← Back to Home

Privacy Policy — OffShelf

Last updated: January 18, 2026

OffShelf ("we", "our", the "App") helps users track what they're learning. This document explains what data we collect, why we collect it, how long we keep it, who we share it with, and the rights you have over it. It is written to satisfy the Google Play Data Safety section and general GDPR / CCPA obligations.

1. Who we are

  • App name: OffShelf
  • Publisher: Basheer Rjoub
  • Contact for privacy questions: basheer20599@gmail.com
  • App package ID: com.offshelf.offshelf

2. What data we collect

2.1 Data you give us

DataSourcePurpose
Name (display name)Google account, editable in appDisplay in profile and leaderboard
Email addressGoogle accountAccount identifier, login, support replies
Profile photo (URL)Google accountAvatar in profile and leaderboard
Short bio (optional)You type itDisplay on your profile
Topics you want to learnYou type themBuild your personal "shelf"
Study-session entriesGenerated as you use the appCalculate hours, streaks, milestones
Notes (rich-text notebook)You type themPrivate notebook per topic
Notification preferencesSettings screenControl reminders

2.2 Data generated from your use

  • Milestones (derived from total hours studied)
  • Streaks (derived from consecutive active days)
  • AI insights (weekly summary of your learning patterns — generated server-side from your sessions)

2.3 Data we DO NOT collect

  • We do not collect your location.
  • We do not collect contacts, SMS, call logs, or files on your device.
  • We do not use the camera, microphone, or sensors.
  • We do not collect device identifiers for advertising.
  • We do not use any advertising SDK or tracking pixel.
  • We do not sell or rent your personal data.

2.4 Automatic technical data

When you use the App, Firebase (our backend provider) automatically records:

  • A pseudonymous Firebase user ID (UID) linked to your Google account
  • App-crash diagnostics, if any (stack trace, OS version, device model)
  • Authentication tokens needed to keep you signed in

These are used solely to operate the service. They are not combined with advertising data.

3. Why we collect it (legal basis under GDPR)

PurposeLegal basis
Creating and maintaining your accountContract (Art. 6(1)(b) GDPR)
Showing your profile/leaderboard entryContract + your action of enabling it
Sending you reminders & weekly AI insightsConsent (revocable in Settings)
Security, fraud prevention, crash diagnosticsLegitimate interest (Art. 6(1)(f))
Responding to your support emailsContract / legitimate interest
Complying with legal obligationsLegal obligation (Art. 6(1)(c))

4. Where your data lives

Your data is stored on Google Firebase infrastructure (Firestore, Firebase Auth, Firebase Cloud Messaging). Data may be processed in the United States and other countries where Google operates data centers. Google provides standard contractual clauses and other safeguards required for international transfers.

Notifications are delivered via Firebase Cloud Messaging and the operating system's notification system.

5. Who we share data with

We share data only with:

  • Google / Firebase — as our hosting, authentication, and messaging provider (processor under GDPR).
  • Google Sign-In — to authenticate you. Google's privacy policy applies to the sign-in step: policies.google.com/privacy
  • Law enforcement — only if we are legally required to do so by a valid court order or binding legal request.

We do not sell personal data. We do not share data with advertisers.

Public data

The following fields are visible to other OffShelf users on the leaderboard if and only if you have opted in by completing onboarding and have at least one study session:

  • Your display name
  • Your profile photo
  • Your total hours / milestone level

Your email, bio, topics, sessions, and notes are private and visible only to you.

6. How long we keep data

  • Account data (name, email, photo, bio, preferences): kept while your account exists.
  • Topics, sessions, milestones, notes: kept while your account exists.
  • Leaderboard entry: kept while your account exists, updated live.
  • Crash diagnostics: up to 90 days.

When you delete your account (see §7), all of the above is removed within 30 days from our live database and within 90 days from encrypted backups.

7. Your rights

You can exercise all of the following rights directly inside the app or by emailing us:

RightHow to exercise
Access the data we hold about youEmail us and we'll export it as JSON within 30 days
Correct your profile dataSettings → Edit Profile
Reset your learning dataSettings → Account → Reset my progress
Delete your account and all dataSettings → Account → Delete account
Withdraw notification consentSettings → Notifications
Complain to a data protection authorityContact your local authority (EU: your country's DPA)

Account deletion — in-app

Open the app → tap the trophy/settings icon → AccountDelete account → type DELETE to confirm. You may be asked to sign in with Google again to prove it's you. All of your data and your auth account are then removed.

Account deletion — web

If you cannot use the app to delete your account (for example, you uninstalled it or lost access), see the public Delete your OffShelf account page, or email basheer20599@gmail.com from the email address tied to your account with the subject line Delete my OffShelf account. We will verify your identity and delete all of your data within 30 days.

8. Children

OffShelf is not directed to children under 13 (or under 16 in the EU). We do not knowingly collect personal data from children. If you believe a child has created an account, email us and we will delete it.

9. Security

  • HTTPS for all network traffic
  • Firebase Authentication with Google OAuth 2.0 (we never see your password)
  • Firestore security rules that restrict every document so only the owning user can read or write it
  • allowBackup=false on Android so auth tokens are not copied to Google Drive backups or transferred to another device

No system is 100% secure. If a breach affecting your personal data occurs, we will notify you and the relevant authorities as required by law.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced inside the app at least 7 days before they take effect. The "Last updated" date at the top always reflects the current version.

11. Contact

If you have any question about this policy or how we handle your data: