codesmartdev.com

Privacy Policy (Global Compliance Version)

Last Updated: April 27, 2026

This Privacy Policy is part of the integrated legal framework between our team ("Team", "we", "us") and users ("User", "you"). It applies to all acts of downloading, installing, accessing, and using any application released by us globally through App Store, Google Play, and other compliant marketplaces.

0. Scope, Compatibility, and Applicable Standards

This document is drafted to be compatible with 2026 international compliance requirements and platform governance, including but not limited to:

  • Apple App Store Privacy Nutrition Labels, Apple App Tracking Transparency (ATT), and associated age-rating and content policy rules.
  • Google Play Data Safety Section requirements, Families Policy, target audience declarations, and policy requirements for advertising IDs and data sharing transparency.
  • EU General Data Protection Regulation (GDPR), including data subject rights and lawful processing.
  • US CCPA/CPRA and relevant state privacy and age-verification updates (including states that require enhanced age assurance measures in 2026).
  • Brazil Lei Geral de Protecao de Dados (LGPD).
  • Child and teen privacy frameworks, including COPPA, GDPR-K, and equivalent regional protections.

1. Information We Collect

We collect information under lawful, fair, and necessity principles. Categories include:

1.1 Information You Provide

  • Account registration and profile information (where account functions exist).
  • Customer support requests, complaint reports, and feedback records.
  • Voluntary communications sent to support@codesmartdev.com or contact@codesmartdev.com.

1.2 Automatically Collected Information (Especially in IAA Scenarios)

  • Device identifiers and device signals: IDFA (iOS, where permitted), GAID/AAID (Android, where available), vendor/device identifiers, model, OS version, locale, app version, and network type.
  • Usage and engagement data: feature interactions, session duration, ad impression events, ad clicks, conversion indicators, retention signals, and in-app navigation logs.
  • Diagnostics and security logs: crash logs, error traces, anti-fraud markers, and abuse-detection events.

1.3 Payment Information (IAP)

  • We do not directly collect or store your full card number.
  • Purchases are processed by Apple and Google billing systems or other compliant store payment providers.
  • We receive transaction metadata such as order ID, product ID, purchase status, and refund status to deliver entitlements.

2. Purposes of Processing

  • Service delivery and operations: maintain core app functions, cloud synchronization, account support, and IAP entitlement delivery.
  • Advertising and analytics (IAA): show personalized or non-personalized ads based on consent and legal basis; measure ad campaign quality and fraud signals.
  • Security and abuse prevention: detect cheating, bot traffic, invalid ad interactions, and malicious attacks.
  • Legal and compliance obligations: fulfill obligations under platform rules and applicable privacy laws.

3. Legal Bases (Where Required by Law)

  • Contract necessity: to provide requested app features and purchases.
  • Consent: for tracking, personalized advertising, and optional analytics where required.
  • Legitimate interests: service improvement, fraud prevention, and operational reliability, balanced against user rights.
  • Legal obligations: retention, disclosure, and incident response required by law.

4. Third-Party Services, SDKs, and Data Sharing

To operate ad monetization, analytics, attribution, and infrastructure, we may integrate third-party services. Depending on app configuration, these may include:

  • Google AdMob, Google Ad Manager, Google Ads, and Google Mobile Ads SDK.
  • AppLovin / MAX mediation, Unity Ads, ironSource, Liftoff Monetize (formerly Vungle), Mintegral, Pangle, Chartboost.
  • Meta Audience Network, TikTok for Business / Pangle ecosystem components, InMobi, Digital Turbine / Fyber.
  • Amazon Publisher Services, Yahoo DSP components where available, Start.io, Moloco, Smaato, PubMatic, BidMachine.
  • Adjust, AppsFlyer, Singular, Kochava for attribution and anti-fraud.
  • Firebase Analytics, Google Analytics for Firebase, Crashlytics, Sentry, Amplitude, Mixpanel, and similar analytics or diagnostics tools.
  • RevenueCat or equivalent subscription management tooling where used.

Actual SDK combinations vary by app, region, platform, and release channel. We require partners to follow security and privacy standards not lower than this policy and the corresponding laws.

5. Ad Formats and Monetization Logic (IAA)

Our apps may use the following ad formats: App Open Ads, Rewarded Video Ads, Interstitial Ads, and Banner Ads. In some products, native ad formats may also appear. We apply controls to minimize disruption:

  • Frequency capping and placement quality checks.
  • No intentional ad deception or forced invalid clicks.
  • Rewarded ads are optional and clearly disclosed before user action.
  • Regional privacy signals are honored, including ATT and consent framework settings.

6. International Data Transfers

Because we provide services globally, information may be transferred to and stored in countries outside your residence. Where required, we use transfer safeguards such as Standard Contractual Clauses (SCCs), transfer impact assessments, and equivalent mechanisms under applicable law.

7. Children, Teens, and Age Policies

  • Age ratings are configured in line with App Store and Google Play requirements.
  • If you are under 13 (United States) or under 16 (European Union), we do not knowingly collect personal data beyond what is strictly necessary for lawful app operation where permitted.
  • For jurisdictions with mandatory age-assurance controls, including 2026 state-level updates in the United States, we may apply platform-based age verification APIs or age-gate experiences.
  • When required, personalized advertising is disabled by default for minors and privacy-restricted cohorts.

8. Your Rights (GDPR, CCPA/CPRA, LGPD, and Similar Laws)

  • Right of access and portability: request a copy of relevant personal data.
  • Right to deletion (right to be forgotten): request account deletion and associated data erasure, subject to lawful retention exceptions.
  • Right to correction: request correction of inaccurate personal data.
  • Right to object or restrict processing where applicable.
  • Right to opt-out of targeted advertising or sale/share definitions where applicable under regional law.
  • Right to non-discrimination for exercising your legal rights.

You can also manage tracking preferences through OS controls, including iOS "Allow Apps to Request to Track" and Android advertising identifier controls.

9. ATT, Consent, and Regional Preference Signals

  • On iOS, we request tracking permission only through Apple's ATT framework when required.
  • For EU/EEA/UK and similar jurisdictions, we may use consent management flows aligned with applicable transparency and consent frameworks.
  • Where regional law recognizes opt-out preference signals, we implement commercially reasonable mechanisms to honor those signals.

10. Data Security and Retention

  • Data in transit is protected with industry-standard encryption such as TLS/SSL.
  • Access control and least-privilege rules apply to operational systems.
  • Where feasible, pseudonymization or data minimization mechanisms are applied.
  • Retention is limited to the shortest period necessary to fulfill purposes described in this policy and legal obligations.

11. Data Deletion and Account Closure

Where account functions exist, users may request account deletion in-app or by contacting us. We also support deletion requests required by platform rules and legal standards. Some records may be retained for fraud prevention, dispute handling, accounting, or legal compliance as permitted by law.

12. Store Disclosures and Data Safety Statements

We prepare and maintain disclosure materials for:

  • Apple Privacy Nutrition Labels.
  • Google Play Data Safety declarations, including encryption-in-transit disclosure and data deletion options where available.
  • Audience and age suitability declarations.

13. Changes to This Policy

We may update this policy from time to time due to product changes, legal updates, or platform rule revisions. Material changes will be disclosed by updating the effective date and, where required, by in-app notice or equivalent communication.

14. Contact Information

  • Team Name: codesmartdev.com
  • Business Support: support@codesmartdev.com
  • Contact / Complaints: contact@codesmartdev.com
  • Address: Hoa Lac High-Tech Park, Hanoi, Vietnam

If you have questions, feedback, complaints, or reports about privacy, data use, ad compliance, age policy, or account rights, please contact us at the above channels.

15. Important Notice

This policy template is provided for globally aligned operational use. Because legal requirements may evolve rapidly, especially US state privacy and age laws in 2026 and beyond, legal counsel review is recommended before major launches or market expansion.

16. Developer Operational Recommendations (Key Compliance Patches)

16.1 Data Safety Labels

  • In Google Play Console, explicitly declare that data is encrypted in transit.
  • Clearly disclose whether a data deletion link or in-app deletion mechanism is provided.

16.2 Age Gate

  • If the app is not exclusively for children, use an age-gate prompt at first launch to classify users as adult or minor.
  • Do not require full date of birth when unnecessary; use minimum-information confirmation for privacy-sensitive classification.

16.3 Multi-Language Legal Availability

  • For global publication, provide at least an English legal version.
  • For Japanese, Korean, and EU markets, provide localized legal text as required by market and legal expectations.