Privacy Policy

Last Updated: April 27, 2026 | Effective Date: May 1, 2026

1. Information We Collect

1.1 Information You Provide to Us

We collect information you voluntarily provide when you:

• Create an Account: Email address, username, display name, profile picture, password (encrypted/hashed)
• Complete Your Profile: Avatar, bio, preferences, settings
• Make In-App Purchases: Subscription details, purchase history, transaction IDs
• Contact Customer Support: Name, email, device information, communication content, screenshots
• Participate in Surveys: Survey responses, feedback, suggestions
• Use Social Features: Comments, posts, messages, friend lists (if applicable)
• Subscribe to Newsletters: Email address, communication preferences
• Exercise Privacy Rights: Identity verification documents, authorization proof

1.2 Automatically Collected Information (IAA Support)

To support our advertising-based monetization (IAA - In-App Advertising), we and our advertising partners automatically collect:

1.2.1 Device Identifiers

1.2.2 Device Information

• Device model, manufacturer, brand, family
• Operating system (iOS, Android, version)
• Screen size, resolution, pixel density (DPI)
• CPU architecture (arm64, armeabi-v7a, x86, etc.)
• Memory (RAM) capacity and available memory
• Storage capacity and available storage
• Battery level, charging status, battery health
• Network type (WiFi, 4G, 5G, VPN status)
• Carrier information (mobile network operator name, MCC, MNC)
• Language settings, locale, region
• Time zone, current time

1.2.3 Usage & Behavioral Data

• App launches, session start/end times, session duration
• Feature usage (buttons pressed, screens viewed, time spent per screen)
• In-app actions (tasks completed, habits logged, settings changed)
• Interaction with content (scrolls, taps, swipes)
• App version, build number, update history
• First launch date, days since first launch

1.2.4 Advertising-Related Data

• Splash Ad Views: Number of splash ads viewed, completion rate
• Interstitial Ad Views: Number of interstitial ads viewed, positions triggered
• Rewarded Video Ad Views: Number of rewarded videos watched, rewards earned
• Banner Ad Impressions: Number of banner ad impressions, click-through rate
• Native Ad Interactions: Native ad views, engagement metrics
• Ad Click Data: Click timestamps, conversion tracking
• Attribution Data: Which ad network/campaign led to app install

1.2.5 Location Data

• Precise Location (GPS): Only collected with explicit consent for specific features
• Approximate Location: Country, region, city derived from IP address
• Time Zone: Automatically derived from device settings

1.3 Information from In-App Purchases (IAP)

All payment processing is handled exclusively by Apple (App Store Connect) or Google (Play Console Billing). We receive only:

• Transaction ID (unique identifier for each purchase)
• Purchase status (active, expired, refunded, pending)
• Product ID/SKU (identifier for purchased item)
• Transaction date and time (ISO 8601 format)
• Original transaction ID (for subscription renewals)
• Purchase country
• NOTHING ELSE: No credit card numbers, bank details, or billing addresses

1.4 Sensitive Data Policy

We do NOT intentionally collect sensitive personal data including:

• Racial or ethnic origin
• Political opinions or religious beliefs
• Trade union membership
• Genetic data or biometric data (except for device authentication if applicable)
• Health information or medical records
• Sexual orientation or intimate details
• Financial account numbers or government ID numbers

2. Collection Methods & Technologies

2.1 Direct Collection

• Account registration forms
• In-app purchase flows
• Customer support tickets and chat
• Feedback forms and surveys
• Push notification interactions
• Email newsletter sign-ups

2.2 Automated Collection Technologies

• SDKs (Software Development Kits): Integrated into our apps for data collection
• Cookies & Similar Technologies: For web services and web views
• Server logs (HTTP headers, access logs)
• Local storage (UserDefaults, SharedPreferences, SQLite)
• Cache data

2.3 Third-Party Collection

Our advertising and analytics partners collect data through their SDKs integrated into our applications. This includes:

• Device identifiers (IDFA, GAID)
• App usage and engagement metrics
• Advertising performance data
• Install attribution data
• Crash reports and performance data

3. How We Use Your Information

3.1 Core Service Operations

• Providing, maintaining, and improving application functionality
• Processing in-app purchases and delivering virtual goods
• Managing user accounts and authentication
• Synchronizing data across multiple devices
• Delivering push notifications (with consent)
• Providing customer support services

3.2 Personalization & User Experience

• Customizing app interface based on preferences
• Providing personalized content recommendations
• Remembering user settings and preferences
• Adapting user interface based on behavior patterns

3.3 IAA Advertising & Monetization

• Delivering relevant advertisements based on interests and behavior
• Measuring ad effectiveness and attribution
• Frequency capping (limiting how often same ad is shown)
• Sequencing ads (optimal ad order)
• Providing rewarded video ads for virtual goods
• Optimizing ad placement for user experience
• Maximizing ad revenue fill rates
• A/B testing different ad formats and placements

3.4 Analytics & Product Improvement

• Understanding user behavior and preferences
• Identifying popular features and usage patterns
• Diagnosing technical issues and bugs
• A/B testing new features
• Generating aggregated statistics
• Planning product roadmap
• Measuring user retention and engagement

3.5 Security & Fraud Prevention

• Detecting and preventing fraud and cheating
• Identifying unauthorized access attempts
• Monitoring for malicious activity
• Enforcing Terms of Service
• Protecting intellectual property
• Preventing virtual currency abuse

3.6 Legal Compliance

• Responding to legal requests (court orders, subpoenas, warrants)
• Complying with applicable laws and regulations
• Age verification and parental consent management
• Regulatory reporting obligations
• Tax compliance for in-app purchases

3.7 Communication

• Sending service-related notifications
• Responding to support requests
• Marketing communications (with explicit consent)
• Product updates and announcements

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal data only when we have a valid legal basis under GDPR Article 6:

4.1 Consent (Article 6(1)(a))

We rely on consent for processing that is not necessary for contract performance:

• Non-essential cookies and tracking technologies
• Marketing communications via email
• Precise location data collection
• Personalized advertising (in jurisdictions requiring consent)
• Processing of certain categories of data

Consent must be freely given, specific, informed, and unambiguous. You can withdraw consent at any time.

4.2 Contractual Necessity (Article 6(1)(b))

Processing necessary to perform our contract with you:

• Providing core app functionality
• Processing in-app purchases
• Managing your account
• Customer support services
• Delivering purchased virtual goods

4.3 Legitimate Interests (Article 6(1)(f))

Processing for our legitimate business interests, balanced against your rights:

• Analytics and product improvement
• Security and fraud prevention
• Basic advertising (non-personalized)
• Network and information security
• Direct marketing (where permitted)

4.4 Legal Obligation (Article 6(1)(c))

Processing required by law:

• Tax records for in-app purchases
• Regulatory compliance
• Responding to legal requests
• Financial reporting

4.5 Vital Interests (Article 6(1)(d))

Processing necessary to protect someone's life:

• Emergency services integration (if applicable)
• Safety features (if applicable)

5. IAA Advertising & Ad Networks

Our applications generate revenue through In-App Advertising (IAA). This section details how we use advertising to support our free applications and the data involved in this process.

5.1 Types of Advertisements We Display

We integrate the following advertising formats to monetize our free applications:

5.2 How Advertising Works

Our advertising partners use various technologies to deliver relevant advertisements:

• Device Identifiers: IDFA (iOS) and GAID (Android) for delivering targeted ads
• Behavioral Targeting: Based on app usage patterns and user interests
• Contextual Targeting: Based on current app content or user activity
• Geographical Targeting: Based on country/region location
• Frequency Capping: Limits how often users see the same advertisement
• Sequencing: Optimal ad order for user experience

5.3 Advertising SDK Integration

Our applications integrate advertising through SDKs (Software Development Kits) provided by our advertising partners. These SDKs may collect:

• Device identifiers (IDFA, GAID)
• Device information (model, OS version)
• Usage data (app sessions, feature usage)
• Advertising engagement data

5.4 Ad Revenue Sharing

We share a portion of advertising revenue with app distribution platforms (Apple App Store, Google Play) as per their developer agreements. This is standard industry practice for free applications.

6. IAP In-App Purchases

Our applications offer both free and paid features. For paid content, we utilize In-App Purchase (IAP) systems provided by platform operators.

6.1 Supported Purchase Types

• Consumable Purchases: Virtual currency, one-time rewards, consumable items
• Non-Consumable Purchases: Permanent features, ad removal, unlock content
• Subscriptions: Monthly or annual recurring payments for premium features
• Auto-Renewing Subscriptions: Automatically renewed until cancelled

6.2 Payment Processing

All payment processing is handled exclusively by the platform operators. We do NOT handle, store, or process any payment card information.

6.3 Information We Receive from IAP

For purchase fulfillment and service delivery, we receive the following limited information:

• Transaction ID: Unique identifier for each purchase
• Purchase State: Active, expired, refunded, pending
• Product ID: SKU identifier for purchased item
• Purchase Time: Date and time of transaction
• Original Transaction ID: For subscription renewals
• Purchase Country: Country where purchase was made

6.4 Virtual Goods & Currency

Virtual currency and digital goods purchased through IAP:

• Ownership: Digital license, not real-world value
• No Monetary Value: Cannot be exchanged for cash
• Non-Transferable: Cannot be sold or transferred to other users
• Consumed Upon Use: Consumable items are consumed when used

6.5 Refund Policy

Refund requests for IAP purchases:

• Apple Purchases: All refunds processed through Apple at support.apple.com
• Google Purchases: All refunds processed through Google at play.google.com
• Timeline: Refund eligibility varies by platform and time since purchase
• Policy: All purchases are final unless otherwise required by law

7. Third-Party Services & Data Sharing

We share your information with third-party service providers who process data on our behalf. These third parties operate under their own privacy policies and are contractually bound to protect your data.

7.1 Categories of Third Parties

• Advertising networks and mediation platforms
• Analytics and attribution providers
• Cloud infrastructure and backend services
• Customer support platforms
• Push notification services
• Social media and sharing services
• Payment processors (Apple, Google)

7.2 Legal Basis for Data Sharing

We share your data only when:

• necessary to provide services you requested
• you have given explicit consent
• required by law or legal process
• necessary to protect our rights or safety

7.3 Third-Party Liability

We require all third-party service providers to:

• Process data only according to our instructions
• Implement appropriate security measures
• Comply with applicable privacy laws
• Maintain confidentiality of personal data

8. Advertising SDK Partners

We partner with the following advertising networks and mediation platforms to display advertisements in our applications. Each partner collects data according to their own privacy policies.

8.1 Primary Ad Networks

8.2 Ad Mediation Platforms

We use ad mediation platforms to optimize ad revenue:

• Google AdMob Mediation
• AppLovin MAX Mediation
• Unity LevelPlay (ironSource)
• ironsource mediation
• TopOn
• Moloco

8.3 Data Collected by Ad Partners

Advertising partners may collect:

• Device identifiers (IDFA, GAID)
• Device information (model, OS, carrier)
• Location data (approximate)
• App usage and engagement data
• Advertising interaction data

9. Analytics & Attribution SDKs

We use analytics and attribution services to understand how users interact with our applications and measure the effectiveness of our marketing campaigns.

9.1 Analytics Platforms

9.2 Data Collected by Analytics

• Event Data: Actions users take within the app
• Session Data: App launches, duration, frequency
• Device Data: Model, OS, screen size, language
• Performance Data: Load times, crashes, errors
• Attribution Data: How users discovered the app

10. Cloud & Infrastructure Services

We use cloud services to host our applications, store data, and deliver content.

10.1 Cloud Platforms

11. Social & Communication Services

We integrate social and communication services to enhance user experience.

11.1 Push Notification Services

11.2 Customer Support

11.3 Social Features

• Facebook SDK (social login, sharing)
• Google Sign-In (authentication)
• Apple Sign-In (authentication)
• Native sharing APIs

12. Data Security Measures

We implement comprehensive technical and organizational measures to protect your personal data from unauthorized access, use, or disclosure.

12.1 Encryption

• Data in Transit: TLS 1.2/1.3 encryption for all network communications
• Data at Rest: AES-256 encryption for stored data
• End-to-End Encryption: For sensitive communications where applicable
• Certificate Pinning: For API communications to prevent MITM attacks

12.2 Access Controls

• Role-based access control (RBAC) for internal systems
• Multi-factor authentication (MFA) for all employee accounts
• Principle of least privilege for data access
• Regular access reviews and audits
• Automatic account lockout after failed attempts

12.3 Network Security

• Enterprise-grade firewalls
• Intrusion detection and prevention systems
• DDoS protection
• VPN access for remote employees
• Network segmentation

12.4 Application Security

• Secure coding practices following OWASP guidelines
• Regular code reviews and security testing
• Penetration testing by third-party security firms
• Automated vulnerability scanning
• Regular security updates and patches
• Secure dependency management

12.5 Data Minimization

• Collect only data necessary for stated purposes
• Anonymize/pseudonymize data where possible
• Aggregate statistics for analytics
• Regular data purging and cleanup

13. International Data Transfers

As a global company serving users worldwide, your data may be transferred to and processed in countries outside your residence.

13.1 Countries Where Data May Be Processed

• United States (primary data center)
• European Union member states
• United Kingdom
• Singapore
• Japan
• Australia
• India
• Brazil
• Other countries where our service providers operate

13.2 Safeguards for International Transfers

• Standard Contractual Clauses (SCCs): EU-approved contracts for data transfers
• Binding Corporate Rules (BCRs): Internal policies for intra-group transfers
• Adequacy Decisions: Transfers to countries with adequate data protection
• Data Processing Agreements: Contracts requiring data protection
• Certification Mechanisms: Approved certification schemes

13.3 Transfer Impact Assessments

We conduct transfer impact assessments (TIAs) to evaluate risks of international data transfers and implement appropriate supplementary measures.

14. Data Retention Policy

We retain your data only as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law.

14.1 Retention Periods

14.2 Deletion Procedures

When you request deletion or when retention period expires:

• Data is removed from active databases
• Backup data is purged according to backup schedules
• Third parties are notified to delete their copies
• Deletion is verified through audit processes

15. Children's Privacy (COPPA)

We take children's privacy seriously and comply with the Children's Online Privacy Protection Act (COPPA) and related regulations.

15.1 Age Restrictions

• Our applications are not intended for children under 13 years of age
• We do not knowingly collect personal data from children under 13
• Our applications do not contain content that is inappropriate for children

15.2 COPPA Compliance

To comply with COPPA, we:

• Do not knowingly collect personal information from children under 13
• Do not allow users under 13 to create accounts without parental consent
• Do not use personal data of children for advertising targeting
• Immediately delete any data collected from children if discovered

15.3 If We Discover Child Data Collection

If we discover that we have collected data from a child under 13 without parental consent:

1. We will immediately delete that data
2. We will cease any related data processing activities
3. We will implement measures to prevent future collection
4. We will notify relevant authorities if required

16. Age Verification & Parental Controls

We implement age verification and parental consent mechanisms as required by various regulations.

16.1 Age Gate Implementation

Our applications may include age verification prompts:

• Initial age confirmation on first launch
• Age verification before certain features
• Parental consent collection for regulated features

16.2 Parental Consent (COPPA)

For features requiring data collection from users under 13, we implement:

• Verifiable Parental Consent (VPC) mechanisms
• Signed consent forms
• Credit card verification (as per COPPA safe harbor)
• Government ID verification (where permitted)

16.3 California Age-Appropriate Design Code

For California users, we comply with the Age-Appropriate Design Code Act:

• High privacy defaults for child users
• No use of children's data for profiling
• No collection of precise location from children
• Default settings that minimize data collection

16.4 UK Children's Code

We comply with the UK Age Appropriate Design Code by implementing:

• High privacy defaults
• Data minimization principles
• No targeted advertising to children
• Age-appropriate age verification

17. Your Privacy Rights (Global)

Depending on your location, you have the following rights regarding your personal data.

17.1 Universal Rights

• Right to Access: Request a copy of your personal data
• Right to Know: Know what data is collected about you
• Right to Delete: Request deletion of your data
• Right to Correct: Correct inaccurate data
• Right to Object: Object to certain processing activities

17.2 How to Exercise Your Rights

1. Send an email to contact@netflowauto.com
2. Include your name, email, and specific rights you wish to exercise
3. We may verify your identity before processing
4. We will respond within 30-45 days depending on jurisdiction

18. GDPR Rights (EEA Users)

If you are located in the European Economic Area (EEA), you have additional rights under GDPR.

18.1 GDPR Article 15 - Right of Access

Obtain confirmation of whether we process your data and access to your personal data.

18.2 GDPR Article 16 - Right to Rectification

Have inaccurate personal data corrected without undue delay.

18.3 GDPR Article 17 - Right to Erasure

"Right to be Forgotten" - request deletion of your personal data when:

• Data is no longer necessary for its purpose
• You withdraw consent
• You object to processing
• Data was unlawfully processed

18.4 GDPR Article 18 - Right to Restriction

Request restriction of processing in certain circumstances.

18.5 GDPR Article 20 - Right to Portability

Receive your data in a structured, commonly used, machine-readable format.

18.6 GDPR Article 21 - Right to Object

Object to processing based on legitimate interests or for direct marketing.

18.7 GDPR Article 22 - Automated Decisions

Not be subject to solely automated decisions that significantly affect you.

18.8 Right to Lodge Complaint

You have the right to lodge a complaint with a supervisory authority in your EU member state. Visit EDPB Members for more information.

19. CCPA/CPRA Rights (California)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

19.1 California-Specific Rights

• Right to Know: Request disclosure of personal information collected, used, or sold
• Right to Delete: Request deletion of personal information
• Right to Correct: Request correction of inaccurate information
• Right to Opt Out: Opt out of sale or sharing of personal information
• Right to Limit Use: Limit use of sensitive personal information
• Right of Non-Retaliation: Not discriminated against for exercising rights

19.2 Categories of Personal Information

In the past 12 months, we collected:

• Identifiers: Name, email, IP address, device ID, IDFA, GAID
• Commercial Information: Purchase history, transaction records
• Internet Activity: Browsing history, app interactions, crash logs
• Geolocation: Approximate location, time zone
• Inferences: Profiles reflecting preferences and characteristics

19.3 Sale or Sharing of Information

We may "sell" or "share" (as defined under CCPA/CPRA) personal information to advertising partners. To opt out:

• Email contact@netflowauto.com with "Do Not Sell or Share My Personal Information" in the subject
• Use device-level opt-out settings

19.4 Financial Incentives

If we offer financial incentives for data collection, we will clearly disclose this and obtain your consent.

20. LGPD Rights (Brazil)

If you are located in Brazil, you have rights under Lei Geral de Proteção de Dados (LGPD).

20.1 LGPD Rights

• Confirmation: Confirm existence of data processing
• Access: Access your personal data
• Correction: Correct incomplete, inaccurate, or outdated data
• Anonymization: Request anonymization, blocking, or deletion
• Portability: Receive data in portable format
• Deletion: Request deletion of data processed with consent
• Information: Information about sharing with third parties
• Revocation: Revoke consent at any time
• Contest: Contest processing deemed unlawful
• Review: Review automated decision-making logic

21. Additional Regional Rights

21.1 United Kingdom (UK GDPR)

Rights equivalent to EU GDPR, including the right to lodge complaints with the Information Commissioner's Office (ICO).

21.2 Canada (PIPEDA)

Rights to access, correct, and withdraw consent for data processing, plus recourse mechanisms.

21.3 Australia (Privacy Act)

Rights under Australian Privacy Principles (APPs), including access, correction, and complaint procedures.

21.4 Japan (APPI)

Rights to disclosure, correction, cessation of use, and notification of data breaches.

21.5 Singapore (PDPA)

Rights to access and correct personal data, plus withdrawal of consent.

22. Cookie & Tracking Technologies

22.1 What Are Cookies

Cookies are small text files stored on your device when you use our apps or websites. They help remember preferences and track usage.

22.2 Types of Cookies

• Essential Cookies: Required for app functionality
• Analytics Cookies: Help us understand app usage
• Advertising Cookies: Used for targeted advertising
• Preference Cookies: Remember your settings

22.3 Third-Party Cookies

Third-party services may set their own cookies. Review their privacy policies for information.

22.4 Managing Cookies

• App settings (where available)
• Device settings
• Browser settings (for web views)

23. Device-Level Privacy Controls

23.1 iOS Privacy Controls

• Location: Settings > Privacy > Location Services
• Tracking: Settings > Privacy > Tracking (ATT)
• Advertising: Settings > Privacy > Apple Advertising

23.2 Android Privacy Controls

• Permissions: Settings > Apps > Permissions
• Advertising ID: Settings > Google > Ads > Opt out
• Reset ID: Settings > Privacy > Reset Advertising ID

23.3 Communication Preferences

• Email unsubscribe links
• Push notification preferences
• Marketing opt-out options

24. App Store Requirements

We comply with Apple App Store guidelines for privacy and data collection.

24.1 Privacy Nutrition Labels

We provide accurate Privacy Nutrition Labels in App Store Connect disclosing:

• Data used to track you
• Data linked to you
• Data not linked to you

24.2 App Tracking Transparency (ATT)

Our iOS apps request tracking authorization through ATT prompts when required by advertising partners.

24.3 Kids Category

If any app is designed for children, we comply with:

• Apple's Kids Category requirements
• No third-party advertising or analytics
• Parental gates for external links

25. Google Play Requirements

We comply with Google Play Store requirements for privacy and data safety.

25.1 Data Safety Section

We complete accurate Data Safety forms in Play Console disclosing:

• Data collected and why
• Data sharing with third parties
• Security practices (encryption)
• Delete functionality availability

25.2 Families Policy

If our apps target children or may be used by children, we comply with:

• Google Play Families Policy
• Age-appropriate content ratings
• Limited ad targeting
• No inappropriate personal data collection

25.3 Play Store Data Safety Requirements

• Accurate disclosure of all data types
• Clear explanation of data usage
• Link to this privacy policy
• Transparency about third-party SDKs

26. Data Breach Procedures

26.1 Breach Detection

We maintain security monitoring systems to detect unauthorized access and data breaches 24/7.

26.2 Breach Response

In case of a data breach:

1. Contain and assess the breach
2. Notify affected users within 72 hours (GDPR requirement)
3. Report to supervisory authorities as required
4. Take steps to mitigate and remediate

26.3 Breach Notification Content

Notification will include:

• Description of the breach
• Categories and number of affected users
• Potential consequences
• Steps being taken
• Recommendations for affected users

27. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements.

27.1 Types of Changes

• Changes in data practices
• New features or services
• Legal or regulatory updates
• Industry best practices

27.2 Notification of Changes

• Post updated policy on this page
• Update "Last Updated" date
• Email notification for material changes
• In-app notifications for significant changes

27.3 Your Continued Use

Continued use after changes constitutes acceptance. If you disagree, stop using our apps and delete your account.

Terms of Service | Back to Home