Privacy Policy

1. Who We Are

TechSecLab.com ("Team", "we", "our", "us") is a professional application R&D team. We create and operate utility applications, including focus tools, habit trackers, inspiration capture tools, daily decision tools, mood logging tools, and device status monitoring tools. We also provide app design consulting and full-cycle utility app R&D consulting services.

Team Name: TechSecLab.com
Business Support: support@techseclab.com
Contact: contact@techseclab.com
Address: Hoa Lac Hi-tech Park, Hanoi, Vietnam

2. Scope and Applicability

This Privacy Policy applies when you download, install, open, register, purchase, or otherwise use our applications and related services. It applies globally, subject to mandatory local legal requirements in your jurisdiction.

3. Information We Collect

3.1 Information You Provide Directly

• Account data such as email, display name, profile information, authentication credentials, and preferences.
• Customer support messages, bug reports, and user feedback submitted by email or in-app forms.
• Content that you intentionally create within app features, such as notes, logs, and custom settings.

3.2 Information Collected Automatically (including IAA workflows)

• Device identifiers and technical signals: IDFA (iOS, where permitted), GAID/AAID (Android), app instance ID, device model, OS version, language, and time zone.
• Usage and telemetry data: session length, feature usage, click events, ad impressions, ad clicks, conversion events, crash logs, diagnostics, and fraud indicators.
• Network and security metadata: IP-derived region, coarse geolocation, anti-abuse markers, and request integrity data.

3.3 Purchase Data (IAP workflows)

• We do not directly receive or store your full card number.
• Payments are processed by Apple and Google billing systems or other compliant store operators.
• We receive transaction IDs, purchase status, subscription status, and entitlement signals required to deliver purchased content.

3.4 Sensitive Categories

We do not intentionally collect special-category sensitive personal data unless strictly required by a specific feature and permitted by law, with explicit notice and consent where required.

4. Why We Use Information

• Service delivery: app functionality, account authentication, content sync, and entitlement verification for IAP virtual goods and subscriptions.
• Advertising and analytics (IAA): showing personalized or non-personalized ads, measuring ad performance, and improving monetization quality.
• Security and integrity: detecting fraud, abuse, cheating, unauthorized automation, and malicious attacks.
• Product improvement: identifying usability issues and enhancing stability and performance.
• Legal and compliance operations: fulfilling statutory obligations, policy enforcement, dispute handling, and audit logging.

5. Legal Bases for Processing (where applicable)

• Performance of contract: to provide app services you request.
• Legitimate interests: service security, quality monitoring, and fraud prevention, balanced against your rights.
• Consent: ad personalization, cross-app tracking, and optional analytics where required by law.
• Legal obligation: compliance with tax, accounting, safety, consumer, and law-enforcement requirements.

6. Advertising, SDKs, and Third-Party Partners

Our apps may integrate one or more advertising, analytics, attribution, crash-reporting, and mediation SDKs. Depending on app version and region, partners may include AdMob, Google Ad Manager, AppLovin MAX, Unity Ads, ironSource LevelPlay, Meta Audience Network, Mintegral, Pangle (TikTok for Business), Chartboost, Vungle/Liftoff Monetize, InMobi, Fyber, Smaato, Start.io, Moloco, Tapjoy, and other compliant providers.

Supported ad formats may include App Open ads (splash/startup), rewarded video ads, interstitial ads, banner ads, native ads, and offerwall-style placements where allowed by store policy.

• Advertising partners may process identifiers and behavioral signals to deliver relevant or contextual ads.
• Attribution and analytics providers may process campaign, install, and event-level data for measurement.
• We contractually require partners to meet security and privacy standards at least equivalent to this policy.
• Partner lists may evolve; updated disclosures are reflected in app store privacy forms and in-app notices.

7. Cross-Border and International Data Transfers

Because we serve users globally, your information may be processed outside your country of residence. For transfers from regions with transfer restrictions, we rely on legally recognized mechanisms such as Standard Contractual Clauses (SCCs), supplemental technical controls, and equivalent safeguards as required.

8. Children and Age Policies

• We configure age ratings in accordance with App Store and Google Play requirements.
• We do not knowingly collect personal data from children under 13 (US) or under 16 (EU) unless lawfully permitted with guardian authorization.
• Where required by 2026 age-verification laws (including relevant US states), we may use platform APIs and age-gating workflows to verify eligibility.
• When a user is identified or reasonably inferred as underage, personalized ads are disabled by default and data processing is minimized.
• For child-directed or mixed-audience contexts, we apply COPPA and GDPR-K compliant safeguards including restricted tracking modes.

9. ATT, Consent, and User Choice

• On iOS, tracking across apps and websites is subject to App Tracking Transparency (ATT) authorization.
• In GDPR-like regions, users are provided with consent controls for ad personalization and optional analytics cookies/SDK behaviors where applicable.
• Users can opt out of targeted advertising through in-app settings and/or operating system settings (for example, "Allow Apps to Request to Track" on iOS, ad ID controls on Android).
• Withdrawal of consent does not affect prior lawful processing.

10. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this policy, unless a longer period is required by law. Retention periods may vary by data type (account records, security logs, support tickets, billing verification metadata, and legal hold records).

11. Data Security

• Encryption in transit using TLS/SSL and secure channel enforcement for production endpoints.
• Role-based access control, least-privilege operational policies, and administrative access auditing.
• Data minimization, pseudonymization/de-identification where feasible, and secure backup practices.
• Continuous monitoring, vulnerability management, and incident response procedures.
• Google Play Data Safety alignment including declaration of encrypted transfer and applicable deletion options.

12. Your Privacy Rights (GDPR, CCPA/CPRA, LGPD and Similar Laws)

Depending on your region, you may have one or more of the following rights:

• Right to know/access: request a copy of personal data we hold about you.
• Right to correction: request correction of inaccurate data.
• Right to deletion (right to be forgotten): request deletion of eligible personal data.
• Right to portability: request structured export where technically feasible.
• Right to opt out of certain processing, including targeted advertising or sale/sharing under applicable law.
• Right to non-discrimination for exercising legal privacy rights.

To exercise rights, contact: contact@techseclab.com. We may verify identity before processing requests and may deny requests where legally permitted.

13. Account Deletion and Data Deletion Requests

Where supported, you may request account deletion through in-app settings. You may also contact us by email. Upon validated deletion, associated personal data will be deleted or irreversibly anonymized unless retention is legally required. Virtual items tied to deleted accounts may become permanently unavailable.

14. Do Not Sell or Share / Regional Signals

In regions where "sale" or "sharing" definitions apply, we provide opt-out mechanisms as required. Where technically supported, we process legally recognized privacy preference signals and internal suppression rules.

15. Third-Party Links and Content

Our apps may contain links, ads, or content supplied by third parties. Their privacy practices are governed by their own policies, and we encourage you to review those policies directly.

16. Policy Updates

We may update this Privacy Policy from time to time to reflect legal, technical, or business changes. Material changes will be communicated through store listing updates, in-app notices, or website announcements where appropriate.

17. Contact Information

For questions, feedback, complaints, or reports regarding this Privacy Policy:

• Business Support: support@techseclab.com
• Customer Contact: contact@techseclab.com
• Address: Hoa Lac Hi-tech Park, Hanoi, Vietnam

18. Developer Operational Recommendations (Compliance Patch)

• Google Play Data Safety: clearly declare encrypted data transfer and whether an account/data deletion URL is provided.
• Age Gate implementation: at first launch, use an age-threshold prompt (without collecting exact birthdate) to switch privacy and ad-personalization levels automatically.
• Language coverage for global release: provide at least an English legal version, and add local-language legal texts for markets such as Japan, Korea, and EU member states where required.