Privacy Policy

Lobster Claw Software LLC ("we", "us") publishes HowdyForms. This policy explains what data the App handles, what stays on your device, and what may leave your device.

1. Your forms and leads stay on your device

Forms, leads, form logo and header images, tags, ratings, notes, local backup files, app PIN settings, and kiosk PIN settings are stored locally in your device's app sandbox. We do not host your forms or leads. If you uninstall the App, that local data is deleted with it unless you exported a CSV or backup file first.

2. Diagnostics and analytics are optional

On first launch we ask whether you want to share diagnostics and analytics. The App works the same whether you accept or decline. You can change your choice at any time in Settings > Diagnostics & Analytics.

If you accept, we use Firebase services to collect:

• Usage analytics via Firebase Analytics, such as screens visited, features used, app version, device model, and OS version. We do not send form content, lead content, names, email addresses, phone numbers, notes, tags, ratings, photos, CSV files, or backup files through analytics.
• Crash reports via Firebase Crashlytics, such as stack traces, crash timestamps, app version, device model, OS version, and related diagnostic identifiers.
• Performance metrics via Firebase Performance Monitoring, such as app launch time, screen render time, network request duration, response codes, payload size, app version, device model, OS version, locale, carrier or radio/network information, country derived from IP address, Firebase installation identifiers, and network URLs without URL parameters or request or response body content.

If you decline, these Firebase analytics, crash reporting, and performance services are disabled for your use of the App.

3. App PIN and kiosk PIN recovery by email

If you set an app PIN or kiosk PIN, you may provide a backup email address for PIN recovery. The backup email address is stored on your device. If you use the "Forgot PIN" flow, the App sends the destination email address, the PIN, and whether it is an app PIN or kiosk PIN to a Firebase Cloud Function so the recovery email can be sent through Resend. Resend receives the destination email address and the recovery email content to deliver that message. Resend's privacy policy is available at https://resend.com/legal/privacy-policy.

For security and abuse prevention, our Firebase Cloud Function logs may include the destination email address, the PIN type, request timestamps, delivery status, and error details. These server logs may be retained for up to one year. The App does not send your forms, leads, photos, CSV files, backup files, or notes through the PIN recovery flow.

4. Local backups, CSV export, and sharing

When you create a local backup, the backup file may include your SQLite database, forms, leads, folders, tags, ratings, notes, form logo and header images, backup email addresses, theme settings, custom colors, and dashboard preferences. Backup files do not include app PIN values, kiosk PIN values, telemetry consent choices, active kiosk session state, or feature-flag settings.

When you export leads to CSV, the CSV may include personal data entered into your forms, along with lead ratings, notes, and tags. When you tap "Export" or "Share", we hand the CSV or backup file to the operating system's standard share sheet. Where it goes next, such as email, AirDrop, Files, cloud storage, or another app, is entirely up to you. Nothing is transmitted to us by CSV export or local backup export.

5. Permissions we request

• Camera: only when you choose to take a photo for a form's logo or header image.
• Photo library: only when you choose to pick a logo or header image.
• Face ID, Touch ID, or device biometrics: only if you set an app PIN and enable biometric unlock. Biometric templates stay with the operating system. HowdyForms receives only a pass or fail result.

We do not access the camera, photo library, or biometrics in the background, and we do not upload photos you choose for form branding.

6. Third-party processors

We use Firebase for optional analytics, crash reporting, performance monitoring, and the PIN recovery Cloud Function. Firebase privacy information is available at https://firebase.google.com/support/privacy. We use Resend to deliver PIN recovery emails. Resend's privacy policy is available at https://resend.com/legal/privacy-policy.

7. Features not included in this version

This version of HowdyForms does not include ads, in-app purchases, subscriptions, account sign-in, cloud backup, or cloud sync.

8. Children

HowdyForms is not directed at children under 13. We do not knowingly collect data from children.

9. International users

Your form and lead content stays on your device unless you choose to export or share it. Firebase and Resend may process PIN recovery, diagnostics, analytics, crash, and performance data on infrastructure outside your state, province, or country.

10. Your rights

Because your forms and leads are stored locally, you control them in the App. You can view, export, back up, restore, edit, and delete your local data. You can revoke telemetry consent at any time in Settings > Diagnostics & Analytics. To ask about server-side PIN recovery logs or telemetry data associated with this App, contact us at the address below.

11. Changes

If we change this policy materially, we will update the "Last updated" date and, where appropriate, prompt you again in the App.

12. Contact

Privacy questions: info@lobsterclawsoftware.com