Privacy Policy

1. Introduction

Currency Converter ("we", "our", or "the app") respects your privacy and is committed to protecting your information. This Privacy Policy explains exactly what data is handled, by whom, and for what purpose when you use our Android mobile application. It is written to be fully transparent and compliant with Google Play Store requirements, AdMob policies, GDPR, CCPA/CPRA, and LGPD.

2. App Permissions

The app requests only the following permissions — all are necessary for core features:

• INTERNET: Required to fetch live currency exchange rates from providers and receive push notifications.
• POST_NOTIFICATIONS: Required on Android 13+ to display currency rate update alerts sent via Firebase Cloud Messaging.
• AD_ID (Advertising ID): Required by Google AdMob to serve relevant advertisements. You can reset or opt out of ad personalization at any time in your Android device settings.

The app does not request or use permissions for camera, microphone, GPS location, contacts, storage, or call logs.

3. Information Stored Locally on Your Device

The app saves certain preferences on your device to remember your choices between sessions. This data never leaves your device:

• Selected base and destination currencies
• Theme (light / dark / system default)
• Language preference
• Transaction fee toggle and value
• Historical exchange rate date selection
• App launch count (used only to decide when to show an in-app rating prompt)
• Your ad consent choices (stored locally via Google User Messaging Platform)

4. Information Collected Automatically by Third-Party SDKs

We do not build our own analytics or tracking infrastructure. However, the following third-party SDKs integrated in the app collect limited, pseudonymous technical and advertising data automatically:

• Android Advertising ID (GAID): A resettable, device-level identifier used by Google AdMob to serve relevant ads. You can reset or opt out of personalization at any time (see Section 9).
• App usage events: Screen views and interaction events collected by Firebase Analytics to help understand how features are used in aggregate.
• Crash and diagnostic reports: Stack traces and device state at the time of a crash, collected by Firebase Crashlytics to help us fix bugs.
• FCM registration token: A device-level push token generated by Firebase Cloud Messaging, used solely to deliver rate-update notifications to your device. It is not shared with advertisers.
• Ad interaction data: Impressions, clicks, and viewability signals collected by Google AdMob to measure ad performance.

Firebase Analytics and Crashlytics are disabled in debug and beta builds and only active in production (release) builds.

5. Information We Do Not Collect

We do not collect, store, or transmit any of the following:

• Your name, surname, or physical address
• Your email address or phone number
• Financial account details, bank account numbers, or credit card data
• Precise or approximate GPS location
• Device contacts, photos, or local files
• Microphone or camera input
• Any data about the amounts or currencies you convert

All currency conversion calculations happen entirely on-device and are never transmitted to us or any third party.

6. How Data Is Used

Data collected by integrated SDKs is used for the following specific purposes only:

• Providing the service: Fetching live and historical exchange rates from data providers to perform conversions.
• Crash fixing & performance: Firebase Crashlytics reports help us identify and fix technical bugs in new app versions.
• Usage analytics: Firebase Analytics provides aggregate, anonymized statistics on which features are used, helping us improve the app experience.
• Push notifications: FCM tokens are used to deliver currency rate update alerts directly to your device when requested.
• Advertising: Google AdMob uses the Android Advertising ID to display banner and interstitial ads. With your consent, ads may be personalized. Without consent, only non-personalized ads are shown.
• Consent management: Google User Messaging Platform (UMP) records and enforces your privacy choices for ad personalization.

7. Advertising & Ad Personalization

The app uses Google AdMob to display advertisements. AdMob may show:

• Personalized ads — based on your Android Advertising ID and interests — only if you have provided explicit consent via the in-app consent form (required for EEA/UK users).
• Non-personalized ads — contextual ads not based on your profile — when consent is not given or has been revoked.

The following ad formats are used in the app:

• Banner ads (main screen and settings screen)
• Interstitial ads (shown on certain navigation actions)
• App Open ads (shown when resuming the app from background)

To opt out of personalized ads or reset your Advertising ID:

• Open your Android Settings → Privacy (or Google) → Ads
• Tap "Delete advertising ID" (Android 12+) or enable "Opt out of Ads Personalization"

You can also revoke your consent at any time directly inside the app: go to Settings → Privacy / GDPR Settings.

8. Third-Party Services & Their Privacy Policies

The app integrates the following third-party services. Each operates under its own privacy policy linked below:

• Exchange Rate Data Providers — Global Currency Exchange Rates, European Central Bank, European Commission, Central Bank of Norway, Central Bank of Russia, Bank of Canada, Open Exchange Rates. These APIs are used only to retrieve rate data; no user data is transmitted to them.
• Google AdMob (Google LLC) — Serves banner, interstitial, and app-open advertisements.
  Google Privacy Policy  |  How Google Uses Ad Data
• Google User Messaging Platform / UMP (Google LLC) — Manages GDPR consent and ad personalization preferences.
  Google Privacy Policy
• Firebase Analytics (Google LLC) — Collects anonymized app usage events in production builds only.
  Google Privacy Policy  |  Firebase Privacy & Security
• Firebase Crashlytics (Google LLC) — Collects crash reports and diagnostic data in production builds only.
  Google Privacy Policy  |  Firebase Privacy & Security
• Firebase Cloud Messaging / FCM (Google LLC) — Delivers push notification alerts for currency rate updates. FCM tokens are used solely for notification delivery and are not shared with advertisers.
  Google Privacy Policy  |  Firebase Privacy & Security

9. GDPR — European Economic Area, UK & Switzerland

If you are located in the EEA, UK, or Switzerland, the General Data Protection Regulation (GDPR / UK GDPR) applies.

Legal Bases for Processing:

• Consent (Art. 6(1)(a)): When you provide consent via the in-app Google UMP consent form, your Android Advertising ID may be used for personalized advertising and Firebase Analytics may collect app usage events.
• Legitimate Interests (Art. 6(1)(f)): Non-personalized advertisements, crash diagnostics, and fraud prevention are processed on the basis of our legitimate interests, which do not override your fundamental rights.

Your GDPR Rights: You have the right to access, rectify, erase, restrict, or object to processing of your data, and the right to data portability. You may withdraw consent at any time via Settings → Privacy / GDPR Settings in the app. You also have the right to lodge a complaint with your local data protection authority (e.g., ICO for the UK, CNIL for France).

10. CCPA / CPRA — California Residents

This section applies to residents of California under the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA).

Categories of information collected in the past 12 months by third-party SDKs:

• Identifiers: Android Advertising ID (GAID), FCM registration token, IP address derived by Google servers.
• Internet or Network Activity: App interaction events, ad click/impression data, crash diagnostic data.

Sale / Sharing of Personal Information: We do not sell your personal information for money. However, allowing Google AdMob to use your Advertising ID for cross-app advertising may constitute "sharing" of personal information under California law. You have the right to opt out.

How to Opt Out: Open Android Settings → Privacy → Ads → Delete advertising ID or Opt out of Ads Personalization. You may also use the in-app Privacy Settings to revoke consent.

Your California Rights: Right to know, right to delete, right to opt out of sale/sharing, right to correct, and right to non-discrimination for exercising these rights. To submit a request, contact us at bhanderichintan2@gmail.com.

11. LGPD — Brazilian Users

If you are a resident of Brazil, processing of your personal data is governed by the Lei Geral de Proteção de Dados Pessoais (LGPD — Law 13.709/2018). Under the LGPD, you have the right to:

• Confirm the existence of data processing
• Access your data
• Correct incomplete, inaccurate, or out-of-date data
• Anonymize, block, or delete unnecessary or excessive data
• Request portability of data to another service provider
• Receive information about public and private entities with which your data has been shared
• Revoke consent at any time

You may revoke consent via the in-app Settings → Privacy / GDPR Settings or by uninstalling the app. To exercise other rights, contact us at bhanderichintan2@gmail.com.

12. International Data Transfers

Pseudonymous technical and advertising identifiers processed by Google LLC may be transferred to and stored in the United States or other countries where data protection laws may differ from your country of residence. Google safeguards these transfers using approved mechanisms including Standard Contractual Clauses (SCCs) and the EU–U.S. Data Privacy Framework.

13. Data Retention

• Locally stored preferences are retained on your device until you clear app data or uninstall the app.
• Firebase Analytics event data is retained for a maximum of 14 months, as per Google's standard retention policy.
• Firebase Crashlytics crash reports are retained for 90 days.
• FCM registration tokens are managed by Google and refreshed automatically by the Android system.

14. Internet Connection

The app requires an active internet connection to fetch live and historical currency exchange rates, receive push notifications, and load advertisements. No personal data is transmitted during rate fetching — only standard HTTP requests are sent to rate API endpoints.

15. Children's Privacy

The app is not directed at children under the age of 13 (or 16 in the EEA). We do not knowingly collect any personal information from children. If you believe a child has provided personal information, please contact us and we will take appropriate action.

16. Security

All network communication in the app uses HTTPS where available. Locally stored preferences are protected by Android's standard app sandboxing — no other app can access them. We implement hardware acceleration for ad rendering to prevent visual glitches, in compliance with AdMob technical guidelines. However, no method of data transmission or storage is 100% secure.

17. Your Controls & Choices

• Revoke ad consent: Go to Settings → Privacy / GDPR Settings in the app to re-open the consent form and change your choices at any time.
• Opt out of personalized ads (Android device-wide): Device Settings → Privacy → Ads → Delete advertising ID or Opt out of Ads Personalization.
• Reset Advertising ID: Device Settings → Privacy → Ads → Reset advertising ID — this gives you a new random identifier.
• Disable notifications: Go to Device Settings → Apps → Currency Converter → Notifications and toggle them off.
• Clear all app data: Go to Device Settings → Apps → Currency Converter → Storage → Clear Data. This removes all local preferences and consent choices.
• Uninstall the app: Removes all locally stored data immediately.

18. Policy Updates

This Privacy Policy may be updated periodically to reflect changes in the app, third-party services, or applicable laws. The "Last Updated" date at the top of this page will always reflect the most recent revision. Continued use of the app after an update constitutes acceptance of the revised policy.