Privacy Policy
Your privacy matters. Here is how CrucibleCraft handles your data.
Effective date: 18 March 2026
Introduction
CrucibleCraft ("we", "us", or "our") operates the Bayarsama mobile application (the "App"). This Privacy Policy explains what information we collect, how we use it, and your choices regarding your data.
We are committed to protecting your privacy. Our apps are designed to keep your data on your device whenever possible, and we do not sell your personal information to third parties.
Data Stored on Your Device
Bayarsama stores all of your personal data locally on your device. This includes:
- Orders and bill splits — item names, prices, and how they are divided among people
- Friend groups (Bayar Kaki) — names and group configurations you create
- Payment profiles — saved payment method details and QR code images
- Order history — past bill splits and attached receipt images
- App preferences — your chosen currency, theme, and calculation settings
This data is stored using Apple's on-device storage and is never transmitted to our servers. If you delete the app, this data is permanently removed from your device.
Analytics and Crash Reporting
We use Google Firebase Analytics and Firebase Crashlytics to understand how the app is used and to identify crashes. This helps us fix bugs and improve the experience.
The analytics data we collect includes:
- General usage events (e.g., a bill split was calculated, a PDF was exported)
- Screen views and feature usage patterns
- Crash reports and error logs
- Device type, operating system version, and app version
This data is anonymous and aggregated. We do not collect your name, email address, phone number, or the actual content of your bills and orders. Analytics events describe actions (e.g., "an order was created with 5 items") but never include the specific item names, prices, or people involved.
Remote Configuration
We use Firebase Remote Config to manage feature flags and app settings remotely. This allows us to enable or disable features, set maintenance windows, and enforce minimum app version requirements. No personal data is sent or received through Remote Config.
Camera and Photo Library Access
Bayarsama may request access to the following device capabilities:
- Camera — used to photograph receipts and attach them to orders for easy reference. Receipt images are stored on your device only.
- Photo Library — used to save and load QR codes for payment information (such as DuitNow or PayNow QR codes). QR images are stored on your device only.
These permissions are optional. The app will ask for your consent before accessing the camera or photo library, and you can revoke access at any time through your device's Settings.
In-App Purchases
Bayarsama offers optional in-app purchases (Bayarsama Pro) through Apple's App Store. All payment processing is handled entirely by Apple. We do not collect, store, or have access to your payment details, credit card information, or Apple ID.
We store your subscription status locally on your device to determine which features to unlock. This status is verified through Apple's StoreKit framework.
No Advertising or Tracking
Bayarsama does not display advertisements. We do not use the App Tracking Transparency (ATT) framework, and we do not track you across other apps or websites. We do not share data with advertising networks or data brokers.
No Account Required
Bayarsama does not require you to create an account or sign in. There is no user registration, no email collection, and no social login. You can use the app fully without providing any personal identifying information.
Data Sharing
We do not sell, trade, or rent your personal information. Data is shared only in the following limited circumstances:
- Firebase (Google) — anonymous analytics and crash data as described above, governed by Google's Privacy Policy
- Apple — subscription and purchase verification through StoreKit, governed by Apple's Privacy Policy
Data Retention and Deletion
Since your personal data is stored on your device, you have full control over it. To delete all data, simply delete the Bayarsama app from your device. All locally stored orders, friend groups, payment profiles, and images will be permanently removed.
Anonymous analytics data retained by Firebase is subject to Google's data retention policies and cannot be linked back to you.
Children's Privacy
Bayarsama is not directed at children under the age of 13 (or under the age of 16 in jurisdictions where a higher minimum age applies, such as parts of the European Union). We do not knowingly collect personal information from children. Since the app does not require an account and stores data only on-device, no personal information is collected from any user.
International users & privacy rights
Bayarsama is available worldwide. Because all personal data is stored locally on your device and we do not operate servers that hold your personal information, most international data transfer regulations do not apply. Bayarsama is built with a privacy-by-design approach — we minimise data collection and keep your information under your control by default.
Regardless of where you are located, you have the following rights:
- Right to access — all your data is already on your device and visible within the App at all times.
- Right to erasure — delete the App to permanently remove all locally stored data. Anonymous analytics data held by Firebase cannot be individually identified or deleted.
- Right to data portability — use the App's built-in Export Backup feature to export all your data in a portable format at any time.
- Right to withdraw consent — you may revoke camera or photo library permissions at any time through your device's Settings.
Region-specific disclosures
Malaysia (PDPA 2010): CrucibleCraft operates from Malaysia and complies with the Personal Data Protection Act 2010. Since all personal data is stored locally on your device and is never transmitted to our servers, the data processing obligations under the PDPA are minimal. The only data we process through third-party services is anonymous analytics via Firebase, which cannot be linked back to you individually.
European Union and United Kingdom (GDPR / UK GDPR): Our legal basis for processing anonymous analytics data via Firebase is our legitimate interest in improving the App's performance and fixing crashes (Article 6(1)(f) GDPR). No personal data as defined under GDPR is transmitted to our servers. You have the right to object to this processing by contacting us at support@cruciblecraft.com. We do not transfer personal data outside of your device, so Chapter V transfer restrictions do not apply.
United States — California (CCPA / CPRA): We do not sell or share personal information. We do not share personal information with third parties for cross-context behavioural advertising. The anonymous analytics data described above does not constitute "personal information" as defined under the CCPA. California residents have the right to request information about our data practices by contacting us.
Brazil (LGPD): We comply with the Lei Geral de Proteção de Dados. Our legal basis for anonymous analytics processing is our legitimate interest in improving app quality. Since personal data is stored only on your device and is never transmitted to our servers, your data is not subject to international transfer. You may exercise your rights under the LGPD by contacting us at support@cruciblecraft.com.
Canada (PIPEDA): We comply with the Personal Information Protection and Electronic Documents Act. We obtain consent for analytics through your continued use of the App after reviewing this policy. No personally identifiable information is collected or transferred.
Australia (Privacy Act 1988): We comply with the Australian Privacy Principles. We do not collect, use, or disclose personal information beyond what is described in this policy. Since all personal data remains on your device, no cross-border data disclosure occurs.
Japan (APPI): We comply with the Act on the Protection of Personal Information. No personal information is transferred to third parties or across borders. Anonymous analytics data processed by Firebase does not constitute personal information under the APPI.
South Korea (PIPA): We comply with the Personal Information Protection Act. We do not collect, process, or transfer personal information to third parties. All user data remains on your device under your control.
Other jurisdictions: If you reside in a jurisdiction not listed above, the same principles apply — your personal data stays on your device, we collect only anonymous analytics, and we do not sell or share your information. If your local law grants you additional rights, we will honour them to the extent required. Contact us at support@cruciblecraft.com with any questions.
Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. We encourage you to review this page periodically.
Contact Us
If you have questions about this Privacy Policy or how your data is handled, please contact us at support@cruciblecraft.com.