The Entrepreneur Forum | Financial Freedom | Starting a Business | Motivation | Money | Success

Welcome to the only entrepreneur forum dedicated to building life-changing wealth.

Build a Fastlane business. Earn real financial freedom. Join free.

Join over 80,000 entrepreneurs who have rejected the paradigm of mediocrity and said "NO!" to underpaid jobs, ascetic frugality, and suffocating savings rituals— learn how to build a Fastlane business that pays both freedom and lifestyle affluence.

Free registration at the forum removes this block.

Web application with signing in by firebase

bambz

Contributor
User Power
Value/Post Ratio
74%
Sep 11, 2021
87
64
Hi, I've created an app where uses sign in by firebase (the only channel is google). After signing in I've persist in firestore the uuid of google user and user's nickname which he creates after first entry to the app .

Should I have a terms and conditions, privacy policy and rodo? What if I don't prepare it? Could somebody delete the app? What are the consequences?
 
Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.

Toyotomi

Contributor
FASTLANE INSIDER
Read Rat-Race Escape!
Read Fastlane!
Read Unscripted!
Speedway Pass
User Power
Value/Post Ratio
109%
Jun 27, 2021
32
35
29
United Kingdom
Hi, I've created an app where uses sign in by firebase (the only channel is google). After signing in I've persist in firestore the uuid of google user and user's nickname which he creates after first entry to the app .

Should I have a terms and conditions, privacy policy and rodo? What if I don't prepare it? Could somebody delete the app? What are the consequences?

TDLR:

Should I have a terms and conditions: Yes,

privacy policy: Yes,

Rodo? is just how OAuth works, if you didn't get this right you messed up (just googled rodo is this GDPR? if so that depends)

What if I don't prepare it? legality issues... maybe

Could somebody delete the app? maybe

What are the consequences? small to a huge mess up.

Overview:

You created an app and are using firebase authentication. You mentioned that google is the only authentication method you utilised.

This means that the user signs in with their google account and enables you permission to read x amount of their data. After singing in from google the user is redirected to your app if you have configured it all correctly.

This sounds fine, a user can revoke their permission to your app through their google settings. No biggie, your app no longer can sign them in unless they give you permission that you requested.

Your privacy policy should cover what you do with such a users data, maybe keep for x amount of months / years depending on where your user lives or if you want to conform to GDPR (depending on the country of your user some laws are more tighter then others)

Redo, in this case is to get the user back in the system? well they need to give you access to their google account then google should do the rest for you so if you got it all setup,

  1. a user signs in with google if they are not signed in
  2. gives permission to their account data with x scopes
  3. Gets redirect to your app redirect url
  4. user uses the app for a bit then revokes access (from their google settings or anywhere they can access their google apps),
  5. user gets logged off (google will notify you on next time you try to verify your user / refresh token)
  6. On the next logging in user goes back to step 1
what if I don't prepare it?

No idea I ain't a lawyer but I would have basic privacy setting in place especially if is a commercial app get yourself a copy and paste that covers your a$$.

Can someone delete the app?

Issue 1: Yes, someone can revoke their access your app has to their data, as mentioned earlier it just means they can no longer login and would need to give back access.

Issue 2: Just in case, please don't store any connection strings that has access all your data / functionality to nuke your data in the front end i.e. in js. If you do it please have scoped access i.e. limit said access. Anything that can be compromised or hard to trust with users put it in a server, it is easier to trust your own systems then a stranger.

If you are dealing with issue 1 then no problem!

if you somehow left connection string in your front end that exposes your data and run into issue 2.

Long live the queen. You got pawned.

Hope that helps :D
 

bambz

Contributor
User Power
Value/Post Ratio
74%
Sep 11, 2021
87
64
@Daemon

I am from Poland. Should I prepare terms&conditions, privacy policy, and GPRD in Polish, English, or both? I'd like to publish our app on producthunt and indiehackers.

And what if don't we have LTD?
 
Last edited:

Toyotomi

Contributor
FASTLANE INSIDER
Read Rat-Race Escape!
Read Fastlane!
Read Unscripted!
Speedway Pass
User Power
Value/Post Ratio
109%
Jun 27, 2021
32
35
29
United Kingdom
@Daemon

I am from Poland. Should I prepare terms&conditions, privacy policy, and GPRD in Polish, English, or both? I'd like to publish our app on producthunt and indiehackers.

And what if don't we have LTD?
You will need them even without LLC, you need to be clear about how you process data / privacy. Term and condition protect you regardless of having a fully set up company since it will limit fall outs from users essentially legally limited liability i.e. Facebook does not take responsibility for hate speech.

English or Polish depends on your users.

LLC is the next step to protect yourself further.

Of course I ain't a lawyer do please protect yourself from legal fall outs speak to a lawyer in your country if you need clarifications.
 
Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.

Post New Topic

Please SEARCH before posting.
Please select the BEST category.

Post new topic

Guest post submissions offered HERE.

Latest Posts

New Topics

Fastlane Insiders

View the forum AD FREE.
Private, unindexed content
Detailed process/execution threads
Ideas needing execution, more!

Join Fastlane Insiders.

Top