DESIWAY - DATA STORAGE & TRACKING POLICY
Last Updated: February 15, 2026 Effective Date: February 15, 2026 Version: 1.2
INTRODUCTION
This Data Storage & Tracking Policy explains how DesiWay ("we", "us", "our") stores data locally on your device and uses tracking technologies on our mobile application (Android & iOS) and website.
This Policy complies with:
- EU General Data Protection Regulation (GDPR)
- ePrivacy Directive (Cookie Law)
- Other applicable data protection laws
IMPORTANT: DesiWay is primarily a mobile application. We do NOT use traditional browser cookies, analytics cookies, or advertising cookies. This document explains what we ACTUALLY do.
TABLE OF CONTENTS
- What Data Storage Methods Do We Use?
- Local Storage - What We Store
- Firebase Services
- Third-Party Services
- Mobile App Tracking & Identifiers
- Web Platform Storage
- Your Choices & Controls
- Data Retention
- Changes to This Policy
- Contact Us
1. WHAT DATA STORAGE METHODS DO WE USE?
1.1. What We DO Use
✅ Local Storage (SharedPreferences on Android/iOS, LocalStorage on Web)
- Stores your preferences and settings on your device
- Essential for app functionality
- No consent required (essential functionality)
✅ Secure Storage (FlutterSecureStorage)
- Stores authentication tokens securely
- Encrypted storage for sensitive data
- Essential for app security
✅ Firebase Cloud Messaging
- Delivers push notifications
- No analytics or tracking
- Requires your permission (opt-in)
✅ Image/Media Cache
- Caches images and media locally for faster loading
- Stored on your device only
- Improves app performance
✅ Strictly Necessary Cookies (Web)
- Authentication session cookie (keeps you logged in)
- Cookie consent preference (remembers your banner choice)
- These are essential for core functionality and cannot be disabled
- No consent required under GDPR (strictly necessary exemption)
✅ Supabase Backend
- Stores session tokens for authentication
- Required for app functionality
✅ IP Address & Page View Logging (Security)
- We log your IP address and pages visited for security purposes
- Used to detect and prevent abuse, fraud, unauthorized access, and DDoS attacks
- Helps us investigate security incidents and protect user accounts
- This data is processed under GDPR Article 6(1)(f) (legitimate interests) for platform security
- IP logs are retained for a maximum of 90 days, then automatically deleted
- We do NOT use IP addresses for advertising, profiling, or tracking across other websites
✅ Sentry Error Tracking
- Collects crash reports and errors
- Helps us fix bugs
- No personally identifiable information unless you're logged in
1.2. What We DO NOT Use
❌ No Analytics Cookies: We do not use Google Analytics or Firebase Analytics ❌ No Advertising Cookies: We do not use advertising or tracking cookies ❌ No Third-Party Ad Networks: We do not integrate advertising SDKs ❌ No Cross-Site Tracking: We do not track you across other websites ❌ No Behavioral Profiling: We do not build advertising profiles
1.3. Cloudflare Security Cookie (Website Only)
Cookie Name: __cf_bm
Set By: Cloudflare (our content delivery network and security provider)
Purpose: Bot management and DDoS attack protection - distinguishes between humans and bots
Type: Strictly necessary security cookie (GDPR exempt - no consent required)
Retention: 30 minutes
Privacy: Does not track you or collect personal information. Only used for website security.
Learn More: https://www.cloudflare.com/cookie-policy/
Note: This cookie is ONLY used on our website (desiway.in), NOT in the mobile app.
2. LOCAL STORAGE - WHAT WE STORE
2.1. Essential Local Storage (No Consent Required)
We store the following data locally on your device to provide essential app functionality:
2.1.1. Authentication & Session Data
What We Store:
- Supabase authentication session token
- User ID (for session management)
- Session expiry timestamp
Purpose: Keep you logged in and secure your account
Storage Location: Secure encrypted storage (FlutterSecureStorage)
Retention: Until you log out or session expires (7 days)
2.1.2. Theme Preference
What We Store:
- Your app theme choice (Light mode, Dark mode, or System default)
Purpose: Remember your theme preference so the app looks the way you want
Storage Location: Device storage (Android/iOS) or Browser storage (Web)
Retention: Until you clear app data or change your theme preference
2.1.3. Location Preference
What We Store:
- Your selected location (city, state, country)
- Cached location search results for faster loading
Purpose:
- Show you relevant local content (events, accommodations, posts near you)
- Remember your location so you don't have to select it every time
- Improve app performance by caching location data
Storage Location: Device storage (Android/iOS) or Browser storage (Web)
Retention: 24 hours, then automatically refreshed
Note: You manually select your location. We do NOT track your real-time GPS location automatically.
2.1.4. Feed Filter Preferences
What We Store:
- Your search queries
- Filter settings (e.g., "show only my posts", "verified users only")
- Language and community type preferences
Purpose: Remember your feed preferences so you don't have to re-apply filters every time you open the app
Storage Location: Device storage (Android/iOS) or Browser storage (Web)
Retention: Until you clear app data or change your filter settings
2.1.5. Push Notification Token
What We Store:
- Device notification token (required by Firebase Cloud Messaging)
Purpose:
- Deliver push notifications to your device about messages, events, and activity
Storage Location: Device storage (Android/iOS)
Retention: Until you log out or uninstall app
Note: You can disable push notifications in device settings at any time.
2.2. Media Cache (Performance Optimization)
2.2.1. Image Cache
What We Store:
- Cached images from posts, profiles, events, accommodations, marketplace
Purpose:
- Faster image loading
- Reduce data usage
- Improve app performance
Storage Location: Device cache directory (managed by cached_network_image & flutter_cache_manager)
Retention: Up to 30 days or until cache is full (automatic cleanup)
Size Limit: ~200 MB (configurable)
User Control: Clear cache via Settings > Clear Cache
3. FIREBASE SERVICES
3.1. Firebase Cloud Messaging (Push Notifications)
What We Use:
- Firebase Cloud Messaging (FCM) for push notifications ONLY
What We Do NOT Use:
- ❌ Firebase Analytics
- ❌ Firebase Performance Monitoring
- ❌ Firebase Crashlytics
- ❌ Firebase Remote Config
- ❌ Any Firebase tracking or analytics features
Data Collected by FCM:
- Device token (unique identifier for push notifications)
- Notification delivery status
Purpose: Deliver push notifications about:
- New messages
- Event reminders
- Post comments and likes
- System announcements
Your Control:
- Disable push notifications in device settings: Settings > Notifications > DesiWay
- Opt out of specific notification types: DesiWay App > Settings > Notifications
Firebase Privacy Policy: https://firebase.google.com/support/privacy
4. THIRD-PARTY SERVICES
4.1. Supabase (Backend & Authentication)
What It Does:
- Backend database
- User authentication
- API services
Data Stored:
- Authentication session tokens
- User data (as described in Privacy Policy)
Location: EU-based servers (GDPR compliant)
Privacy Policy: https://supabase.com/privacy
4.2. Google Sign-In (OAuth)
What It Does:
- Allows you to sign in with your Google account
- No Google tracking or analytics integrated
Data Collected:
- Name, email, profile picture (only when you sign in with Google)
Purpose: Simplify account creation and login
Your Control: Manage Google account permissions at: https://myaccount.google.com/permissions
Privacy Policy: https://policies.google.com/privacy
4.3. Sentry (Error Tracking & Crash Reporting)
What It Does:
- Automatically collects crash reports and error logs when app malfunctions
- Helps us identify and fix bugs quickly
Data Collected:
- Device type and OS version
- App version
- Error messages and stack traces (code execution traces)
- User ID (if logged in) - helps us identify patterns in user-specific issues
- Event breadcrumbs (actions leading up to error)
When Data is Collected:
- ONLY when the app crashes or encounters an error
- NOT during normal app usage
Legal Basis: Legitimate interests (GDPR Article 6(1)(f))
Legitimate Interest: Maintaining app stability, fixing bugs, and improving user experience
Balancing Test:
- Our Interest: Essential for identifying and fixing critical bugs affecting user experience
- User Impact: Minimal intrusion - data collected only during errors, not normal usage
- User Rights: Right to object (see Opt-Out section below)
Data Sharing:
- Sentry.io (US-based) - Safeguard: EU-US Data Privacy Framework + EU Standard Contractual Clauses
- Data stored: 90 days, then automatically deleted
Your Right to Object:
- You may object to error tracking by contacting [email protected]
- Note: Opting out may limit our ability to fix bugs affecting your account
Privacy Policy: https://sentry.io/privacy/
4.4. Geolocator (Location Services)
What It Does:
- Used ONLY when you manually select "Use Current Location" in location picker
- Obtains your GPS coordinates to suggest nearby cities
Data Collected:
- GPS coordinates (latitude, longitude) - temporarily, not stored
- Only collected when you explicitly tap "Use Current Location"
Purpose: Help you find and select your city quickly
Your Control:
- Android: Settings > Apps > DesiWay > Permissions > Location
- iOS: Settings > Privacy > Location Services > DesiWay
Note: We do NOT track your real-time location. GPS is used ONLY when you manually request it.
5. MOBILE APP TRACKING & IDENTIFIERS
5.1. Device Identifiers
What We Collect:
- Device ID: Used for authentication and session management
- Device Model & OS Version: Used for compatibility and debugging
- App Version: Used to determine if updates are available
Purpose: Essential for app functionality, authentication, and debugging
No Advertising ID: We do NOT collect or use Advertising IDs (IDFA on iOS, GAID on Android) for tracking or advertising purposes.
5.2. App Permissions
Our app may request the following permissions:
| Permission | Purpose | Required? |
|---|---|---|
| Camera | Take photos for profile, posts, listings; Scan QR codes for event check-in | Optional |
| Photo Library | Upload photos from your device | Optional |
| Notifications | Send push notifications | Optional |
| Location (when requested) | Suggest nearby cities when you tap "Use Current Location" | Optional |
| Storage | Save photos and media | Optional (Android only) |
You can manage permissions at any time through device settings.
6. WEB PLATFORM STORAGE
6.1. Web Application (Mobile Web & Desktop Web)
Storage Method: Browser LocalStorage (not tracking cookies)
What We Store:
- Same data as mobile app (theme, location, filters, session tokens)
- Stored in browser LocalStorage for app functionality
Cookies:
- We do NOT use tracking, analytics, or advertising cookies
- We use only strictly necessary cookies:
- Cloudflare security cookie (
__cf_bm) - see Section 1.3 - Authentication session cookie - keeps you logged in
- Cookie consent preference - remembers your banner choice
- Cloudflare security cookie (
- All cookies listed above are strictly necessary for core functionality or security (GDPR exempt - no consent required)
IP Address & Page Views:
- We log IP addresses and page views for security and abuse prevention - see Section 1.1
6.2. Session Management (Web)
How It Works:
- Supabase stores session tokens in browser LocalStorage
- Essential for keeping you logged in
Security: Session tokens are securely managed by Supabase client library.
7. YOUR CHOICES & CONTROLS
7.1. Clear Local Storage
On Mobile App (Android/iOS):
Option 1: Clear Cache (Settings)
- Open DesiWay app
- Go to Settings
- Tap "Clear Cache"
- Confirm
What This Clears:
- Cached images and media
- Location cache
- Feed filter cache
What This DOES NOT Clear:
- Your login session (you stay logged in)
- Theme preference
- Notification settings
Option 2: Clear App Data (Device Settings)
Android:
- Settings > Apps > DesiWay > Storage
- Tap "Clear Data" or "Clear Storage"
- This will log you out and reset all preferences
iOS:
- Settings > General > iPhone Storage > DesiWay
- Tap "Delete App"
- Reinstall from App Store
- This will log you out and reset all preferences
On Web:
Clear Browser LocalStorage:
- Open browser DevTools (F12)
- Go to Application > Local Storage
- Clear DesiWay entries
OR
Simply log out and clear browser cache.
7.2. Disable Push Notifications
Android:
- Settings > Apps & notifications > DesiWay > Notifications
- Toggle off
iOS:
- Settings > Notifications > DesiWay
- Toggle "Allow Notifications" off
In-App:
- DesiWay > Settings > Notifications
- Customize notification preferences
7.3. Revoke Location Permission
Android:
- Settings > Apps > DesiWay > Permissions > Location > Don't allow
iOS:
- Settings > Privacy > Location Services > DesiWay > Never
Note: You can still manually select your location without granting location permission.
7.4. Opt Out of Error Tracking (Sentry)
Your Right to Object:
Under GDPR Article 21, you have the right to object to processing based on legitimate interests.
How to Opt Out:
- Email: [email protected]
- Subject: "Object to Sentry Error Tracking"
- Include: Your account email or User ID
Effect of Opting Out:
- We will disable Sentry error tracking for your account
- Note: This may limit our ability to fix bugs specific to your account
- Response time: We will process your request within 7 business days
Alternative: If you prefer error tracking without User ID, request "anonymized error tracking" - we'll still collect crash data but without linking to your account.
7.5. Your GDPR Rights
For full details about your data protection rights, including:
- Right to access your data
- Right to erasure ("right to be forgotten")
- Right to data portability
- Right to rectification
- Right to object to processing
- Right to lodge a complaint with Data Protection Commission
See our Privacy Policy: desiway.in/docs/privacy (Section 9)
Contact: [email protected] for any data protection requests
8. DATA RETENTION
| Data Type | Retention Period | Deletion Method |
|---|---|---|
| Session tokens | Until logout or expiry (7 days) | Automatic or manual logout |
| Cookie consent preference | Until cleared | Clear browser data |
| IP address & page view logs | 90 days | Automatic deletion |
| Theme preference | Until app data cleared | Clear app data |
| Location cache | 24 hours | Automatic expiry |
| Feed filters | Until changed or app data cleared | Change filters or clear data |
| Image cache | Up to 30 days or cache limit | Settings > Clear Cache |
| FCM token | Until logout or app uninstall | Logout or uninstall |
| Error logs (Sentry) | 90 days | Automatic deletion |
9. CHANGES TO THIS POLICY
9.1. Right to Modify
We may update this Policy from time to time to reflect changes in our data practices.
9.2. Notice of Changes
We will notify you of material changes by:
- In-app notification
- Email notification
- Posting an updated Policy with a new "Last Updated" date
9.3. Review
We encourage you to review this Policy periodically.
10. CONTACT US
If you have questions about this Policy or our data storage practices, please contact us:
MANOHARA LIMITED (trading as DesiWay) Company Registration Number (CRO): 797787 Incorporation Date: 18 September 2025
Privacy Team: Email: [email protected]
Data Protection Officer: Email: [email protected]
Mailing Address: VENTURE HUB, 136 CAPEL STREET, DUBLIN, D01 T2C9, IRELAND
SUMMARY TABLE - WHAT WE ACTUALLY USE
| Technology | Purpose | Consent Required? | Where Used |
|---|---|---|---|
| Device/Browser Storage | Store preferences (theme, location, filters) | No (essential) | Mobile app & Website |
| Secure Storage | Store authentication tokens securely | No (essential) | Mobile app & Website |
Cloudflare Cookie (__cf_bm) | Bot protection & DDoS prevention | No (security) | Website only |
| Session Cookie | Keep you logged in | No (essential) | Website only |
| Cookie Consent Preference | Remember banner choice | No (essential) | Website only |
| IP Address & Page View Logs | Security & abuse prevention | No (legitimate interest) | Mobile app & Website |
| Firebase Messaging | Push notifications | Yes (opt-in) | Mobile app only |
| Supabase | Backend database & authentication | No (essential) | Mobile app & Website |
| Google/Apple Sign-In | OAuth authentication | Yes (opt-in) | Mobile app & Website |
| Sentry | Error tracking & crash reports | No (legitimate interest) | Mobile app & Website |
| Image Cache | Cache images for faster loading | No (performance) | Mobile app only |
| Geolocator | Suggest nearby cities when requested | Yes (opt-in) | Mobile app only |
WHAT WE DO NOT DO
❌ No tracking, analytics, or advertising cookies ❌ No Google Analytics or Firebase Analytics ❌ No advertising cookies or behavioral tracking ❌ No third-party ad networks or advertising SDKs ❌ No cross-site tracking or fingerprinting ❌ No behavioral profiling for advertisements ❌ No sale of personal data to third parties ❌ No use of Advertising IDs (IDFA/GAID) for tracking
We believe in privacy by design. We only collect what's necessary to provide you with a great app experience.
END OF DATA STORAGE & TRACKING POLICY