Privacy Policy

Abugida Keyboard · Last updated: April 11, 2026

Abugida Keyboard is a gesture-based keyboard for Amharic, Tigrinya, and Hindi on Android. This policy explains what data we collect, why we collect it, the legal basis for doing so, and your rights under applicable privacy law including the EU General Data Protection Regulation (GDPR).

  In plain language: We do not sell your data. We do not read what you type.
  Your keystrokes never leave your device.

1. What We Collect, Why, and Our Legal Basis

Data	Purpose	Legal Basis (GDPR Art. 6)	Stored by
Device identifier hash (SHA-256 of anonymous device attributes)	Verifying your purchase is valid and preventing sharing across multiple devices	Contract performance — necessary to deliver the premium feature you purchased	Our server (Firestore, europe-west1, Belgium)
Purchase token / transaction reference	Confirming your entitlement with Google Play or Chapa and issuing a signed access token	Contract performance	Our server (Firestore, europe-west1, Belgium)
Crash reports and diagnostic stack traces	Fixing bugs and improving app stability	Legitimate interest — improving the reliability of a product you use	Firebase Crashlytics (Google, USA)
Ad consent decision (granted / denied)	Complying with GDPR requirements before showing personalised ads in the free tier	Consent — you are asked before any personalised ads are shown	On-device; shared with Google per their privacy policy

What We Do NOT Collect

Keystrokes or typing content — what you type stays on your device entirely.
Contacts, messages, or clipboard content — we do not access any of these.
Location data — we do not request or use your location.
Name, email address, or account information — we have no user accounts.

2. How Data Is Stored and Secured

Your purchase entitlement (a signed JWT token) is stored in encrypted storage on your device using Android's EncryptedSharedPreferences. Your device identifier hash and purchase records are stored in Google Firestore in the europe-west1 (Belgium) region. Crash reports are processed and stored by Firebase/Google in the United States under Google's standard contractual clauses for EU data transfers. All communication between the app and our server uses HTTPS. The release APK signature is verified at runtime to detect tampering.

3. Data Sharing

We share data with the following third parties only as required to operate the service:

Google Play Billing — to process in-app purchases and verify entitlements.
Chapa Financial Technologies — to process payments for users in Ethiopia.
Google Firebase (Crashlytics) — to receive crash and diagnostic reports.
Google AdMob / AppLovin — to display ads in the free tier (subject to your consent choice).
Google Play Integrity API — to verify your device environment at the time of purchase.

We do not sell, rent, or share your data with any other third parties. Where data is transferred outside the European Economic Area (e.g., Firebase servers in the USA), the transfer is covered by Google's standard contractual clauses approved by the European Commission.

4. Data Retention

Device identifier hash and purchase records — retained for as long as your purchase is active. Deleted within 7 days of a verified deletion request.
Crash reports — retained by Firebase for 90 days per their standard policy.
Ad consent status — stored on-device; cleared when you uninstall the app.

5. Your Rights Under GDPR

If you are located in the European Economic Area (EEA) or United Kingdom, you have the following rights under the GDPR (and UK GDPR respectively):

Right of access — request a copy of the personal data we hold about you.
Right to rectification — ask us to correct inaccurate data.
Right to erasure ("right to be forgotten") — request deletion of your data. Note: deleting your device binding will remove access to premium features.
Right to restriction of processing — ask us to pause processing in certain circumstances.
Right to data portability — request your data in a structured, machine-readable format.
Right to object — object to processing based on legitimate interest (e.g., crash reporting).
Right to withdraw consent — where processing is based on consent (e.g., personalised ads), withdraw it at any time in the app's settings.
Right to lodge a complaint — you may complain to your national data protection authority:
- UK: Information Commissioner's Office — ico.org.uk
- France: CNIL — cnil.fr
- Germany: BfDI — bfdi.bund.de
- Other EEA countries: see edpb.europa.eu

To exercise any of these rights, contact us at the email address in Section 7.

6. Children's Privacy

Abugida Keyboard is not directed at children under 13 (or under 16 in EEA countries where applicable). We do not knowingly collect data from children. If you believe a child has used the app and provided data, please contact us and we will delete it promptly.

7. Contact and Data Controller

The data controller for Abugida Keyboard is:

ND
Contact: sekela444@gmail.com

For all privacy enquiries, GDPR rights requests, or data deletion requests, contact us at the address above with the subject line "Privacy Request — Abugida Keyboard". We aim to respond within 7 days and will complete all requests within 30 days as required by GDPR.

8. Changes to This Policy

We may update this policy when the app adds new features that affect data collection. The "Last updated" date at the top of this page will reflect any changes. For material changes, we will notify users via an in-app notice. Continued use of the app after changes constitutes acceptance of the updated policy.