We store various information on your device in the course of normal usage such as the date the app was installed, the current meditation length, the date you were last asked if you would like to try the beta version, the date you were last asked if you love the app, the current preference for sound settings during meditation and so on. None of this information is transferred off your device apart from the following six pieces of information: whether you are a beta tester, the number of days you have had the app installed, the number of days since you were last asked if you would like to be a beta tester and the number of meditations completed. This information is transmitted off your device as ‘user properties’ within the analytics service we use, which is explained below.
The app itself does not access any private data stored on your device and requests only two permissions which are the INTERNET permission and the ACCESS_NOTIFICATION_POLICY. The app does not (and does not have permission to) access your photographs, contacts, phone or media storage, email addresses, passwords or social media identities.
The ACCESS_NOTIFICATION_POLICY allows the app to change the sound settings on your device which it uses during meditations. The INTERNET permission allows the app to open internet connections. The app itself does not open any internet connections but it does use various services from Google within the app which themselves do open internet connections and do lead to various personally identifiable information being transferred off your device. This is outlined below.
In summary, the app does not attempt to read, transfer or store your personal data in any way, apart from through its use of various Google services. Telesense does not store any of your information, related or unrelated to the app in any off-device location or storage and does not supply such information to any third party except Google, as below. We do not use any advertising services and no data of yours is used by Telesense in any advertising related context although the Google services we use may do this, as below.
Telesense Use Of Various Google Services
The app uses various services which are provided by Google in its operation. These services do result in data being transferred from your device to Google’s systems. If you are using the app within the European Union then please be aware that this will almost certainly result in data being transferred out of the European Union. Please see the following page from Google about their use of your information (provided via Meditation Timer through its usage of Google Services): https://policies.google.com/technologies/partner-sites?hl=en-GB&gl=uk. You can read the Terms Of Service For Google Firebase Services here: https://firebase.google.com/terms
The services the app uses from Google are Google Analytics for Firebase, Firebase Cloud Messaging, Firebase Remote Config and Firebase Crashlytics.
Google Analytics For Firebase
Google Analytics for Firebase is “a free app measurement solution that provides insight on app usage and user engagement”. We use it to monitor how the app is functioning and to view statistics on its usage. It lets us see how many people are using the app via many different events that it collects including ones that we can define such as when a user finishes a meditation. It tells us how many people are installing and uninstalling the app and can help us diagnose problems. An example is meditating with the screen off, which isn’t supported by the app until the coming version 2. We can set an event that tells us whenever a user switches off the screen while meditating. Google Analytics lets us aggregate these events in many ways, for instance by seeing how many users try to meditate with the screen off on phones whose language is set to Spanish, or the number of users who have completed more than 100 meditations and who Google Analytics thinks are women.
Google Analytics For Firebase transfers four items of personal data from your device to their systems outside the EU: Android Advertising Id, Android ID, Instance ID and Analytics Instance ID.
This is a sequence of letters and numbers representing a hexadecimal number and is unique to your device (although if there is more than one user of the device there will be an Android ID per user).
This is a numeric identifier unique to your installation of Meditation Timer. You can read more about this here.
Analytics Instance ID
This is a sequence of letters and numbers representing a hexadecimal number. It is unique to your installation of Meditation Timer and thus identifies you as a distinct user within Firebase. It remains unchanged except when the app is restored onto a new device, the app is uninstalled and reinstalled or you clear app data.
Android Advertising ID
This is a sequence of letters and numbers representing a hexadecimal number. It is an “anonymous identifier for advertising purposes and enables users to reset their identifier or opt out of interest-based ads within Google Play apps”. Advertising IDs are the mobile app equivalent of cookies (there are no cookies in mobile apps). You can find your device’s Android Advertising ID and configure its usage in Settings > Google > Ads on your device and you can read about mobile advertising ids here.
Based upon the Android Advertising ID Google derives various information which can then be used in queries within Google Analytics for Firebase such as age, gender, device model, language etc. We can, for instance, monitor how many women over 35 meditate each day using a Pixel 2 device, should we wish to. This is aggregate data and not tied to an individual user from our perspective. You can read more about this here.
Google Analytics for Android uses your IP address to derive or predict your location but does not transfer it to their systems. Location is available within Google Analytics For Firebase as a query parameter but only down to country granularity. We can, for example, query for how many meditations are completed within Spain for a given time period.
Firebase Cloud Messaging
We use Firebase Cloud Messaging to send occasional notifications to users. There are no additional privacy issues. Firebase Cloud Messaging uses Instance Ids as detailed above.
Firebase Remote Config
We use Firebase Remote Config to dynamically set properties within the app. For example, we might set a property in all app instances where Google Analytics For Firebase has detected a ‘meditation with screen off’ event. The value of that property might then cause the user interface to display a window asking the user if she would like to try the new beta version that supports meditating with the screen off. There are no additional privacy issues. Firebase Remote Config uses Instance Ids as detailed above.
We use Firebase Crashlytics to monitor problems that cause the app to crash and also events within the app that do not cause a crash but that we wish brought to our notice. These are normally unexpected conditions that could indicate a bug within the app. Firebase Crashlytics transfers the following personal data item to Google: Instance UUID, Crash Data (see below).
This is a 128 bit number uniquely associated with a particular crash. You can read about UUIDs here: here
Various technical information related to the crash itself and the device including timestamp, app identifier, device OS name and version, CPU architecture, RAM and disk space is transferred to Google’s systems. Please see here for a full list.