Service

Privacy policy for Firebase

Disclose Firebase Analytics, Crashlytics, Cloud Messaging, and Remote Config — the right way.

Generate policy with Firebase included Free · no signup · hosted public URL

Firebase services that need disclosure

Analytics — usage events, advertising IDs, audiences
Crashlytics — crash reports, device state, custom keys
Cloud Messaging (FCM) — push tokens, topic subscriptions
Remote Config — installation IDs for variant assignment
Authentication — email, phone number, OAuth identifiers
App Check — device attestation tokens
Performance Monitoring — network and rendering metrics

Where Firebase processes data

Firebase services are hosted on Google Cloud — primarily us-central1, with regional options for Firestore and Realtime Database. If you have EU users, your policy should reference Google's EU-US Data Privacy Framework certification and the Standard Contractual Clauses included in the Firebase Data Processing Addendum.

Children and Crashlytics

Crashlytics collects an Installation ID by default. For apps in the Designed for Families program, you must disable advertising-related features and configure Crashlytics with setCrashlyticsCollectionEnabled(false) until consent is granted. The generated policy describes this when you mark the app as kids-directed.

Ready to publish?

Answer six questions, get a hosted public URL the App Store, Google Play, and ad networks accept. No credit card.

Generate policy with Firebase included

Frequently asked questions

Is Firebase a "subprocessor" or part of Google?

Firebase is a Google service governed by the Google Cloud Data Processing and Security Terms. In your policy, list Firebase as a subprocessor with a link to firebase.google.com/support/privacy.

Does Firebase Analytics share data with Google Ads?

Only if you opt in to ad personalisation. The default for new projects since 2023 is to disable Google signals — verify this in Firebase Console → Analytics → Settings.