Legal and Compliance
Privacy Policy (Global Compliance Upgrade)
This Privacy Policy is part of the Application R&D Team Privacy Policy and User Service Agreement.
It applies to all behaviors related to downloading, installing, and using our mobile applications
distributed through APPstore, Google Play, and other compliant channels. Our products support both
IAA (advertising monetization) and IAP (in-app purchase) models while adhering to global privacy,
age-protection, and data-security obligations.
I. Policy General Provisions
1.1 Purpose and legal basis
This Policy clearly explains the scope, method, purpose, storage, transfer, and disclosure rules
for personal information handled by us. We strictly follow the principles of legality, legitimacy,
necessity, and good faith. We align with major global frameworks, including but not limited to:
the Personal Information Protection Law of the People’s Republic of China (PIPL), EU GDPR,
California CCPA/CPRA, Brazil LGPD, APPstore and Google Play review requirements,
and GB/T 35273-2020 Personal Information Security Specification. We do not collect personal
information unrelated to product functions and never abuse or leak user information.
1.2 Global scope and stricter local law priority
This Policy covers all users worldwide. Region-specific differences are adapted through explicit
clauses in this Policy. If your local law is stricter, local law and platform requirements prevail.
1.3 User consent and rights safeguards
You have the right to access, correct, delete, and request anonymization of your personal information,
as well as withdraw consent. We provide efficient operation paths. Consent dialogs are presented
as opt-in by default (not pre-checked). We proceed only after your active confirmation.
II. Scope and Methods of Personal Information Collection
2.1 Core necessary information (required for core functions)
-
Device information: device model, operating system version, device identifiers
(IMEI, IDFA, Android ID, and similar identifiers handled through anonymization),
MAC address, screen resolution, network type (Wi-Fi/mobile).
Purpose: product adaptation, core function stability, fault diagnosis, and security protection,
under minimum-necessity collection principles.
-
App usage information: feature modules used, usage duration, operation records,
feature preferences. Purpose: product optimization, user experience enhancement,
optional personalized recommendations (can be turned off), and monetization analytics,
all under minimum-necessity principles.
2.2 Optional information (not required for core functions)
-
Personal identity information: name, email, phone number; used for account registration,
password recovery, IAP verification, and customer support communication.
Anonymous usage is supported and no forced collection is applied.
-
Location information: collected only for scenario-based features after manual authorization.
Authorization can be withdrawn at any time in system settings.
We do not proactively track real-time location beyond scenario necessity.
-
Album/file permissions: used only for save/upload functions with manual authorization.
Authorization can be withdrawn at any time.
We do not access files or photos you did not actively choose to provide.
2.3 Information collected by third parties (monetization and distribution adaptation)
For IAA monetization, we may integrate globally compliant ad platforms, including but not limited to
Google AdMob, Google Ad Manager, Meta Audience Network, AppLovin MAX, Unity Ads, ironSource,
Mintegral, Liftoff/Vungle, Chartboost, InMobi, Pangle (TikTok for Business), Smaato, PubMatic,
Moloco, Yandex Ads, Amazon Publisher Services, Start.io, and other compliant mediation partners.
These platforms may collect device information, app usage signals, ad impressions, and click events
for ad delivery and performance optimization. Their processing is governed by their own privacy policies
and applicable laws. We contractually restrict third-party collection scope to ad-service necessity.
For IAP monetization, APPstore and Google Play process payment information such as payment account
and transaction records. We do not directly obtain your sensitive payment credentials and only receive
transaction status/verification results necessary to deliver purchased features.
2.4 Collection methods and informed consent
Personal information is collected only through your active authorization and operation
(registration, upload, check-in, purchase, permission grant) or through automatic collection
limited to necessary data. We never use hidden, deceptive, or manipulative collection methods.
Before collection, we disclose purpose, scope, usage, and retention period and proceed only after
clear consent, without pre-checked consent or forced authorization.
III. Purpose and Scope of Personal Information Use
3.1 Core product operation
Personal information is used to provide full product functionality, maintain stability,
perform diagnostics, and continuously optimize service quality for utility and productivity scenarios.
We do not use personal information for unrelated purposes.
3.2 Monetization-related use
IAA: ad delivery and effectiveness analysis. Interest-based ad controls may be provided where required,
and can be disabled through in-app settings when technically supported.
IAP: purchase verification, order management, and transaction queries.
We comply with Apple ATT requirements, Android privacy-sandbox direction,
and regional legal obligations.
3.3 Optimization and security
We analyze usage data to improve interface structure and operation flow,
and to detect abnormal login, malicious behavior, abuse, or fraud,
protecting user accounts and ecosystem integrity.
3.4 Compliance and audit
We retain relevant records as required by laws, distribution platforms, and monetization partners,
and cooperate with lawful audits, supervision, and regulatory inspections.
3.5 Prohibited use
- We do not sell, rent, or unlawfully share personal information.
- We do not process personal information for purposes unrelated to product functions and lawful monetization.
- We do not engage in unlawful behavior through personal information processing.
IV. Storage and Data Security Measures
4.1 Storage location
We follow a local-storage-first principle. By default, personal information is stored on your device.
If you actively enable cloud backup, data may be stored on compliant cloud infrastructure.
Regional data-localization requirements are respected. For EU users, EU data localization measures
are applied when required by law and product architecture.
4.2 Retention period
We retain personal information only for the minimum reasonable period required to fulfill the purposes
described in this Policy. After expiry, data is anonymized or deleted. You may manually delete data anytime.
After account deletion, all personal information is permanently removed within 15 working days,
except where retention is legally required.
4.3 Security controls
- Encryption at rest (including AES-256-based schemes where applicable).
- Encryption in transit (HTTPS/TLS).
- Access control, least privilege, logging, and security auditing.
- Regular security testing, risk assessments, and governance review.
- Confidentiality agreements with employees and third-party processors.
- Alignment with ISO27001 and ISO27701-oriented governance practices.
4.4 Data incident response
If a personal information incident occurs, we activate emergency response immediately,
take remedial action, contain impact, and provide notifications to affected users and competent
authorities within legal timelines (including the GDPR 72-hour framework where applicable),
with explanation of cause, remediation, and prevention plan.
V. Personal Information Transfer and Disclosure
5.1 Transfer scope and security
Information transfer is limited to necessity among app products, compliant cloud services,
third-party monetization platforms, and APPstore/Google Play distribution services.
Transfers are encrypted and constrained by minimum-necessity principles.
5.2 Disclosure scenarios
-
Disclosure with your explicit consent, such as authorized third-party login or content sharing.
-
Necessary disclosure to compliant monetization and distribution platforms for ad and purchase workflows,
limited to essential data and excluding unnecessary sensitive information.
-
Disclosure required by laws, courts, regulators, or lawful authorities under due process.
-
Necessary disclosure to protect rights, security, and anti-fraud operation integrity.
5.3 Cross-border transfer
For cross-border transfer, we comply with applicable laws and mechanisms, including GDPR adequacy
frameworks, standard contractual clauses, security assessments, certification models,
and relevant Chinese cross-border data compliance requirements.
We do not transfer personal information to jurisdictions lacking required legal safeguards.
VI. Region-Specific Privacy Policy Adaptation Clauses
6.1 European Union (GDPR adaptation)
- Support rights to information, access, rectification, erasure, consent withdrawal, and data portability.
- Establish data protection governance and breach-notification mechanisms.
- Apply EU data storage and transfer safeguards required by law.
- Accept supervision by competent EU data authorities where applicable.
6.2 United States (CCPA/CPRA adaptation)
- Users may request categories of data collected and used.
- Users may request deletion and opt out from certain targeted advertising scenarios where required.
- We provide a clear “Do Not Sell or Share My Personal Information” pathway where legally required.
- We comply with COPPA and do not knowingly collect personal data from children under 13.
6.3 China (PIPL and related adaptation)
- Strict adherence to legality, legitimacy, necessity, and good faith principles.
- Explicit informed consent before collection and transparent purpose disclosure.
- User rights to access, correction, deletion, and withdrawal are fully supported.
- Cross-border handling and compliance-audit obligations are followed as required by applicable regulations.
6.4 Brazil (LGPD adaptation)
- Clear authorization basis and rights to access, correction, and deletion.
- Security governance and incident prevention controls are implemented.
- Local filing/registration and operational requirements are respected before service rollout where required.
6.5 Southeast Asia adaptation
- Alignment with local filing and policy obligations (such as Thailand ETDA and Singapore regulatory expectations).
- Compliance-first launch standards for app distribution and operation in local markets.
6.6 Other regions
We adapt to local privacy laws and prioritize stricter rules where conflicts arise,
continuously closing compliance gaps and accepting lawful supervision.
VII. Age Policy Adaptation (Global + Regional Supplements)
7.1 Global baseline
-
Services are not offered to children under 13. If discovered, service is terminated and related
personal information is deleted promptly.
-
Users aged 13 to 18 must use services with guardian consent where required by law.
Guardians may request access, correction, deletion, and service termination for minors.
-
Content and advertising are reviewed to avoid violent, sexual, vulgar, unlawful,
or otherwise age-inappropriate content.
7.2 Regional supplements
If local law defines a different child/minor threshold (for example under 16 in some jurisdictions),
local law prevails and corresponding safeguards are applied.
VIII. User Privacy Rights and Operational Paths
8.1 Rights
- Right to know, access, rectify, erase, and withdraw consent.
- Right to request data portability where legally applicable.
- Right to submit complaints regarding privacy processing.
8.2 Operational paths
-
Access/Correction/Deletion: App > "My" > "Privacy Settings" > "Personal Information Management".
-
Permission Withdrawal: App > "My" > "Privacy Settings" > "Permission Management",
or revoke directly in system settings.
-
Account Deletion: App > "My" > "Account Settings" > "Delete Account".
We delete personal information according to this Policy except legal retention obligations.
-
Privacy Complaint: App > "My" > "Service Center" > "Privacy Complaint".
We respond within 3 working days and provide handling results within 7 working days.
IX. Privacy Policy Updates and Notification
9.1 Update basis
We may update this Policy according to legal changes, platform rules, monetization requirements,
product evolution, and regulatory obligations. Updates will not reduce our privacy responsibilities
or weaken user protection standards.
9.2 Notification and user choice
Updates are communicated through in-app popups, notifications, or announcements.
Continued use means acceptance of updated terms.
If you disagree, you may stop using the service and uninstall the app,
after which we stop relevant processing and delete data as legally permitted.
X. Disclaimer
-
We are not liable for losses directly caused by force majeure events
(such as earthquakes, floods, typhoons, network outages, large-scale server failures),
but we will make best efforts to mitigate impact and notify users.
-
We are not liable for losses caused by your own improper operation
(such as password leakage, authorizing untrusted third parties, or device loss).
-
If third-party monetization platforms, distribution platforms, or cloud providers violate regulations,
such third parties bear corresponding legal responsibility; we will assist users in rights protection.
-
We are not liable for lawful disclosures required by legal authorities under due process.
-
If loss is caused by false or incomplete information voluntarily provided by you,
related responsibility shall be borne by you.
Contact for privacy questions and complaints
Team Name: compliancedevxuyen.com
Business Support: support@compliancedevxuyen.com
Contact Email: contact@compliancedevxuyen.com
Legacy Agreement Mailbox: contact@rcompliancedevxuyen.com
Address: Hoa Lac Hi-Tech Park, Hanoi, Vietnam
