Core Values Pro Privacy Policy

Effective Date: [28/09/2025]

Thank you for using Core Values Pro. We are committed to protecting your privacy. This Privacy Policy explains how we handle your information when you use our app.

Information Collection

1) You provide to us

  • Account details: Email address and a Firebase user ID (UID). You may optionally add your first name and company/practice name.
  • Branding content: A logo image you upload to personalise your app and client exports.
  • Session data: When you create an online client session, we generate a session link (with a session ID and token). Any information completed through that link is stored with your account so you can use it in the app. Only share session links with the intended client.

2) Collected for subscriptions (Google Play)

  • Purchase metadata (no card details): Product ID, base plan/offer information, purchase token, renewal status, and expiry timestamps.
  • We store a mapping of the Google Play purchase token → your UID to process Google’s Real-Time Developer Notifications (RTDN) and keep your entitlement accurate.
  • All payment processing is handled by Google Play. We never see your full payment details.

3) Automatically collected (app operations)

  • Technical & security info: App version, basic device context, and Firebase security signals (e.g., Firebase App Check / Play Integrity results) to help prevent abuse.
  • Service logs: We keep server logs (e.g., Cloud Functions) that may include timestamps, purchase events, and non-sensitive identifiers needed to operate and troubleshoot the service.

We do not sell personal data. We do not run third-party advertising SDKs.

Third-Party Services

We rely on reputable providers to run Core Values Pro:

  • Google Firebase (Authentication, Firestore, Cloud Functions, Cloud Storage, App Check, Hosting): user accounts, data storage, security enforcement, backend processing, file storage (e.g., logos), and the web client page that receives session responses.
  • Google Play Billing & Google Play Developer API (RTDN): subscription purchases, renewals, refunds, and entitlement validation. We use purchase tokens and Google’s notifications to keep your subscription status in sync.
  • Operating system share sheet (via share_plus): used only when you choose to share a client session link.
  • Image picker: lets you choose a logo image to upload from your device

These providers process data on our behalf to deliver the service. Your data may be stored or processed in data centres located outside your country (e.g., the United States and other Google Cloud regions). Each provider’s handling of data is also governed by their own terms and privacy documentation.

Data Security

We take reasonable technical and organisational measures to protect your data:

  • Account protection: Firebase Authentication and server-side access rules; least-privilege access in Cloud Functions.
  • Transport & storage: Data is encrypted in transit (TLS) and at rest by Firebase/Google Cloud.
  • Abuse prevention: Firebase App Check / Play Integrity signals help us reduce fraudulent requests.
  • Entitlement integrity: We verify subscription state against Google Play (on demand and via RTDN) and keep a minimal purchase-token→UID mapping to process those events accurately.

No Internet service is 100% secure, but we work to mitigate risks and limit retained data to what’s necessary to run the app.

We take reasonable technical and organisational measures to protect your data:

Data Retention

  • Your content (logo, profile fields, sessions): kept until you delete it or delete your account.
  • Subscription mappings and logs: kept as long as needed for entitlement accuracy, fraud prevention, and legal/operational reasons, then deleted or anonymised.

Account and Data Deletion

You can permanently delete your account in-app: open the Dashboard, tap the info (i) button in the top-right to open App Information, scroll to Danger zone, and tap Delete my account (then confirm).

  • Open the Dashboard
  • Tap the info (i) button in the top-right to open App Information
  • Tap Delete my account (then confirm)

This triggers our secure backend process to remove your data: we delete all User documents and all subcollections in Firestore (including session data), delete any files stored for you in Cloud Storage (e.g., uploaded logos/exports under your user data), remove any stored purchase-token mapping used for Google Play notifications, and finally delete your Firebase Auth user. You’ll be signed out and returned to the login screen with a confirmation message. Deletion is irreversible and shared session links will stop working.

Note: subscription billing and purchase history are managed by Google Play—to stop future charges you must cancel the subscription in the Play Store; refunds are handled by Google’s policies.

Changes to This Policy

If we ever change how we handle data in the future, we will update this Privacy Policy accordingly. Any changes will be clearly posted here with an updated effective date.

Contact Us

If you have any questions about this Privacy Policy, please contact us at:
support@elinsk.co.uk

Scroll to Top