Privacy Policy
Last updated: March 8, 2026
MiniApps ("we", "us", or "our") operates the CakeDay mobile application
(the "App"). This Privacy Policy explains what information we collect, how we use it, and
the choices you have.
1. Information We Collect
1.1 Information You Provide
- Contacts & Events. The App lets you store birthdays, anniversaries,
and other events. This data is stored locally on your device in an SQLite database and,
if you choose to enable sync, in your personal cloud storage.
- Account Information. If you sign in with Google, we receive your name,
email address, and profile picture from Google solely for authentication purposes.
1.2 Information Collected Automatically
- Analytics Data. We use Google Firebase Analytics to
collect anonymous usage data such as screen views, feature usage, and general
interaction patterns. This helps us understand how the App is used and where to focus
improvements. Firebase Analytics may collect device identifiers, IP addresses (which
Google anonymizes), and general device information (OS version, device model, language).
- Crash Reports. We use Google Firebase Crashlytics to
automatically collect crash logs and diagnostic data when the App encounters an error.
This includes stack traces, device state, and device identifiers. No personal content
(such as your events or contacts) is included in crash reports.
- Purchase Information. If you purchase a subscription or one-time
upgrade, the transaction is handled entirely by Apple (App Store) or Google
(Google Play). We use RevenueCat to manage subscription status. We do
not have access to your payment details (credit card number, billing address, etc.).
2. AI-Powered Features
CakeDay offers optional AI-powered features (Ultra tier only), such as generating
personalized greeting messages. These features are powered by Google Gemini.
- When you use an AI feature, the App sends a minimal prompt to the Gemini API that may
include the recipient's first name, the occasion type (e.g. birthday, wedding), and your
chosen tone or style. No other personal data (contact details, phone
numbers, addresses, etc.) is sent.
- AI requests are made directly from your device to the Gemini API. We do not route them
through our own servers.
- We do not use your data to train AI models. Google's Gemini API data usage is governed
by
Google's
Gemini API Terms of Service.
- AI-generated content is provided as-is. You can review and edit any generated message
before sharing it.
3. Greeting Cards
CakeDay allows you to create and share greeting cards (Ultra tier only). When you create a
greeting card, the App generates a unique URL that you can share via messaging apps.
- How it works. The greeting card URL contains the card design selection
and your message text (encoded in the URL itself). When the recipient opens the link,
our server renders the card on the fly.
- No server-side storage. Our greeting card server is fully stateless. It
does not store your messages, card selections, or any personal data in a database. All
card data is contained within the URL.
- Automatic expiry. Greeting card links expire after 14 days for privacy.
After expiry, the link no longer displays the card or message.
- HMAC verification. Card URLs are cryptographically signed to prevent
tampering. Only URLs generated by the App are accepted by the server.
- Standard server logs. Like any web server, our hosting provider may log
IP addresses of visitors who open greeting card links. These logs are managed by our
hosting provider and are not used by us for tracking or analytics.
4. How We Use Your Information
- To provide and maintain the App's core functionality (storing and reminding you of
events).
- To improve the App through aggregated, anonymous analytics.
- To diagnose and fix crashes and bugs.
- To manage your subscription or purchase status.
- To generate AI-powered content at your request.
5. Data Sharing
We do not sell your personal data. We share data only with the following third-party services
that help us operate the App:
| Service |
Provider |
Purpose |
| Firebase Analytics |
Google LLC |
Anonymous usage analytics |
| Firebase Crashlytics |
Google LLC |
Crash reporting & diagnostics |
| Gemini API |
Google LLC |
AI-generated greeting messages |
| RevenueCat |
RevenueCat, Inc. |
Subscription & purchase management |
| Google Sign-In |
Google LLC |
Authentication |
| Greeting Card Server |
MiniApps |
Stateless rendering of shared greeting cards |
6. Data Storage & Security
- Event data is stored locally on your device. If you enable cloud sync, data is stored in
your personal cloud account.
- We use industry-standard security measures to protect data in transit (HTTPS/TLS).
- Our greeting card server renders cards on the fly but does not store any data (see
section 3). All other cloud services are provided by established third parties listed
above.
7. Data Retention
- Local data remains on your device until you delete it or uninstall the App.
- Firebase Analytics data is retained according to
Google's data retention policies (typically 14 months for
user-level data).
- Crashlytics data is retained for 90 days.
- AI prompts and responses are not stored by us after generation.
- Greeting card links expire automatically after 14 days.
8. Your Rights & Choices
- Delete your data. You can delete all local data by uninstalling the App
or using the in-app data management options.
- Opt out of analytics. You can limit ad tracking and analytics collection
through your device's privacy settings.
- Access & portability. Under GDPR, Swiss FADP, or similar
regulations, you may request access to, correction of, or deletion of your personal
data. Contact us at the address below.
9. Children's Privacy
The App is not directed at children under 13. We do not knowingly collect personal
information from children under 13. If you believe a child has provided us with personal
data, please contact us and we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant
changes by posting the new policy in the App or on our website. The "Last updated" date at
the top indicates the most recent revision.
11. Contact Us
If you have questions or concerns about this Privacy Policy, please contact us at:
Lukas Schulze
MiniApps
Isengrundstrasse 17
8134 Adliswil
Switzerland
Email: