eNeighbor Privacy Policy
Last updated:
This Privacy Policy describes how Curlew Labs LLC (“Curlew Labs,” “we,” “our,” or “us”) handles information in connection with the eNeighbor™ mobile application (the “App”). Washington residents should also read our Consumer Health Data Privacy Policy, which describes additional rights and practices required by Washington’s My Health My Data Act. California residents can review the state-specific section below and our Your Privacy Choices page.
Information we collect
The App detects when a paired device is first used each morning. Examples of what we collect include:
- Device activity signals — a timestamped record indicating that the device has been used (for example, the App being opened or the device being unlocked). We record only that the event occurred; we do not record the content of any activity, which apps were used, or any other behavioral detail.
- Device reachability signals — a timestamped record indicating that your device is powered on and connected to a network, even when you have not used the App. On iOS, the operating system may wake the App for a background task or notify it when the device moves to a new area; we record only the timestamp and signal type. These are used to confirm that the device is reachable, not to infer user activity, and they do not satisfy the daily check-in. We also store the most recent reachability timestamp per device alongside the per-event records, so the neighbor notification path can be selected even after older event records have aged out.
- Daily check records — a record of whether a check-in was detected each day, used to track whether a notification should be sent and to display status to the paired contact.
- Account information — an email address and display name used to create an account and pair devices. We also record which authentication provider you used to sign in (Google or Apple), the timestamps when your account was created, last modified, and when you completed onboarding, and a record of which version of this Privacy Policy you accepted at sign-up along with the device platform on which you accepted it.
- Device characteristics and interaction information — information about your device and how it is interacting with eNeighbor, including language and timezone, used to localize notifications, schedule them at the correct local time, and diagnose whether the App can reliably receive background wakes and push notifications.
- Notification preferences — your preferred check-in time and related notification scheduling settings, stored so the App can send alerts at the right time.
- Firebase Installation ID — a per-install identifier issued by the Firebase SDK on your device. The App sends this identifier to our servers so that device-scoped data — signals, push-notification tokens, and per-install reliability state — can be joined to the same install. Pairing relationships are stored at the account level, not joined via this identifier. The Installation ID is replaced if the App is reinstalled.
- FCM device token — a token issued by Google Firebase Cloud Messaging that allows us to deliver push notifications to your device. This token is stored on our servers and updated automatically when it changes.
- Pairing relationships — the association between two paired neighbors, established explicitly by both users. This includes the invitation code used to initiate the pairing, the timestamp when the invitation was accepted, and a record of which version of this Privacy Policy was in effect when consent was given.
- Notification delivery records — for each notification the App sends, which type of notification it was (for example, a morning nudge or a neighbor alert), whether it was accepted by Firebase Cloud Messaging, whether your device confirmed delivery, and whether you tapped it. The notification text itself is generated from a fixed catalog of system messages and is not personalized.
- Data export audit records — when you request a copy of your data, we record that an export occurred so we can enforce request limits and investigate abuse.
- Network information — we record the IP address each request to our service comes from. We use this to operate and secure the service, including enforcing rate limits and investigating abuse such as repeated failed sign-ins or excessive automated requests. The IP address is not added to your account profile, and we retain these request logs for a limited period, as described in the Data retention section below. Our hosting provider, Cloudflare, also records request IP addresses in its own network logs as part of operating its edge.
We do not collect contacts, messages, photos, or any other personal content from your device. iOS may notify the App when the device moves to a new area so we can confirm the device is reachable, but the underlying location coordinates (latitude/longitude) are processed on-device only and are never stored on our servers or transmitted off your device.
What is required and what happens if you do not provide it. Your email address, authentication credentials, display name, and notification preferences are necessary to create an account, pair with a contact, and receive notifications. Device activity signals, reachability signals, the Firebase Installation ID, and the FCM device token are necessary for the App to do its core job. Without these, the App cannot operate and you will not be able to use it. Device interaction information helps us diagnose whether the App can reliably receive background wakes and push notifications; when it is unavailable, those diagnostics may be less complete. Crash and error reporting (described below) is collected by default; you can turn it off at any time from Settings → Privacy → Send diagnostic data, and the App remembers that choice across launches until you change it again or uninstall the App. We also store the current on/off state of this setting on our servers, with the time it last changed, so our support team can tell whether to expect diagnostic data from your device when investigating a problem. We store only whether the setting is on or off, not any extra diagnostic content.
How we use your information
We use the information described above to operate the App — specifically, to determine whether a device has been used by mid-morning and, if not, to send a notification to a paired neighbor. Reachability signals are used to tailor that notification: when a user’s device appears to be on but unresponsive, their neighbor is told the device is silent; when it is unreachable, the neighbor is told it cannot be reached. We keep limited delivery records so we can tell when notifications are not reaching their recipient and whether a device can reliably receive background wakes and push notifications. We collect limited technical diagnostics as described under “Crash and error reporting” below.
We also use your email address to send you messages about eNeighbor itself — for example, occasional reminders to check in or finish setting up, prompts to connect with a neighbor or turn on notifications, and product updates or service announcements. These are our own first-party messages about the App; we do not use your information for advertising, profiling, or any third-party marketing, and we do not share your email address with anyone for their own marketing. You can opt out of these product and engagement emails at any time using the unsubscribe link in any such message or by emailing support@curlewlabs.com. Even if you opt out, we will still send the essential account, security, and legal notices we need to operate your account.
Why we process your data
We process your personal data for the following reasons:
- To provide the App’s core service — processing account, pairing, notification preference, device activity, reachability, push-token, daily check, and notification delivery information is necessary to deliver eNeighbor to you.
- To maintain and improve the App — we process optional device interaction information and limited technical diagnostics (crash reports and anonymous app-performance measurements) to keep the service reliable and improve performance. This information is limited and diagnostic in nature.
- To keep the service secure and operational — we process limited technical information, including the IP address that requests to our service come from (recorded in our request logs), to operate the service, enforce rate limits, and protect the App and its users from abuse. We rely on our legitimate interest in the security and integrity of the service.
- To tell you about eNeighbor — we use your email address to send product and engagement messages about the App (check-in reminders, setup and pairing prompts, notification nudges, and occasional service updates). We rely on our legitimate interest in keeping you engaged with a safety tool you signed up for, and you can opt out of these messages at any time without affecting your account. Essential account, security, and legal notices are sent separately as part of operating your account.
- With your consent — at sign-up, you give explicit consent to our processing of your data under this Privacy Policy by affirming that you are 18 or older and accepting these terms before you can complete account creation. Separately, when two users agree to pair as neighbors, each consents to the relationship and independently controls whether their own daily activity status is shared with the other. You may withdraw the pairing consent at any time by removing the pairing in the App, or withdraw account-level consent by deleting your account.
- With extra care for health-related information — to the extent any data we process about you could be considered health-related (for example, patterns of device activity that may indicate your physical well-being), we treat it with additional sensitivity and process it only under your explicit consent obtained in the App: first at sign-up, where you must affirm that you are 18 or older and accept this Privacy Policy and the Terms of Service before you can complete account creation, and again when you accept a pairing invitation. You can withdraw this consent at any time by removing the pairing or deleting your account.
Information sharing
We do not sell, rent, or share your personal information with third parties, except as follows:
- Between paired users — activity status is shared between two paired neighbors at each user’s direction, as the core function of the App.
- Service providers — we may use third-party services (such as Google Firebase for authentication, push notifications, and crash reporting, and Cloudflare for cloud hosting) to operate the App. These providers process data only on our behalf and are contractually prohibited from using it for any other purpose.
- iOS push delivery (Apple Push Notification service) — when notifications routed by Google Firebase Cloud Messaging are delivered to iOS devices, the alert payload (which can include check-in / non-response status) passes through Apple infrastructure on the final hop. APNs operates under Apple’s own iOS Developer Program License Agreement and Apple Privacy Policy rather than a Curlew Labs data-processing agreement, the same way every iOS app delivers push notifications.
- Android install referral (Google Play) — if you install the App on Android from an invite link, your invitation code may be passed to Google Play as the Play Store install referrer, so the freshly installed App can pre-fill it (you still choose whether to pair). Google Play receives the code under the Google Play Developer Distribution Agreement and Google’s own privacy policy rather than a Curlew Labs data-processing agreement, the same install-referral channel every Android app uses.
- Legal requirements — we may disclose information if required to do so by law or in response to valid legal process.
Data retention
We retain your data for the following periods:
- Client signals (device activity records) — up to 90 days, then automatically deleted.
- Daily check records (whether a check-in was detected each day) — up to 30 days, then automatically deleted.
- Notification delivery records — up to 30 days, then automatically deleted.
- Data export audit records — retained as long as your account is active, then deleted when your account is deleted.
- Account information, device characteristics and interaction information, notification preferences, pairing relationships, and invitation records — retained for as long as you maintain an account. When you delete your account in the App, we delete the app data we control right away and also try to remove the associated Firebase authentication account.
- Email unsubscribe records — if you ask to stop receiving our announcement or update emails, we keep a minimal record of your email address and that you opted out, so that we can honor your request and not email you again. Unlike the account data above, we keep this record even after you delete your account — retaining it is what lets us continue to respect your unsubscribe request — and we use it for nothing else.
- Device identifiers and tokens — the Firebase Installation ID and the FCM device token are retained as long as your account is active. Tokens are updated automatically when your device issues a new one. Both are deleted when your account is deleted.
- Crash reports — retained by Google Firebase Crashlytics per their standard retention policy (90 days).
- Diagnostic-data setting state — whether your Send diagnostic data setting is on or off, and the time it last changed, retained for the life of your device record and deleted when you delete your account.
- App performance measurements — the anonymous, aggregate performance samples described under “App performance measurements” below are retained in our analytics system for up to about three months, then age out. Because they are not linked to your account or any device identifier, they are not part of per-account deletion or export.
- Server and abuse logs — we keep operational logs of requests to our service for up to 90 days, after which they are automatically deleted. These logs are used for security, abuse prevention, and debugging, and record the request path and outcome, the IP address the request came from, and — for signed-in requests — your account identifier. IP addresses recorded in these logs are not added to your account profile. Our hosting provider, Cloudflare, separately retains its own request logs under its own retention schedule as part of operating its network.
- Backups — we keep secured backups of our database for disaster recovery, automatically deleted after 90 days. The retention periods above describe our active systems; when data is deleted there — including when you delete your account, which we action right away — residual copies remain in these backups until they age out. We do not use backups to restore deleted accounts or data; if we ever restore one for disaster recovery, we re-apply any deletions that completed after that backup was taken.
You may request deletion of your account and the associated app data we control at any time (see “Your rights” below). The one exception is the email unsubscribe record described above, which we keep only as needed to honor your opt-out, even after your account is deleted.
Children's privacy
The App is intended for adults. We do not knowingly collect information from children. Under the U.S. Children's Online Privacy Protection Act (COPPA), we do not knowingly collect information from anyone under the age of 13 without verifiable parental consent. If we become aware that we have collected information from a child below the applicable age threshold, we will delete it promptly.
Security
We take reasonable technical and organizational measures to protect your information. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.
Crash and error reporting
Unless you turn it off in Settings → Privacy → Send diagnostic data, the App collects diagnostic information when errors occur, including error details, device model, operating system version, your Firebase user identifier (used to group reports by user), and a recent-event breadcrumb trail. App-side Dart breadcrumbs — which record which screens you navigated to, foreground notification titles the App received, and App lifecycle events leading up to the crash — are capped at 200 events per session by the App before they reach Crashlytics. Direct wire-correlation and native diagnostic breadcrumbs emitted from the main App — per-request breadcrumbs on every outbound API call from the App's Dart code, its native Android code, and its native iOS code in the main App process, each carrying a request correlation ID and the HTTP method and endpoint path; and the main App's native iOS background-task and reliability diagnostic breadcrumbs from the main App process (background-task lifecycle markers, push and request correlation IDs, signal-type codes, HTTP status codes, and OS-reported error descriptions from background upload attempts) — bypass that app-side cap and rely on Firebase SDK trimming. This data is processed by Google Firebase Crashlytics and is used solely to identify and fix bugs. Automatic crash reports do not include the contents of your messages, photos, contacts, or other personal content from your device. Crash and error diagnostics are uploaded to Google Firebase Crashlytics from the main App and, when you have diagnostic data collection turned on, from the iOS notification-service extension and the home-screen check-in widget as well; these run in separate operating-system processes but each reports the same kind of diagnostics under your diagnostic-data choice. When you turn that choice off, each stops uploading — the extensions on their next launch or wake, the same next-launch behavior described below for the main App. On iOS, wire-correlation breadcrumbs those processes record are also written to the Apple system log for on-device troubleshooting, which is readable only via a developer cable session. When you turn the toggle off, the main App immediately stops sending new error reports it explicitly records through an app-owned suppression that does not depend on the Firebase Crashlytics SDK's own timing. The main App's Firebase SDK automatic background crash collection continues to be subject to the SDK's published behavior: turning the toggle off persists your choice and the SDK takes effect on the next launch of the App, at which point any crash reports captured before the toggle that had not yet been sent are deleted so they cannot upload later if you turn the toggle back on. Your choice persists across launches. The in-app “Report a Problem” feature uses the same crash reporting channel, so it is also disabled while the toggle is off. To send a report, turn the toggle back on first. When the toggle is on and you submit a written description through “Report a Problem”, the text you type is included with the report.
App performance measurements
Unless you turn it off in Settings → Privacy → Send diagnostic data, the App occasionally measures how quickly certain operations perform — for example, how long the App takes to start up and decide which screen to show you — and sends a small, anonymous performance sample so we can find and fix slow spots. These measurements are taken on only a randomly selected fraction of App launches (a rate we control remotely and can turn down to none), and each sample contains only the measured timing, whether the operation succeeded, and coarse context such as your App version, device platform, and network type (for example, Wi-Fi or cellular). The samples are not linked to your account or to any device identifier — we cannot tie a performance sample back to you — and are used only in aggregate to understand typical performance across all devices. They do not include the contents of your messages, photos, contacts, or other personal content. This measurement rides the same Settings → Privacy → Send diagnostic data control as crash reporting, so turning that setting off stops it too.
Where your data is processed
We work with the following service providers, which may process data in different countries as part of their global infrastructure:
- Google Firebase (United States) — authentication, push notifications, and crash reporting.
- Cloudflare (global edge network) — cloud hosting and API delivery.
- Apple Inc. (Apple Push Notification service, United States) — delivery of user-facing push notifications to iOS devices, on the final hop after Google Firebase Cloud Messaging.
- Google Play (United States) — Android install referral: carrying an invitation code from an invite link across a fresh Play Store install.
These providers operate under their own privacy and security commitments. We work with providers that maintain strong industry-standard data protection practices. The Apple Push Notification service hop into iOS devices operates under Apple’s iOS Developer Program License Agreement and Apple’s own privacy policy, consistent with how every iOS app delivers push notifications.
Automated decision-making
The App does not engage in automated decision-making or profiling that produces legal or similarly significant effects. The only automated process is detecting whether a device has been used in the morning and sending a notification if it has not.
Your rights
You have the following rights regarding your personal data:
- Access — request a copy of the personal data we hold about you.
- Correction — request correction of inaccurate personal data.
- Deletion — request deletion of your personal data.
- Restriction — request that we limit how we use your data.
- Portability — receive your data in a structured, machine-readable format.
- Objection — object to processing of your data for purposes beyond providing the App’s core service.
- Withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at support@curlewlabs.com. We will respond within 30 days.
California residents
This section provides additional disclosures required by the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA”), for California residents.
Categories of personal information we collect. In the last 12 months we have collected the categories of personal information described under “Information we collect” above. Mapped to the CCPA categories, this includes: identifiers (email, account ID, device ID, FCM device token); internet or other electronic network activity information (timestamps of device activity and reachability signals, notification delivery records); device characteristics and interaction information used to localize notifications, schedule them, and diagnose App reliability; inferences from those signals only to the extent of determining whether a check-in occurred. We do not collect Social Security numbers, driver’s license numbers, government IDs, account credentials beyond what your authentication provider returns, precise geolocation, biometric information, or information about minors under 16 with knowledge.
Sources, purposes, and recipients. We collect this information directly from you and from your device when you use the App. We use it to operate the App as described above. We disclose it to the recipients listed in “Information sharing” — Google Firebase and Cloudflare as service providers acting on our behalf under data-processing agreements, the Apple Push Notification service for the iOS push delivery hop under Apple’s own terms, Google Play for the Android install-referral hop under Google’s own terms, and your paired contact at your direction.
We do not sell or share your personal information. We do not sell your personal information for monetary or other valuable consideration, and we do not share it for cross-context behavioral advertising, as those terms are defined under the CCPA. We have not done so in the prior 12 months.
Sensitive personal information. We do not use or disclose sensitive personal information for purposes other than those permitted by Cal. Civ. Code § 1798.121, so the “right to limit” that section creates does not apply to our processing.
Your CCPA rights. California residents have the right to:
- Know what personal information we have collected.
- Receive a copy of that information in a portable format.
- Request correction of inaccurate personal information.
- Request deletion of personal information we have collected.
- Be free from retaliation for exercising any of these rights — using the App will not be penalized for asserting them.
To exercise these rights, email support@curlewlabs.com or use the in-App “Download My Data” or “Delete Account” controls. We will verify your request by matching the email or account identifier on your request to the one on your account. We will respond within the timeframes required by the CCPA (generally 45 days, extendable once by 45 days when reasonably necessary). You may also designate an authorized agent to make a request on your behalf; we may require written authorization and verification of your identity.
See our Your Privacy Choices page for the same information in summary form.
Washington residents
Washington’s My Health My Data Act (RCW 19.373) gives Washington consumers additional rights with respect to certain “consumer health data”. Our Consumer Health Data Privacy Policy describes the categories of consumer health data we may process, the purposes for that processing, the third parties that receive it, and how Washington residents can exercise their rights of access, deletion, and consent withdrawal.
Changes to this policy
We may update this Privacy Policy as the App evolves. When we do, we will update the “Last updated” date at the top of this page. We encourage you to review this page periodically.
Contact
Curlew Labs LLC operates the App. To contact us about this Privacy Policy or how we handle your information, reach us at:
Curlew Labs LLC
300 Lenora St. #936
Seattle, WA 98121
Email:
support@curlewlabs.com