Last updated: April 6, 2026
Who we are
Fablum is developed and published by Mad Bunnies (eenmanszaak), Kometenstraat, 1223 CM Hilversum, The Netherlands. KvK: 42018802.
We are the data controller responsible for your data when you use the Fablum app.
We are not required to appoint a Data Protection Officer under GDPR Art. 37, as we do not carry out large-scale processing, systematic monitoring, or processing of special categories of data.
For any privacy-related questions, contact us at support@madbunnies.dev.
Scope
This policy applies to the Fablum app distributed through the Apple App Store and Google Play. It does not apply to third-party websites, services, or platforms you may access through links within the app. Those services have their own privacy policies and we are not responsible for their practices.
Data we collect
Fablum uses two Firebase services provided by Google Ireland Limited: Firebase Crashlytics (crash reporting) and Firebase Performance Monitoring (app performance monitoring). Together, these services help us detect bugs and identify performance bottlenecks so we can keep the app running smoothly.
Crash data (Firebase Crashlytics)
When a crash occurs, Crashlytics automatically collects the following diagnostic data:
- Crashlytics installation UUID — a randomly generated per-installation identifier used to deduplicate crash reports
- Crash traces and stack traces — technical logs describing the state of the app at the time of the crash
- Device metadata — device model, CPU architecture, operating system name and version, available RAM and disk space, screen orientation, and whether the device is jailbroken or rooted
- App metadata — app version, build number, bundle identifier, and whether the app was in the foreground or background
- Timestamp of the crash event
- IP address — transmitted to Google’s servers as part of the network connection when crash data is sent; not stored by Firebase Crashlytics but processed transiently during delivery
Performance data (Firebase Performance Monitoring)
During normal app use, Firebase Performance Monitoring automatically collects the following data:
- Firebase installation ID — a per-installation identifier used to associate performance events with a single app installation
- Performance traces — timing data for app startup, screen rendering (including slow and frozen frames), and any custom-defined code paths
- HTTP/S network request metrics — URL patterns (without query parameters or request/response bodies), HTTP method, response status code, payload size, and response time
- Device metadata — device model, operating system name and version, available RAM, and carrier information
- App metadata — app version, build number, bundle identifier, and foreground/background state
- Timestamp of each performance event
- IP address — transmitted to Google’s servers as part of the network connection; not stored by Firebase Performance Monitoring but processed transiently during delivery
Unlike crash data, performance data is collected continuously while the app is in use, not only when something goes wrong.
Personal data classification
Under many applicable data protection laws, the Crashlytics installation UUID, the Firebase installation ID, and the IP address are classified as personal data because they are identifiers capable of singling out a device or a network connection. We treat them accordingly throughout this policy.
We do not collect names, email addresses, phone numbers, physical addresses, location data, payment information, reading habits, book content, or any other information that directly identifies you. We do not use analytics, advertising SDKs, or tracking technologies of any kind. Firebase Performance Monitoring measures only technical performance metrics — it does not track your behavior, your reading activity, or how you use the app.
Third-party catalog connections
Fablum includes a built-in book catalog provided by Project Gutenberg (gutenberg.org). When you browse or download books from this catalog, your device connects directly to Project Gutenberg’s servers, which are located in the United States. This means your IP address and standard HTTP request data (such as the request URL and User-Agent header) are transmitted to those servers as part of the connection.
This data transmission is necessary to provide the catalog and download functionality you request (GDPR Art. 6(1)(b)). We do not control how Project Gutenberg processes the data it receives. We do not receive, store, or have access to any data exchanged between your device and Project Gutenberg’s servers.
Data that stays on your device
Your books, reading progress, bookmarks, highlights, library organization, and preferences are stored exclusively on your device. We have no access to this data and never transmit it to our servers or to any third party.
Purpose and legal basis for processing
We process crash data and performance data solely to maintain and improve the stability and responsiveness of Fablum. We have a legitimate interest in ensuring the app works reliably and performs well for all users. The processing is limited to technical diagnostic data — crash reports when the app fails, and performance metrics during normal use — does not involve behavioral profiling or tracking, and has minimal impact on your privacy.
The specific legal basis depends on the law applicable to you:
| Jurisdiction | Law | Legal basis | Notes |
|---|---|---|---|
| EU/EEA | GDPR Art. 6(1)(f) | Legitimate interest | Maintaining app stability, fixing bugs, and improving performance |
| United Kingdom | UK GDPR Art. 6(1)(f) | Legitimate interest | Same rationale as above |
| Brazil | LGPD Art. 10 | Legitimate interest | |
| Thailand | PDPA Sec. 24(5) | Legitimate interest | |
| South Korea | PIPA Art. 15(1)(6) | Legitimate interest | Transfer details in sections below |
| Canada | PIPEDA | Implied consent | This policy serves as notice |
| Singapore | PDPA | Statutory exception | Business improvement (2021 amendments) |
| USA — California | CalOPPA | Disclosure | CCPA/CPRA: threshold-dependent |
| Other | — | Consent | May be withdrawn at any time (see below); requires uninstalling the app |
Providing your data
You are not required by law or by contract to provide any data to us. Crash data is collected automatically by Firebase Crashlytics when a crash occurs, and performance data is collected automatically by Firebase Performance Monitoring during normal app use. There is no way to opt out of this data collection while using the app. If you do not wish to share this data, you may uninstall the app. Neither crash reporting nor performance monitoring affects the core functionality of Fablum — both are used solely to help us improve the app’s stability and responsiveness.
Third-party data processor
Firebase Crashlytics and Firebase Performance Monitoring: Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) processes crash data and performance data on our behalf. Google Ireland Limited acts as a data processor (or service provider, where that term applies) and is contractually bound by the Firebase Data Processing Terms not to use this data for its own purposes. Google Ireland Limited may use sub-processors, including Google LLC infrastructure in the United States, subject to the safeguards described below. For details on how Google handles data, see Google’s privacy policy and Firebase’s privacy and security documentation.
Project Gutenberg: When you use the built-in catalog, your device connects directly to servers operated by Project Gutenberg (gutenberg.org) in the United States. Project Gutenberg is an independent third party — we have no contractual relationship with them and no control over their data practices.
International data transfers
While our contractual data processor is Google Ireland Limited (an entity within the EEA), crash data and performance data may be transferred to and processed on Google infrastructure in the United States or other countries outside your jurisdiction.
These transfers are protected by appropriate safeguards, including:
- EU/EEA and UK: Standard Contractual Clauses (SCCs) or the EU-US Data Privacy Framework, as applicable under Google’s Data Processing Terms.
- South Korea: Overseas transfer disclosures under PIPA Art. 28-2 — crash data and performance data are transferred to Google Ireland Limited (and its sub-processors, including Google LLC in the United States) for the purpose of crash report and performance data processing and storage, as described in this policy.
- Other jurisdictions: Contractual protections under the Firebase Data Processing Terms.
Fablum is available worldwide through the Apple App Store and Google Play. We do not specifically target users in jurisdictions that require data localization (such as Russia or China) and do not maintain local data storage infrastructure in those countries. Users in such jurisdictions should be aware that all crash and performance data is processed outside their country as described above.
Data retention
Crash reports, including the Crashlytics installation UUID, are retained by Firebase for 90 days before deletion from live and backup systems begins. Performance data, including the Firebase installation ID, is retained by Firebase for 90 days on the same schedule. IP addresses are not stored by either Firebase Crashlytics or Firebase Performance Monitoring. Aggregated, de-identified statistics (such as crash counts per app version or average startup times) may persist beyond this period but contain no identifiers.
We do not operate our own servers for Fablum and do not retain crash or performance data outside of Firebase. If you contact us by email, we retain your correspondence (including your email address) for as long as necessary to resolve your inquiry and comply with legal obligations.
Deleting your data
You can request deletion of crash data and performance data associated with your device by contacting us at support@madbunnies.dev. We will process your request and instruct Google to delete the relevant data from both Firebase Crashlytics and Firebase Performance Monitoring.
You can also reset your Crashlytics installation UUID and Firebase installation ID at any time by reinstalling the app, which severs the link between future data and past data.
Automated decision-making
We do not use automated decision-making or profiling based on your personal data.
Children’s privacy
Fablum is not directed at children. We do not knowingly collect personal data from children as defined under applicable laws (under 13 in the United States under COPPA, under 16 in the EU under GDPR, under 18 in South Africa under POPIA and in India under DPDPA).
If you believe that a child has used the app and you would like data associated with their device removed, please contact us and we will delete it promptly.
Your rights
Depending on where you live, you may have some or all of the following rights with respect to the data we process:
- Access — request confirmation of whether we process your data and obtain a copy (GDPR Art. 15, CCPA, LGPD, POPIA, DPDPA, APPI, PDPA Thailand, PDPA Singapore, PIPEDA)
- Correction — request correction of inaccurate data (GDPR Art. 16, LGPD, POPIA, DPDPA, PDPA Thailand, PIPEDA)
- Deletion — request erasure of your data (GDPR Art. 17, CCPA, LGPD, POPIA, DPDPA, PIPL, PDPA Thailand, PDPA Singapore)
- Restriction — request that we limit processing of your data (GDPR Art. 18, LGPD)
- Portability — receive your data in a structured, machine-readable format (GDPR Art. 20, LGPD, DPDPA)
- Objection — object to processing based on legitimate interest (GDPR Art. 21, LGPD, PDPA Thailand)
- Withdraw consent — where processing is based on your consent, withdraw it at any time without affecting the lawfulness of prior processing (GDPR Art. 7, LGPD, PIPL, DPDPA)
- Non-discrimination — not be treated differently for exercising your rights (CCPA, LGPD)
- Complaint — lodge a complaint with your local data protection authority (see below)
Because we collect only minimal technical data tied to random installation identifiers (not to your name or account), we may be unable to verify your identity or locate your specific data without additional information. In such cases, we will work with you in good faith to fulfil your request to the extent possible.
To exercise any of these rights, email us at support@madbunnies.dev.
Withdrawing consent
Where our processing of your data is based on consent, you may withdraw that consent at any time by uninstalling the app, which stops all future crash and performance data collection and resets the Crashlytics installation UUID and Firebase installation ID. You may also contact us at support@madbunnies.dev to request deletion of previously collected data.
Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
Changes to this policy
We may update this policy from time to time. When we do, we will revise the “Last updated” date at the top of this page and notify you through the app or other appropriate means where a material change affects how your data is processed.
Complaints
If you are not satisfied with how we handle your data or respond to your request, you have the right to lodge a complaint with your local data protection authority. Our lead supervisory authority is the Autoriteit Persoonsgegevens (Dutch Data Protection Authority), Hoge Nieuwstraat 8, 2514 EL Den Haag, The Netherlands. For UK residents, contact the Information Commissioner’s Office. For EU/EEA residents in other member states, a list of supervisory authorities is available at edpb.europa.eu.
Contact
For any questions, concerns, or requests related to this policy or your data, reach out at support@madbunnies.dev.