Legal Document

Privacy Policy (2026 Global Full-Compliance Deep-Enhanced Edition)

Effective Date: 2026-04-28

This Privacy Policy applies to datalogicdev applications and related digital services published and operated for global users, including but not limited to products distributed through Apple App Store and Google Play. This version is comprehensively upgraded for 2026 legal, policy, and technical requirements, with explicit coverage of the EU Digital Services Act (DSA), US state-level privacy variations (including California, Texas, Virginia, and other states), AI-generated content transparency disclosures (if applicable), in-app purchase and advertising anti-fraud enforcement, and global data sovereignty operations.

Part I. Data Collection Granularity and Purpose

We enforce the principle of data minimization and collect only the data required for lawful service operations, user experience optimization, ad monetization integrity (IAA), in-app purchase processing (IAP), anti-fraud controls, compliance duties, and platform security. We do not collect unrelated personal data.

1. Device Fingerprints and Identifiers

  • Identifiers include, where applicable: IDFA (iOS), GAID (Android), OAID (Android in specific markets), encrypted internal device token, device brand/model, screen resolution, OS version, language setting, battery state, and system clock offset.
  • System clock offset may be used to detect timezone manipulation and cross-region pricing fraud attempts.
  • All unique identifiers are encrypted and not used to infer real-world civil identity.

2. Network Environment Data

  • IP address is used for regional compliance routing and legal service localization, not for precise physical location tracking.
  • Carrier name, Wi-Fi state, and network class (4G/5G/Wi-Fi) are used for service availability assurance, anti-abuse analysis, and jurisdiction-level compliance controls.

3. Behavioral Signals (IAA and UX)

  • Advertising behavior data may include ad impression IDs, click timestamps, conversion path signals, rewarded-video watch duration and early exits, ad dwell time, ad response codes, and invalid traffic indicators.
  • Application behavior signals may include key feature loop triggers, conversion funnel drop-off events, click-through rates of upgrade prompts, onboarding abandonment checkpoints, and feature frequency distributions.
  • These signals are used for internal optimization and anti-fraud analytics and are synchronized to approved monetization partners only as necessary and with minimization and pseudonymization controls.

4. Financial Transaction Data (IAP)

  • We receive transaction receipts from official Apple and Google APIs only; we do not process or store card numbers, CVV, payment passwords, or card expiry details.
  • Records include order ID, SKU/item name and quantity, currency, amount, country code, transaction time, sandbox flag, and order status (success/failure/refund).
  • These records are used for order verification, accounting reconciliation, anti-fraud validation, and refund support.

5. Security and Access Controls

  • Collected data is encrypted in transit and at rest.
  • Access is role-based and granted only to authorized personnel.
  • Access logs are auditable to ensure traceability and incident response accountability.

Part II. Third-Party Sharing Architecture (Data Mapping)

We share only necessary data with vetted third-party ecosystems for lawful monetization, attribution, fraud prevention, and payment processing under strict contractual and technical controls.

1. Mediation and Monetization Layers (IAA)

Possible integrated monetization and mediation platforms include, but are not limited to:

  • Google AdMob
  • AppLovin MAX
  • Unity LevelPlay / ironSource
  • Meta Audience Network
  • Pangle (TikTok for Business ad ecosystem where permitted)
  • Mintegral
  • Liftoff Monetize (Vungle)
  • Chartboost
  • InMobi
  • Moloco
  • Digital Turbine Exchange
  • Smaato
  • Yandex Ads (region dependent)
  • Amazon Publisher Services and related exchange channels (where implemented)

Shared data is limited to pseudonymized device and ad event data required for real-time bidding (RTB), fill optimization, quality scoring, and invalid traffic defenses.

2. Attribution and Fraud Prevention (MMP)

  • AppsFlyer
  • Adjust
  • Singular
  • Kochava (if enabled by product region policy)

Data categories include pseudonymized install attribution, campaign identifiers, anti-fraud signals, and conversion validation metadata.

3. Payment Processors

  • Apple Inc.
  • Google LLC

Only transaction-essential data is exchanged through official APIs and platform-defined billing frameworks.

4. Third-Party Governance Controls

  • Confidentiality and Data Processing Agreements (DPA) are signed with all material partners.
  • Data use scope, retention limits, security obligations, and breach notification duties are contractually enforced.
  • We conduct periodic compliance checks and terminate integrations for proven violations.
  • Users can review shared category scopes in-app and withdraw relevant permissions, with notice that withdrawal may affect ad monetization experience or some feature availability.

Part III. Region-Specific Legal Statements

1. European Union (GDPR) and United Kingdom (UK-GDPR)

  • Legal bases under Article 6 include contract performance, explicit consent, and legitimate interests (including fraud prevention and service security).
  • DSA transparency commitments include publication of ad serving principles, recommendation logic summaries, moderation standards (where UGC exists), and periodic transparency reporting.
  • User rights include access, rectification, erasure, restriction, objection, consent withdrawal, complaint rights, and data portability where applicable.
  • Response windows are handled without undue delay and no later than statutory limits. Operational target is within 7 business days for first response where feasible.
  • EU/UK Representative Contact Placeholder: [Reserved field for designated legal representative and registered address].

2. United States (CCPA/CPRA/VCDPA and state-level variants)

  • We do not sell personal information in the legal sense of direct data sale.
  • Certain ad-related pseudonymous data sharing may qualify as data sharing or targeted advertising under some state laws; users may opt out where required.
  • Do Not Track and equivalent signals are respected to the extent required by applicable law and technical implementation context.
  • California (CPRA): disclosure, deletion, correction, and opt-out rights; request response target within statutory periods (typically up to 45 days with legal extension when permitted).
  • Texas state compliance adaptation: strengthened transparency and restrictions around sensitive data handling.
  • Virginia (VCDPA): rights to access, correct, delete, and opt out of targeted advertising and certain profiling.
  • Additional adaptation roadmap covers Colorado, Washington, and emerging US state frameworks as enacted.

3. Brazil (LGPD)

  • Data processing follows lawful basis and transparency obligations under LGPD.
  • Brazil users may request access, correction, deletion, anonymization, portability, and consent revocation as applicable.
  • Cross-border transfers are implemented with legally recognized safeguards and regulator-compatible mechanisms.

4. Additional Key Jurisdictions

  • China: PIPL, Data Security Law, and cross-border data transfer regulations are addressed where products operate in China; localization and explicit consent controls are applied where required.
  • India: DPDP Act-aligned notice and consent controls, user rights handling, and cross-border transfer governance.
  • Saudi Arabia: Personal Data Protection Law-aligned controls and data residency safeguards where required.
  • Canada and Japan: PIPEDA and APPI-aligned rights and processing governance, including regulator response compatibility.

Part IV. Subscription Transparency (Automatic Renewal)

  • Collected subscription data is limited to period, trial status, active/expired/paused state, renewal timestamps, and entitlement linkage required for service delivery.
  • Before subscription, we disclose cycle, price, trial terms (if any), renewal rules, and cancellation paths.
  • We provide pre-renewal reminder logic (target: 24 hours before renewal where platform mechanisms permit).
  • Users may cancel via in-app management entry points and/or App Store / Google Play subscription pages.
  • If a free trial exists, post-trial auto-renewal behavior is clearly disclosed.

Part V. AI-Generated Content Disclosure (If AI features are enabled)

  • AI-generated outputs (text, audio, images, interactions) are clearly labeled as AI-generated.
  • AI outputs are subject to policy controls prohibiting violent, sexual, deceptive, hateful, discriminatory, and otherwise unlawful content categories.
  • A hybrid control model may be used: automated filtering plus human review for escalated cases.
  • AI outputs are assistive in nature and do not constitute legal, medical, or financial guarantees.
  • Training pipelines are designed to avoid unauthorized use of private user data and to enforce data provenance controls.

Part VI. Children and Age-Sensitive Processing

  • Our services are not intended for unlawful collection of children data under applicable age thresholds.
  • Where required, parental consent frameworks and age-gating controls are implemented.
  • If unauthorized child data processing is identified, we will take deletion and remediation actions in accordance with law.

Part VII. Data Retention, Security, and Incident Response

  • Retention periods are minimized and aligned with legal, accounting, and fraud-prevention necessities.
  • Security controls include encryption, access controls, logging, abuse monitoring, and periodic security assessment.
  • Incident response includes containment, investigation, impact assessment, legal notification workflows, and user communication where required.

Part VIII. Changes to This Policy

We may update this Privacy Policy to reflect legal changes, platform policy updates, product architecture evolution, and security improvements. Material updates will be communicated through in-app notice, website publication, and/or legally required channels.

Contact Information

Support: support@datalogicdev.com

Contact: contact@datalogicdev.com

Address: Hoa Lac High-Tech Park, Hanoi, Vietnam