Privacy Policy
Effective Date: 1 April 2026
Last Updated: 1 April 2026
1. Introduction
KodiBook ("we", "our", or "us") is a mobile application designed to help independent poultry farmers in India manage broiler batches, track feed consumption, monitor profitability, and make informed harvest decisions.
This Privacy Policy explains what personal data we collect, why we collect it, how we use it, who we share it with, and what rights you have. By using KodiBook, you agree to the practices described in this policy.
If you do not agree with this policy, please do not use the app.
2. Who We Are
KodiBook is operated by [Your Legal Entity Name], registered in India.
Contact:
Email: privacy@kodibook.com
WhatsApp: [Your WhatsApp Business number]
Address: [Your registered address]
3. Data We Collect
3.1 Account & Identity Data
When you register or log in, we collect:
- Mobile phone number — used for OTP-based authentication via Firebase Auth (currently migrating to Twilio). This is your primary identity in KodiBook.
- Name — entered during onboarding for personalisation.
- Role — Owner or Shed Worker, used to control feature access.
3.2 Farm & Batch Data
Data you enter to operate the app:
- Farm name, district, and approximate GPS location (used for hyperlocal weather and disease risk alerts)
- Shed details: name, capacity, shed type
- Batch details: breed, Day-Old Chick (DOC) count, DOC cost, feed cost, target FCR, target mortality, assumed sale price
- Daily shed logs: dead bird count, feed bags opened, feed consumed, optional average bird weight
- Cost entries: category, amount in Indian Rupees (₹), date, and notes
- Market settlement data: live weight sold (kg), sale price per kg
- Inventory items and stock transactions
- Vaccination and batch schedule records
3.3 Worker Data
If you are a farm Owner, you may add Shed Workers to your account. For each worker, we collect:
- Name
- Phone number (E.164 format)
- Assignment status (active / revoked)
Workers are notified via WhatsApp or SMS when assigned. Workers do not have access to financial data.
3.4 Device & Technical Data
- Firebase UID — anonymous identifier assigned by Firebase Auth
- FCM token — for push notification delivery, capped at 5 tokens per user
- Stable device identifier (SSAID on Android, IDFV on iOS) — used to manage FCM tokens and prevent duplicates. Not shared with third parties.
- App version, OS version, device model — collected by Firebase Crashlytics for error diagnosis only
- Crash reports and stack traces — collected automatically by Firebase Crashlytics when the app crashes
3.5 Location Data
- We request approximate device location (coarse GPS) only when you set up your farm location.
- Location is stored as latitude, longitude, district name, and a human-readable location label.
- Location is used exclusively to fetch hyperlocal weather data (temperature, humidity, heat index) for heat stress alerts.
- We do not track your location continuously or in the background.
3.6 Voice Data
- If you or your shed worker uses the voice input feature (daily log by voice), audio is processed by OpenAI Whisper (on-device, small model).
- Voice audio is processed locally on your device and is not transmitted to any server.
- We do not store, retain, or analyse audio recordings.
3.7 Biometric Data
- If you enable the optional biometric app lock, authentication is handled entirely by your device's OS (fingerprint sensor, face unlock, or device PIN).
- KodiBook does not access, store, or transmit any biometric data.
- Biometric settings are stored locally on your device only and are never synced to our servers.
3.8 Community Data
If you participate in the KodiBook Community (F24):
- Posts, replies, and questions you publish are visible to other farmers on the platform
- Your display name and farm state are shown alongside your posts
- You may delete your own posts at any time
3.9 AI Advisor & Digest Data
- When you use the Farm Advisor AI (F21) or receive AI Digest notifications (F40), your batch KPIs, recent alerts, weather snapshot, and batch day are sent to Google Gemini (via Firebase AI) to generate responses.
- These queries contain farm performance data but do not include your name, phone number, or any personally identifying information.
- AI-generated responses and digests are stored locally in your device's SQLite database and synced to Firestore under your account.
3.10 Subscription & Payment Data
- Subscription status (Free / Pro trial / Pro active) is managed via [your payment provider — e.g. RevenueCat / Razorpay].
- We do not store credit card numbers, UPI IDs, or payment credentials. These are handled entirely by the payment provider under their own privacy terms.
4. Why We Collect This Data
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Authenticate your identity | Phone number, Firebase UID | Contract performance |
| Operate core app features | Farm, batch, shed log, cost data | Contract performance |
| Calculate KPIs (FCR, mortality, cost/kg) | Daily logs, cost entries | Contract performance |
| Generate Settlement PDF | Batch + settlement data | Contract performance |
| Send push notifications (alerts, digest) | FCM token, alert data | Contract performance |
| Hyperlocal weather alerts | GPS location, weather cache | Legitimate interest |
| AI-powered Advisor & Digest | KPI snapshot, alerts, weather | Legitimate interest |
| Crash diagnosis and bug fixing | Crashlytics data, device info | Legitimate interest |
| Worker assignment and access control | Worker name, phone, Firebase claims | Contract performance |
| Subscription management | Subscription status | Contract performance |
| Analytics and product improvement | Aggregated, anonymised usage events | Legitimate interest |
We do not use your data for advertising, do not sell your data to third parties, and do not build advertising profiles.
5. Data Storage & Sync Architecture
KodiBook is designed offline-first for rural India where connectivity is unreliable.
- Primary storage: All your data is stored first in a local SQLite database on your device using the Drift ORM. The app is fully functional without an internet connection.
- Cloud sync: When connectivity is available, data syncs to Google Firestore under your account, isolated by your Firebase UID. Firestore acts as a backup and sync destination, not the source of truth.
- Data isolation: Firestore security rules ensure each user can only access their own farm data. Workers can only read data for the specific batch they are assigned to.
6. Data Sharing
6.1 Firebase (Google)
- Firebase Auth — authentication
- Cloud Firestore — data sync and backup
- Firebase Cloud Messaging (FCM) — push notifications
- Firebase Crashlytics — crash reporting
- Firebase Analytics — anonymised usage analytics
Firebase is operated by Google LLC. Data may be processed in the United States. Google's privacy terms apply: https://firebase.google.com/support/privacy
6.2 Google Gemini (AI features)
- Batch KPI data (not personally identifying) is sent to Google Gemini via Firebase AI for Farm Advisor and AI Digest responses.
- Google's AI data usage terms apply.
6.3 OpenAI (Voice input)
Voice processing runs on-device using the Whisper small model. No audio data is sent to OpenAI servers.
6.4 WhatsApp Cloud API / Twilio
- If you have enabled WhatsApp or SMS alerts, your phone number and alert message text are transmitted to WhatsApp Cloud API (Meta) or Twilio for delivery.
- We share only what is necessary to deliver the notification.
6.5 Legal Requirements
We may disclose your data if required to do so by Indian law, court order, or government authority, or to protect the rights, property, or safety of KodiBook, our users, or the public.
6.6 No Sale of Data
We do not sell, rent, or trade your personal data to any third party for any purpose.
7. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data (phone, name) | Until you delete your account |
| Farm, batch, and shed log data | Until you delete your account or specific batch |
| Crash reports (Crashlytics) | 90 days (Firebase default) |
| Analytics events | 14 months (Firebase Analytics default) |
| AI Advisor chat history | Until you delete your account |
| Community posts | Until you delete them or delete your account |
| FCM tokens | Automatically pruned; max 5 per user |
| Demo requests (website form) | 12 months from submission |
When you delete your account, we initiate deletion of your Firestore data within 30 days. Local SQLite data on your device is deleted when you uninstall the app.
8. Children's Privacy
KodiBook is designed for adult farm owners and shed workers. We do not knowingly collect data from individuals under the age of 18. If you believe a minor has registered, please contact us at privacy@kodibook.com and we will delete the account promptly.
9. Security
- Firebase Security Rules enforce strict data isolation — each user can only access their own data
- Firebase Custom Claims (JWT) control worker role and batch-level access
- HTTPS/TLS for all data in transit
- Local SQLite encryption is not currently applied but batch-sensitive settlement PDFs can be protected by a biometric challenge
- FCM tokens are capped and managed with stable device identifiers to prevent hijacking
- Biometric lock (optional) protects the app from unauthorised device access
No system is 100% secure. In the event of a data breach affecting your personal information, we will notify you as required under applicable Indian law.
10. Your Rights
Under the Digital Personal Data Protection Act, 2023 (DPDPA) and applicable Indian privacy law, you have the right to:
- Access the personal data we hold about you
- Correct inaccurate personal data
- Erase your personal data (right to be forgotten)
- Withdraw consent at any time (this may affect your ability to use the app)
- Nominate a person to exercise your rights on your behalf in the event of death or incapacity
- Grievance redressal — lodge a complaint with our Data Protection Officer or with the Data Protection Board of India
To exercise any of these rights, contact: privacy@kodibook.com
We will respond within 30 days of receiving your request.
11. Cookies & Web Tracking
The KodiBook mobile app does not use browser cookies.
The KodiBook website (kodibook.com) uses Firebase Analytics (Google Analytics 4) to understand page traffic and user behaviour. This involves cookies and similar tracking technologies. You may opt out by enabling "Do Not Track" in your browser or using the Google Analytics opt-out browser add-on.
12. Changes to This Policy
We may update this Privacy Policy from time to time as the app's features evolve. When we make significant changes, we will notify you via a push notification or an in-app message. The "Last Updated" date at the top of this page will always reflect the most recent version.
Continued use of KodiBook after changes are posted constitutes your acceptance of the updated policy.
13. Contact & Grievance Officer
Data Protection / Grievance Officer
Name: [Grievance Officer Name]
Email: privacy@kodibook.com
Address: [Your registered address]
Phone: [Contact number]
Response time: Within 30 days of receipt of complaint.
KodiBook is built for the Indian farmer. Your data stays yours.