Transparency Reports

821 days incident-free since launch (2024-01-19) — as of 2026-04-19

Every quarter, Saropa publishes a self-reported record of what happened with user data: government requests, breaches, takedown notices, and the third-party SDKs that touched data during the period. Aggregate user counts (installs, events, crashes) are deliberately not published — that's a growth-metrics conversation, not a transparency one.

This page runs forever. A report goes up for every quarter regardless of whether anything noteworthy occurred — the cumulative "0 requests / 0 breaches" record is the point. When something does happen, it's disclosed in the same format. For how the disclosure scope is bounded quarter-on-quarter, see the disclosure scope section below.

Subscribe (Atom feed) Email transparency@saropa.com Hash ledger Public mirror (GitHub)

Published reports

The historical record has been backfilled from the app's public launch on 2024-01-19. All incident counts (government requests, data breaches, account takedowns) are zero for every quarter below. Aggregate user counts (installs, crashes, events, opt-in rates) are deliberately not included — see the Analytics collection section in any quarterly report for the rationale.

2026 Q1 Report Download Report Download Raw Data Period: 2026-01-01 to 2026-03-31 (90 days)
2025 Q4 Report Download Report Download Raw Data Period: 2025-10-01 to 2025-12-31 (92 days)
2025 Q3 Report Download Report Download Raw Data Period: 2025-07-01 to 2025-09-30 (92 days)
2025 Q2 Report Download Report Download Raw Data Period: 2025-04-01 to 2025-06-30 (91 days)
2025 Q1 Report Download Report Download Raw Data Period: 2025-01-01 to 2025-03-31 (90 days)
2024 Q4 Report Download Report Download Raw Data Period: 2024-10-01 to 2024-12-31 (92 days)
2024 Q3 Report Download Report Download Raw Data Period: 2024-07-01 to 2024-09-30 (92 days)
2024 Q2 Report Download Report Download Raw Data Period: 2024-04-01 to 2024-06-30 (91 days)
2024 Q1 Report Download Report Download Raw Data Period: 2024-01-19 to 2024-03-31 (73 days — partial first quarter covering the public launch)

Disclosure scope

Each report covers everything Saropa Pty Ltd is legally permitted to disclose as of the quarter-end date. If a future report is ever constrained by legal process we cannot acknowledge (e.g. gag-order provisions attached to a government request), we will say so in that quarter's report to the extent the law permits.

We deliberately do not publish a classic "warrant canary." The compelled-speech legal theory that canaries rely on has never been tested in court and is materially weaker in Australia, where Saropa Pty Ltd is registered. The scope statement above is a legally clean version: it makes no claim about gagged requests we cannot acknowledge, only that the report is complete within the limits the law sets.

What each report covers

Disclosure scope statement: Re-signed with the quarter-end date. If a constraint appears, it's acknowledged here.
Days since last incident: Running counter from the launch date (or the date of the most recent reportable incident, whichever is more recent).
Government data requests: Any request for user data received from any government or law enforcement agency during the quarter. Includes jurisdiction, whether data was provided, and whether the user was notified (subject to any gag order). A quarter with zero requests says so explicitly.
Data breaches: Any unauthorized access, loss, or exposure of user data. Describes the incident, affected user count (not identity), data categories, notification timeline, and remediation. Zero incidents are reported too.
Account takedown requests: DMCA and other legal takedown notices against user accounts or shared content.
Analytics collection: Not published. Saropa does not publish aggregate user counts (installs, events, crashes, opt-in rate) in transparency reports. This is a deliberate, permanent policy — these are growth metrics, not what the transparency report is for. The companion JSON carries the exclusion as a policy marker so automated consumers don't misread the permanent nulls as pending data.
Third-party SDK audit: The complete list of SDKs that had access to data during the quarter, what each saw, what user action triggered their participation, and how a user opts out. Regenerated from the app's pubspec.yaml each quarter.
Changes since last report: Deltas in data handling: new SDKs, removed SDKs, version bumps with relevant privacy implications, new upload paths, new preferences.
Hash ledger + public mirror: SHA-256 of each .md and .json is recorded in hashes.txt as a convenience for readers who want to check the file they downloaded against the one we published. Every report is also mirrored to an independent public repo at github.com/saropa/transparency, so if the mirror and this site ever disagree on a published report, the difference is publicly diffable. Reports are never edited in place; corrections go in the next quarter's "Changes" section.

Concerns or corrections

Think something in a report is wrong or missing? Email transparency@saropa.com. We aim to acknowledge within 72 hours and give a substantive reply within 14 days. Corrections are published in a follow-up report rather than edited into the original, so the audit trail stays intact.

Last updated: 2026-04-19