Devaidev logo devaidev.com Utility apps for global users
Home / Privacy Policy
Privacy Policy

Global Privacy Policy for Devaidev apps and services.

Last Updated: April 27, 2026 Applies to globally distributed apps and websites Coverage includes IAA and IAP business models

This Privacy Policy is entered into by us, devaidev.com, including our product research and development team, our affiliated app operations, and our authorized service providers where applicable (collectively, “Devaidev,” “we,” “our,” or “us”), and you, the user of our applications, websites, and related services (“user,” “you,” or “your”). This Privacy Policy applies to your download, installation, registration for, access to, and use of our globally published applications and websites, including utility apps published through the Apple App Store, Google Play, and other compliant application marketplaces.

Our apps may use advertising-based monetization (IAA), in-app purchases (IAP), or a combination of both. We design our products and operational practices to comply with the privacy, data safety, age policy, security, consumer protection, payment, and app marketplace requirements that apply to global releases, including 2026 expectations under Apple App Store Privacy Nutrition Labels, Apple App Tracking Transparency, Google Play Data Safety, the European Union General Data Protection Regulation, the United Kingdom GDPR, the California Consumer Privacy Act as amended by the California Privacy Rights Act, Brazil’s Lei Geral de Protecao de Dados, Canada’s PIPEDA, Australia’s Privacy Act, New Zealand’s Privacy Act, Japan’s APPI, South Korea’s PIPA, Singapore’s PDPA, Swiss FADP, COPPA, GDPR-K, and other applicable state, provincial, national, or regional privacy and child protection laws.

1. Scope and policy structure

This Privacy Policy covers our consumer-facing applications, mobile tool management applications, product support channels, website interactions, business communication flows, and any associated functionality that links to or references this policy. It applies whether you access our products as a casual visitor, registered account holder, purchaser of IAP content, advertising-supported user, or business contact communicating with us through support@devaidev.com or contact@devaidev.com.

This policy should be read together with our Terms of Service. If a product contains additional product-specific disclosures, localized consent language, or store-facing privacy notices, those disclosures supplement this Privacy Policy rather than replace it, unless local law requires a different treatment.

2. Information we collect

We collect information under the principles of lawfulness, fairness, transparency, data minimization, purpose limitation, and security by design.

2.1 Information you provide directly

  • Account registration details, if an app requires sign-in or profile creation, such as email address, account nickname, password hash, or recovery details.
  • Customer support and feedback information, including messages, attachments, bug reports, feature requests, survey responses, and any information you include in a support inquiry.
  • Content you create in the app, such as habit entries, notes, mood logs, lists, decisions, saved inspiration items, reminder settings, or preference states, depending on the product.
  • Business inquiry details when you contact us for consulting, design support, or product development discussions.

2.2 Information collected automatically

  • Device and app identifiers, such as IDFA on iOS, GAID or Android Advertising ID where available, vendor identifiers, app instance identifiers, device model, brand, language, OS version, SDK version, country or region inferred from settings or IP-derived geolocation, and network type.
  • Usage and event data, including app launch time, session duration, feature interactions, onboarding completion, ad request and ad click events, reward completion events, IAP view events, screen flow analytics, crash traces, latency diagnostics, and general performance metrics.
  • Fraud prevention and security signals, such as coarse device reputation indicators, abnormal transaction patterns, store receipt validation results, bot or abuse indicators, and suspicious traffic markers.
  • Website analytics data, such as page visits, referring pages, browser type, approximate locale, and interaction events, subject to applicable consent requirements.

2.3 Information related to IAA monetization

Where a product displays advertising, our apps may process advertising identifiers, device characteristics, coarse location, language, app interaction events, and ad performance data needed to serve app open ads, rewarded video ads, interstitial ads, banner ads, and related ad formats such as native placements, mediation waterfalls, bidding events, and frequency capping logic. Depending on your region, age status, and consent choices, ads may be personalized, contextual, or non-personalized.

2.4 Information related to IAP monetization

We do not directly receive or store your full credit card or bank account number for App Store or Google Play transactions. Payment processing is handled by Apple, Google, or another authorized marketplace payment system. We may receive transaction IDs, product identifiers, subscription status, renewal state, purchase timestamps, country or storefront information, refund state, and receipt validation outcomes in order to provision digital features and maintain transaction records.

2.5 Information from third parties

  • App marketplace operators, including Apple and Google, may provide transaction, subscription, or compliance status signals.
  • Advertising, mediation, attribution, analytics, crash reporting, fraud prevention, cloud hosting, customer messaging, and consent management providers may provide operational data required to support the app.
  • If a user chooses to sign in through a platform login or external identity service, we may receive the profile information authorized by that user.

3. How we use information

  • To provide core app functionality, including content storage, sync, reminders, personalization of on-device settings, and delivery of purchased features or subscription entitlements.
  • To display and manage IAA monetization, including ad load requests, ad frequency controls, placement optimization, reward issuance, fraud prevention, and revenue reporting.
  • To process and honor IAP transactions, including receipt validation, subscription lifecycle management, and premium entitlement restoration.
  • To maintain app stability, diagnose crashes, fix bugs, measure performance, and improve usability.
  • To secure our services, enforce rules, detect abuse, prevent cheating, identify invalid traffic, and protect users and systems.
  • To communicate with you about support issues, account-related notices, policy updates, legal requests, or product changes.
  • To comply with legal obligations, age policy requirements, law enforcement requests where legally valid, and marketplace policy obligations.
  • To conduct internal product research, feature analysis, and service planning using aggregated, de-identified, or minimized data where appropriate.

Where required by law, we rely on one or more of the following legal bases:

  • Performance of a contract, when processing is necessary to provide the app, website, or purchase you requested.
  • Legitimate interests, such as service security, fraud detection, product diagnostics, limited analytics, and non-invasive service improvement, when those interests are not overridden by your rights.
  • Consent, including consent for tracking, targeted advertising, cookies, or similar technologies where required by ATT, GDPR, ePrivacy rules, UK PECR, or comparable laws.
  • Compliance with legal obligations, including accounting, tax, consumer protection, child safety, sanctions screening, dispute management, and regulatory response duties.
  • Protection of vital interests or public interest where specifically recognized by applicable law.

5. Third-party services, SDKs, and data sharing

Our apps may integrate one or more third-party providers depending on the app, region, release channel, and monetization configuration. The categories below represent providers that may be used individually or in combination across our portfolio. Not every app will include every provider.

Category Examples of providers that may be used Typical data involved
Advertising and mediation Google AdMob, Google Ad Manager, AppLovin MAX, Unity Ads, ironSource LevelPlay, Liftoff Monetize, Meta Audience Network, Mintegral, Pangle, Chartboost, InMobi, DT Exchange / Fyber, Smaato, Start.io, Moloco Ads, Tapjoy, BidMachine, Yandex Ads, Tencent Ads where regionally applicable Advertising identifiers, device information, app events, coarse location, IP-derived signals, ad impression data, click data, invalid traffic signals, frequency capping data, and reward completion events
Analytics and attribution Firebase Analytics, Google Analytics for Firebase, AppsFlyer, Adjust, Singular, Branch, Kochava, Mixpanel, Amplitude App events, session data, install attribution, campaign data, diagnostic data, and device/app metadata
Crash and performance monitoring Firebase Crashlytics, Sentry, Bugsnag, Instabug Crash logs, stack traces, device and OS metadata, performance timings, breadcrumbs
Cloud infrastructure and delivery Google Cloud, Amazon Web Services, Microsoft Azure, Cloudflare, regional CDN or storage vendors Account data, content storage, IP address, security logs, backups, and traffic routing information
Customer support and messaging Zendesk, Intercom, Freshdesk, email service providers, ticketing or CRM systems Support requests, communication logs, attachments, device diagnostics you choose to provide
Consent and privacy tooling Google UMP, OneTrust, Sourcepoint, custom consent layers, Apple ATT prompt flow, region-based age-gating mechanisms Consent state, region mapping, age gate status, privacy preference state, opt-out signals

We may share personal information with third parties only as reasonably necessary for the purposes described in this policy, including service provisioning, advertising delivery, analytics, fraud prevention, transaction handling, legal compliance, corporate restructuring, or with your consent. We require service providers and partners to implement security measures and contractual restrictions appropriate to the data involved.

5.1 Advertising-specific disclosure

Because our products may rely on IAA, advertising partners and mediation providers may process identifiers and device signals to enable ad requests, waterfall or bidding auctions, impression measurement, frequency capping, invalid traffic detection, campaign performance analysis, attribution, and in some cases personalization. Ad formats in our apps may include app open ads, rewarded video ads, interstitial ads, banner ads, and other compliant ad units. If you decline tracking where required, personalized advertising may be disabled and replaced by contextual or non-personalized ads.

5.2 Google-specific disclosure

Where Google services are integrated, data handling may be governed by the relevant Google terms, Google Play policies, Google EU User Consent Policy, Google Play Families policy where applicable, and the Data Safety disclosure framework. Google ad products may use SDK runtime signals to serve or measure advertising, subject to user consent, age configuration, and regional restrictions.

6. Tracking, cookies, ATT, and consent management

On iOS, we request ATT permission before accessing tracking-enabled identifiers or engaging in cross-app or cross-website tracking where required. On Android and other platforms, we apply platform-specific consent and privacy choices, including ad identifier resets, privacy sandbox changes where applicable, and regional user-consent flows. On the web, we may use cookies, pixels, local storage, or similar technologies for essential functionality, security, analytics, and, where allowed, marketing measurement.

  • Essential technologies are used to maintain basic site and app operation, security, and session integrity.
  • Analytics technologies are used to understand how users interact with our products, subject to regional consent requirements.
  • Advertising technologies are used only where allowed by law, store policy, and user settings.
  • Consent choices can be changed in app settings, device settings, or browser controls where supported.

7. International data transfers

Because we serve global users, personal information may be processed in countries other than the country where you live. Those countries may have data protection laws that differ from the laws in your jurisdiction. When we transfer personal information internationally, we use appropriate safeguards such as standard contractual clauses, transfer impact assessments where required, internal access controls, encryption in transit, encryption at rest where appropriate, and contractual commitments with service providers.

8. Children, teens, and age policy

Our apps are configured according to the age-rating and audience settings required by the App Store, Google Play, and other relevant platforms. We do not knowingly collect personal information from children in violation of applicable child privacy law. If a product is not directed to children, we may use age gate flows or platform-provided age status to reduce data collection, disable targeted advertising, or restrict certain features for younger users.

  • For users under 13 in the United States, we do not intentionally collect personal information beyond what is legally permitted without verified parental authorization where required.
  • For users under 16 in the European Economic Area or other regions with higher digital consent thresholds, we use heightened privacy defaults and may require consent through legally recognized mechanisms.
  • Where 2026 age assurance or age verification laws apply, including relevant state-level rules in the United States or similar local legislation, we may rely on platform APIs, self-declaration gates, or additional controls as required by law and platform policy.
  • When a user is identified as underage or age status is uncertain, we may default to contextual or non-personalized ads, disable third-party tracking, and minimize data processing.

9. Your privacy rights

Depending on your location, you may have the following rights, subject to legal exceptions:

  • Right to know or access the categories and specific pieces of personal information we process about you.
  • Right to data portability or export of personal data in a structured format where legally required and technically feasible.
  • Right to correct inaccurate personal data.
  • Right to delete personal data, sometimes called the right to be forgotten.
  • Right to withdraw consent where processing is based on consent.
  • Right to object to or restrict certain processing in some jurisdictions.
  • Right to opt out of targeted advertising, sale, or sharing of personal information where those legal concepts apply.
  • Right to appeal a denied request where required by applicable state privacy laws.
  • Right to non-discrimination for exercising privacy rights.

To exercise your rights, contact us at contact@devaidev.com. We may need to verify your identity before fulfilling a request. If you use our apps through Apple or Google, some data and transaction rights may also be exercised through platform settings or purchase history tools.

9.1 Region-specific notes

  • EEA and UK users: rights are generally provided under GDPR or UK GDPR, and you may also lodge a complaint with your local supervisory authority.
  • California users: you may have rights under CCPA/CPRA, including rights related to knowing, deleting, correcting, and opting out of sale or sharing for cross-context behavioral advertising.
  • Other U.S. state residents: rights may be available under laws such as those in Virginia, Colorado, Connecticut, Utah, Iowa, Indiana, Oregon, Montana, Texas, Delaware, New Jersey, Tennessee, Nebraska, New Hampshire, and additional states as they become effective.
  • Brazil users: rights may be available under LGPD, including confirmation of processing, access, correction, anonymization, portability, deletion, and review of automated decisions where applicable.
  • Canada, Australia, New Zealand, Japan, South Korea, Singapore, and Switzerland users: local laws may provide parallel access, correction, complaint, and limitation rights.

10. Data security

We use administrative, technical, and organizational measures designed to protect personal information. These measures may include TLS/SSL for data in transit, encryption at rest where appropriate, role-based access controls, pseudonymization or de-identification when feasible, logging and monitoring, credential management, development access restrictions, vendor security reviews, secure software development practices, and incident response procedures.

No method of transmission or storage is completely secure. However, we work to reduce risk and apply safeguards proportionate to the sensitivity of the data and the nature of the service.

11. Data retention

We keep personal information only for as long as reasonably necessary to fulfill the purposes described in this policy, comply with legal obligations, resolve disputes, enforce agreements, maintain security records, or preserve tax and accounting documentation. Retention periods vary based on the data type, the app feature involved, applicable law, and marketplace rules. Where possible, we delete, aggregate, or anonymize information when it is no longer needed.

12. Account deletion and in-app deletion mechanisms

Where an app supports accounts, you may request account deletion through in-app features or by contacting us at contact@devaidev.com. We design our account deletion approach to be compatible with the account deletion expectations of major app stores, including the availability of a means to request deletion. Deletion requests may result in the removal of account-linked content, history, personalization data, and any remaining access to account-dependent features, subject to limited retention required by law, fraud prevention, dispute resolution, or transaction recordkeeping.

13. Sensitive data and health-adjacent content

Some apps may allow mood recording, reflection notes, or similar personal entries. We treat such content with elevated care and do not use it for unrelated advertising purposes. Unless explicitly disclosed for a particular product and allowed by law, we do not process highly sensitive personal information for invasive profiling.

14. Sale, sharing, and targeted advertising disclosures

We do not sell personal information in exchange for direct monetary payment in the ordinary meaning used by many consumers. However, some laws define “sale,” “sharing,” or “targeted advertising” broadly enough that certain advertising or analytics relationships may fall within those definitions. Where applicable, you may opt out of targeted advertising or analogous processing by changing app settings, device settings, or contacting us.

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect legal developments, marketplace requirements, service changes, or security enhancements. When we make material changes, we may notify you by updating the date above, posting notice in the app or website, or using other legally appropriate communication methods.

16. App Store and Google Play disclosure mapping

We maintain marketplace-facing privacy declarations so that user-facing policy text, in-app behavior, and store console disclosures remain materially consistent. This includes Apple Privacy Nutrition Labels and Google Play Data Safety declarations.

Compliance area Our disclosure approach Operational control
Data collection categories We disclose account, diagnostics, analytics, ad, purchase, and support data where applicable. Release checklists are updated before each major app update.
Data usage purpose We map each category to functionality, analytics, fraud prevention, advertising, or purchase fulfillment. Internal policy review verifies consistency with product behavior.
Data sharing indicators We disclose third-party SDK relationships for ad mediation, attribution, crash reporting, and cloud services. SDK inventory is reviewed each release cycle.
Data encryption in transit Transmission channels are configured to use TLS/SSL or equivalent secure transport protections. Security checks are included in deployment and monitoring practices.
Data deletion availability Where account systems are used, users are provided with in-app deletion pathways or support-based deletion requests. Deletion workflow and support procedures are documented and auditable.

17. Ad format-specific privacy disclosure for IAA

Our apps may implement one or more ad formats. The exact format set differs by app, region, and age/consent status. Each format is governed by region-aware consent and policy controls.

  • App open ads: served at app launch or return-to-foreground moments, with frequency controls to prevent excessive interruption.
  • Rewarded video ads: optional user-triggered format where rewards are granted only after valid completion verification.
  • Interstitial ads: full-screen ads shown at natural transition points, not inserted into critical task flow.
  • Banner ads: persistent or semi-persistent placements with non-blocking layout rules and clear ad separation.
  • Native-style ad components: used only when clearly distinguishable from functional content and compliant with platform ad attribution standards.

For underage users, unknown age status users, or users who opt out of tracking where applicable, ad delivery defaults may be restricted to non-personalized, contextual, or policy-limited modes.

18. Age gate and youth safety implementation standards

We apply age-sensitive controls based on app classification, region, and legal obligations. To reduce data exposure risk, our age-related controls follow privacy-by-default principles.

  • At first launch, certain apps may present an age gate that confirms age band rather than requesting full date of birth where not legally required.
  • If platform APIs provide age or account-level child flags, those signals may override local settings to enforce stricter protections.
  • When child or teen-safe mode is active, targeted advertising and non-essential tracking may be disabled by default.
  • For regulated regions introducing stricter age assurance requirements, we may adopt additional verification steps as required by law and app store policy.

19. Developer compliance operations and governance checklist

In addition to legal disclosures, we maintain internal operations controls intended to keep product behavior aligned with global compliance obligations. The checklist below reflects ongoing governance practices.

  • Maintain an up-to-date SDK register for advertising, attribution, analytics, crash, and support dependencies.
  • Reconcile policy text, store disclosures, and actual runtime data flows before each release.
  • Verify that Data Safety and Privacy Nutrition Label entries are reviewed whenever SDKs or data purposes change.
  • Confirm encryption in transit and secure credential handling in all production environments.
  • Validate account deletion pathways and support ticket escalation procedures.
  • Review age-gating logic and underage defaults for each market before launch.
  • Run incident response drills for data security events and document mitigation timelines.
  • Keep partner contracts updated with data protection obligations and sub-processor controls.

20. Third-party processor list maintenance

The third-party examples in this policy represent categories and potential providers used across our product portfolio. Actual processors may vary by app version, region, mediation setup, and commercial integration choices. We update our internal processor records when integrations are added, removed, or materially changed, and we align public disclosures with those updates as required.

21. Regional notice and legal advisory

Privacy and youth safety laws continue to evolve across multiple jurisdictions, including frequent updates in U.S. state privacy and age-verification rules. While this policy is designed as a global compliance-ready framework, localized legal obligations may require additional notices, consent mechanisms, language localization, or representative designations in specific markets. We recommend periodic legal review prior to major market expansion.

22. Contact us

If you have questions, feedback, complaints, or privacy-related requests, you may contact us through the following channels:

  • Business support: support@devaidev.com
  • General contact and privacy requests: contact@devaidev.com
  • Mailing address: Hoa Lac High-Tech Park, Hanoi, Vietnam

If you believe we have not handled your personal information in accordance with the law, you may also contact your local data protection or consumer protection authority where applicable.