Privacy policy
Effective date: June 1, 2025
This Privacy Policy explains how DiBird ("we", "us", or "our") collects, uses, stores, and shares information when you use the DiBird mobile application and website (collectively, the "Service"). Please read this document carefully before using the Service.
1. Who We Are
DiBird is an independent mobile application for birdwatching enthusiasts. The Service is operated by an individual developer registered in Poland. For all privacy-related inquiries, please contact us at admin@dibird.com.
2. What Information We Collect
We collect only the data that is necessary to provide and improve the Service.
2.1 Information You Provide Directly
- Email address — collected when you create an account and used for authentication and service-related communications.
- Name — if you sign in using Sign in with Apple or Google Sign-In, we may receive your name from the identity provider. This is used to personalise your profile and for display within the app (e.g., greeting, profile screen). You can edit or remove this information at any time in your account settings..
- Profile photo — an optional avatar image you may upload to personalise your profile.
- Bird observations — location, date, time, species and notes when logging a sighting.
2.2 Information Collected Automatically
Geolocation — collected in the foreground only (while the app is open and in use) for the following purposes:
- Rare bird alerts: your approximate coordinates (rounded to ~1 km precision) are saved on our servers as part of your alert settings to filter observations within your chosen radius and send you push notifications about rare species nearby.
- Distance sorting: your current location is used locally to sort birdwatching spots by distance. It is not transmitted to our servers for this purpose.
- Spot management: your location is used to pre-fill coordinates when you add or edit a birdwatching spot on the map.
We do not track your location in the background.
- Device information — operating system version, device model, and a randomly generated app instance identifier, used for diagnostics and crash reporting.
- Usage data — screens visited, features used, and interaction events, collected via Firebase Analytics to help us understand how the app is used.
- Crash reports — technical error logs collected via Sentry to identify and fix bugs. Crash reports may include your IP address and device identifiers.
- Push notification tokens — when you enable notifications, the app generates a push token via Expo's push notification service (operated by 650 Industries, Inc.). This token is stored on our servers and used to request delivery of push alerts. Expo relays the notification to Apple Push Notification service (APNs) or Firebase Cloud Messaging (FCM) on our behalf; we do not communicate with APNs/FCM directly. You can revoke this at any time by disabling notifications in your device settings or in the app. See Expo's privacy policy: expo.dev/privacy.
2.3 Website Data
- Cookies — used for analytics (Google Analytics), preferences (language, session) and essential functions (security). Analytics cookies collect anonymised data about visits, traffic sources and behaviour. You can manage cookies through your browser settings or our consent banner.
- Google Analytics — for website traffic analysis (IP anonymised). Data is transferred to Google Ireland Ltd (EU). See: policies.google.com/privacy.
2.4 Signing in with Apple or Google
- If you choose to sign in using Sign in with Apple or Google Sign-In, we receive a limited set of information from the provider to create and authenticate your account: your email address and, where shared, your name. Apple and Google may also provide a unique identifier for authentication purposes, processed through Firebase Authentication. We do not receive your password or other account credentials from these providers. Refer to Apple's Privacy Policy and Google's Privacy Policy for details on how they handle your data prior to sharing it with us.
3. How We Use Your Information
We use the information we collect for the following purposes:
- To create and manage your account and enable core app functionality.
- To display your bird observations on maps and in your personal log.
- To improve the performance, stability, and features of the Service.
- To send you important service notifications (e.g., updates to this Policy or the Terms of Service). We do not send marketing emails without your explicit consent.
- To comply with legal obligations.
- To send you push notifications about rare bird observations near your saved location, when you have enabled alerts in the app.
4. Third-Party Services
We share limited data with the following trusted third parties, solely to operate the Service:
- Google Firebase (Firebase Authentication, Firestore, Firebase Analytics) — for user authentication, data storage, and anonymised usage analytics. Firebase is a Google LLC service. Data may be processed in the United States. See: firebase.google.com/support/privacy.
- Google Analytics (website) — for web analytics. See Google's policy.
- Sentry (sentry.io) — for crash reporting and error monitoring. Sentry may receive device identifiers and error stack traces. See: sentry.io/privacy.
- Mapping services (OpenStreetMap / MapLibre) — to render maps within the app. Your general location may be sent to tile servers when you view a map. See each provider's privacy policy for details.
- eBird API (Cornell Lab of Ornithology) — to retrieve notable bird observation data. Your approximate location (rounded coordinates) is sent as a query parameter to filter results by region. No personal identifiers are transmitted. See: ebird privacy.
- Expo (Expo Application Services / 650 Industries, Inc.) — used to deliver push notifications. Your push token is shared with Expo to enable this functionality. See: expo.dev/privacy..
We do not sell, rent, or trade your personal information to third parties for their own marketing purposes.
For users in California (USA): We do not sell personal information as defined under the California Consumer Privacy Act (CCPA). If you are a California resident and have questions about your rights, please contact us at admin@dibird.com.
5. Data Retention
- Account data (email, profile) — retained for as long as your account is active. If you delete your account, we delete your personal data within 30 days.
- Observation data — retained for the lifetime of your account. You may delete individual observations at any time.
- Analytics data — aggregated and anonymised; typically retained by Firebase for up to 14 months.
- Crash reports — retained by Sentry for up to 90 days.
- Cookies — stored for 14–26 months (depending on type).
- Alert settings (location, radius, preferences) — retained for the lifetime of your account. You can clear your saved location at any time from the Alert Settings screen in the app.
- Push notification tokens — retained while your account is active or until you disable notifications.
6. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Right of access — you can request a copy of the personal data we hold about you.
- Right to rectification — you can ask us to correct inaccurate data.
- Right to erasure (right to be forgotten) — you can request deletion of your personal data.
- Right to restriction of processing — you can ask us to limit how we use your data.
- Right to data portability — you can request your data in a structured, machine-readable format.
- Right to object — you can object to certain types of processing, including direct marketing.
- Right to withdraw consent — where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please contact us at admin@dibird.com. We will respond within 30 days. If you are in the European Economic Area, you also have the right to lodge a complaint with your local supervisory authority.
7. Children
The Service is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal data, please contact us immediately at admin@dibird.com and we will delete it.
Users between the ages of 13 and 17 should use the Service with parental consent.
8. Data Security
We implement industry-standard security measures, including encrypted data transmission (HTTPS/TLS) and access controls. However, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security.
9. International Transfers
Your data may be processed in countries other than your country of residence (including the United States), where third-party providers such as Google and Sentry operate. Such transfers are subject to appropriate safeguards as required by applicable law, including the EU Standard Contractual Clauses where applicable.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by updating the effective date at the top of this document and, where appropriate, by sending a notice within the app. Your continued use of the Service after any changes constitutes your acceptance of the revised Policy.
11. Contact Us
For questions, requests, or complaints about this Privacy Policy, please reach us at: admin@dibird.com
Last updated: June 30, 2026