MenzaNS Privacy Policy

Last updated: March 2026 · Applies to the MenzaNS Android app and its backend service

This policy explains exactly what data MenzaNS collects, why it is collected, and how it is handled. We collect only the minimum data needed to provide the app's core features.

1. Who We Are

MenzaNS is developed by Apollo4 Labs. Contact: apollo4.labs@gmail.com

2. Data Stored on Your Device Only

LOCAL The following data is stored exclusively on your device using Android DataStore and a local Room database. It is never transmitted to our servers.

Token counts — The number of breakfast, lunch, and dinner tokens you have remaining (manually entered by you).
Card balance — The monetary balance on your student card (manually entered by you).
Student card details (optional) — If you choose to use the Card screen, you may enter: first name, surname, student index number, card number, ISIC number, faculty, date of birth, card issue date, and valid-until date. This information is optional and stays on your device.
Local meal history — Timestamps of your canteen visits (date, enter time, exit time, token type) stored in a local database for the Statistics screen. This data is not sent to the server.
App settings — Language preference, dark/light theme, Material You colors, budget display mode, token warning thresholds, notification thresholds, geofence on/off toggle, geofence radius, eating speed threshold, and auto-deduct preference.
User ID — The anonymous UUID assigned to you (see Section 3) is stored locally so the app can identify itself to the server on future requests.

3. Data Transmitted to Our Server

SERVER The following data is sent to our backend server (hosted at apollo4.duckdns.org).

3a. User Account

User UUID — A randomly generated identifier (e.g. a3f9…) created by the server on your first install. It contains no personal information and is not linked to your name, email, or device.
Registration timestamp — The date and time when your UUID was created.
Last online timestamp — Updated each time your app communicates with the server. Used for maintenance and to identify inactive accounts.

3b. Canteen Visit Events

When your phone's geofence detects that you have entered and exited the canteen, the app sends a meal event to the server containing:

Your User UUID
Date of the visit
Enter time — when you walked in
Exit time — when you walked out
Token type — Breakfast, Lunch, or Dinner (based on time of day)

Important: We never record or transmit your GPS coordinates. The geofence only tells the app whether you are inside or outside the canteen boundary — no location data is sent to the server.

4. What We Do Not Collect

No name, email address, phone number, or any personally identifiable information
No GPS coordinates or location history
No device identifiers (IMEI, Android ID, advertising ID, etc.)
No financial transaction data
No camera, microphone, or contact data

5. How We Use Your Data

Real-time queue length — Canteen visit events are used to estimate how many people are currently in line at the canteen.
Historical predictions — Aggregated visit patterns (time of day, day of week) are used to predict expected queue length at any given time.
Service maintenance — The last online timestamp helps us identify accounts that are no longer active.

We do not sell, share, or use your data for advertising, profiling, or any purpose beyond what is listed above.

6. App Permissions

Approximate Location (ACCESS_COARSE_LOCATION) — Required for Android to set up the geofence zone around the canteen.
Precise Location (ACCESS_FINE_LOCATION) — Required for accurate geofence triggering so that canteen entry and exit are detected reliably.
Background Location (ACCESS_BACKGROUND_LOCATION) — Required so that the geofence continues to work when the app is minimised or the screen is off. No location coordinates are ever recorded or sent to the server.
Notifications (POST_NOTIFICATIONS, Android 13+) — Used to send you a notification when your token count drops below your configured warning threshold, and to confirm that a canteen visit was recorded.
Internet (INTERNET) — Required to communicate with the server to fetch menus, wait times, and submit canteen visit events.

All location permissions are used solely for geofence detection. You can disable geofencing at any time from the app's Settings screen, which stops all location-triggered server communication.

7. Data Retention

Your User UUID and associated meal event data are retained on the server until you request deletion. Inactive accounts (no server contact for an extended period) may be deactivated.

8. Data Security

All communication between the app and server uses HTTPS. API requests require a valid API key. We take reasonable precautions to protect stored data, but no internet transmission or storage method is 100% secure.

9. Data Deletion

You may request the deletion of your data at any time by using the "Delete My Data" option in the app's menu, or by emailing apollo4.labs@gmail.com with your User ID. See our Data Deletion Disclosure for full details.

10. Children's Privacy

MenzaNS is intended for university students (18+). We do not knowingly collect data from anyone under 18.

11. Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated through an app update notification. The "last updated" date at the top of this page always reflects the current version.

12. Contact

Questions or concerns? Email us at apollo4.labs@gmail.com.