Privacy Policy for Dorossi Teacher

Overview

Dorossi Teacher is a mobile application designed to help teachers manage their groups, students, sessions, and payments. We are committed to protecting your privacy and ensuring the security of your data through secure cloud storage and local device storage.

Developer Information

• App Name: Dorossi Teacher
• Developer: Mazen Bougandoura
• Contact: support@dorossi.app

Data Collection and Storage

Authentication Data We Collect

When you create an account with Dorossi Teacher, we collect:

Teaching Data We Collect

Once you're signed in, Dorossi Teacher collects and stores the following information:

How Data is Stored

Dual Storage System:

How We Use Your Data

We use your information to:

Account Management

Account Creation

• Required: You must create an account using Google Sign-In to use Dorossi Teacher
• Single Device Lock: Your account is locked to one device at a time for data safety
• Device Registration: When you sign in on a new device, the previous device loses access (FCM token is revoked)

Multi-Device Access

• Sequential Access Only: You can sign in on multiple devices, but only one device can be active at a time
• Device Switching: When you sign in on a new device:
  • Your data syncs to the new device
  • The old device is automatically signed out
  • The old device loses its Firebase Cloud Messaging (FCM) token

Account Deletion

• Currently Not Available: Account deletion is not currently supported
• Data Removal Workaround:
  • Uninstall the app to remove local data
  • Contact support@dorossi.app to request manual cloud data deletion
• Future Update: We plan to add self-service account deletion in a future version

Third-Party Services and SDKs

Authentication & Cloud Services

Other Services

Core Dependencies (Local Only)

These libraries operate locally and do NOT transmit data:

• Flutter SDK (Google) - Mobile app framework
• Drift (SQLite) - Local database
• SharedPreferences - Local app settings
• Path Provider - File system access (local only)
• Intl - Date/time formatting and localization
• Timezone - Time zone handling
• Logger - Development logging (disabled in production builds)
• Flutter Markdown - Markdown rendering
• Flutter SVG - SVG image rendering
• Image - Image processing (local only)
• Connectivity Plus - Checks internet connection status (no data transmitted)

Permissions

Android Permissions

• INTERNET - Required for:
  • Google Sign-In authentication
  • Firestore data synchronization
  • AI assistant feature
  • Font downloads
  • Firebase Cloud Messaging

iOS Permissions

(To be added when iOS version is available)

Data Security

Security Measures

1. Authentication Security:
   • Industry-standard OAuth 2.0 via Google Sign-In
   • No passwords stored in the app
   • Secure token-based authentication
2. Local Storage Security:
   • SQLite database in app-private directory
   • Protected by Android File-Based Encryption (FBE)
   • Minimum Android 7.0 (API 24) ensures automatic encryption at rest
3. Cloud Storage Security:
   • Firebase Firestore security rules enforce strict access control
   • Only authenticated users can access their own data
   • Data encrypted in transit (TLS/HTTPS)
   • Data encrypted at rest (Google Cloud Platform encryption)
4. Network Security:
   • All network requests use HTTPS/TLS encryption
   • Certificate pinning for critical connections
   • Secure API endpoints
5. Single Device Lock:
   • Prevents simultaneous access from multiple devices
   • Reduces risk of unauthorized access
   • Automatic FCM token revocation on device change
6. Privacy by Design:
   • No analytics or tracking
   • No advertisements
   • No data sharing with third parties
   • Minimal data collection (only what's necessary)

Technical Security Details

• Minimum Android Version: 7.0 (API 24) - ensures File-Based Encryption
• Local Database: SQLite stored in /data/data/com.dorossi.teacher/
• Cloud Database: Firestore in europe-southwest1 region
• Platform Encryption: Automatic encryption at rest via Android FBE and GCP encryption
• Network Security: HTTPS/TLS 1.2+ for all network requests

Data Synchronization

How Synchronization Works

Network Communication

The app makes network requests in these specific cases:

Data Sharing

What We Share

We do NOT share your personal data with any third parties for marketing, advertising, or analytics purposes.

External Services That Process Your Data

Your data is processed by the following services solely for app functionality:

Legal Disclosure

We may disclose your information if required by law, such as:

• To comply with legal obligations
• To protect our rights or safety
• In response to valid legal requests from authorities

Children's Privacy

Dorossi Teacher stores student names for educational management purposes. However:

• We do not knowingly collect personal information from children
• Teachers are responsible for obtaining appropriate consent before entering student information
• Student data is stored locally on the teacher's device and in Firestore (linked to teacher's account)
• Only the teacher can access their students' data
• Student data is not shared with anyone except the teacher who created it

Data Retention and Deletion

How Long We Keep Data

1. Active Account:
   • Your data is stored indefinitely while your account is active
   • Data exists both locally (on device) and in Firestore
2. Inactive Account:
   • We do not automatically delete data from inactive accounts
   • Data remains in Firestore until you request deletion
3. Uninstalled App:
   • Local data is removed from your device
   • Cloud data remains in Firestore (accessible if you reinstall)

How to Delete Your Data

You can delete your data in several ways:

1. Delete Individual Items:
   • Delete groups, sessions, students, or payments within the app
   • Changes sync to Firestore automatically
2. Clear Local Data:
   • Android: Settings → Apps → Dorossi Teacher → Storage → Clear Data
   • iOS: Delete and reinstall the app
   • Note: Cloud data in Firestore remains intact
3. Delete Cloud Data:
   • Currently: Contact support@dorossi.app to request manual deletion
   • Future Update: Self-service account deletion will be added
4. Complete Account Deletion:
   • Contact support@dorossi.app with your registered email
   • We will delete:
     • Your account from Firebase Authentication
     • All your data from Firestore
     • All FCM tokens
   • Processing Time: Within 30 days of request

Data Deletion Scope

When you delete your account, we permanently remove:

• ✅ Your authentication data (email, name, Google user ID)
• ✅ All teaching data (students, groups, sessions, payments)
• ✅ All settings and preferences
• ✅ All FCM device tokens
• ✅ All backups in Firestore

Your Rights

You have the right to:

1. Access Your Data:
   • All your data is accessible within the app
   • View groups, students, sessions, payments, and settings
   • Request a data export by contacting support@dorossi.app
2. Rectify Your Data:
   • Edit any information within the app
   • Changes sync automatically to Firestore
3. Delete Your Data:
   • Delete individual items or entire groups
   • Request complete account deletion (see "Data Retention and Deletion")
4. Data Portability:
   • Request an export of your data in a machine-readable format
   • Contact support@dorossi.app for data export
5. Withdraw Consent:
   • Stop using optional features (like AI assistant)
   • Delete your account to withdraw consent entirely
6. Object to Processing:
   • Contact support@dorossi.app with concerns
   • We will review and respond within 30 days
7. Lodge a Complaint:
   • You may file a complaint with your local data protection authority
   • EU users: Contact your national Data Protection Authority

International Data Transfers

• Primary Storage Location: europe-southwest1 (Europe)
• Google Cloud Platform: May process data in other regions for redundancy
• Adequate Protection: Google Cloud complies with GDPR and provides adequate safeguards
• Data Processing Addendum: https://cloud.google.com/terms/data-processing-addendum

If you're outside Europe, your data may be transferred to and stored in Europe.

Changes to Privacy Policy

We may update this Privacy Policy from time to time. Changes will be communicated through:

1. App Update Notes: Changes listed in the update description
2. In-App Notifications: For significant changes
3. Email Notification: If we have your email on file
4. Effective Date Update: The "Last Updated" date at the top

Your Continued Use: By continuing to use Dorossi Teacher after changes take effect, you accept the updated Privacy Policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your data:

Email: support@dorossi.app

Response Time: We aim to respond within 7 business days.

Compliance

This app complies with:

• ✅ GDPR (General Data Protection Regulation) - EU
• ✅ CCPA (California Consumer Privacy Act) - California, USA
• ✅ Google Play Store data safety requirements
• ✅ Apple App Store privacy requirements (when iOS version launches)
• ✅ Firebase terms of service and data processing addendum

Consent

By using Dorossi Teacher, you agree to:

1. This Privacy Policy
2. Collection and processing of your data as described
3. Use of Firebase services for authentication and cloud storage
4. Optional use of AI assistant (if you choose to use it)

If you do not agree, please do not create an account or use the app.

Technical Details (for transparency)

Database Schema (Local & Cloud)

The app stores the following data structures locally (SQLite) and in Firestore:

• users: Teacher information, language preference, tutorial status
• students: Student names and creation dates
• groups: Group details, schedules, academic information
• enrollments: Student-group relationships with join dates
• sessions: Session records with dates, times, attendance
• attendance_records: Individual attendance tracking (present/absent)
• payments: Payment history with amounts, dates, and session coverage
• imported_sessions: Historical session data (pre-app usage)

Network Communication Summary

No personal student or payment data is ever transmitted except to Firestore for your own backup.

Last Words

We built Dorossi Teacher with privacy and security as top priorities. Your trust matters to us.

• 🔒 Your data is encrypted in transit and at rest
• 🌍 Stored in Europe (europe-southwest1)
• 🚫 No analytics, no tracking, no ads
• 💚 Minimal data collection - only what's necessary
• 🔐 Single-device lock for extra security

If you notice any discrepancies, have concerns, or need clarification, please contact us at support@dorossi.app. We're here to help!