Privacy Policy

Last updated: May 28, 2026

Dozenflow (“we”, “our”, or “us”) provides tools for Android publishers to monitor and manage closed and internal testing. This Privacy Policy explains what information we collect, how we use it, and your choices when you use:

the Dozenflow Android application for organizers and testers (the “App”), package com.ground.proofflow;
the website at https://dozenflow.com and related pages (the “Site”);
our backend APIs that power the App, Site, and (when enabled by a publisher) telemetry from apps under test.

By using Dozenflow, you agree to this Privacy Policy. If you do not agree, do not use our services.

1. Summary

We help organizers monitor closed-test activity. We are not a tester marketplace and we do not sell your personal information.
Organizers sign in to create and manage tests, keys, and dashboards. We process account and test-management data needed to operate the service.
Testers usually install only the publisher’s app under test (“anyapp”) with the optional Closed Test SDK. That SDK sends technical session and usage signals designed without publisher-controlled personal identifiers in event payloads (see §3.3).
Aggregated statistics are available to organizers when testers use only anyapp. More detailed views may be available when a tester also uses the Dozenflow App and links activity to an account.
The Site may use analytics (Google Analytics 4, Yandex Metrika) as described in §3.5.

2. Dozenflow Android app — data categories (Google Play)

This section summarizes data processed by the Dozenflow App itself, to align with Google Play’s Data safety form. SDK telemetry from anyapp is controlled by the publisher embedding the SDK (see §3.3 and the publisher’s own Play listing).

Category	Collected?	Purpose	Shared?
Email address	Yes (if you sign in with email/password or Google)	Account creation, authentication, service messages	Service providers under contract; not sold
Name	Yes (from Google Sign-In profile, if provided by Google)	Display in account / organizer UI	As above
User IDs	Yes (account id, session tokens)	Authentication, security, associating tests with your account	As above
App interactions	Yes (actions in the App: tests, keys, settings you manage)	Provide and improve organizer/tester features	As above; organizers see test-related data they own
Device or other IDs	Yes (app-generated device id for sessions)	Keep you signed in, fraud prevention, rate limits	As above
Play Console verification data	Yes, if you connect Google Play (package name, verification status, Play account email used for verification)	Confirm you can manage the listed package	Processed with Google under Google’s policies
Location, financial, health, contacts, photos, SMS, etc.	No (not collected by the Dozenflow App for its core features)	—	—

Advertising: We do not use Dozenflow App data for third-party advertising or ad personalization. Optional: Data is encrypted in transit (HTTPS/TLS) to our servers.

3. Definitions

Term	Meaning
anyapp	The Android application being tested, where the publisher may embed the Closed Test SDK.
Organizer	A developer or publisher who creates and manages a closed test in Dozenflow.
Tester	A person who installs and uses anyapp (and optionally the Dozenflow App).
Closed Test SDK	Publisher-embedded library that reports sessions and events to our ingest API.
Publishable key	Project key (`pk_live_…`) for SDK ingest; we store only a hash of the full secret on our servers.

4. Information we collect

4.1 Organizer and tester accounts (App and Site)

When you sign in, we may process:

Email address and password (where email/password sign-in is enabled);
Google account identifiers and profile basics (email, name, profile picture) when you use Sign in with Google, as permitted by Google and your account settings;
Session and device tokens (access/refresh tokens, device id) to keep you signed in and protect accounts;
Security logs (timestamps, success/failure, coarse IP or user-agent where our infrastructure records them).

4.2 Test configuration and organizer content

Application package name (applicationId) and test metadata (name, status, quotas, dates, policies);
Publishable key metadata (prefix, status, hashes—not the full secret after initial display);
Package verification results when you connect Google Play Console;
Invite links, onboarding URLs, recruitment post text, and external links you provide;
Organizer-generated bind invites and deep links.

Recruitment posts created on the Site are stored on the Site backend and linked to a test id from our core API.

4.3 Telemetry from anyapp (Closed Test SDK)

When a publisher embeds the SDK in anyapp, the SDK may send to our ingest service:

Session lifecycle (start, foreground/background, heartbeat, end);
Named events and optional screen names for product analytics;
Technical build context (package name, version codes/names, signing certificate fingerprint where required);
A pseudonymous device id generated by the SDK for session continuity—not hardware serial numbers or advertising IDs as a substitute for that id.

Publisher contract: event properties must not contain personal data. Forbidden keys include (non-exhaustive): email, phone, passwords, tokens, precise GPS, street address, full name, government or health identifiers, hardware serials, and similar fields. We may reject non-compliant payloads.

4.4 Site: cookies, analytics, early access

Necessary cookies for sign-in sessions (site session cookie, device id cookie for token refresh);
Analytics (Google Analytics 4, Yandex Metrika): page views, referrers, coarse geography, device/browser type;
Early access waitlist: if you submit your email on the landing page, we store it on Dozenflow Site servers to notify you about product availability (not shared with Google Play as part of that form);
Support messages you send to us.

You can control cookies in your browser; blocking necessary cookies may prevent sign-in.

5. How we use information

Provide dashboards, test management, keys, and recruitment tools;
Ingest and aggregate closed-test telemetry from anyapp;
Authenticate users, prevent abuse, and enforce server-side policy;
Verify package ownership via Google Play–related flows;
Operate, maintain, and improve the App, Site, and APIs;
Send service-related messages (e.g. early access, security notices);
Comply with law and protect users and systems.

We do not sell personal information. We do not use SDK ingest data for third-party advertising.

With the organizer of a test you participate in—aggregated metrics where the product allows; additional detail when you use the Dozenflow App and binding links your activity to an account;
Service providers (hosting, email, analytics) under contracts requiring appropriate safeguards;
Google when you use Google Sign-In, Google Analytics, or Play-related verification (under Google’s policies);
Yandex when Site analytics (Metrika) is enabled (under Yandex’s policies);
When required by law or to protect safety and security;
Business transfers (merger, acquisition) with notice where legally required.

Publishers are independent controllers for their anyapp and for custom events within SDK rules.

7. Legal bases (EEA / UK)

Where GDPR or UK GDPR applies:

Contract — to provide services you request;
Legitimate interests — security, fraud prevention, service improvement, aggregated analytics;
Consent — where required for non-essential cookies or marketing emails;
Legal obligation — when we must retain or disclose data by law.

8. Retention and security

Account and test records while your account is active and for a reasonable period after closure;
Telemetry per our operational and backup schedules;
Early-access emails until you unsubscribe or request deletion.

We use encryption in transit, access controls, and hashed storage for publishable key secrets. No method of transmission or storage is 100% secure.

9. Your rights and choices

Depending on your location, you may have the right to access, correct, delete, export, object to, or restrict processing of your personal data, and to withdraw consent where processing is consent-based.

Request account and data deletion

To delete your Dozenflow account and associated personal data we hold (profile, tests you created, keys metadata, session data, and related server records):

Email groundspaceteam@gmail.com from the same email address used to sign in to the App (or state which Google account you used).
Use subject line Account deletion request and include your Dozenflow sign-in email.
We will verify your identity and delete or anonymize eligible data within a reasonable period (typically within 30 days), except where we must retain information for legal, security, or fraud-prevention reasons.

If you participated in a closed test only via a publisher’s anyapp (without a Dozenflow account), contact that publisher/organizer first; we can assist with pseudonymous SDK data tied to a test if you provide the test context.

For other privacy requests (access, correction, export), contact groundspaceteam@gmail.com.

10. International transfers

We may process data in countries other than your own. Where required, we use appropriate safeguards (e.g. standard contractual clauses) for transfers from the EEA/UK.

11. Children

Dozenflow is intended for developers and adults managing professional closed testing. We do not knowingly collect personal information from children under 16 (or the age required in your jurisdiction). Contact us if you believe we have done so inadvertently.

12. Third-party services

The Site and organizer links may point to third-party services (Telegram, Google Play, forms, etc.). Their privacy practices apply separately. The Closed Test SDK in anyapp is controlled by the publisher, who is responsible for Play Console policies and Data safety disclosures for anyapp.

13. Changes

We may update this policy. We will post the new version at this URL and update the “Last updated” date. Material changes may be communicated by email or in-app notice where appropriate.

14. Contact

Privacy: groundspaceteam@gmail.com
Website: https://dozenflow.com

If you use Dozenflow on behalf of a company, you are responsible for providing appropriate privacy information to your testers and for ensuring SDK use complies with applicable law and platform rules.