# Saropa Contacts — Transparency Report — 2024 Q2 **Period:** 2024-04-01 through 2024-06-30 (91 days) **Published:** 2026-04-19 **Canonical URL:** **License:** [CC0 1.0 Universal](https://creativecommons.org/publicdomain/zero/1.0/) **Contact:** — monitored mailbox, auto-ack within 72h, substantive reply within 14 days Complete quarter covered by this report. --- ## 163 days incident-free at quarter end (as of 2024-06-30) Counted from the public app launch (2024-01-19) or from the date of the most recent reportable incident, whichever is more recent. --- ## Disclosure scope **As of 2024-06-30:** this report covers everything Saropa Pty Ltd is legally permitted to disclose. If a future report is constrained by legal process we cannot acknowledge (e.g. gag-order provisions attached to a government request), we will say so to the extent the law permits. We deliberately do not publish a classic "warrant canary." The compelled-speech legal theory that canaries rely on has never been tested in court and is materially weaker in Australia, where Saropa Pty Ltd is registered. The scope statement above is a legally clean version: it makes no claim about gagged requests we cannot acknowledge, only that this report is complete within the limits the law sets. --- ## Government data requests **Zero requests.** No requests for user data were received from any government or law enforcement agency during this period. --- ## Data breaches **Zero incidents.** No incidents of unauthorized access, loss, or exposure of user data were identified during this period. --- ## Account takedown requests **Zero takedown requests.** No DMCA, court-order, or terms-violation takedown requests against user accounts or shared content were received during this period. --- ## Analytics collection **Saropa does not publish aggregate user counts in transparency reports.** Install counts, crash-report counts, analytics-event counts, and opt-in percentages all stay out of the report by deliberate policy. This is a permanent product decision, not a pending extraction. The report documents what happened with user data — government requests, breaches, takedowns, and the SDKs that had access during the period. Aggregate install and engagement numbers are a different conversation (marketing / growth) and are not published here. The companion JSON carries the `analytics` block as a policy marker (`status: "not_published_by_policy"`) with every numeric subfield permanently `null`, so automated consumers recognize the exclusion rather than treat it as missing data. --- ## Third-party SDK audit Every SDK integrated in Saropa Contacts during this period that handles user data, attestation, or permissions. Reconstructed from the state of the app's `pubspec.yaml` at the last commit on or before the quarter end. | SDK | Purpose | Data seen | Trigger | Opt-out | |---|---|---|---|---| | [`firebase_core`](https://pub.dev/packages/firebase_core)
(v3.1.1) | Firebase app bootstrap | • App install ID (app_instance_id)
• Basic device info | App start, if analytics infrastructure is enabled and the user is not COPPA-age | • Offline Mode kill switch (from Q2 2026) | | [`firebase_analytics`](https://pub.dev/packages/firebase_analytics)
(v11.1.0) | Screen + feature usage tracking | • Event name
• Parameters
• Device model
• Pseudonymous install ID | User explicitly opts in via AnalyticsIntegrationEnabled (opt-in default from Q2 2026) | • Analytics toggle
• Offline Mode (from Q2 2026) | | [`firebase_crashlytics`](https://pub.dev/packages/firebase_crashlytics)
(v4.0.2) | Crash reports | • Error message
• Stack trace
• Device model
• OS version
• Pseudonymous install ID | Captured on every install; uploaded when analytics opt-in AND online (from Q2 2026, previously uploaded whenever present) | • Analytics opt-out (blocks upload from Q2 2026)
• Offline Mode | | [`firebase_app_check`](https://pub.dev/packages/firebase_app_check)
(v0.3.0+2) | Anti-abuse attestation for Firebase requests | • Device attestation token (no user data) | Automatic when the app makes Firebase API calls | • Not user-facing — tied to Firebase SDK presence | | [`supabase_flutter`](https://pub.dev/packages/supabase_flutter)
(v2.5.6) | Account, Saropa Connections, stats upload, Connection Discovery, E2EE contact sharing | • Account email + display_name (when signed in)
• Contact stats as aggregate counts (opt-in)
• Contacts' display_name + email addresses via Connection Discovery (opt-in only)
• E2EE ciphertext for shared contact cards (servers cannot decrypt) | User signs in; individual cloud-feature toggles | • Sign out
• Per-category toggles (Trust Dashboard from Q2 2026)
• Offline Mode | | [`google_sign_in`](https://pub.dev/packages/google_sign_in)
(v6.2.1) | Google account sign-in | • Google OAuth token
• Profile email | User chooses 'Sign in with Google' | • Do not sign in
• Disconnect via Settings | | [`flutter_facebook_auth`](https://pub.dev/packages/flutter_facebook_auth)
(v7.0.1) | Facebook account sign-in (Q1–Q2 2024 only) | • Facebook OAuth token
• Profile fields | User chose 'Sign in with Facebook' during Q1 2024 or Q2 2024 | • Package removed Q3 2024 — no longer applicable | | [`sign_in_with_apple`](https://pub.dev/packages/sign_in_with_apple)
(v6.1.1) | Apple account sign-in (iOS) | • Apple OAuth token
• Hashed email or user-provided alias | User chooses 'Sign in with Apple' | • Do not sign in
• Manage via Apple ID settings | | [`local_auth`](https://pub.dev/packages/local_auth)
(v2.1.7) | Biometric unlock for per-contact lock | • Nothing — verification is handled by the OS; Saropa only receives a success/fail signal | User enables biometric lock on a contact | • Disable biometric lock in the app
• OS biometric settings | | [`permission_handler`](https://pub.dev/packages/permission_handler)
(v11.3.1) | OS permission prompts | • Nothing — it mediates permission requests, does not collect data | App requests a permission | • Deny permission in the system dialog
• Revoke in system settings | | [`flutter_contacts`](https://pub.dev/packages/flutter_contacts)
(v1.1.7+1) | Device contacts access | • Contacts the user explicitly selects for import are read from the device address book
• Never uploaded from this package | User grants contacts permission and chooses to import | • Revoke contacts permission in system settings | | [`geolocator`](https://pub.dev/packages/geolocator)
(v12.0.0) | Device location (for real-time map features only) | • Coordinates passed to the requesting map feature in real time | User interacts with a feature that needs location (and has granted the permission) | • Deny location permission
• Revoke in system settings | | [`google_maps_flutter`](https://pub.dev/packages/google_maps_flutter)
(v2.7.0) | Embedded map rendering | • The tile requests Google Maps makes to its own servers include the user's approximate viewport
• No Saropa account data is shared | User opens a map view | • Avoid map views
• Offline Mode (from Q2 2026) suppresses live tile loading | | [`image_picker`](https://pub.dev/packages/image_picker)
(v1.1.2) | Photo / image selection | • Images the user explicitly picks are loaded into the app
• Never uploaded by this package itself | User taps a 'choose photo' control | • Deny photo library permission in system settings | | [`app_links`](https://pub.dev/packages/app_links)
(v6.1.4) | Deep-link / URL-scheme handling | • Inbound URL from the OS when a link with the app's scheme is opened | User taps a saropa:// or https://saropa.com/... link | • Not applicable — only runs when a link is explicitly opened | --- ## Changes since last report - Firebase Auth was removed. Saropa's first-party account lives in Supabase; the Firebase Auth package was redundant and pulled out to reduce the SDK surface. - All Firebase SDKs received a major version bump (core 2→3, analytics 10→11, crashlytics 3→4) — maintenance, no behavior change for users. - Facebook Sign-In remained present but would be removed in Q3 2024 (see next quarter). --- ## How to contact us If you believe this report is incomplete or incorrect — or if you have a researcher question about any SDK in the audit table — email . The mailbox is monitored; we aim to acknowledge within 72 hours and give a substantive reply within 14 days. Corrections are published in a follow-up report rather than edited into this one, so the audit trail stays intact. --- ## License This transparency report is released under [CC0 1.0 Universal (Public Domain Dedication)](https://creativecommons.org/publicdomain/zero/1.0/). You may quote, mirror, aggregate, or cite it without attribution. Attribution to is appreciated but not required. --- *Published: 2026-04-19 (backfilled as part of a historical publish covering Saropa Contacts' full public operation since launch). Period covered: 2024-04-01 – 2024-06-30.*