Data Controller: Balazs Kiraly (individual)
Email: office@isweepmate.app
Under GDPR Article 13, we must identify who is responsible for your data and provide contact details for privacy inquiries. App Store Connect also requires a publicly accessible Privacy Policy URL and contact information in metadata.

• We do not collect or store any personal identifiers (name, email, phone, location, payment data) within the app itself.
• Local metrics such as swipe counts remain on your device and are never transmitted to us or any server.

• Collected Data: Anonymous usage events (feature access frequency, country, ).
• Storage Location: Transmitted and stored on Google’s Firebase servers; we have no custom control over its physical location.
• Retention Period: Configured for 2 months of user- and event-level data, after which data is automatically deleted.

• Collected Data: Advertising identifiers (IDFA on iOS) and contextual metadata for ad delivery.
• Operation: Continues to serve ads whether or not you grant ATT consent; npa=0 (personalized) or npa=1 (non-personalized) is sent accordingly.
• Security: All transmissions use HTTPS/TLS, and data at rest is encrypted with AES-256 on Google’s infrastructure.

• Under iOS 14.5+ AppTrackingTransparency, we request your permission before accessing your advertising identifier. You may withdraw at any time via Settings → Privacy → Tracking.
• Continued use of the app implies consent to anonymous Firebase Analytics; you can disable analytics under Settings → Send Anonymous Reports.

1. Access & Portability: Request a copy of your data.
2. Correction: Request correction of inaccurate information.
3. Deletion: Request deletion of your data. We will process deletion requests via Firebase’s User Deletion API or directly on receipt of your request within 30 days.
4. Consent Withdrawal: Withdraw ATT or analytics consent at any time via app settings or device settings.
5. California Specific (CCPA): Right to know, delete, and opt out of sale of personal information (AD sale includes IDFA sharing) with a “Do Not Sell My Personal Information” link if needed.

• In Transit: HTTPS/TLS for all network communication.
• At Rest: AES-256 encryption on Google Cloud servers.
• For advanced control, Firebase Cloud Firestore supports Customer-Managed Encryption Keys (CMEK) via Google Cloud KMS.

• Legal bases: consent, legitimate interest.
• Rights: access, rectification, erasure, restriction, portability, objection.

• Rights: know, delete, opt-out of sale.
• “Sale” includes sharing IDFA with AdMob.

• Pulicy must be conspicuous and accessible in app and web.
• Provide contact address and effective date in policy.

• Obtain meaningful consent, explain purposes.
• Limit collection to necessary data and retain only as long as needed.

• Similar to GDPR with ICO oversight.
• Rights and lawful bases align with GDPR.

• 13 Australian Privacy Principles covering open management, anonymity, security, access, and correction.
• Notify of data breaches when serious harm risk exists.