Legal

Privacy Policy

Package com.mbodnar.rssobserver — Last updated: 14 May 2026

This Privacy Policy describes what information the RSS Observer Android application (“App”) may process when you install and use it. RSS Observer is primarily a client application: it fetches RSS/Atom (and related) content from URLs you choose or that are bundled as defaults. The App does not require you to create an account with us, and we do not operate a central server that stores your reading list on our behalf as part of the App’s normal operation described here.


1. Who we are

The App is provided by Mykhailo Bodnar, Lviv, Ukraine. For privacy questions: anubys383@gmail.com.


2. Summary

  • Data we host: We do not receive or store your feeds, articles, or passwords on our own servers for normal operation as described in this policy.
  • Data on your device: Channels, items, filters, tags, and optional credentials are stored locally.
  • Network: The App contacts third-party sites and feed URLs you configure (and linked media).
  • Purchases: Google Play Billing processes payments; Google’s policies apply.
  • Notifications: If allowed, the App may show alerts about new items using on-device data.

3. Information the App processes

3.1 You provide or configure

  • Feed URLs and channel settings (titles, display options, filters, tags).
  • Optional HTTP credentials for protected feeds, stored with Android encrypted storage on the device — not sent to us.
  • Text or links shared into the App (e.g. Android Share) to add or discover a feed.

3.2 On the device

  • Article and feed content from servers you connect to.
  • Technical data for sync scheduling, cache, local database, and widget state.

3.3 Android features

The App may use internet access; cleartext traffic where feeds use http:// (see usesCleartextTraffic in the manifest); boot completed to reschedule background refresh; notifications (with permission on Android 13+); Google Play Billing; and on-device account APIs for feed grouping. See also section 4 for the permission list.


4. Permissions we request

The following permissions are declared in the App manifest for com.mbodnar.rssobserver. They are used only for the purposes described below.

Permission Why it is requested
android.permission.INTERNET Download RSS/Atom feeds and linked images or media from the URLs you configure (or defaults). Required for any online reading or refresh.
android.permission.RECEIVE_BOOT_COMPLETED Reschedule background feed refresh after you restart the device so updates continue on the schedule you expect.
android.permission.POST_NOTIFICATIONS On Android 13 and higher, show optional notifications about new articles when you grant notification permission and that feature is enabled.
com.android.vending.BILLING Use Google Play Billing to offer and validate in-app purchases (for example unlocking higher channel limits). Google processes payment data under its own policies.
android.permission.AUTHENTICATE_ACCOUNTS Work with the App’s on-device AccountAuthenticator service so feed groups can use Android’s account APIs. Accounts and feed data are handled on your device; we do not operate a sign-in server for the App.
android.permission.GET_ACCOUNTS Declared only for older Android versions (API level 22 and below, per manifest maxSdkVersion) for compatibility with legacy account-related APIs used alongside on-device feed grouping.
android.permission.MANAGE_ACCOUNTS Same scope as android.permission.GET_ACCOUNTS — legacy compatibility on API 22 and below only.

The App also declares a home-screen widget in the manifest. Updating the widget uses standard system widget delivery (APPWIDGET_UPDATE) and does not add a separate dangerous permission beyond what the table lists. Your device’s Settings → App info → Permissions screen shows the exact set granted on your OS version.


5. How we use information

Only to fetch, store, and display content you requested; run filters, tags, search, widgets, and notifications you enable; complete purchases through Google Play; and keep background work reliable after updates or reboots. We do not sell your personal information.


6. Third parties

Your device contacts publishers and hosts whose URLs you add (standard HTTP requests, including optional Authorization headers you configure). Google processes Play purchases. Optional Google or Firebase libraries in a given build may collect data under Google’s terms — review your release configuration.


7. Storage, retention, and deletion

Data stays on your device. Uninstalling normally removes the App’s private data. If Android backup is enabled for the App, eligible data may be included in device backup subject to your settings and Google’s rules.


8. Security

Feed credentials may be stored with AndroidX Security Crypto where implemented. HTTPS is used when the feed URL uses https://; http:// traffic is not encrypted between your device and the feed server.


9. Children’s privacy

The App is not directed at children under 13 (or the age required in your jurisdiction).


10. Your rights

Depending on your region, you may have rights regarding personal data. Most reading data exists only on your device or with third parties (Google, publishers). Clear app storage or uninstall to delete local data; use Google’s tools for Play-related data.


11. Changes

We may update this policy when the App or legal requirements change. The last-updated date at the top will be revised.


12. Contact

Mykhailo Bodnar
Lviv, Ukraine
Email: anubys383@gmail.com


This template is not legal advice. Have qualified counsel review the final text. A Ukrainian version is available in the project’s docs/PRIVACY_POLICY.md.