Privacy Policy

Vitamin T is a digital time-management app for Android and the Chrome browser. This document explains what data we collect, how it is used, and the rights you have over that data.

Effective April 19, 2026

Summary

  • • We only collect the data necessary to sync your settings across your devices.
  • We do not sell data, and we don't share with third parties for marketing.
  • • Data is stored on Firebase (Google), accessible only to you.
  • • You can delete your entire account from inside the app at any time.

1. Information we collect

Account information (when you sign in)

When you sign in with Google to use multi-device sync, we receive the email address and Google account identifier (Google UID) provided by Google Sign-In. Vitamin T does NOT access your contacts, email, Drive, or any other Google service — this data is only used to identify you and sync data across your own devices.

Block groups you create

The block groups you configure (name, list of apps / domains, mode, time limits, active hours, SHA-256 hashed group password) are synced via Firestore so they stay consistent across your devices. This data belongs to you — we do not read, analyze, or use it for any other purpose.

App usage data (on your phone)

To calculate shared quotas across devices, the app uses Android UsageStatsManager to measure how long you spend on apps in groups you chose. We only store the duration (in seconds, per day) — we do NOT record what you view, track keystrokes, or take screenshots. Data older than 60 days is automatically deleted.

Device identifier (random)

Each device generates a random string (e.g. android-a3c5b2f1) to distinguish devices during sync. This ID is not linked to IMEI, phone number, or any hardware identifier.

2. How we use the information

Multi-device sync

Block groups and usage durations sync through Firebase so you can configure on your computer (Chrome extension) and enforce on your phone, or the other way around. Quotas (e.g. 30 minutes/day for Facebook) accumulate across all devices signed into the same account.

Enforcing the rules you set

Vitamin T uses the permissions you grant to show a waiting / block screen when you open an app in a group you configured. The only purpose: helping you keep the commitments you set for yourself. We do NOT block any app outside your own list.

Our commitment with your data

We do NOT sell your data, do NOT share it with third parties for marketing, do NOT use your personal data to train AI models. In the future we may show advertising to sustain the free service — if so, we will notify you in advance and update this policy transparently.

3. Android permissions and how we use them

Usage access (PACKAGE_USAGE_STATS)

Lets the app measure how long you use apps in your block groups. We only read aggregate data (package name + foreground time), never the content.

Display over other apps (SYSTEM_ALERT_WINDOW)

Used to show the waiting / block overlay on top of the open app when you access an app in a block group. We do not record anything shown beneath the overlay.

Background service (FOREGROUND_SERVICE_SPECIAL_USE)

Lets the service check which app is in the foreground so blocking happens in time. The service only runs when you have at least one group enabled — if all groups are off, it stops. A transparent "Vitamin T is watching" notification is shown whenever the service runs.

Notifications (POST_NOTIFICATIONS)

Shows the notification that keeps the foreground service alive (an Android requirement). We do not send marketing notifications or reminder spam.

Ignore battery optimization (REQUEST_IGNORE_BATTERY_OPTIMIZATIONS)

Granted manually at your discretion. Keeps the service from being killed by the OS unexpectedly, so blocking stays reliable. You can disable it anytime from Android Settings.

4. Storage and security

Where data is stored

Synced data is stored on Firebase Cloud Firestore (project vitamin-t-0712, managed by Google). Firebase is certified against ISO 27001/27017/27018, SOC 1/2/3, and PCI-DSS standards. On-device data lives in SharedPreferences / chrome.storage.local and cannot be read by other apps.

Encryption

All connections to Firebase use HTTPS/TLS. The password you set to lock a group is SHA-256 hashed before storage — we never store raw passwords and cannot recover the original.

Access control

Firestore Security Rules allow authenticated users to read/write only their own data (users/{uid}/...). AZBrand staff do NOT access user Firebase accounts unless you request technical support.

5. Sharing with third parties

Google (Firebase & Sign-In)

Synced data is processed by Firebase (Google LLC) as our infrastructure provider. Processing is governed by the Google Cloud Data Processing Addendum and the Google Privacy Policy.

Current third parties

The current version of Vitamin T only sends data to Google (Firebase) — no analytics SDKs, ad SDKs, or third-party crash reporting. If we later integrate additional services (e.g. advertising, analytics), this section will be updated and you will be notified in-app before activation.

Legal requests

We only disclose data to government authorities when required by a lawful legal process under Vietnamese law or applicable international law.

6. Your rights

View and edit your data

You can view and edit all your group configurations directly in the app (Home tab) or Chrome extension. There is no "hidden" data you cannot see.

Delete account and data

In the app, open the Sign-in tab → "Delete account". This will: (1) delete all group configurations and usage history from Firebase; (2) delete your Firebase Auth account; (3) wipe local data on the device. Deletion is permanent and cannot be undone.

Export your data

You can request a copy of your data by emailing [email protected]. We'll send a JSON file containing all your data within 7 business days.

Sign out (without deleting)

Signing out only stops sync — your Firebase data remains, and local data stays so the app keeps working offline. Signing back in with the same account restores sync.

7. Children

Age

Vitamin T is not intended for children under 13. We do not knowingly collect data from children under 13. If you are a parent and believe your child has provided data without consent, please contact us — we will delete it promptly upon verification.

8. International users

Cross-border data transfer

Data is stored on Firebase (Google) servers that may reside in multiple global regions. Processing complies with the GDPR (European Union), CCPA (California), and Vietnam Decree 13/2023/ND-CP on personal data protection.

EU users

Under the GDPR, you have the right to access, rectify, delete, object to processing, and lodge a complaint with your data protection authority. Contact us by email to exercise these rights.

9. Policy changes

Updates

This policy may be updated when app features or legal requirements change. New versions will be posted on this page with a new effective date. Material changes will be announced in-app before they take effect.

10. Privacy contact

For questions, data export / deletion requests, or to report a security issue, please contact:

AZBrand
82 Tung Thien Street, Tung Thien Ward, Hanoi, Vietnam
[email protected]+84 975 121 596

We respond within 3 business days. Data deletion requests are processed within 7 days.

© 2026 AZBrand. This policy complies with the Google Play Developer Program Policies, Vietnam Decree 13/2023/ND-CP on personal data protection, and international standards GDPR / CCPA.