Google Play Console working draft
Data Safety Form — Ashoka Palace
Last updated: 22 June 2026
Account sign-in
Food ordering & delivery
Live delivery tracking
Push notifications
No ads
How To Use This Draft
This is a Play Console data-safety working form for the Ashoka Palace customer app (com.ashokpalace.eatery) and the Ashoka Driver app (com.ashokpalace.driver). It reflects current behaviour and should be reviewed before final submission. Two separate Play listings each need their own data-safety form — most answers are shared; differences are called out below.
Current Release Position
Does your app collect or share required user data types?
Yes — collected to run accounts, orders, and delivery. Not sold, and not shared with third parties for advertising.
Data types collected
Personal info — Name, Email address, Phone number,
and User IDs (account id);
Location — Precise location (optional, to fill the delivery address and for driver
delivery tracking);
App activity — App interactions and Other actions (cart, orders,
ratings/reviews);
and a Device push token for notifications. Purposes: App functionality
and Account management. Nothing is sold or used for ads.
Shared with third parties
No third-party sharing for advertising or sale. Data is processed by Google (Firebase / Cloud / Maps) acting as our service provider, and order/delivery details are shared with the restaurant and the assigned driver to fulfil the order.
Data deletion answer
Yes — users can request account and data deletion by email at teraflopspeedapps@gmail.com; an administrator can also disable/delete an account. Deletion info: https://www.thekemlowcapital.com/ashokapalace-privacy.html
Data encrypted in transit
Yes — all app ↔ server and provider traffic uses HTTPS/TLS.
Data Type Review — Current Build
| Google Play Category | Answer | Ashoka Notes |
|---|---|---|
| Personal info — Name | Collected | Provided at sign-up; used for your account and shown with your order to staff and the driver. |
| Personal info — Email address | Collected | Used as a login identifier and for account/order communication. Either email or phone is required. |
| Personal info — Phone number | Collected | Optional/alternative login identifier and contact for delivery. Either email or phone is required. |
| Personal info — User IDs | Collected | An internal account id and a push-notification token used to deliver order updates to your device. |
| Personal info — Address | Collected | Your delivery address (typed, saved, or filled from device location) is collected to deliver your order and shared with the assigned driver. |
| Location — Approximate location | Not collected | No approximate-location-for-ads use; there is no advertising SDK. |
| Location — Precise location | Collected | Customer app: optional one-time device location to auto-fill the delivery address ("Use current location"). Driver app: live GPS shared during an active delivery for tracking; stops when the delivery/shift ends. Used only for app functionality, never for ads. |
| Financial info | Not collected | Payment is cash or card-machine on delivery. The apps do not process online card payments and never see or store card/bank details. |
| App activity — App interactions | Collected | Cart, orders, order history, scheduled time, and in-app actions needed to take and fulfil orders. |
| App activity — Other actions | Collected | Ratings and reviews (food/service) and loyalty activity you choose to generate. |
| Messages | Not collected | No user-to-user chat. Order-status notifications are system messages from us to you, not collected user messages. |
| Photos / videos / audio / files | Not collected | The apps do not request or upload user media or files. |
| Contacts / Calendar | Not collected | No contacts or calendar access. |
| Health and fitness | Not collected | No health or fitness features. |
| App info and performance | Not collected | No crash-reporting/diagnostics SDK (e.g. Crashlytics) is active in the current build. |
| Device or other IDs | Collected | A Firebase Cloud Messaging push token (and identifiers used by Google Play services to deliver messaging) to send order notifications. Not an advertising ID. |
Purposes & Sharing
- Purposes: App functionality (orders, delivery, tracking, notifications) and Account management. No Advertising or marketing, and no third-party analytics for ads.
- Service providers (collection on our behalf): Google Firebase (Cloud Messaging, Hosting, Cloud Functions/Run, Firestore) and Google Maps Platform (maps + Directions routing). These are processors, not third-party recipients you would declare as "shared for advertising."
- Operational sharing: order, name, contact, and delivery address are shared with the restaurant/staff and the assigned driver to fulfil the order; the driver also receives the delivery PIN for hand-off.
- Optional WhatsApp Business alert: if the store enables it, order details are sent to the store's own WhatsApp number (a message to the business — not a data sale).
- Sold: No. Encrypted in transit: Yes. Deletion available: Yes.
Permissions Declaration Notes
| Permission | Purpose | Disclosure wording |
|---|---|---|
android.permission.INTERNET |
Reach the backend for menu, accounts, orders, tracking, notifications. | Ashoka Palace uses internet access to load the menu, place and track orders, and receive notifications. |
ACCESS_FINE_LOCATION / ACCESS_COARSE_LOCATION |
Customer: optional address auto-fill + map. Driver: delivery tracking. | Used (with your permission) to fill your delivery address and show delivery on a map; in the driver app, to share live location during an active delivery. |
ACCESS_BACKGROUND_LOCATION (driver app) |
Continue delivery tracking with the screen off. | Used only while a driver is on an active delivery so the customer can track it; not used otherwise. |
FOREGROUND_SERVICE / FOREGROUND_SERVICE_LOCATION (driver app) |
Run the delivery-tracking service reliably. | Runs a visible, user-aware service while delivering so location updates are not interrupted. |
POST_NOTIFICATIONS |
Show order-status and delivery notifications. | Ashoka Palace shows order updates (received, preparing, on the way, delivered). You can turn these off in settings. |
Submission Checklist
- Complete a data-safety form for both listings (customer and driver); mark precise-location background use and the foreground-service type on the driver listing.
- Declared types: Personal info — Name, Email, Phone, User IDs, Address; Location — Precise location; App activity — App interactions & Other actions; Device or other IDs (push token). No Financial info, Messages, Photos/Videos, Contacts, Health, or App performance.
- Purposes: App functionality and Account management only. Mark "Shared for advertising" = No; "Data sold" = No.
- Confirm "Yes" to encrypted in transit and "Yes" to data deletion, with the privacy-policy / deletion URL.
- Declare active SDKs/providers: Firebase Cloud Messaging, Firebase Hosting/Functions/Firestore, Google Maps Platform. No AdMob, no Analytics-for-ads, no Crashlytics, no online payment SDK in this build.
- Set the Play Console privacy-policy URL to https://www.thekemlowcapital.com/ashokapalace-privacy.html, and the support/contact email to teraflopspeedapps@gmail.com.
- Re-submit if you later add online card payments, SMS verification, third-party analytics, or cloud profile sync.