# Security Policy

## Data Storage and Privacy

### Local Storage
All user data is stored locally on the device using SQLite:
- No cloud sync by default
- No external server communication (except optional news feed)
- Data encrypted at rest by iOS/Android OS security

### Permissions

#### iOS
- **Camera**: Take photos of pottery projects (optional, on-demand)
- **Photo Library**: Save and load project photos (optional, on-demand)

#### Android
- **Camera**: Take photos of pottery projects
- **Storage**: Read/write for photo management

All permissions are requested only when needed, not at app launch.

### Analytics

Analytics are **opt-in only** and disabled by default:
- When disabled: No data collection whatsoever
- When enabled: Only anonymous usage events (no PII)
- Events tracked: app opens, feature usage (see analytics.ts)
- No advertising identifiers or device fingerprinting

### Third-Party Services

Current implementation uses:
- **No analytics services** (prepared for Sentry/Amplitude if user opts in)
- **No ad networks**
- **No social login providers**
- **Optional news feed**: Fetches public JSON from CDN (read-only)

### Data Export

Users can export their data:
- Format: JSON (plain text)
- Contains: Projects, steps, custom glazes, photos (as file URIs)
- No encryption in export (user responsible for secure storage)

## Security Best Practices

### For Users
1. Keep your device OS updated
2. Use device lock screen (PIN/biometric)
3. Back up data regularly via export
4. Be cautious when sharing exported data (may contain personal notes)

### For Developers
1. Never commit API keys or secrets to repo
2. Review all dependency updates for vulnerabilities
3. Run `npm audit` regularly
4. Keep Expo SDK and React Native updated
5. Test permissions on both iOS and Android

## Reporting a Vulnerability

If you discover a security vulnerability:

1. **DO NOT** open a public GitHub issue
2. Email: security@potterydiaryapp.com (placeholder - replace with actual)
3. Include:
   - Description of the vulnerability
   - Steps to reproduce
   - Potential impact
   - Suggested fix (if any)

We will respond within 48 hours and work with you to resolve the issue.

## Compliance

### CCPA (California Consumer Privacy Act)
- **Data Collection**: Minimal (only with opt-in analytics)
- **Data Sale**: Never. We do not sell or share personal data.
- **User Rights**: Users can delete all data by uninstalling the app or via in-app data export/delete

### COPPA (Children's Online Privacy Protection Act)
- **Age Rating**: 4+ (content), but app not directed at children under 13
- **No Data Collection**: No PII collected from any users
- **Parental Controls**: Device-level restrictions apply

### App Store Requirements
- **Privacy Nutrition Label** (iOS):
  - Data Not Collected: Yes (if analytics disabled)
  - Data Linked to You: No
  - Data Used to Track You: No

## Changelog

### v1.0.0 (2025-01-15)
- Initial release
- Local-only data storage
- Opt-in analytics framework (not yet active)
- No third-party services

---

Last Updated: 2025-01-15