The following data is stored on the user's device and uploaded to Firebase:
- A participant's username/password combination.
- A participant's responses to the questions in pings.
- A participant's device information (their phone platform and brand).
No identifiable information of a participant such as their name will be stored locally or uploaded to Firebase (unless your ping streams include questions that require the partipants to disclose identifiable information).
Yes, everyone will be able to view your study file (the file that includes your question streams). Hence, you should not include any sensitive information in the file.
You may wish to review "Privacy and Security in Firebase" and "Terms of Service for Firebase Services" for relevent services used by Well Ping (Firebase Authentication and Firebase Realtime Database).
Data in Firebase Realtime Database is encrypted at rest. See https://firebase.google.com/support/privacy/#data_encryption.
Only the Firebase project Owner and the project members they grant permissions to (learn more here) have access to the entire Firebase Realtime Database.
Each participant has read and write access to their own ping responses (but not others' ping responses) stored in the Firebase Realtime Database.
Firebase services encrypt data in transit using HTTPS. See https://firebase.google.com/support/privacy/#data_encryption.