Privacy Policy
Version 1.0 —
This Privacy Policy describes how the Developer ("we," "us," or "our") collects, uses, and shares information when you use Our Service (the "Service"). By using the Service, you agree to the collection and use of information in accordance with this policy.
This Privacy Policy is available at all times within the Service and on our website.
Data Minimization & Purpose Limitation: We adhere to the principles of data minimization and purpose limitation. We collect only the personal data that is necessary for the specific purposes described in this Privacy Policy. We do not process personal data in a manner that is incompatible with those purposes, and we do not retain data longer than necessary to fulfill those purposes.
Information We Collect
Information You Provide
- Contact information: Email address, name (if provided)
- User-generated content: Any content you create or upload within the Service
- Communications: Messages you send to us (support requests, feedback)
Account Information
- Registration data: Email, username, profile information
- Authentication data: Login credentials (passwords are hashed and never stored in plaintext)
Information Collected Automatically
- Device information: Device model, operating system and version, unique device identifiers (including Advertising Identifier / IDFA on iOS and Google Advertising ID / GAID on Android, where permitted), mobile network information
- App activity: Features used, actions taken, time and duration of use, screens viewed, in-app search queries, and other interactions within the Service
- Crash logs & diagnostics: Performance data, crash reports, error logs
- IP address & location: We collect approximate (coarse) location information derived from your IP address. We do not collect precise (GPS-based) location data unless specifically disclosed within the Service and only with your explicit permission
Financial Information
- Purchase history: Records of in-app purchases and subscriptions
- Transaction data: Payment confirmations from app stores (we do not collect or store payment card details; payments are processed by Apple App Store or Google Play Store)
Legal Basis for Processing (GDPR)
If you are in the European Economic Area (EEA), UK, or Switzerland, we process your personal data based on the following legal grounds:
- Consent: Where you have given us explicit consent to process your data for specific purposes
- Contractual necessity: Where processing is necessary to perform our contract with you (providing the Service)
- Legitimate interest: Where processing is necessary for our legitimate interests and those interests are not overridden by your fundamental rights and freedoms. We rely on legitimate interest for: (a) improving and optimizing the Service based on aggregate usage analytics; (b) preventing fraud, abuse, and security threats; (c) communicating service-related updates. Before relying on legitimate interest, we conduct a balancing test weighing our interests against the potential impact on your rights. You have the right to object to processing based on legitimate interest at any time (see "Your Rights" section below)
- Legal obligation: Where we need to process your data to comply with a legal obligation
How We Use Your Information
We use the information we collect for the following purposes:
- Providing and maintaining the Service: Operating core features and functionality
- Improving the Service: Analyzing usage patterns, fixing bugs, developing new features
- Communications: Responding to your inquiries, sending service-related notices
- Safety and security: Detecting, preventing, and addressing fraud, abuse, and technical issues
- Legal compliance: Fulfilling legal obligations and enforcing our Terms
We process your personal data only for the purposes stated above. We will not use your personal data for any purpose that is materially different from or incompatible with the original purpose of collection without providing you with notice and, where required by law, obtaining your consent.
Cookies & Tracking Technologies
We and our third-party service providers may use the following technologies to collect information about your use of the Service:
- Device identifiers: Advertising identifiers (IDFA on iOS, GAID on Android), unique device IDs, and installation identifiers
- Local storage: Data stored locally on your device, including app preferences and session data
- Analytics SDKs: Code integrated into the Service that collects usage data, performance metrics, and crash diagnostics
- Server-side analytics: Our servers may log requests made by the Service, which may include your IP address, request timestamps, API endpoints accessed, and response data, used for security monitoring, performance optimization, and debugging
- Advertising SDKs: Third-party code that may collect device information and usage data to deliver targeted advertisements
- Tracking pixels and web beacons: Technologies used by advertising partners to measure ad effectiveness
Tracking (Apple Definition)
Under Apple's App Tracking Transparency framework, "tracking" refers to linking data collected from the Service with third-party data for targeted advertising or advertising measurement purposes, or sharing data with a data broker. We will request your permission via the ATT prompt before engaging in any such tracking on iOS 14.5 and later. If you deny tracking permission, we will not link your data with third-party data for these purposes.
You can control certain tracking technologies through your device settings. See the "Your Rights" section below for details on opting out.
Advertising & Tracking Technologies
Our Service may display advertisements provided by third-party ad networks. These networks may use cookies, device identifiers, and similar technologies to collect information about your activity within the Service and across other apps and websites to provide you with targeted advertising.
Advertising Partners
Our advertising partners may include (but are not limited to):
- Google AdMob / Ad Manager — Privacy Policy
- Meta Audience Network — Privacy Policy
- Unity Ads — Privacy Policy
- Adjust / AppsFlyer / Branch (attribution and deep linking) — Refer to the respective service's privacy policy
Opting Out of Personalized Ads
- iOS: Settings > Privacy > Tracking; or Settings > Privacy > Apple Advertising
- Android: Settings > Google > Ads > Opt out of Ads Personalization
Data Sharing & Third Parties
We do not sell your personal information as that term is traditionally understood (i.e., in exchange for monetary consideration). Under certain privacy laws such as the CCPA/CPRA, the use of third-party advertising technologies may be considered a "sale" or "sharing" of personal information. Please see "Do Not Sell or Share" below for details.
We may disclose information with third parties only in the following circumstances:
- Service providers: Companies that help us operate the Service (analytics, cloud hosting, crash reporting)
- Legal requirements: When required by law, subpoena, or legal process
- Safety: To protect the rights, property, or safety of our users or the public
- Business transfers: In connection with a merger, acquisition, or sale of assets
All third-party service providers that process personal data on our behalf are bound by data processing agreements that require them to process personal data only on our documented instructions, implement appropriate security measures, and comply with applicable data protection laws.
Data Collection vs. Data Sharing
For purposes of Google Play's Data Safety disclosures: "collected" means data transmitted off your device to us, and "shared" means data transferred to third parties. The following data types may be shared with third parties as described in this section: device identifiers, crash diagnostics, and app usage data. All other data types listed above are collected by us but not shared with third parties except as required by law.
Data Linked to Your Identity
The following data may be linked to your identity (i.e., associated with your account, email, or user ID): contact information, user-generated content, purchase history, and communications.
Data Not Linked to Your Identity
The following data is collected in a form that is not linked to your identity: crash logs and diagnostics, aggregate usage analytics, and performance data.
Third-Party SDKs
The Service may include third-party software development kits (SDKs) that independently collect data. Common SDKs that may be integrated include:
- Firebase / Google Analytics for Firebase (analytics, crash reporting, performance monitoring) — Privacy Info
- Apple frameworks (StoreKit, CloudKit, SKAdNetwork) — Privacy Info
- Sentry / Crashlytics (crash reporting and error tracking) — Sentry Privacy Policy | Crashlytics Privacy Info
- RevenueCat (subscription management and analytics) — Privacy Policy
- Google AdMob / Ad Manager (advertising) — Privacy Policy
- Meta SDK / Audience Network (advertising, attribution) — Privacy Policy
- Unity Ads (advertising) — Privacy Policy
Each third-party SDK may collect data as described in their respective privacy policies. We require our third-party service providers to process personal data only in accordance with our instructions and applicable data protection laws.
Do Not Sell or Share My Personal Information (CCPA/CPRA)
If you are a California resident, you have the right under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) to opt out of the "sale" or "sharing" of your personal information.
We do not sell personal information as defined by the CCPA/CPRA. If we use third-party advertising that constitutes "sharing" under CPRA, you may opt out by contacting us at support@example.com.
Categories of Personal Information (CCPA/CPRA Disclosure)
In the preceding 12 months, we have collected the following categories of personal information as defined by the CCPA/CPRA:
- Identifiers: Name, email address, unique device identifiers, IP address — Collected: Yes | Sold: No | Shared: No | Disclosed for business purpose: Yes (to service providers)
- Internet or other electronic network activity: Usage history within the Service, interactions, crash logs — Collected: Yes | Sold: No | Shared: No | Disclosed for business purpose: Yes (to analytics/crash reporting providers)
- Geolocation data: Approximate location from IP address — Collected: Yes | Sold: No | Shared: No | Disclosed for business purpose: No
- Commercial information: Purchase and subscription records — Collected: Conditional | Sold: No | Shared: No | Disclosed for business purpose: Yes (to payment processors)
Right to Limit Use of Sensitive Personal Information
If we collect sensitive personal information (such as precise geolocation, racial or ethnic origin, religious beliefs, or the contents of communications), you have the right to limit our use and disclosure of such information to what is necessary to provide the Service.
Financial Incentives
We do not offer financial incentives (such as price or service differences) in exchange for the retention, sale, or sharing of your personal information.
Do Not Track & Global Privacy Control
Some browsers transmit "Do Not Track" (DNT) signals. As there is no common industry standard for DNT, we do not currently respond to DNT signals. However, we honor the Global Privacy Control (GPC) signal as a valid opt-out of the "sale" or "sharing" of personal information under the CCPA/CPRA.
Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.
- Account data: Retained while your account is active. Upon receipt of a valid deletion request, we will delete or anonymize your account data without undue delay and in any event within 30 days, unless retention is required by law or for the establishment, exercise, or defense of legal claims
- Usage analytics: Retained in aggregate (non-identifiable) form indefinitely
- Crash logs: Retained for up to 90 days
- Legal records: Retained as required by applicable law
Where we retain data in aggregate or de-identified form, we implement technical safeguards and business processes that prohibit re-identification, and we make no attempt to re-identify such data.
Data Security
We implement appropriate technical and organizational measures to protect your personal information, including:
- Encryption of data in transit using TLS/SSL
- Secure data storage with access controls
- Regular security assessments
However, no method of transmission over the Internet or electronic storage is 100% secure. While we cannot guarantee absolute security, we are committed to promptly investigating and responding to any suspected or actual breach of security.
Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:
- Notify the relevant supervisory authority: Without undue delay and, where feasible, no later than 72 hours after becoming aware of the breach (as required by GDPR Article 33), or within the timeframe required by applicable law
- Notify affected individuals: Without undue delay where the breach is likely to result in a high risk to your rights and freedoms, or as required by applicable law
- Document the breach: Maintain records of all data breaches, including facts, effects, and remedial actions taken
Notification will include, to the extent possible: the nature of the breach, the categories and approximate number of individuals affected, the likely consequences, and the measures taken or proposed to address the breach.
Specific notification timeframes by jurisdiction:
- EEA/UK (GDPR): Within 72 hours to the supervisory authority; without undue delay to affected individuals if high risk
- California (CCPA/CPRA): In the most expedient time possible and without unreasonable delay
- Brazil (LGPD): Within a reasonable time to the ANPD and to affected individuals
Your Rights
For All Users
- Access: Request a copy of the personal data we hold about you
- Deletion: Request deletion of your personal data via our Data Deletion page
- Correction: Request correction of inaccurate data
Additional Rights (GDPR — EEA/UK/Swiss Residents)
- Portability: Request your data in a structured, machine-readable format
- Restriction: Request restriction of processing
- Objection: Object to processing based on legitimate interest
- Object to direct marketing: Object at any time to the processing of your personal data for direct marketing purposes, including profiling related to such marketing
- Withdraw consent: Withdraw consent at any time where processing is based on consent
- Lodge a complaint: File a complaint with your local data protection authority. A list of EU/EEA data protection authorities is available at EDPB Members. UK residents may contact the Information Commissioner's Office (ICO)
Additional Rights (CCPA/CPRA — California Residents)
- Right to Know: Request disclosure of what personal information we collect, use, and share
- Right to Delete: Request deletion of personal information
- Right to Opt-Out: Opt out of the sale or sharing of personal information
- Right to Non-Discrimination: We will not discriminate against you for exercising your rights
- Authorized Agent: You may designate an authorized agent to submit a request on your behalf. The authorized agent must provide proof of authorization (such as a power of attorney or signed written authorization). We may require you to verify your own identity directly before processing the agent's request
We will respond to your verifiable consumer request within 45 days of receipt. If we need additional time (up to an additional 45 days), we will inform you of the reason and the extension period in writing.
Additional Rights (LGPD — Brazilian Residents)
If you are a resident of Brazil, the Lei Geral de Protecao de Dados (LGPD) provides you with additional rights including: confirmation and access to your data, correction, anonymization/blocking/deletion of unnecessary data, portability, deletion of data processed with consent, information about sharing, revocation of consent, opposition to non-compliant processing, and review of automated decisions.
Verifying Your Identity
To protect your privacy and security, we may need to verify your identity before processing your request. We may ask you to provide information that matches our records. If we cannot verify your identity, we may not be able to fulfill your request. We will not charge you a fee to process your request unless the request is manifestly unfounded or excessive.
To exercise any of these rights, contact us at support@example.com.
Children's Privacy
The Service is not directed to children under the age of 13 (or the applicable age of digital consent in your jurisdiction, which may be as high as 16 in certain EEA member states, 13 in the UK, or 12 in Brazil under LGPD). We do not knowingly collect personal information from children under the applicable age of consent. If we become aware that a child under the applicable age has provided us with personal information without valid parental or guardian consent, we will take steps to delete such information promptly.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@example.com.
Enhanced Children's Privacy Protections (COPPA)
Our Service complies with the Children's Online Privacy Protection Act (COPPA) and applicable regulations.
- We obtain verifiable parental consent before collecting personal information from children under 13
- Parents can review, modify, or request deletion of their child's personal information
- We do not condition a child's participation on providing more personal information than is reasonably necessary
- We do not serve behavioral advertising to children
- We maintain confidentiality, security, and integrity of information collected from children
- We retain children's personal information only as long as necessary to fulfill the purpose for which it was collected
Automated Processing
We may use automated systems to help detect fraud, enforce our terms, and ensure the security of the Service. These automated systems do not make decisions that produce legal effects or similarly significant effects on you without human review.
Under GDPR, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. To exercise this right, contact us at support@example.com.
AI & Machine Learning
Our Service may use artificial intelligence (AI) and machine learning (ML) technologies to provide and improve the Service. This may include:
- Content recommendations and personalization
- Automated content moderation
- Feature optimization based on usage patterns
International Data Transfers
Your information may be transferred to and processed in countries other than your own, including the United States and other countries where our service providers operate. These countries may have data protection laws that differ from the laws of your country.
When we transfer personal data from the EEA, UK, or Switzerland to countries not deemed to provide an adequate level of data protection, we rely on the following safeguards:
- Standard Contractual Clauses (SCCs): We use the European Commission's approved Standard Contractual Clauses (including the UK Addendum where applicable) as the primary transfer mechanism
- Adequacy decisions: Where the European Commission or UK Secretary of State has determined that a country provides an adequate level of data protection
- Supplementary measures: Where required, we implement additional technical measures (such as encryption) and organizational measures (such as access controls and data processing agreements) to ensure an essentially equivalent level of protection
You may request a copy of the applicable transfer mechanism by contacting us at support@example.com.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page, updating the "Last updated" date, and, where practicable, notifying you through the Service (e.g., via in-app notification or push notification) or by email. For material changes that affect how we process your personal data or your rights, we will provide notice at least 30 days before the changes take effect.
Your continued use of the Service after the effective date of any updated Privacy Policy constitutes your acceptance of the changes.
Contact Information
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:
Email: support@example.com