Clear signals. No hidden traffic.

Effective and last updated: 10 June 2026

The short version

Pocket QSO Logger is a local-first amateur radio logbook. Your working QSO database lives on the Android device. The app has no ads and does not use the advertising ID. Anonymous Firebase Analytics is optional and off by default. Crash diagnostics are separate from that analytics choice. Network access is used for features such as QRZ.com lookup, Google Maps, prefix updates, crash diagnostics, and the update check.

1. Who we are

Pocket QSO Logger is published by Kobasic, an independent Android developer based in the European Union. For privacy questions, contact kobasic@gmail.com.

2. Data handled by the app

Data	Storage and use	When it leaves the device
Operator profile and settings	Stored locally in Preferences DataStore. This includes callsigns, grid, name, defaults, themes, keyboard choices, and feature preferences.	The DataStore file is excluded from Android cloud backup. It can move during direct device-to-device transfer.
Sessions and QSO log	Stored locally in the Room database. Records can include callsigns, timestamps, frequency, band, mode, RST, grids, country data, notes, and session metadata.	When you initiate ADIF export or a manual JSON backup, the chosen share-sheet target receives the file. The Room database is also eligible for Android Auto Backup if that Google/Android feature is enabled on the device.
QRZ.com credentials and lookups	The saved password is encrypted with AES-256-GCM using Android Keystore. A session key may be cached in memory.	Your QRZ username/password is sent to QRZ.com to create a session. The callsign is sent when you test or perform a lookup.
Crash diagnostics	Firebase Crashlytics receives recorded fatal and non-fatal diagnostics, including stack traces, app/device information, custom keys, and recent diagnostic breadcrumbs.	Crashlytics is not controlled by the optional Analytics toggle. A callsign used in a QRZ lookup can currently appear in a diagnostic breadcrumb if a report is recorded in that session. QRZ passwords and complete QSO records are not intentionally attached.
Anonymous usage analytics	Firebase Analytics is disabled by default and enabled only after you opt in from onboarding or Setup.	If enabled, the app sends feature and screen events such as session creation, mode/band totals, map-filter use, keyer presence, theme choice, backup actions, and QRZ lookup success. Event payloads are designed not to include callsigns, log contents, profile data, or coordinates.
Location	A one-shot coarse or precise location is converted in memory to a Maidenhead grid when you press the GPS action. The grid is saved; the raw fix is not kept by the app.	The location fix is not sent by the grid conversion feature. Opening Google Maps is a separate network feature governed by Google Maps Platform.
Bluetooth devices	The app discovers, pairs, and connects to a CW keyer and/or radio CAT adapter. Remembered device details allow reconnection.	Keyer and CAT traffic uses the direct Bluetooth connection. Diagnostic reporting can include technical connection context, with device addresses masked where logged.
Map requests	The Map screens use Google Maps Platform to render map tiles and map UI.	Google receives the normal technical requests required to provide Maps. QSO markers and paths are composed by the app from local log data.
Update and prefix checks	The app reads a public Firestore version document and periodically checks the cty.dat source for updated country/prefix data.	These are ordinary network requests to Firebase/Google and country-files.com. The requests do not need QSO contents or your operator profile.

3. Why the app uses this data

To create, edit, organise, map, and export your radio contacts.
To pre-fill session and QSO fields from your operator profile.
To identify callsign prefixes locally and optionally enrich a contact through QRZ.com.
To connect to supported CW keyers and Yaesu CAT radios.
To diagnose failures and improve app stability.
To measure broad feature use only when optional Analytics is enabled.

4. Services involved

We do not sell or rent personal data. The app can interact with:

QRZ.com for optional callsign lookup.
Google Maps Platform for map rendering.
Firebase Firestore for the app version check.
Firebase Crashlytics for crash diagnostics.
Firebase Analytics only after the user opts in.
country-files.com for cty.dat updates.
Google Play and Android Backup for app distribution and device backup, subject to the user's Google/Android settings.
The app chosen in the Android share sheet when the user exports or backs up data.

5. Permissions

INTERNET and network state for Maps, QRZ, Firebase, updates, and cty.dat refresh.
BLUETOOTH_SCAN and BLUETOOTH_CONNECT for keyer and radio discovery/connection. Bluetooth scanning is declared as not used to derive location.
ACCESS_FINE_LOCATION and ACCESS_COARSE_LOCATION only for the user-triggered GPS-to-grid action.

The app does not request contacts, microphone, camera, SMS, call logs, or calendar access. The advertising-ID permission is removed.

6. Security

QRZ passwords are encrypted at rest with an Android Keystore key.
Supported external web services are contacted over HTTPS.
The core logbook does not depend on a developer-operated cloud account or sync backend.
Destructive wipe and factory-reset actions require explicit confirmation.

7. Retention and deletion

Local data remains until you edit it, delete contacts or sessions, use the Danger zone tools, clear app storage, or uninstall the app. Firebase and Google retain service data according to their own service settings and policies. Files shared to another app are controlled by that app after the hand-off.

8. Your choices and rights

Edit contacts, session details, and profile data inside the app.
Leave optional Analytics disabled or turn it off again at any time.
Clear QRZ.com credentials to stop authenticated lookups.
Decline Bluetooth or location permissions and continue using the core logbook.
Export session data to ADIF or use the available JSON backup tools.
Delete QSO data or perform a factory reset from Setup.
Contact us to exercise applicable GDPR rights concerning data controlled by the publisher.

9. International processing

Google/Firebase and QRZ.com may process service data outside the European Economic Area. Their respective privacy policies and transfer mechanisms apply to those services.

10. Changes

This policy may change when the app adds or removes integrations, permissions, telemetry, or data flows. The date at the top identifies the current version.

11. Contact

Privacy questions, security reports, or GDPR requests can be sent to kobasic@gmail.com.