Privacy Policy

Last updated: 11 March 2026

This policy explains how Mission A ("we", "us", "the App") collects, uses, and protects your personal data in accordance with the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR).

1. Data Controller

Mission A
Switzerland
GDPR@mission-a.net

2. Data We Collect

Category	Data	Purpose	Legal Basis (GDPR Art. 6)
Account	Display name, email address, phone number	Authentication, identifying you to other mission members	Performance of contract
Authentication	Firebase Auth identifier, sign-in method used	Secure access to your account	Performance of contract
Mission content	Missions, chat messages, to-dos, polls, board items, expenses, settlements	Core App functionality	Performance of contract
Device tokens	Push-notification token, platform type	Delivering notifications you requested	Consent
Invitations	Invitee email or phone, invite status, expiration	Allowing you to invite others to missions	Legitimate interest
Analytics	Anonymous usage events collected by Firebase Analytics	Understanding App usage and improving the service	Legitimate interest

3. How We Use Your Data

Provide, maintain, and improve the App's features.
Authenticate your identity and secure your account.
Send push notifications about mission activity (when you grant permission).
Send invitation emails or SMS on your behalf.
Calculate and display expense settlements between mission members.
Aggregate anonymous analytics to improve the App.

4. Third-Party Services

We use the following third-party processors, all of which maintain their own GDPR-compliant data processing agreements:

Google Firebase (Authentication, Cloud Firestore, Cloud Messaging, Analytics) — data may be processed in the EU/US. See Firebase Privacy.
Google Sign-In — used only if you choose this sign-in method.

We do not sell, rent, or trade your personal data to any third party.

5. Data Retention

Account data: retained while your account is active. Deleted upon account deletion request.
Mission content: retained for the lifetime of the mission. When a mission is deleted by its admin, all associated data is removed.
Device tokens: overwritten on each app launch; stale tokens are removed automatically.
Analytics data: retained according to Firebase Analytics default retention (14 months), then automatically deleted.

6. Your Rights

Under the GDPR and FADP you have the right to:

Access — request a copy of your personal data.
Rectification — correct inaccurate data.
Erasure — request deletion of your data ("right to be forgotten").
Restriction — restrict processing in certain circumstances.
Portability — receive your data in a structured, machine-readable format.
Object — object to processing based on legitimate interest.
Withdraw consent — at any time, without affecting prior processing.

To exercise any of these rights, contact us at GDPR@mission-a.net. We will respond within 30 days.

7. Data Security

We use industry-standard security measures including encrypted connections (TLS), Firebase security rules, and hashed device identifiers. While no system is completely secure, we take reasonable steps to protect your data.

8. International Transfers

Your data may be transferred to and processed in countries outside Switzerland and the EEA (notably the United States) through our use of Firebase. These transfers are covered by Google's Standard Contractual Clauses and data processing terms.

9. Children's Privacy

The App is not directed at children under 16. We do not knowingly collect data from children under 16. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this policy from time to time. The "last updated" date at the top will reflect the most recent revision. Continued use of the App after changes constitutes acceptance of the updated policy.

11. Contact

For any privacy-related questions or requests:
GDPR@mission-a.net