Privacy Policy

Last Updated: March 7, 2026

Introduction

Welcome to Ahem ("we," "our," or "us"), operated from Sweden. We respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, and safeguard your data when you use our mobile application.

As a company based in Sweden, we comply with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

Information We Collect

1. Account Information

When you sign in with Google, we collect:

  • Your email address
  • Your name
  • Your Google profile picture
  • Unique user identifier from Google

2. App Usage Data

With your explicit permission (via Android's Usage Access permission), we collect:

  • Names of apps installed on your device
  • Time spent in each app
  • App launch frequency and usage patterns
  • App usage sessions (when you start/stop using apps)

Important: We do NOT collect the content of your activities within apps (messages, browsing history, photos, etc.). We only collect aggregated usage statistics to generate roasts.

Data Processing: Your usage data is sent to Google Gemini API for roast generation. We may retain limited diagnostic and operational data temporarily for reliability and support, following internal limits and service retention policies.

Anonymous Telemetry: To improve app classification coverage, we may send a limited daily snapshot of your top apps, app ranks, usage time, and launch counts through Firebase Analytics. This telemetry is pseudonymized and used for aggregate trend reporting rather than a personal activity feed.

3. Purchase Information

  • In-app purchase transactions (via Google Play Billing)
  • Credit balance (free and purchased credits)
  • Purchase verification tokens

Note: Payment processing is handled entirely by Google Play. We do not have access to your payment card details.

4. Technical Information

  • Device type and model
  • Android version
  • App crashes and performance data (via Firebase Crashlytics)
  • App usage analytics (via Firebase Analytics)

Privacy Note: All user identifiers are pseudonymized using one-way hashing. Hashed identifiers allow tracking events across sessions for troubleshooting but cannot be reversed to reveal your identity. See the "Data Anonymization" section below for details.

How We Use Your Information

We use the collected information to:

  • Generate AI-powered roasts based on your app usage patterns (processed server-side for generation)
  • Authenticate your account via Firebase Authentication
  • Process in-app purchases and manage your credit balance
  • Improve app performance and fix bugs (via Crashlytics)
  • Analyze anonymous top-app trends to improve classifier coverage and identify emerging apps (via Firebase Analytics)

Legal Basis (GDPR): We process your data based on:

  • Consent: For collecting app usage statistics
  • Contract Performance: For providing the roast generation service
  • Legitimate Interest: For analytics, crash reporting, and service improvement

Data Storage and Retention

What We Store:

  • Your account information (email, name, profile picture from Google)
  • Your credit balance (free credits and purchased credits)
  • Crash and analytics data (Firebase Crashlytics and Analytics), including limited anonymous daily top-app telemetry used for aggregate reporting
  • Limited temporary diagnostic and operational records for service reliability and support

What We Do NOT Store:

  • Your app usage history as a permanent profile tied to your identity
  • Generated roasts as a permanent server-side history tied to your account
  • Roast history or past usage statistics
  • Payment card details (handled by Google Play)

Retention Period: We retain your account data and credits for as long as your account is active. Crash logs and analytics data are retained according to Firebase's retention policies (typically 60-90 days for raw data).

Data Anonymization

We take your privacy seriously and use data anonymization to protect your identity:

  • All user identifiers are hashed using SHA-256 with an app-specific salt
  • Crash reports, analytics events, and debugging traces use pseudonymized identifiers only, including hashed account IDs when available and platform-generated analytics pseudonymous IDs otherwise
  • Your identity cannot be recovered from hashed identifiers (one-way hashing)
  • Hashing is deterministic (same user = same hash) to allow tracking events across sessions for troubleshooting without exposing identity

Bottom line: All tracking uses pseudonymized identifiers. While we can track events across sessions (for debugging quality issues), we cannot recover your real identity from the hashed data.

Android Permissions

The app requires the following Android permissions:

  • Usage Access (PACKAGE_USAGE_STATS): Required to read app usage statistics for generating roasts. You must explicitly grant this permission.
  • Query All Packages: Required to retrieve app names and icons for display purposes.
  • Internet: Required to communicate with Firebase and Gemini API.

You can revoke the Usage Access permission at any time through Android Settings → Apps → Special access → Usage access.

Third-Party Services

Ahem uses the following third-party services that may collect information:

Firebase (Google)

  • Firebase Authentication for Google Sign-In
  • Firebase Cloud Functions for serverless backend
  • Firebase Firestore for storing user credits
  • Firebase Crashlytics for crash reporting
  • Firebase Analytics for app usage analytics
  • BigQuery export from Google Analytics for aggregate telemetry reporting

Learn more: Firebase Privacy Policy

Google Gemini API

We use Google's Gemini AI to generate roasts based on your usage data. Your usage data is sent to Gemini for processing. We may retain limited diagnostic and operational data temporarily in our systems for reliability and support.

Learn more: Gemini API Terms

Google Play Billing

In-app purchases are processed through Google Play's billing system. We receive purchase verification tokens but do not have access to your payment card details. Google Play handles all payment processing and transaction security.

Learn more: Google Payments Privacy Notice

Data Security

We implement industry-standard security measures to protect your data:

  • All data transmission is encrypted using HTTPS/TLS
  • Authentication tokens are securely managed by Firebase
  • Usage data is processed server-side via Cloud Functions for roast generation
  • We retain only data needed to operate, secure, and support the service, including limited temporary diagnostic records
  • Payment processing handled by Google Play's secure infrastructure

Your Rights (GDPR)

As a user, especially if you're in the European Union, you have the following rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your account and data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing of your data
  • Right to Withdraw Consent: Revoke app usage permissions at any time through Android settings
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise any of these rights, please contact us at contact@ahem.fyi or submit an account deletion request via our Account Deletion Request Form.

Account Deletion

You can request deletion of your account and associated data at any time by:

Upon receiving your request, we will delete your account data within 30 days. Note that some data may be retained in backup systems for a limited period or as required by law.

What gets deleted: Your account information, credit balance, and any associated user data. Anonymized crash logs and analytics may be retained for service improvement purposes.

International Data Transfers

Our services use Firebase and Google Cloud infrastructure, which may process data in various locations worldwide. All data transfers comply with GDPR requirements, including:

  • Standard Contractual Clauses (SCCs) for transfers outside the EU
  • Google's compliance with EU-U.S. Data Privacy Framework
  • Appropriate safeguards to ensure your data protection rights are maintained

Children's Privacy

Ahem is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected data from a child under 13, please contact us immediately at contact@ahem.fyi and we will promptly delete such information.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by:

  • Updating the "Last Updated" date at the top of this policy
  • Providing in-app notifications for material changes
  • Requiring re-consent where necessary under GDPR

We encourage you to review this Privacy Policy periodically.

Contact Us

If you have questions about this Privacy Policy, want to exercise your data rights, or have privacy concerns, please contact us at:

Email: contact@ahem.fyi

Data Controller: Ahem, Sweden

For EU users: If you are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority (data protection authority).

This Privacy Policy is effective as of the date listed above and applies to all users of the Ahem mobile application.