Sanjay Gangwar ("we", "us", "the developer") built mDevices as a freemium Android application. This privacy policy explains how the app collects, uses, stores, and protects your data.
The short version: mDevices is a personal device-management tool. It tracks the real-time location and status of the devices you personally own, signed in under your own account, and shows them on a single dashboard only visible to you. Location data is sent to our servers every 5 minutes so you can see where each of your devices is. We do not sell your data. Free-tier users see ads served by third-party ad networks; premium subscribers see no ads.
Data We Collect
Account information
- Authentication credentials — email address and hashed password (if using email sign-up), or profile information provided by Google Sign-In via Firebase Authentication.
- Subscription status — managed through RevenueCat to determine your Free or Premium tier.
Location data
mDevices collects precise GPS location data from each device you have signed in, including when the app is running in the background. This is the core functionality of the app. The following data is collected with each location update:
- Latitude and longitude — the precise geographic coordinates of the device.
- Accuracy — the GPS accuracy radius in meters.
- Timestamp — the date and time of each location reading.
- Battery percentage — the device's current battery level.
- Collection frequency — location data is collected and transmitted to our servers approximately every 5 minutes while the app is installed and background location permission is granted on the device.
- Foreground location — collected while you are actively using the app.
- Background location — collected when the app is not in the foreground, so your dashboard can always show the current whereabouts of your devices (for example, to help you find a lost phone).
- Location history — each device's recent location history is stored on our servers so you can review where a device has been.
Device data
- Device registry — a list of the devices linked to your account, with a user-assigned label (for example, "Work phone", "Tablet"), device model, OS version, and battery status.
- Push notification token — a Firebase Cloud Messaging (FCM) token used to deliver remote actions (for example, "Ring device" or "Locate device") to each of your devices.
Remote-action data
- Ring requests — when you tap "Ring" on the dashboard, the target device receives a notification and plays an alert sound so you can find it.
- Locate requests — when you tap "Locate" on the dashboard, the target device force-refreshes its current location and reports it to the server.
Advertising and diagnostic data
- Advertising identifiers — collected by third-party ad SDKs (Google AdMob, Facebook Audience Network) for free-tier users only. Premium users have no ad SDKs loaded.
How We Use Your Data
| Data | Purpose |
|---|---|
| Authentication credentials | Create and secure your account so only you can see your devices |
| GPS location (lat/lng, accuracy) | Show the real-time location of each of your devices on your dashboard |
| Location history | Allow you to review where each of your devices has been |
| Battery percentage | Display the battery status of each device on your dashboard |
| Device registry | Group all your devices under one account so you can see them together |
| FCM token | Deliver remote actions (ring, locate) and system notifications |
| Subscription status | Determine Free vs. Premium tier (ads vs. no ads) |
| Advertising identifiers | Serve ads to free-tier users |
Location Permissions
mDevices uses ACCESS_FINE_LOCATION, ACCESS_COARSE_LOCATION, and ACCESS_BACKGROUND_LOCATION permissions on each device to track that device's location continuously, including when the app is not in the foreground. Background location access is essential for the app's core purpose: letting you find a device that has been misplaced, lost, or left behind. Without background location, the dashboard would only show a device's location while you had the app open on that device.
You can control location access at any time on each device:
- To stop location tracking for a device: revoke location permissions from Android system settings on that device (Settings > Apps > mDevices > Permissions > Location), or set location permission to "Only while using the app" to stop background tracking.
- To remove a device from your account: remove it from within the dashboard. All future location updates from that device will stop, and the device will no longer receive remote actions.
- To delete your account entirely: contact us to request full account and data deletion.
Who Can See Your Devices
Your devices, their locations, and their history are visible only to:
- You, when signed into the mDevices app under your own account. mDevices does not support family or group sharing — every account has its own private device list.
- The developer, solely for debugging server issues if necessary (access is logged and restricted).
Your devices and location data are never visible to other mDevices users, and are never sold or shared with any third party for advertising, analytics, or any other purpose.
Data Storage and Security
Your location data and account information are stored on our privately hosted backend infrastructure:
- Backend: Node.js server with MongoDB database, hosted on our own private infrastructure — not on AWS, Google Cloud, or any third-party cloud platform.
- Data is transmitted over HTTPS (TLS encryption in transit).
- Server-side authentication is verified using Firebase Admin SDK on every request.
- Your data is not accessible to any third-party hosting provider because we do not use one.
- Passwords are never stored in plain text (handled by Firebase Authentication).
No method of electronic storage or transmission is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
Third-Party Services
The app integrates the following third-party services:
- Firebase Authentication — for user sign-in (email/password, Google). Firebase Privacy Policy.
- Firebase Cloud Messaging (FCM) — for push notifications (ring, locate, system messages). Firebase Privacy Policy.
- RevenueCat — for subscription management. RevenueCat receives your anonymised app user ID and purchase receipts. RevenueCat Privacy Policy.
- Google AdMob (free tier only) — serves ads and may collect device identifiers, IP address, and ad interaction data. Google Privacy Policy.
- Facebook Audience Network (free tier only) — serves ads and may collect device identifiers and ad interaction data. Meta Privacy Policy.
Premium subscribers have ad SDKs (AdMob and Facebook Audience Network) completely disabled — they are not loaded at all, so no data is collected by these services for premium users.
Data Sharing
We do not sell, rent, or trade your personal data, including your location data. Your data is shared only in the following limited circumstances:
- Third-party ad networks — advertising identifiers and ad interaction data are shared with AdMob and Facebook Audience Network for free-tier users only, solely for the purpose of serving ads. Device location data is never shared with ad networks.
- Legal requirements — if required by law, regulation, or legal process.
Data Retention and Deletion
- Local data is deleted when you uninstall the app or clear app data.
- Server-side location history and account data are retained as long as your account exists.
- You may request complete deletion of your account and all associated server-side data (including all device and location history) by contacting us at the email below. We will process deletion requests within 30 days.
- Removing a device from your account stops future location reporting from that device but does not retroactively delete location history already stored on the server. To delete all stored data, request full account deletion.
Children's Privacy
mDevices is intended for adults managing their own devices. We do not knowingly allow children under 13 to create accounts. If you believe a child has created an account without parental consent, please contact us so we can address it.
Your Rights
You have the right to:
- Access the personal data we hold about you, including your stored device list and location history.
- Request correction of inaccurate data.
- Request deletion of your account and all associated data (including all devices and location history).
- Revoke location and other permissions at any time via Android system settings on each device.
- Opt out of personalized ads via your device's ad settings.
Changes to This Policy
We may update this policy when features change. Any changes will be posted on this page with an updated "Last Updated" date. Continued use of the app after changes constitutes acceptance of the updated policy.
Contact
For questions or concerns about this privacy policy, contact:
Sanjay Gangwar
Email: contact@sanjaygangwar.dev
Website: sanjaygangwar.dev