App Store / Google Play Disclosures

This is a working draft for App Store Connect privacy labels and Google Play Data safety. Confirm all production SDKs, analytics, crash reporting, ads, infrastructure, and third-party services before submitting store forms.

1. Does the app create accounts?

Yes. Users create accounts with email and password and verify email with a short-lived code.

Account deletion:

• In-app account deletion is available.
• A web/email deletion request path should be available at

delete@wheresmycar.io and on a public web page.

2. Google Play Data safety draft

Location:

• Approximate location: Yes.
• Precise location: Yes.
• Purpose: App functionality.
• Sharing: Possible limited sharing with route/weather providers if enabled.

Personal info:

• Email address: Yes.
• Name: Yes, if the user enters a display name.
• User IDs: Yes.
• Purpose: Account management, app functionality, security.

Photos and videos:

• Photos: Yes, if the user uploads profile, vehicle, or parking photos.
• Purpose: App functionality.

Financial info:

• Purchase history: Yes, subscription status and product/subscription IDs.
• Payment info: No full card or bank details collected by the app.
• Purpose: App functionality, account management.

Device or other IDs:

• Device notification token or app-generated device token: Yes.
• Purpose: App functionality, notifications, security.

App activity:

• App interactions/logs: Limited technical or diagnostic processing may occur.
• Analytics SDK: Not observed in the current codebase; update if added.

Contacts:

• No contact-book access observed.

Messages:

• No user-to-user messaging observed.

Health and fitness:

• No health data observed. The dependency list includes pedometer-related

packages; if step counting is implemented in production, reassess store disclosures.

Data encryption in transit:

• For production, disclose "yes" only if all app/backend and third-party calls

use HTTPS/TLS. Local development may use HTTP.

Users can request deletion:

• Yes, through in-app deletion and web/email request path.

3. App Store Connect privacy-label draft

Data linked to the user:

• Contact Info: Email address.
• User Content: Photos and support messages if provided.
• Identifiers: User ID.
• Location: Precise and approximate location.
• Purchases: Subscription/purchase history.
• Diagnostics: Only if production diagnostics or crash SDKs collect it.

Purposes:

• App Functionality: Location, parking records, vehicles, photos,

notifications, subscriptions, family sharing.

• Account Management: Email, user ID, session, subscription records.
• Security: Tokens, logs, fraud prevention.
• Analytics: Not observed in current code; add only if analytics is used.
• Developer's Advertising or Marketing: Not observed.
• Third-Party Advertising: Not observed.

Tracking:

• No advertising tracking or data-broker sharing observed in current code.

Reassess if analytics, ads, attribution, or marketing SDKs are added.

4. iOS permission strings

Recommended English strings:

NSLocationWhenInUseUsageDescription: "Where's My Car uses your location to save where you parked and guide you back to your vehicle."

NSCameraUsageDescription: "Where's My Car uses the camera when you choose to take a profile, vehicle, or parking photo."

NSPhotoLibraryUsageDescription: "Where's My Car accesses selected photos when you choose a profile, vehicle, or parking photo."

5. Android permissions observed

• INTERNET
• ACCESS_NETWORK_STATE
• ACCESS_COARSE_LOCATION
• ACCESS_FINE_LOCATION
• CAMERA
• POST_NOTIFICATIONS

Background location:

• ACCESS_BACKGROUND_LOCATION is not present in the current manifest.

6. Store review notes

• Privacy Policy must be accessible in store metadata and inside the app.
• Account deletion must be accessible in-app and through a public web resource.
• Location use must be clearly tied to the core parking/navigation feature.
• Subscription screens should clearly state price, billing period,

auto-renewal, cancellation path, and store processing.

• Restore purchases should be available for premium subscriptions.
• Update this draft whenever SDKs or data practices change.