The Entrepreneur Forum | Startups | Entrepreneurship | Starting a Business | Motivation | Success

Web application with signing in by firebase

Accelerate wealth. Build a business that pays freedom. Join more than 70,000 entrepreneurs and register for the Fastlane Entrepreneur forum. Remove ads? Join the INSIDERS.

bambz

New Contributor
Sep 11, 2021
11
14
14
Hi, I've created an app where uses sign in by firebase (the only channel is google). After signing in I've persist in firestore the uuid of google user and user's nickname which he creates after first entry to the app .

Should I have a terms and conditions, privacy policy and rodo? What if I don't prepare it? Could somebody delete the app? What are the consequences?
 
Don't like ads? Remove them while supporting the forum: Subscribe to Fastlane Insiders.

Toyotomi

Contributor
Jun 27, 2021
16
25
14
27
United Kingdom
Hi, I've created an app where uses sign in by firebase (the only channel is google). After signing in I've persist in firestore the uuid of google user and user's nickname which he creates after first entry to the app .

Should I have a terms and conditions, privacy policy and rodo? What if I don't prepare it? Could somebody delete the app? What are the consequences?

TDLR:

Should I have a terms and conditions: Yes,

privacy policy: Yes,

Rodo? is just how OAuth works, if you didn't get this right you messed up (just googled rodo is this GDPR? if so that depends)

What if I don't prepare it? legality issues... maybe

Could somebody delete the app? maybe

What are the consequences? small to a huge mess up.

Overview:

You created an app and are using firebase authentication. You mentioned that google is the only authentication method you utilised.

This means that the user signs in with their google account and enables you permission to read x amount of their data. After singing in from google the user is redirected to your app if you have configured it all correctly.

This sounds fine, a user can revoke their permission to your app through their google settings. No biggie, your app no longer can sign them in unless they give you permission that you requested.

Your privacy policy should cover what you do with such a users data, maybe keep for x amount of months / years depending on where your user lives or if you want to conform to GDPR (depending on the country of your user some laws are more tighter then others)

Redo, in this case is to get the user back in the system? well they need to give you access to their google account then google should do the rest for you so if you got it all setup,

  1. a user signs in with google if they are not signed in
  2. gives permission to their account data with x scopes
  3. Gets redirect to your app redirect url
  4. user uses the app for a bit then revokes access (from their google settings or anywhere they can access their google apps),
  5. user gets logged off (google will notify you on next time you try to verify your user / refresh token)
  6. On the next logging in user goes back to step 1
what if I don't prepare it?

No idea I ain't a lawyer but I would have basic privacy setting in place especially if is a commercial app get yourself a copy and paste that covers your a$$.

Can someone delete the app?

Issue 1: Yes, someone can revoke their access your app has to their data, as mentioned earlier it just means they can no longer login and would need to give back access.

Issue 2: Just in case, please don't store any connection strings that has access all your data / functionality to nuke your data in the front end i.e. in js. If you do it please have scoped access i.e. limit said access. Anything that can be compromised or hard to trust with users put it in a server, it is easier to trust your own systems then a stranger.

If you are dealing with issue 1 then no problem!

if you somehow left connection string in your front end that exposes your data and run into issue 2.

Long live the queen. You got pawned.

Hope that helps :D
 

bambz

New Contributor
Sep 11, 2021
11
14
14
@Daemon

I am from Poland. Should I prepare terms&conditions, privacy policy, and GPRD in Polish, English, or both? I'd like to publish our app on producthunt and indiehackers.

And what if don't we have LTD?
 
Last edited:

Toyotomi

Contributor
Jun 27, 2021
16
25
14
27
United Kingdom
@Daemon

I am from Poland. Should I prepare terms&conditions, privacy policy, and GPRD in Polish, English, or both? I'd like to publish our app on producthunt and indiehackers.

And what if don't we have LTD?
You will need them even without LLC, you need to be clear about how you process data / privacy. Term and condition protect you regardless of having a fully set up company since it will limit fall outs from users essentially legally limited liability i.e. Facebook does not take responsibility for hate speech.

English or Polish depends on your users.

LLC is the next step to protect yourself further.

Of course I ain't a lawyer do please protect yourself from legal fall outs speak to a lawyer in your country if you need clarifications.
 

Sponsored Offers

  • Sticky
MARKETPLACE  Freelance University: Solve Every Freelance Problem (Especially on Upwork)
FU. 4 DAYS. 50% OFF BLACK FRIDAY SALE! If you're an Upwork freelancer, you'd be a fool not to...
  • Sticky
MARKETPLACE  You Are One Call Away From Living Your Dream Life - LightHouse’s Accountability Program ⚡
One year ago, I was just your average software developer who always consumed content about...
  • Sticky
MARKETPLACE  For Sale: Food Brand with 4 Years of Happy Customers in a Fast-Growing Niche
So to get certified, it cost a fortune? How much exactly? That sucks that these "health...
MARKETPLACE  Fox Web School "Legend" Group Coaching Program 2021
Fox's Web School helps you learn a specialized skill which you can use to get to Fastlane. It's...
MARKETPLACE  Not sure how to start? This free book will teach you how to build a successful web design business
Hi Fox. Starting the book and got through the introduction. Had a conversation with Andy Black...


Don't like ads? Remove them while supporting the forum. Subscribe.

Fastlane Insiders

View the forum AD FREE.
Private, unindexed content
Detailed process/execution threads
Ideas needing execution, more!

Join Fastlane Insiders.

Top Bottom