🛡 Informativa sulla Privacy

Ultimo aggiornamento: marzo 2026 · Versione 1.3

Privacy by Design

Nessuna pubblicitàMai, in nessuna sezione
Nessun dato personaleNo email, nome reale, o età
Una delle poche App con zero tracciamentoNo analytics, no profilazione
Cifratura end-to-endAES-256-GCM per dati famiglia
Cloud solo con consensoNessuna connessione senza ok
Cancellazione completaUn tap per eliminare tutto

1. Titolare del trattamento

Davide Sironi — Contatto privacy: privacy@matematt.app

Le richieste relative ai dati personali vengono evase entro 30 giorni.

2. Principio di progettazione

Matematt è progettata secondo il principio di Protezione dei Dati fin dalla Progettazione e per Impostazione Predefinita (Privacy by Design, Art. 25 GDPR). La tutela della privacy dei minori è un elemento fondamentale dell'architettura dell'app, non un adempimento aggiunto.

  • Non richiede email, telefono o dati di contatto.
  • Non raccoglie nome reale, cognome, data di nascita o posizione.
  • Non contiene pubblicità di alcun tipo.
  • Non profila gli utenti a fini commerciali.
  • Non vende o condivide dati con terze parti per marketing.
  • Non utilizza strumenti di tracciamento analitico (nessun Firebase Analytics o simili).

3. Destinatari e consenso parentale

L'app è destinata a bambini di 6–11 anni, utilizzata sotto la supervisione di un genitore o tutore legale. Il genitore è responsabile dell'installazione e della configurazione.

Al primo avvio, il genitore deve accettare esplicitamente la presente informativa prima che qualsiasi servizio cloud venga attivato. Senza il consenso del genitore, nessun dato personale viene trasmesso dall'app e nessun servizio cloud viene attivato. L'SDK Firebase viene inizializzato localmente per ragioni tecniche, ma la raccolta dati (Crashlytics, Firestore) resta disabilitata fino al consenso esplicito.

Questo meccanismo è conforme all'Art. 8 GDPR (consenso del titolare della responsabilità genitoriale per i servizi della società dell'informazione offerti ai minori) e alla regola COPPA del “verifiable parental consent” (16 CFR §312.5).

4. Dati trattati e base giuridica

4.1 Dati salvati sul dispositivo (offline)

DatoFinalitàBase giuridica
Avatar e soprannome casuale (es. “Leone 42”, generato dall'app)Visualizzazione profilo e personalizzazioneEsecuzione del contratto (Art. 6.1.b)
Risultati esercizi e progressiReportistica locale per il genitoreEsecuzione del contratto
Compiti salvati e codiciRiproduzione compiti assegnatiEsecuzione del contratto
Bilancio MatCoinSistema di ricompense educativoEsecuzione del contratto

Questi dati non lasciano mai il dispositivo e vengono eliminati con la disinstallazione dell'app.

4.2 Funzione Famiglia (opzionale — richiede attivazione esplicita dal genitore)

DatoFinalitàProtezioneConservazione
Compiti assegnati (tasksJson)Trasmissione al dispositivo del bambinoCifrato AES-256-GCMFino a cancellazione da parte dell'owner
Report risultati (avatar anonimo, dettagli esercizi, errori)Trasmissione al genitoreCifrato AES-256-GCM90 giorni, poi cancellazione automatica
Metadati non sensibili (punteggio, tentativi, data)Anteprima nella lista reportIn chiaro90 giorni
UID anonimo FirebaseAutenticazione tecnicaPseudonimoFino a revoca consenso o cancellazione dati dall'app
UUID casuale del dispositivoIdentificazione nel gruppo famigliaPseudonimo, generato localmenteFino a disinstallazione

Base giuridica: consenso esplicito del genitore (Art. 6.1.a GDPR), raccolto al primo avvio dell'app.

Nessun dato identificativo diretto (nome reale, email, telefono, indirizzo) viene richiesto o raccolto per la funzione Famiglia.

5. Cifratura end-to-end

Tutti i dati sensibili trasmessi al cloud nella funzione Famiglia sono protetti da cifratura end-to-end AES-256-GCM:

  • La chiave di cifratura del gruppo (GroupKey AES-256) è generata sul dispositivo del genitore.
  • La GroupKey viene distribuita ai membri del gruppo tramite crittografia asimmetrica RSA-2048 OAEP (SHA-256, MGF1-SHA1).
  • A riposo, la GroupKey è conservata cifrata (wrapped) con una master key AES-256 nel Keystore hardware del dispositivo Android.
  • La GroupKey non viene mai trasmessa in chiaro e non è accessibile al fornitore del servizio cloud (Google).
  • Nemmeno con accesso diretto al database Firestore è possibile leggere i dati sensibili.

6. Segnalazione errori tecnici (Crashlytics)

L'app utilizza Firebase Crashlytics, attivato esclusivamente dopo il consenso esplicito del genitore. Raccoglie solo:

  • Tipo di dispositivo e versione del sistema operativo
  • Versione dell'app e traccia tecnica dell'errore (stack trace)

Non vengono mai inviati dati personali, risultati degli esercizi, nomi o identificativi del bambino. Questo rientra nell'eccezione “supporto alle operazioni interne” ai sensi del COPPA (16 CFR §312.2).

Base giuridica: consenso esplicito del genitore (Art. 6.1.a GDPR).

7. Servizi tecnici di terze parti

ServizioFornitoreRuolo GDPRFinalità
Firebase AuthenticationGoogle LLCResponsabile (Art. 28)Autenticazione anonima
Cloud FirestoreGoogle LLCResponsabile (Art. 28)Sincronizzazione dati famiglia
Firebase CrashlyticsGoogle LLCResponsabile (Art. 28)Segnalazione errori tecnici

L'app non utilizza Firebase Analytics, Google Analytics, Google AdMob, o qualsiasi altra forma di pubblicità, tracciamento comportamentale o profilazione.

8. Trasferimento dati extra-UE

I servizi Firebase (Google LLC) operano su infrastrutture globali. Il trasferimento dei dati verso gli Stati Uniti è coperto dal EU–US Data Privacy Framework (DPF), a cui Google LLC aderisce (decisione di adeguatezza della Commissione Europea del 10 luglio 2023).

Indipendentemente dal luogo di conservazione, i dati sensibili della funzione Famiglia sono cifrati end-to-end e non leggibili né dal fornitore del servizio cloud né da terzi.

9. Conservazione dei dati

DatoConservazione
Dati locali sul dispositivoFino alla disinstallazione dell'app
Report compiti su Firestore90 giorni, poi cancellazione automatica
Gruppo famiglia e compiti su FirestoreFino a cancellazione da parte dell'utente
UID anonimo FirebaseFino a revoca consenso o cancellazione dati dall'app
Dati Crashlytics90 giorni (policy Google)

10. Diritti del genitore/tutore

Il genitore può in qualsiasi momento:

  • Accesso (Art. 15): consultare i risultati nella sezione Report dell'app e i dati del gruppo nella sezione Famiglia.
  • Rettifica (Art. 16): modificare il profilo e l'avatar tramite l'app.
  • Cancellazione (Art. 17): cancellare tutti i dati (locali e cloud) dalla sezione Famiglia → “Cancella tutti i dati”. Quando un membro esce dal gruppo, i suoi report vengono cancellati automaticamente dal cloud.
  • Limitazione (Art. 18): richiedere la limitazione del trattamento scrivendo a privacy@matematt.app.
  • Portabilità (Art. 20): i report dei compiti possono essere archiviati localmente sul dispositivo prima dell'uscita dal gruppo.
  • Opposizione (Art. 21): opporsi al trattamento scrivendo a privacy@matematt.app.
  • Revoca del consenso (Art. 7.3): disattivare singolarmente Crashlytics o Famiglia dalle Impostazioni dell'app, oppure cancellare tutti i dati. La revoca non pregiudica la liceità del trattamento basato sul consenso prima della revoca.
  • Reclamo: per i residenti UE, al Garante per la Protezione dei Dati Personali (garanteprivacy.it); per i residenti UK, all'Information Commissioner's Office (ico.org.uk).

Per richieste: privacy@matematt.app — rispondiamo entro 30 giorni.

11. Protezione dei minori

  • Non raccogliamo consapevolmente dati personali diretti di minori.
  • La funzione Famiglia è nella sezione Genitore e presuppone l'attivazione da parte di un adulto.
  • Le sezioni genitori (report, compiti, codici, famiglia) possono essere protette da un PIN parentale a 4 cifre per impedire l'accesso autonomo del bambino. Il PIN è salvato localmente come hash PBKDF2-HMAC-SHA256 (100.000 iterazioni, salt casuale 16 byte) e, nella funzione Famiglia, sincronizzato nel gruppo con cifratura AES-256-GCM.
  • Blocco automatico: quando l'app viene messa in background da una schermata protetta, l'area genitore si blocca automaticamente e al ritorno viene richiesto nuovamente il PIN.
  • Protezione da screenshot: le schermate protette sono marcate con FLAG_SECURE di Android, che impedisce la cattura di screenshot, la registrazione dello schermo e nasconde i contenuti nella schermata Recenti del dispositivo.
  • Il bambino non può creare gruppi, invitare membri o accedere a impostazioni di rete.
  • L'app non contiene contenuti inappropriati, acquisti in-app o link esterni.

11b. Sicurezza

  • Transito e riposo: i dati trasmessi a Firebase sono protetti da connessioni TLS/HTTPS. I dati sensibili locali sono cifrati tramite EncryptedSharedPreferences (AES-256-GCM) con chiave master nel Keystore hardware Android.
  • Area genitore: PIN PBKDF2-HMAC-SHA256 con 100.000 iterazioni e salt casuale a 16 byte, rate limiting progressivo (blocco dopo 3 tentativi errati), recovery tramite sfida matematica.
  • Blocco automatico: l'area genitore si blocca automaticamente quando l'app va in background e richiede il PIN al ritorno in primo piano.
  • Anti-screenshot (FLAG_SECURE): le schermate protette impediscono screenshot, registrazioni dello schermo e nascondono i contenuti nei Recenti. Il flag è attivo solo sulle schermate dell'area genitore.
  • Log in produzione: tutte le chiamate di logging vengono rimosse automaticamente nelle build di produzione tramite ProGuard/R8.

12. Conformità normativa

La presente informativa è redatta nel rispetto di:

  • GDPR (Reg. UE 2016/679) — Art. 5 (principi), Art. 6 (basi giuridiche), Art. 8 (consenso minori), Art. 13/14 (informativa), Art. 17 (cancellazione), Art. 25 (privacy by design), Art. 28 (responsabile del trattamento)
  • D.Lgs. 196/2003 (Codice Privacy italiano) e successive modificazioni
  • COPPA (15 U.S.C. §§ 6501-6506; 16 CFR Part 312) — Children's Online Privacy Protection Act
  • UK Age Appropriate Design Code (Children's Code) — principi di minimizzazione, trasparenza e best interests of the child
  • UK Data Protection Act 2018 e UK GDPR

13. Modifiche alla presente informativa

In caso di modifiche sostanziali, aggiorneremo la data di revisione in cima al documento. Se la modifica richiede un nuovo consenso, l'app mostrerà nuovamente la schermata di consenso all'utente.

14. Contatti

Per qualsiasi domanda relativa alla privacy o per esercitare i diritti di cui al § 10:

Informativa online: https://app-android-matematt.web.app/privacy.html
Email: privacy@matematt.app
Oggetto: “Privacy MateMatt”
Sviluppatore: Davide Sironi, Italy (EU)

1. Data Controller

The application MateMatt (“the App”) is developed and distributed by Davide Sironi, independent developer, based in Italy (“we”, “the Developer”).

Privacy contact: privacy@matematt.app

Requests regarding personal data are processed within 30 days.

1A. UK Users — Art. 27 UK GDPR

The Developer is established in Italy (EU) and is not established in the United Kingdom. In accordance with Art. 27 of the UK GDPR, the Developer has assessed the applicability of the requirement to designate a UK representative.

Given that:

  • the App processes only pseudonymous/anonymous data (random avatars, anonymous Firebase UIDs);
  • no directly identifying personal data (name, email, address, phone) is collected from UK users;
  • processing is limited to the occasional, non-systematic use of the optional Family feature;
  • processing is unlikely to result in a risk to the rights and freedoms of data subjects, taking into account the nature, context, scope, and purposes of the processing (Art. 27(2)(a) UK GDPR);

the Developer currently relies on the exemption under Art. 27(2)(a) UK GDPR. This assessment will be reviewed annually or whenever the scope of data processing materially changes.

For all privacy inquiries from UK residents: privacy@matematt.app
Supervisory authority: Information Commissioner's Office — ico.org.uk

2. Design Principle

MateMatt is built on the principle of Data Protection by Design and by Default (Art. 25 GDPR). Children's privacy protection is a core element of the app's architecture, not an afterthought. Every feature is designed by first asking: “What data can we NOT collect?”

  • Does not require email, phone, or any contact information.
  • Does not collect real names, surnames, dates of birth, or location.
  • Contains no advertising of any kind.
  • Does not profile users for commercial purposes.
  • Does not sell or share data with third parties for marketing.
  • Does not use analytical tracking tools (no Firebase Analytics or similar).

3. Intended Audience and Parental Consent

The App is designed for children aged 6–11, used under the direct supervision of a parent or legal guardian. The parent/guardian is responsible for installation, configuration, and the child's use of the App.

The App is not intended to be used independently by children without the consent and supervision of an adult.

On first launch, the parent must explicitly accept this privacy policy before any cloud service is activated. Without parental consent, no personal data is transmitted by the App and no cloud service is activated. The Firebase SDK is initialised locally for technical reasons, but data collection (Crashlytics, Firestore) remains disabled until explicit consent is given.

This mechanism complies with Art. 8 GDPR (parental consent for information society services offered to children) and the COPPA “verifiable parental consent” rule (16 CFR §312.5).

4. Data Processed and Legal Basis

4.1 Data stored on device (offline)

DataPurposeLegal basis
Random avatar and nickname (e.g. “Lion 42”, generated by the app)Profile display and personalisationContract performance (Art. 6.1.b)
Exercise results and progressLocal reporting for parentsContract performance
Saved homework and codesHomework reproductionContract performance
MatCoin balanceEducational reward systemContract performance

This data never leaves the device and is deleted upon uninstallation of the App.

4.2 Family Feature (optional — requires explicit parental activation)

The Family feature allows the parent to assign homework and receive the child's results from a second device. This feature is entirely optional and must be deliberately activated.

When activated, the following Google Firebase services are used:

DataPurposeProtectionRetention
Assigned homework (tasksJson)Transmission to child's deviceAES-256-GCM encryptedUntil deleted by owner
Result reports (anonymous avatar, exercise details, mistakes)Transmission to parentAES-256-GCM encrypted90 days, then auto-deleted
Non-sensitive metadata (score, attempts, date)Report list previewPlaintext90 days
Anonymous Firebase UID (generated without email or password)Technical device authenticationPseudonymousUntil consent revocation or data deletion from the app
Random device UUID (locally generated)Family group identificationPseudonymousUntil uninstallation

Legal basis: explicit parental consent (Art. 6.1.a GDPR), collected on first app launch.

No directly identifying data (real name, email, phone number, address) is requested or collected for the Family feature.

4.3 Technical Error Reporting (Crashlytics)

The App uses Firebase Crashlytics (Google), activated only after explicit parental consent. In the event of a crash, the following is sent:

  • Device type and Android operating system version
  • App version and technical error trace (stack trace)
  • Crash timestamp

No personal data, exercise results, names, or child identifiers are ever transmitted. This falls under the “support for internal operations” exception per COPPA (16 CFR §312.2).

Legal basis: explicit parental consent (Art. 6.1.a GDPR).

5. End-to-End Encryption

All sensitive data transmitted to the cloud in the Family feature is protected by end-to-end AES-256-GCM encryption:

  • The group encryption key (GroupKey AES-256) is generated on the parent's device.
  • The GroupKey is distributed to group members via RSA-2048 OAEP asymmetric encryption (SHA-256, MGF1-SHA1).
  • At rest, the GroupKey is stored wrapped by an AES-256 master key in the device's Android hardware Keystore.
  • The GroupKey is never transmitted in plaintext and is inaccessible to the cloud service provider (Google).
  • Even with direct database access, sensitive data cannot be read by the server or any third party.

6. Third-Party Technical Services

ServiceProviderGDPR RolePurpose
Firebase AuthenticationGoogle LLCProcessor (Art. 28)Anonymous device authentication
Cloud FirestoreGoogle LLCProcessor (Art. 28)Family data synchronisation
Firebase CrashlyticsGoogle LLCProcessor (Art. 28)Technical error reporting

The App does not use Firebase Analytics, Google Analytics, Google AdMob, or any other form of advertising, behavioural tracking, or profiling.

7. Children's Data — Special Protection

In accordance with the General Data Protection Regulation (GDPR, EU Reg. 2016/679), the Children's Online Privacy Protection Act (COPPA), and the UK Age Appropriate Design Code, we adopt the following specific measures for the protection of children:

  • We do not knowingly collect direct personal data (full name, email, address, phone number) from children under 13 (COPPA) or under 16 (GDPR, Italian threshold).
  • The player name is randomly generated by the app (e.g. “Dolphin 42”, “Lion 15”) and is not associated with any account or online profile. The user does not enter any real identifying information.
  • The Family feature is accessible from the Parent section, protected by the adults-only area, and requires activation by a parent/guardian.
  • Parent sections (reports, homework, codes, family) can be protected by a 4-digit parental PIN to prevent unsupervised access by children. The PIN is stored locally as a PBKDF2-HMAC-SHA256 hash (100,000 iterations, 16-byte random salt) and, when the Family feature is active, synchronised across the group with AES-256-GCM encryption.
  • Automatic lock-out: when the app is placed in the background from a protected screen, the parent area locks automatically and requires the PIN again upon return. This prevents a child from accessing the parent area simply by picking up the device.
  • Screenshot protection: protected screens (reports, homework, codes, family, settings) are marked with Android's FLAG_SECURE, which prevents screenshots, screen recording, and hides content from the Recent Apps screen.
  • Children cannot create groups, invite members, or access network settings.
  • We do not use behavioural advertising or third-party SDKs intended for profiling.
  • Data stored on Firestore does not contain directly identifying information about the child.
  • The App contains no inappropriate content, in-app purchases, or external links.

Parental responsibility: By installing and configuring the App, the parent/guardian consents to the processing of the technical data described in this policy on behalf of the child.

8. International Data Transfers

Firebase services (Google LLC) operate on global infrastructure with primary servers in the United States and Europe. Data transfers to the United States are covered by the EU–US Data Privacy Framework (DPF), to which Google LLC adheres (European Commission adequacy decision of 10 July 2023).

Regardless of storage location, Family feature sensitive data is end-to-end encrypted and unreadable by the cloud service provider or any third party.

For further details: Google Data Processing Terms.

9. Data Retention

DataRetention
On-device dataUntil app uninstallation
Homework reports on Firestore90 days from creation, then auto-deleted
Family group and homework on FirestoreUntil user-initiated deletion; orphaned data deleted within 90 days
Anonymous Firebase UIDUntil consent revocation or data deletion from the app
Crashlytics data90 days (Google policy)

10. Parental Rights

Parents/guardians may at any time:

  • Access (Art. 15 GDPR): view the child's results in the Report section and group data in the Family section of the App.
  • Rectification (Art. 16 GDPR): edit profile and avatar within the App.
  • Erasure (Art. 17 GDPR): delete all data (local and cloud) from Family → “Delete all data”. When a member leaves a group, their reports are automatically deleted from the cloud.
  • Restriction (Art. 18 GDPR): request restriction of processing by writing to privacy@matematt.app.
  • Portability (Art. 20 GDPR): homework reports can be archived locally on the device before leaving a group.
  • Objection (Art. 21 GDPR): object to processing by writing to privacy@matematt.app.
  • Withdraw consent (Art. 7.3 GDPR): disable Crashlytics or the Family feature individually from the App's Settings, or delete all data. Withdrawal does not affect the lawfulness of processing based on consent before withdrawal.

Supervisory authority complaints:

  • UK residents: Information Commissioner's Office — ico.org.uk
  • EU residents: Garante per la Protezione dei Dati Personali — garanteprivacy.it
  • US residents: Federal Trade Commission — ftc.gov

For all requests: privacy@matematt.app — we respond within 30 days.

11. Security

Transit and at-rest security: data transmitted to Firebase is protected by TLS/HTTPS connections. Firestore security rules restrict access to authenticated devices belonging to the same family group only. Sensitive local data is encrypted via EncryptedSharedPreferences (AES-256-GCM) with a master key stored in the Android hardware Keystore.

Parent area protection: parent sections can be protected by a 4-digit parental PIN (PBKDF2-HMAC-SHA256 hash with 100,000 iterations and 16-byte random salt), with recovery via a mathematical challenge and progressive rate limiting (lock-out after 3 failed attempts).

Automatic lock-out on background: when the app is sent to the background while a protected screen is active, the parent area locks automatically. Upon returning to the foreground, the app requires the PIN again before displaying any protected content.

Screenshot protection (FLAG_SECURE): protected screens are marked with Android's FLAG_SECURE flag, which prevents screenshot capture, hides content from the Recent Apps screen, and blocks screen recording. The flag is active only on parent area screens.

Production logging: all logging calls (android.util.Log) are automatically stripped from production builds via ProGuard/R8.

12. Regulatory Compliance

This policy is drafted in accordance with:

  • GDPR (EU Reg. 2016/679) — Art. 5 (principles), Art. 6 (legal bases), Art. 8 (children's consent), Art. 13/14 (information), Art. 17 (erasure), Art. 25 (privacy by design), Art. 28 (processor)
  • Italian Privacy Code (D.Lgs. 196/2003, as amended)
  • COPPA (15 U.S.C. §§ 6501-6506; 16 CFR Part 312) — Children's Online Privacy Protection Act
  • UK Age Appropriate Design Code (Children's Code) — minimisation, transparency, and best interests of the child
  • UK Data Protection Act 2018 and UK GDPR

13. Changes to This Policy

In case of material changes, we will update the revision date at the top of this document. If a change requires renewed consent, the App will display the consent screen again.

14. Contact

For any privacy-related questions or to exercise the rights listed in § 10:

Online policy: https://app-android-matematt.web.app/privacy.html
Email: privacy@matematt.app
Subject: “Privacy MateMatt”
Developer: Davide Sironi, Italy (EU)

1. Operator / Developer

The application MateMatt (“the App”) is developed and distributed by Davide Sironi, independent developer, based in Italy (“we”, “the Developer”).

Privacy contact: privacy@matematt.app

Requests regarding personal data are processed within 30 days.

2. Design Principle

MateMatt is built on the principle of Privacy by Design. Children's privacy protection is a core element of the app's architecture, not an afterthought. Every feature is designed by first asking: “What data can we NOT collect?”

  • Does not require email, phone, or any contact information.
  • Does not collect real names, surnames, dates of birth, or location.
  • Contains no advertising of any kind.
  • Does not profile users for commercial purposes.
  • Does not sell or share data with third parties for marketing.
  • Does not use analytical tracking tools (no Firebase Analytics or similar).

3. Intended Audience, COPPA Compliance, and Parental Consent

The App is designed for children aged 6–11, used under the direct supervision of a parent or legal guardian. The parent/guardian is responsible for installation, configuration, and the child's use of the App.

The App is not intended to be used independently by children without the consent and supervision of an adult.

COPPA Compliance (16 CFR Part 312): the App complies with the Children's Online Privacy Protection Act (COPPA). On first launch, the parent must explicitly accept this privacy policy before any cloud service is activated. Without parental consent, no personal data is transmitted by the App and no cloud service is activated. The Firebase SDK is initialised locally for technical reasons, but data collection (Crashlytics, Firestore) remains disabled until explicit consent is given.

The App participates in the Google Designed for Families program, which requires compliance with Google's Families policies including COPPA-related requirements.

We do not knowingly collect personal information from children under 13 without verifiable parental consent (16 CFR §312.5).

4. Data Processed

4.1 Data stored on device (offline)

DataPurpose
Random avatar and nickname (e.g. “Lion 42”, generated by the app)Profile display and personalization
Exercise results and progressLocal reporting for parents
Saved homework and codesHomework reproduction
MatCoin balanceEducational reward system

This data never leaves the device and is deleted upon uninstallation of the App. None of this data constitutes “personal information” as defined by COPPA (16 CFR §312.2).

4.2 Family Feature (optional — requires explicit parental activation)

The Family feature allows the parent to assign homework and receive the child's results from a second device. This feature is entirely optional and must be deliberately activated by the parent.

When activated, the following Google Firebase services are used:

DataPurposeProtectionRetention
Assigned homework (tasksJson)Transmission to child's deviceAES-256-GCM encryptedUntil deleted by parent
Result reports (anonymous avatar, exercise details, mistakes)Transmission to parentAES-256-GCM encrypted90 days, then auto-deleted
Non-sensitive metadata (score, attempts, date)Report list previewPlaintext90 days
Anonymous Firebase UID (generated without email or password)Technical device authenticationPseudonymousUntil consent revocation or data deletion from the app
Random device UUID (locally generated)Family group identificationPseudonymousUntil uninstallation

No directly identifying data (real name, email, phone number, address) is requested or collected for the Family feature. The anonymous identifiers used do not constitute “personal information” under COPPA.

4.3 Technical Error Reporting (Crashlytics)

The App uses Firebase Crashlytics (Google), activated only after explicit parental consent. In the event of a crash, the following is sent:

  • Device type and Android operating system version
  • App version and technical error trace (stack trace)
  • Crash timestamp

No personal data, exercise results, names, or child identifiers are ever transmitted. This falls under the “support for internal operations” exception per COPPA (16 CFR §312.2), which permits the collection of information necessary to maintain the technical functioning of the app without requiring separate parental consent.

5. End-to-End Encryption

All sensitive data transmitted to the cloud in the Family feature is protected by end-to-end AES-256-GCM encryption:

  • The group encryption key (GroupKey AES-256) is generated on the parent's device.
  • The GroupKey is distributed to group members via RSA-2048 OAEP asymmetric encryption (SHA-256, MGF1-SHA1).
  • At rest, the GroupKey is stored wrapped by an AES-256 master key in the device's Android hardware Keystore.
  • The GroupKey is never transmitted in plaintext and is inaccessible to the cloud service provider (Google).
  • Even with direct database access, sensitive data cannot be read by the server or any third party.

6. Third-Party Technical Services

ServiceProviderRolePurpose
Firebase AuthenticationGoogle LLCService providerAnonymous device authentication
Cloud FirestoreGoogle LLCService providerFamily data synchronization
Firebase CrashlyticsGoogle LLCService providerTechnical error reporting

The App does not use Firebase Analytics, Google Analytics, Google AdMob, or any other form of advertising, behavioral tracking, or profiling.

7. Children's Data — COPPA Protections

In accordance with the Children's Online Privacy Protection Act (COPPA, 15 U.S.C. §§ 6501-6506; 16 CFR Part 312), we adopt the following specific measures for the protection of children:

  • We do not knowingly collect personal information (as defined by 16 CFR §312.2) from children under 13 without verifiable parental consent.
  • The player name is randomly generated by the app (e.g. “Dolphin 42”, “Lion 15”) and is not associated with any account or online profile. The user does not enter any real identifying information.
  • The Family feature is accessible from the Parent section, protected by the adults-only area, and requires activation by a parent/guardian.
  • Parent sections (reports, homework, codes, family) can be protected by a 4-digit parental PIN to prevent unsupervised access by children. The PIN is stored locally as a PBKDF2-HMAC-SHA256 hash (100,000 iterations, 16-byte random salt) and, when the Family feature is active, synchronized across the group with AES-256-GCM encryption.
  • Automatic lock-out: when the app is placed in the background from a protected screen, the parent area locks automatically and requires the PIN again upon return.
  • Screenshot protection: protected screens are marked with Android's FLAG_SECURE, which prevents screenshots, screen recording, and hides content from the Recent Apps screen.
  • Children cannot create groups, invite members, or access network settings.
  • We do not use behavioral advertising or third-party SDKs intended for profiling.
  • Data stored on Firestore does not contain directly identifying information about the child.
  • The App contains no inappropriate content, in-app purchases, or external links.

Parental responsibility: By installing and configuring the App, the parent/guardian consents to the processing of the technical data described in this policy on behalf of the child.

8. International Data Transfers

The Developer is based in Italy (EU). Firebase services (Google LLC) operate on global infrastructure with primary servers in the United States and Europe. As the App is available to US users, data processed through Firebase is primarily stored and processed within the United States.

For users in the European Economic Area (EEA) or the United Kingdom, data transfers to the United States are covered by the EU–US Data Privacy Framework (DPF), to which Google LLC adheres (European Commission adequacy decision of 10 July 2023).

Regardless of storage location, Family feature sensitive data is end-to-end encrypted and unreadable by the cloud service provider or any third party.

For further details: Google Data Processing Terms.

9. Data Retention

DataRetention
On-device dataUntil app uninstallation
Homework reports on Firestore90 days from creation, then auto-deleted
Family group and homework on FirestoreUntil user-initiated deletion; orphaned data deleted within 90 days
Anonymous Firebase UIDUntil consent revocation or data deletion from the app
Crashlytics data90 days (Google policy)

10. Parental Rights under COPPA

Under COPPA (16 CFR §312.6), parents/guardians have the right to:

  • Review information collected from their child by viewing the Report section and Family section within the App.
  • Delete their child's information by using Family → “Delete all data”, which removes all local and cloud data. When a member leaves a group, their reports are automatically deleted from the cloud.
  • Refuse further collection by disabling the Family feature or Crashlytics individually from the App's Settings, or by uninstalling the App.
  • Withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

Complaints and inquiries:

  • US residents: Federal Trade Commission — ftc.gov

For all requests: privacy@matematt.app — we respond within 30 days.

11. Security

Transit and at-rest security: data transmitted to Firebase is protected by TLS/HTTPS connections. Firestore security rules restrict access to authenticated devices belonging to the same family group only. Sensitive local data is encrypted via EncryptedSharedPreferences (AES-256-GCM) with a master key stored in the Android hardware Keystore.

Parent area protection: parent sections can be protected by a 4-digit parental PIN (PBKDF2-HMAC-SHA256 hash with 100,000 iterations and 16-byte random salt), with recovery via a mathematical challenge and progressive rate limiting (lock-out after 3 failed attempts).

Automatic lock-out on background: when the app is sent to the background while a protected screen is active, the parent area locks automatically. Upon returning to the foreground, the app requires the PIN again before displaying any protected content.

Screenshot protection (FLAG_SECURE): protected screens are marked with Android's FLAG_SECURE flag, which prevents screenshot capture, hides content from the Recent Apps screen, and blocks screen recording. The flag is active only on parent area screens.

Production logging: all logging calls (android.util.Log) are automatically stripped from production builds via ProGuard/R8.

12. California Residents (CCPA/CPRA)

For California residents, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide additional rights regarding personal information. We confirm that:

  • We do not sell personal information of any user, including children.
  • We do not share personal information for cross-context behavioral advertising.
  • We do not use sensitive personal information for purposes beyond those disclosed in this policy.
  • The App collects only the minimal technical data described in § 4, and no data that would constitute “personal information” under the CCPA for children's profiles.

13. Regulatory Compliance

This policy is drafted in accordance with:

  • COPPA (15 U.S.C. §§ 6501-6506; 16 CFR Part 312) — Children's Online Privacy Protection Act
  • CCPA/CPRA (Cal. Civ. Code §§ 1798.100–1798.199.100) — as applicable
  • Google Designed for Families program requirements
  • GDPR (EU Reg. 2016/679) — applicable to EU data subjects

14. Changes to This Policy

In case of material changes, we will update the revision date at the top of this document. If a change requires renewed consent, the App will display the consent screen again.

15. Contact

For any privacy-related questions or to exercise the rights listed in § 10:

Online policy: https://app-android-matematt.web.app/privacy.html
Email: privacy@matematt.app
Subject: “Privacy MateMatt”
Developer: Davide Sironi, Italy (EU)

1. Responsable del tratamiento

La aplicación MateMatt (“la App”) ha sido desarrollada y distribuida por Davide Sironi, desarrollador independiente, con sede en Italia (“nosotros”, “el Desarrollador”).

Contacto de privacidad: privacy@matematt.app

Las solicitudes relativas a datos personales se procesan en un plazo de 30 días.

2. Principio de diseño

MateMatt está diseñada según el principio de Protección de Datos desde el Diseño y por Defecto (Privacy by Design, Art. 25 RGPD). La tutela de la privacidad de los menores es un elemento fundamental de la arquitectura de la app, no un cumplimiento añadido. Cada función se diseña preguntándonos primero: “¿Qué datos podemos NO recoger?”

  • No requiere correo electrónico, teléfono ni datos de contacto.
  • No recoge nombre real, apellidos, fecha de nacimiento ni ubicación.
  • No contiene publicidad de ningún tipo.
  • No perfila a los usuarios con fines comerciales.
  • No vende ni comparte datos con terceros para marketing.
  • No utiliza herramientas de rastreo analítico (ningún Firebase Analytics o similar).

3. Destinatarios y consentimiento parental

La App está destinada a niños de 6 a 11 años, utilizada bajo la supervisión directa de un padre, madre o tutor legal. El padre/madre/tutor es responsable de la instalación, configuración y uso de la App por parte del menor.

La App no está destinada a ser utilizada de forma autónoma por menores sin el consentimiento y la supervisión de un adulto.

Al primer inicio, el padre/madre debe aceptar explícitamente la presente política antes de que se active cualquier servicio cloud. Sin el consentimiento del padre/madre, la app no inicia ninguna conexión de red (excepto la descarga de la propia app).

De conformidad con el artículo 7 de la LOPDGDD (Ley Orgánica 3/2018), el tratamiento de datos de menores de 14 años requiere el consentimiento del titular de la patria potestad o tutela.

Este mecanismo cumple con el Art. 8 RGPD (consentimiento parental para servicios de la sociedad de la información ofrecidos a menores) y la regla COPPA de “verifiable parental consent” (16 CFR §312.5).

4. Datos tratados y base jurídica

4.1 Datos almacenados en el dispositivo (offline)

DatoFinalidadBase jurídica
Avatar y apodo aleatorio (ej. “León 42”, generado por la app)Visualización de perfil y personalizaciónEjecución del contrato (Art. 6.1.b)
Resultados de ejercicios y progresosInformes locales para el padre/madreEjecución del contrato
Tareas guardadas y códigosReproducción de tareas asignadasEjecución del contrato
Saldo de MatCoinsSistema de recompensas educativoEjecución del contrato

Estos datos nunca abandonan el dispositivo y se eliminan con la desinstalación de la App.

4.2 Función Familia (opcional — requiere activación explícita del padre/madre)

La función Familia permite al padre/madre asignar tareas y recibir los resultados del menor desde un segundo dispositivo. Esta función es completamente opcional y debe ser activada deliberadamente.

Al registrar al menor en la Función Familia, el adulto que realiza el registro declara ser el padre, madre o tutor legal con plena capacidad para prestar dicho consentimiento. En caso de titularidad compartida de la patria potestad (por ejemplo, en situaciones de separación o divorcio), ambos progenitores deberían prestar el consentimiento, aunque bastará con que lo haga aquel que conviva habitualmente con el menor.

Cuando se activa, se utilizan los siguientes servicios de Google Firebase:

DatoFinalidadProtecciónConservación
Tareas asignadas (tasksJson)Transmisión al dispositivo del menorCifrado AES-256-GCMHasta eliminación por parte del owner
Informes de resultados (avatar anónimo, detalles de ejercicios, errores)Transmisión al padre/madreCifrado AES-256-GCM90 días, luego eliminación automática
Metadatos no sensibles (puntuación, intentos, fecha)Vista previa en la lista de informesEn claro90 días
UID anónimo de Firebase (generado sin correo ni contraseña)Autenticación técnica del dispositivoSeudonimizadoHasta revocación del consentimiento o eliminación de datos desde la app
UUID aleatorio del dispositivo (generado localmente)Identificación en el grupo familiarSeudonimizadoHasta desinstalación

Base jurídica: consentimiento explícito del padre/madre (Art. 6.1.a RGPD), recogido al primer inicio de la app.

No se requiere ni se recoge ningún dato identificativo directo (nombre real, correo electrónico, número de teléfono, dirección) para la función Familia.

4.3 Informes de errores técnicos (Crashlytics)

La App utiliza Firebase Crashlytics (Google), activado exclusivamente tras el consentimiento explícito del padre/madre. En caso de error se envían:

  • Tipo de dispositivo y versión del sistema operativo Android
  • Versión de la App y traza técnica del error (stack trace)
  • Marca de tiempo del error

No se envían nunca datos personales, resultados de ejercicios, nombres ni identificadores del menor. Esto se enmarca en la excepción de “soporte a operaciones internas” según COPPA (16 CFR §312.2).

Base jurídica: consentimiento explícito del padre/madre (Art. 6.1.a RGPD).

5. Cifrado de extremo a extremo

Todos los datos sensibles transmitidos al cloud en la función Familia están protegidos por cifrado de extremo a extremo AES-256-GCM:

  • La clave de cifrado del grupo (GroupKey AES-256) se genera en el dispositivo del padre/madre.
  • La GroupKey se distribuye a los miembros del grupo mediante criptografía asimétrica RSA-2048 OAEP (SHA-256, MGF1-SHA1).
  • En reposo, la GroupKey se almacena cifrada (wrapped) con una master key AES-256 en el Keystore hardware del dispositivo Android.
  • La GroupKey nunca se transmite en texto plano y no es accesible para el proveedor del servicio cloud (Google).
  • Ni siquiera con acceso directo a la base de datos Firestore es posible leer los datos sensibles.

6. Servicios técnicos de terceros

ServicioProveedorRol RGPDFinalidad
Firebase AuthenticationGoogle LLCEncargado (Art. 28)Autenticación anónima
Cloud FirestoreGoogle LLCEncargado (Art. 28)Sincronización de datos familiares
Firebase CrashlyticsGoogle LLCEncargado (Art. 28)Informes de errores técnicos

La App no utiliza Firebase Analytics, Google Analytics, Google AdMob, ni ninguna otra forma de publicidad, rastreo de comportamiento o perfilación.

7. Datos de menores — protección especial

De conformidad con el Reglamento General de Protección de Datos (RGPD, Reg. UE 2016/679), la Ley Orgánica 3/2018 de Protección de Datos Personales y garantía de los derechos digitales (LOPDGDD), el Children's Online Privacy Protection Act (COPPA) y el UK Age Appropriate Design Code, adoptamos las siguientes medidas específicas para la protección de menores:

  • No recogemos conscientemente datos personales directos (nombre completo, correo electrónico, dirección, número de teléfono) de menores de 13 años (COPPA) o de 14 años (LOPDGDD, Art. 7).
  • El nombre del jugador es generado aleatoriamente por la app (ej. “Delfín 42”, “León 15”) y no se asocia a ninguna cuenta o perfil en línea. El usuario no introduce datos identificativos reales.
  • La función Familia es accesible desde la sección Padres, protegida por el área de adultos, y presupone que es el padre/madre/tutor quien la activa.
  • Las secciones de padres (informes, tareas, códigos, familia) pueden protegerse con un PIN parental de 4 dígitos para impedir el acceso autónomo por parte del menor. El PIN se guarda localmente como hash PBKDF2-HMAC-SHA256 (100.000 iteraciones, salt aleatorio de 16 bytes) y, si la función Familia está activa, se sincroniza en el grupo con cifrado AES-256-GCM.
  • Bloqueo automático: cuando la app pasa a segundo plano desde una pantalla protegida, el área de padres se bloquea automáticamente y al regresar se solicita nuevamente el PIN. Esto impide que un menor acceda al área de padres simplemente retomando el dispositivo.
  • Protección contra capturas de pantalla: las pantallas protegidas (informes, tareas, códigos, familia, ajustes) están marcadas con FLAG_SECURE de Android, que impide capturas de pantalla, grabación de pantalla y oculta los contenidos en la pantalla de Recientes del dispositivo.
  • El menor no puede crear grupos, invitar miembros ni acceder a configuraciones de red.
  • No utilizamos publicidad comportamental ni SDKs de terceros orientados a la perfilación.
  • Los datos en Firestore no contienen información identificativa directa del menor.
  • La App no contiene contenidos inapropiados, compras dentro de la app ni enlaces externos.

Responsabilidad del padre/madre/tutor: al instalar y configurar la App, el padre/madre/tutor expresa su consentimiento al tratamiento de los datos técnicos descritos en esta política en nombre del menor.

8. Transferencia internacional de datos

Los servicios Firebase (Google LLC) operan sobre infraestructuras globales con servidores primarios en Estados Unidos y Europa. La transferencia de datos a Estados Unidos está cubierta por el EU–US Data Privacy Framework (DPF), al que Google LLC se adhiere (decisión de adecuación de la Comisión Europea del 10 de julio de 2023).

Independientemente del lugar de almacenamiento, los datos sensibles de la función Familia están cifrados de extremo a extremo y no son legibles ni por el proveedor del servicio cloud ni por terceros.

Para más información: Google Data Processing Terms.

9. Conservación de los datos

DatoConservación
Datos locales en el dispositivoHasta la desinstalación de la App
Informes de tareas en Firestore90 días desde la creación, luego eliminación automática
Grupo familiar y tareas en FirestoreHasta eliminación por parte del usuario; datos huérfanos eliminados en un plazo de 90 días
UID anónimo de FirebaseHasta revocación del consentimiento o eliminación de datos desde la app
Datos de Crashlytics90 días (política de Google)

10. Derechos del padre/madre/tutor

El padre/madre/tutor puede en cualquier momento:

  • Acceso (Art. 15 RGPD): consultar los resultados en la sección Informes de la app y los datos del grupo en la sección Familia.
  • Rectificación (Art. 16 RGPD): modificar el perfil y el avatar a través de la app.
  • Supresión (Art. 17 RGPD): eliminar todos los datos (locales y cloud) desde la sección Familia → “Eliminar todos los datos”. Cuando un miembro abandona el grupo, sus informes se eliminan automáticamente del cloud.
  • Limitación (Art. 18 RGPD): solicitar la limitación del tratamiento escribiendo a privacy@matematt.app.
  • Portabilidad (Art. 20 RGPD): los informes de tareas pueden archivarse localmente en el dispositivo antes de abandonar el grupo.
  • Oposición (Art. 21 RGPD): oponerse al tratamiento escribiendo a privacy@matematt.app.
  • Revocación del consentimiento (Art. 7.3 RGPD): desactivar individualmente Crashlytics o la función Familia desde los Ajustes de la app, o eliminar todos los datos. La revocación no afecta a la licitud del tratamiento basado en el consentimiento previo a la revocación.

Reclamaciones ante la autoridad de control:

  • Residentes en España: Agencia Española de Protección de Datos (AEPD), C/ Jorge Juan 6, 28001 Madrid — aepd.es
  • Residentes en la UE: Garante per la Protezione dei Dati Personali — garanteprivacy.it
  • Residentes en el Reino Unido: Information Commissioner's Office — ico.org.uk
  • Residentes en EE.UU.: Federal Trade Commission — ftc.gov

Para todas las solicitudes: privacy@matematt.app — respondemos en un plazo de 30 días.

11. Seguridad

Seguridad en tránsito y en reposo: los datos transmitidos a Firebase están protegidos mediante conexiones TLS/HTTPS. Las reglas de seguridad de Firestore limitan el acceso a los dispositivos autenticados pertenecientes al mismo grupo familiar. Los datos sensibles locales están cifrados mediante EncryptedSharedPreferences (AES-256-GCM) con clave maestra en el Keystore hardware de Android.

Protección del área de padres: las secciones de padres pueden protegerse con un PIN parental de 4 dígitos (hash PBKDF2-HMAC-SHA256 con 100.000 iteraciones y salt aleatorio de 16 bytes), con recuperación mediante desafío matemático y limitación progresiva de intentos (bloqueo tras 3 intentos fallidos).

Bloqueo automático en segundo plano: cuando la app pasa a segundo plano mientras está activa una pantalla protegida, el área de padres se bloquea automáticamente. Al volver a primer plano, la app solicita nuevamente el PIN antes de mostrar cualquier contenido protegido.

Protección contra capturas de pantalla (FLAG_SECURE): las pantallas protegidas están marcadas con el flag FLAG_SECURE de Android, que impide la captura de pantalla, oculta el contenido en la pantalla de Recientes y bloquea la grabación de pantalla. El flag está activo solo en las pantallas del área de padres.

Registros en producción: todas las llamadas de registro (android.util.Log) se eliminan automáticamente en las builds de producción mediante ProGuard/R8.

12. Conformidad normativa

Esta política ha sido redactada de conformidad con:

  • RGPD (Reg. UE 2016/679) — Art. 5 (principios), Art. 6 (bases jurídicas), Art. 8 (consentimiento de menores), Art. 13/14 (información), Art. 17 (supresión), Art. 25 (privacidad desde el diseño), Art. 28 (encargado del tratamiento)
  • LOPDGDD (Ley Orgánica 3/2018) — Art. 7 (consentimiento de menores)
  • COPPA (15 U.S.C. §§ 6501-6506; 16 CFR Part 312) — Children's Online Privacy Protection Act
  • UK Age Appropriate Design Code (Children's Code) — principios de minimización, transparencia y best interests of the child
  • UK Data Protection Act 2018 y UK GDPR

13. Modificaciones de esta política

En caso de modificaciones sustanciales de esta política, actualizaremos la fecha de revisión en la parte superior del documento. Si la modificación requiere un nuevo consentimiento, la app mostrará nuevamente la pantalla de consentimiento al usuario.

14. Contacto

Para cualquier consulta relativa a la privacidad o para ejercer los derechos del § 10:

Política en línea: https://app-android-matematt.web.app/privacy.html
Correo electrónico: privacy@matematt.app
Asunto: “Privacidad MateMatt”
Desarrollador: Davide Sironi, Italy (EU)