Izbu App – Privacy Details

01

What Izbu Does

Izbu is a historical events and facts application. It delivers calendar-based content packs — covering topics such as sports, science, and world history — allowing users to explore what happened on any given day throughout history.

Izbu does not require you to create an account, provide a name, phone number, or email address. Your identity within the app is represented solely by your device.

02

Data Collected

Device ID — A unique identifier for your device, used for authentication, session management, and rate limiting. No personal identity is attached to this value.
RSA Public Key — The public half of the key pair generated on your device, stored to verify future authentication requests. Your private key never leaves your device.
Push Notification Token — With your permission, a Firebase Cloud Messaging token is stored to deliver optional push notifications.
In-App Purchase Records — When you purchase a content pack, we store the platform (iOS or Android), the product ID, a SHA-256 hash of the receipt (not the raw receipt), and the transaction ID provided by Apple or Google. This is used solely to verify and restore your license.
Locale / Language — Your device's language and region preference, used to deliver content in the correct language.

03

What Izbu Stores

☁️ Cloud (Azure)

Device ID
RSA public key
FCM push token (if granted)
IAP transaction ID & product ID
Receipt hash (SHA-256 only)
Platform (iOS / Android)
Locale preference

📱 Device Only

RSA private key
Encrypted session token
Cached content for performance

🚫 Never Stored

Name or surname
Phone number or email
Password of any kind
Payment card details
Raw IAP receipts
Browsing or content history

04

Use of Your Data

To authenticate your device and issue session tokens
To verify and restore in-app purchases across reinstalls or device transfers
To deliver content in your preferred language
To send optional push notifications (only if permission is granted)
To enforce rate limits and protect service integrity
To improve app reliability and performance

05

Third-Party Services

🍎

Apple App Store

Validates iOS in-app purchase receipts. Receipt data is sent to Apple's servers for verification. We store only a hash of the receipt.

▶️

Google Play Billing

Validates Android in-app purchase receipts via the Google Play Developer API. Receipt data is sent to Google's servers for verification. We store only a hash of the receipt.

🔔

Firebase Cloud Messaging (Google)

Powers optional push notifications. A device token is registered with FCM only if you grant notification permission.

06

Consent & Control

Izbu requests explicit permission before sending push notifications. You may disable notifications at any time via your device settings.
Because Izbu has no account linked to personal identity, uninstalling the app removes all practical access to your device-bound data.
You may request deletion of server-side records associated with your device ID by contacting us at hello@crevolabs.com. Note that purchase records may be retained for the minimum period required by applicable law.

07

Security

We apply technical and organizational safeguards including encryption in transit and at rest, access controls, and cryptographic device binding. Your private key never leaves your device. No system is completely secure, but we work continuously to protect the data entrusted to us.

08

Contact

✉️

For questions about your data in the Izbu app, please contact:

hello@crevolabs.com

CrevoLabs OÜ, Sepapaja 6, Tallinn 15551, Estonia