No |
No |
Required |
App functionality |
Details:
- Device identifier: Android:
android.id (not a persistent hardware ID); iOS: identifierForVendor. Stored locally on the device in SharedPreferences. Used solely for device identification during backup/restore operations. Never transmitted to our servers (included in Google Drive backup only if user enables it). As of April 2025, android.id is no longer regarded as a persistent device identifier by Google Play policies.
Data Collection Purpose Mapping
For each data type collected, the following purposes apply:
| Data Type |
App Functionality |
Analytics |
Developer Comms |
Advertising |
Fraud Prevention |
Personalization |
Account Mgmt |
| Name |
|
|
|
|
|
|
Yes |
| Email |
|
|
|
|
|
|
Yes |
| User IDs |
Yes |
|
|
|
|
|
Yes |
| Purchase history |
|
|
|
|
|
|
Yes |
| Photos |
Yes |
|
|
|
|
|
|
| Voice recordings |
Yes |
|
|
|
|
|
|
| Files and docs |
Yes |
|
|
|
|
|
|
| Search history |
Yes |
|
|
|
|
|
|
| User-generated content |
Yes |
|
|
|
|
|
|
| Device IDs |
Yes |
|
|
|
|
|
|
Security Practices Summary
| Practice |
Status |
Details |
| Data encrypted in transit |
Yes |
All network calls use HTTPS/TLS |
| Data encrypted at rest |
Partially |
User can enable AES-256-GCM encryption per note locally; Google Drive backups are NOT encrypted by the app (rely on Google Drive’s own at-rest encryption) |
| Users can request data deletion |
Yes |
In-app “Delete Account” feature + email request |
| App follows Families Policy |
Yes |
No ads, no tracking, no prohibited identifiers, age-appropriate |
| Independent security review |
No |
Not yet conducted |
Collection vs. Sharing Clarification
Per Google Play definitions:
- Collection = Data transmitted off the device
- We collect (transmit): Email, name, user ID → Firebase servers (for authentication)
- We do NOT collect: Notes content, photos, doodles, checklists, local preferences (these stay on device)
- Sharing = Data transferred to a third party
- We share: Audio recordings → ElevenLabs (only when user requests transcription)
- We share: Images → Google Cloud Vision (only when user requests text extraction / OCR)
- We do NOT share: Any other data with any third party
- Exemptions that apply:
- Imported files are processed ephemerally (read into memory, parsed, released)
- Local-only data (Hive, SharedPreferences) is not “collected” under Google’s definition
Step-by-Step: Filling Out the Form in Play Console
- Go to: Play Console → Your App → App content → Data safety
- Does your app collect or share any of the required user data types? → Yes
- Is all of the user data collected by your app encrypted in transit? → Yes
- Do you provide a way for users to request that their data is deleted? → Yes
- For each data type, fill in as documented above:
- Personal info: Email (collected, not shared), Name (collected, not shared), User IDs (collected, not shared)
- Financial info: Purchase history (collected, not shared)
- Photos and videos: Photos (collected, shared with Google Cloud Vision for OCR)
- Audio files: Voice recordings (collected, shared with ElevenLabs for transcription)
- Files and docs: Files (collected ephemerally, not shared)
- App activity: Search history (collected, not shared), Other user-generated content (collected, not shared)
- Device or other IDs: Device identifiers (collected, not shared)
- Preview and submit the Data Safety form
- Ensure consistency between this form and the privacy policy at https://purrynotes.com/privacy-policy
This document should be updated whenever data practices change.
