This Privacy Policy describes how the BluTally mobile application ("BluTally," "we," "us," or "our") collects, uses, stores, and protects your information. We are committed to safeguarding your privacy and ensuring full transparency about how your data is handled.
By downloading or using BluTally, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.
2. Information We Collect
2.1 Scientific & Environmental Data
Soil and water measurement data
Bird species observations, counts, and behavioural notes
Plant phenology and vegetation cover observations
Bivalve (mollusc) species data and physical measurements
GPS coordinates from specimen observations and sampling points
Date and precise timestamps for all recorded observations
Photographic documentation of specimens and habitat (where provided)
2.2 Authentication & User Information
Email address and time-limited verification codes
Google account information, if you choose Google Sign-In
Biometric data (fingerprint) — processed exclusively on your device; never transmitted to our servers
Device information: model, manufacturer, and operating system version
2.3 Usage & Diagnostic Data
Crash logs and error reports
Feature usage statistics (aggregated and anonymized)
App version and session duration
This data is never linked to your personal identity.
3. Authentication
3.1 Methods
Email authentication using time-sensitive one-time codes
Google Sign-In via OAuth 2.0
Device fingerprint authentication using your device's secure enclave
3.2 Data Processing
Email verification codes expire immediately after use and are permanently deleted.
Fingerprint data is processed entirely on-device and never transmitted to our servers.
All tokens are encrypted in transit using TLS 1.2 or higher.
4. How We Use Your Information
4.1 Scientific Data
Compiling ecosystem datasets for long-term analysis
Supporting biodiversity conservation research
Generating visualizations and ecological analytics
Sharing anonymized data with verified research institutions under data-sharing agreements
4.2 User Data
Personal data is used only to authenticate accounts, provide support, send essential updates, and maintain app functionality. We do not use personal data for advertising or profiling.
5. Data Storage & Security
All data is stored on encrypted servers using AES-256 encryption at rest.
Scientific and personal data are maintained in logically separate, access-controlled environments.
All data in transit is protected using TLS 1.2 or higher.
Access to personal data is restricted to authorized personnel on a need-to-know basis.
We conduct regular security assessments and penetration testing.
6. Data Breach Notification
Upon a confirmed or suspected breach, we will immediately activate our incident response procedures and notify the relevant supervisory authority within 72 hours. Affected users will be notified directly without undue delay where a high risk to rights and freedoms exists.
7. Data Sharing & Disclosure
Anonymized scientific data may be shared with accredited research institutions under formal agreements.
We do not sell, rent, or trade personal data under any circumstances.
Data may be disclosed to comply with legal obligations or court orders.
8. Data Retention & Ownership
8.1 Data Ownership
All scientific and environmental data collected through BluTally — including field observations, species records, measurements, location data, and media — is and remains the exclusive property of BluTally. By submitting data, you acknowledge it is contributed to BluTally's ecosystem database. This ownership applies regardless of whether your account is active or deleted.
8.2 Account Deletion
Upon a valid deletion request, your personal identifiers (name, email, credentials) will be permanently removed within 30 days. However, all field data you submitted remains the property of BluTally and will be retained indefinitely — account deletion removes your identity only, not the scientific data.
Scientific observation data is retained indefinitely.
Personal account data is purged within 30 days of a confirmed deletion request.
Accounts inactive for 67 consecutive months will be archived with 30 days' notice.
9. Your Rights
You have the right to access, correct, delete, or export your personal data, and to opt out of non-essential communications. EU/EEA users have additional rights under GDPR including restriction of processing and the right to lodge a complaint with a Data Protection Authority.
Cloud infrastructure — bound by GDPR-compliant data processing agreements
12. International Transfers
Where data is transferred outside the EEA, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission.
13. Google Play Compliance
BluTally fully complies with Google Play Developer Program Policies. We request only permissions necessary for core functionality and provide clear explanations at runtime.
14. Policy Changes
Material changes will be communicated via email and in-app notification. Continued use after the effective date constitutes acceptance.
15. Contact
BluTally · DMS Electronics Pvt Ltd
Email: dev-team@dmselectronics.com
Subject: "Data Rights Request" — we respond within 30 days.