Androidacy, LLC
Effective Date: February 7, 2026
Last Updated: February 25, 2026
Summary
This summary is provided for convenience only and has no legal effect. The full Privacy Policy below governs your use of the Service.
What we collect: Your name, email, username, and account credentials if you create an account. Payment data is handled by Stripe and Google Play. We collect anonymized IP addresses, pseudonymous device identifiers for account security and fraud prevention, a randomly generated returning visitor identifier, technical telemetry and error data, and standard server logs.
Advertising: Free users see ads served by Google AdSense (web) and Google AdMob (apps). Consent is managed through Google Funding Choices (web) and Google’s User Messaging Platform (apps). Paid subscribers see no ads and no advertising technologies are loaded.
Who we share with: Service providers that help us operate (Cloudflare, Hetzner, Google Cloud, Stripe, Google Play). Google and Reddit receive data from free users for advertising. We do not sell your data.
Your rights: Depending on where you live, you may access, correct, delete, port, or restrict processing of your data, object to certain processing, and opt out of ad personalization. We honor Global Privacy Control signals.
Where your data lives: Primarily in the EU (Finland and Germany). US-based failover and service providers are covered by Standard Contractual Clauses and the Data Privacy Framework.
How to contact us: privacy@androidacy.com or https://www.androidacy.com/data-subject-access-request/.
1. Introduction and Scope
Androidacy, LLC, doing business as Androidacy (“Company,” “we,” “us,” or “our”), is a limited liability company organized under the laws of the State of Delaware, United States. We operate the website located at androidacy.com, associated mobile applications, application programming interfaces, and related services (collectively, the “Service”).
This Privacy Policy describes the manner in which we collect, use, store, disclose, and otherwise process personal data and personal information (as those terms are defined under applicable law, collectively referred to herein as “Personal Data”) in connection with the Service. This Privacy Policy applies to all users of the Service, regardless of how the Service is accessed, whether through a web browser, mobile application, API integration, or any other means.
For purposes of the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) and the United Kingdom General Data Protection Regulation (“UK GDPR”), Androidacy, LLC is the data controller responsible for the processing of your Personal Data.
This Privacy Policy is provided in accordance with our obligations under applicable data protection law, including Articles 13 and 14 of the GDPR. Nothing in this Privacy Policy is intended to create contractual obligations with respect to the data processing practices described herein, nor does this Privacy Policy constitute a consent mechanism. Where processing is based on consent, such consent is obtained separately through the mechanisms described herein and is not implied by your use of the Service.
2. Information We Collect
2.1 Information You Provide Directly
We collect Personal Data that you voluntarily provide in connection with your use of the Service, including when you create or register an account; purchase, renew, or manage a subscription; submit a support request, bug report, or other inquiry; or otherwise communicate with us.
The categories of Personal Data you may provide include: name, email address, username, and account credentials; billing and payment information; the content of communications you send to us; and identity verification documents submitted in connection with the exercise of privacy rights as described in Sections 8 and 9.
All payment transactions conducted through the website are processed by Stripe, Inc.; all payment transactions conducted through our mobile applications are processed by Google Play (Google LLC). We do not receive, access, or store complete payment card numbers, bank account numbers, or other full payment credentials. Payment data is transmitted directly to and handled exclusively by the applicable processor, subject to that processor’s privacy policy and PCI-DSS compliance obligations.
2.2 Information Collected Automatically
When you access or use the Service, we automatically collect certain information through technological means. The categories of information collected automatically are as follows:
IP Address and Geolocation. We collect your Internet Protocol (“IP”) address each time you access the Service. IP addresses stored by our systems are anonymized by removing the last one to two octets prior to storage; we do not retain unredacted IP addresses in our own logs or databases. Prior to anonymization, we may derive approximate geographic location at the city or regional level for purposes of security and fraud prevention, regulatory compliance, and personalization of the Service. We do not collect or derive precise geolocation data.
Device Identifiers. We generate pseudonymous device identifiers derived from hardware and software attributes of your device. These attributes are hashed on your device prior to transmission; we do not receive or store raw attribute values. Device identifiers are used for account security, fraud detection and prevention, abuse mitigation, enforcement of our Terms of Service, and securing data in transit. Device identifiers are derived from device characteristics rather than stored tokens and may persist after you clear your browser data, cookies, or application storage. When you authenticate with the Service, your device identifier is associated with your account information. We retain identifiers for approximately the last ten (10) devices per account. Device identifiers are not used for advertising, behavioral profiling, or cross-site tracking.
Returning Visitor Identifier. We store a randomly generated pseudonymous identifier on your device to recognize returning visitors for purposes of service continuity and performance assessment. This identifier is not derived from personal or device attributes, is not transmitted to third parties, and is processed exclusively within the *.androidacy.com domain.
Telemetry, Performance Data, and Error Reporting. We collect technical telemetry data, performance metrics, and error reports for purposes of operating, maintaining, debugging, and improving the Service. Such data may include device type and model, operating system and version, application version, screen resolution, usage patterns, page load and response times, error logs, and crash reports. IP addresses are anonymized prior to storage as described above.
Server Logs. Our servers automatically record certain log data each time the Service is accessed. Server logs generated by our systems do not contain unredacted IP addresses. Log data generated by infrastructure and security providers, including Cloudflare, Inc. and Hetzner Online GmbH, may contain unredacted IP addresses as a necessary technical function of those services, subject to the respective provider’s privacy policy and applicable data processing agreement. Our server log data may include anonymized IP addresses, browser type and version, device type, referring and exit URLs, pages and resources accessed, operating system, date and time stamps, and related metadata.
2.3 Cookies and Similar Technologies
Overview. We use cookies, localStorage, and similar client-side storage technologies in connection with the Service. The technologies deployed and their purposes vary by platform and subscription status as described below.
Strictly Necessary Technologies (Consent Not Required). We deploy certain technologies that are strictly necessary for the provision of the Service as requested by the user, including session management and authentication cookies, security tokens, cross-site request forgery (“CSRF”) tokens, and device identifiers used for account security and the security of data in transit as described in Section 2.2. These technologies are exempt from consent requirements under Article 5(3) of the ePrivacy Directive (Directive 2002/58/EC, as amended by Directive 2009/136/EC) and equivalent provisions of applicable national law.
Operational Technologies (Consent May Be Required in Certain Jurisdictions). The randomly generated returning visitor identifier described in Section 2.2 is stored on your device using client-side storage. In jurisdictions whose national implementation of the ePrivacy Directive recognizes an exemption from consent requirements for first-party, privacy-preserving operational measurement technologies, this identifier qualifies for such exemption. In jurisdictions whose national law does not recognize such an exemption, including but not limited to the United Kingdom, Belgium, and Ireland, consent for the storage of this identifier is obtained through the consent mechanisms presented on our website and in our applications. You may withdraw such consent at any time through those same mechanisms. The core functionality of the Service remains accessible if you decline or withdraw consent for this technology, although our ability to assess service performance and diagnose issues may be diminished.
Advertising Technologies (Consent Required). Advertising-related cookies, tracking pixels, software development kits (“SDKs”), and similar technologies deployed by our advertising partners are used only with your prior consent or as otherwise permitted by applicable law. These technologies are described in detail below.
Free (Non-Subscription) Users: Website. Google AdSense may set cookies and deploy tracking technologies on your device for the purpose of serving advertisements, which may be personalized based on browsing behavior and interests as determined by Google. Consent for such technologies, where required, is obtained through the Google Funding Choices consent management platform (“FCM”). The categories and purposes of technologies deployed by Google are governed by Google’s privacy policy at https://policies.google.com/privacy and cookie disclosures at https://policies.google.com/technologies/cookies.
Free (Non-Subscription) Users: Mobile Applications. The Google AdMob SDK may collect device identifiers, advertising identifiers, and related data for the purpose of serving advertisements, which may be personalized. Consent, where required, is obtained through Google’s User Messaging Platform SDK (“UMP”) integrated into our applications. Data collected by AdMob is governed by Google’s privacy policy at https://policies.google.com/privacy.
Advertising Campaigns and Remarketing. We may periodically conduct advertising campaigns through Google Ads, Reddit Ads, or other platforms. During such campaigns, we may deploy the relevant platform’s tracking tags, pixels, or SDKs to measure campaign performance, attribute conversions, and facilitate remarketing. Upon campaign conclusion, the associated technologies are removed from the Service. We do not independently store or retain data collected through third-party advertising technologies; such data is processed solely by the respective platform in accordance with its own privacy policy. Deployment of campaign technologies is subject to the consent mechanisms described above.
Paid (Subscription) Users. For users who maintain an active paid subscription, Google AdSense, Google AdMob, Google Funding Choices, Google’s User Messaging Platform, Google Ads remarketing tags, Reddit Ads tags, and all associated advertising scripts, cookies, SDKs, and tracking technologies are not loaded, initialized, or deployed, whether on the website or in our mobile applications. No advertising-related data collection occurs for paid subscribers.
2.4 Information Received from Third Parties
We may receive limited Personal Data from third-party authentication providers (such as Google Sign-In) if you elect to authenticate through such a service. The categories of information received are limited to those necessary to authenticate your identity and create or link your account.
2.5 Categories of Personal Data Not Collected
We do not knowingly or intentionally collect sensitive personal information as that term is defined under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA”), including but not limited to: Social Security numbers; driver’s license, state identification, or passport numbers; financial account numbers in combination with required access or security codes; precise geolocation data (such as GPS coordinates); data revealing racial or ethnic origin, religious or philosophical beliefs, or union membership; genetic data; biometric data processed for the purpose of uniquely identifying a natural person; data concerning health; data concerning a person’s sex life or sexual orientation; citizenship or immigration status; or the contents of mail, email, or text messages where we are not the intended recipient of such communications. We similarly do not knowingly or intentionally collect special categories of personal data as defined under Article 9 of the GDPR.
The foregoing describes categories of data not affirmatively collected in the standard operation of the Service. This section does not preclude the incidental presence of such data in communications voluntarily submitted by users, nor does it limit our obligations under applicable law with respect to any Personal Data we hold.
3. Purposes and Legal Bases for Processing
We process Personal Data for the following purposes and rely upon the following legal bases:
Performance of a Contract (GDPR Article 6(1)(b)). We process Personal Data as necessary for the performance of the contract between you and Androidacy (i.e., our Terms of Service), including providing, operating, and maintaining the Service and its core functionality; processing payment transactions and managing subscriptions; creating, authenticating, and administering user accounts; providing customer support; and maintaining the security and integrity of your account through device identifier verification and related measures.
Legitimate Interests (GDPR Article 6(1)(f)). We process Personal Data where necessary for our legitimate interests or those of third parties, provided such interests are not overridden by your rights and freedoms. These interests include: protecting the security, integrity, and availability of the Service through fraud detection, device identifier processing, rate limiting, and abuse mitigation; collecting telemetry, performance metrics, and error reports to maintain and improve the Service; enforcing our Terms of Service and protecting our legal rights; and personalizing your experience based on approximate geographic location. We have conducted a balancing assessment and determined that these interests are not overridden by your rights and freedoms, taking into account the limited and security-specific nature of the data processed, the use of pseudonymization and anonymization measures, and the potential consequences of failing to process such data.
Consent (GDPR Article 6(1)(a)). We process Personal Data on the basis of your freely given, specific, informed, and unambiguous consent for: serving advertisements through Google AdSense (website) and Google AdMob (mobile applications) to free users; deploying remarketing and campaign tracking technologies; and deploying the returning visitor identifier in jurisdictions requiring consent. You may withdraw consent at any time through the mechanisms described in Section 2.3. Withdrawal shall not affect the lawfulness of processing carried out prior to withdrawal.
Compliance with a Legal Obligation (GDPR Article 6(1)(c)). We process Personal Data where necessary to comply with applicable laws, regulations, legal processes, or enforceable requests from governmental authorities.
4. Disclosure of Personal Data
We do not sell your Personal Data as that term is commonly understood in everyday language. For information regarding “sharing” as that term is defined under the CPRA, please refer to Section 9.1.
We disclose Personal Data to third parties only in the following circumstances:
4.1 Service Providers and Data Processors
We engage third-party service providers who process Personal Data on our behalf pursuant to documented instructions. These providers are bound by contractual obligations requiring them to process Personal Data solely for specified purposes, implement appropriate technical and organizational measures, and comply with applicable data protection law. Our current providers include:
Cloudflare, Inc. Provides content delivery network, web application firewall, DDoS mitigation, and DNS services. Cloudflare processes traffic data, including IP addresses and request metadata, in its capacity as a data processor on our behalf. Privacy policy: https://www.cloudflare.com/privacypolicy/.
Hetzner Online GmbH. Provides primary hosting infrastructure, with servers located in Finland and Germany (European Union). Privacy policy: https://www.hetzner.com/legal/privacy-policy/.
Google Cloud Platform (Google LLC). Provides failover and backup hosting infrastructure, with servers located in the United States. Privacy policy: https://policies.google.com/privacy.
Stripe, Inc. Processes payment transactions for web-based purchases. Stripe acts as a data processor on our behalf with respect to transaction processing and, in certain circumstances, as an independent data controller for its own fraud prevention and regulatory compliance purposes. Privacy policy: https://stripe.com/privacy.
Google Play (Google LLC). Processes payment transactions for in-app purchases. Privacy policy: https://policies.google.com/privacy.
Google AdSense, Google AdMob, and Google Ads (Google LLC) (free users only). As described in Sections 2.3 and 3, Google processes advertising data, including for ad personalization and remarketing, as an independent data controller with respect to its advertising activities. Privacy policy: https://policies.google.com/privacy.
Reddit, Inc. (during active advertising campaigns only). As described in Section 2.3, during active advertising campaigns, Reddit may process data collected through its advertising technologies as an independent data controller. Privacy policy: https://www.reddit.com/policies/privacy-policy.
Anthropic, PBC. Provides artificial intelligence processing services used in connection with optional recommendation features within our applications. Data transmitted to Anthropic is processed pursuant to Anthropic’s API terms and is not used for model training. Anthropic acts as a data processor on our behalf. Privacy policy: https://www.anthropic.com/privacy.
4.2 Legal Disclosures and Law Enforcement
We will disclose Personal Data as required by valid legal process, including subpoenas, court orders, search warrants, and enforceable governmental requests. Where legally permitted and where doing so would not compromise an investigation, we will make reasonable efforts to notify you prior to disclosure.
We may also disclose Personal Data where we believe in good faith that disclosure is reasonably necessary to enforce our Terms of Service; detect, prevent, or address fraud, security incidents, or technical issues; or protect the rights, property, or safety of Androidacy, our users, or the public.
4.3 Business Transfers
In the event of a merger, acquisition, reorganization, dissolution, bankruptcy, sale of all or substantially all assets, or similar transaction, your Personal Data may be among the assets transferred or disclosed in connection with due diligence or consummation of such transaction. We will provide notice through the Service or by email and will require the acquiring entity to assume the obligations of this Privacy Policy or provide you with notice and, where required by law, an opportunity to exercise your rights before your data becomes subject to a different policy.
4.4 With Your Consent
We may disclose your Personal Data to third parties when we have obtained your explicit, informed, and freely given consent to do so.
4.5 Aggregated and De-Identified Data
We may disclose aggregated, de-identified, or otherwise non-personal information that cannot reasonably be used, either alone or in combination with other available information, to identify any individual. Such disclosures are not subject to the terms and restrictions of this Privacy Policy.
5. Advertising, Remarketing, and Opt-Out Mechanisms
Free (non-subscribing) users may be presented with advertisements served by Google AdSense (website) and Google AdMob (mobile applications), which may be personalized based on interests and activity as determined by Google.
We may periodically conduct advertising campaigns through Google Ads, Reddit Ads, or other platforms. During such campaigns, the relevant platform’s tracking and remarketing technologies may be deployed as described in Section 2.3. Such technologies are removed upon campaign conclusion, and we do not independently store data collected through them.
You may manage advertising preferences or opt out of personalized advertising through: the Google Funding Choices consent dialog (website); the Google UMP consent dialog (mobile applications); Google Ad Settings at https://adssettings.google.com/; the Digital Advertising Alliance at https://optout.aboutads.info; the Network Advertising Initiative at https://optout.networkadvertising.org; and, for Reddit Ads, through your Reddit account privacy settings.
Opting out of personalized advertising does not eliminate all advertisements. Non-personalized, contextual advertisements may continue to appear. A paid subscription eliminates all advertising and associated data collection.
Do Not Track. There is no universally accepted standard governing responses to “Do Not Track” browser signals. Accordingly, we do not alter our data practices in response to DNT signals.
Global Privacy Control. We recognize and honor the Global Privacy Control (“GPC”) signal as a valid request to opt out of the “sale” or “sharing” of personal information for cross-context behavioral advertising, targeted advertising, and other processing subject to opt-out rights, under all applicable United States state privacy laws that require recognition of universal opt-out mechanisms, including but not limited to the CCPA, the Colorado Privacy Act, the Connecticut Data Privacy Act, the Oregon Consumer Privacy Act, the Montana Consumer Data Privacy Act, the Delaware Personal Data Privacy Act, the Maryland Online Data Privacy Act, the Minnesota Consumer Data Privacy Act, the New Hampshire Privacy Act, the New Jersey Data Privacy Act, and the Texas Data Privacy and Security Act.
6. Consent and Access to the Service
The Service encompasses content-based features (publicly available articles and informational pages) and interactive, API-dependent, or third-party-dependent features (account-based services, module management, and features relying upon third-party integrations).
Content-Based Features. Core content-based features are generally accessible without consent beyond what is strictly necessary for technical delivery.
API-Dependent and Third-Party-Dependent Features. Certain features depend upon our APIs, third-party integrations, or other infrastructure for which the data processing described herein is reasonably necessary for secure and reliable delivery. Where you decline consent that we reasonably determine is necessary for the secure and reliable delivery of such features, we may restrict, limit, or suspend access to the affected features. We shall not restrict access to any feature on the basis of your refusal to provide consent unrelated to delivery of that feature.
You may restore access by providing the applicable consent or by upgrading to a paid subscription.
This approach is consistent with the principle, recognized by the CNIL (France) and the German, Danish, Italian, Spanish, and United Kingdom data protection authorities, that controllers not qualifying as large online platforms within the meaning of the Digital Services Act (Regulation (EU) 2022/2065) or the Digital Markets Act (Regulation (EU) 2022/1925) may offer differentiated levels of service based on consent choices, subject to case-by-case assessment. Nothing herein shall be construed to limit any rights you may have under applicable mandatory data protection law.
7. International Data Transfers
Androidacy, LLC is incorporated in the United States. Primary server infrastructure is located in the European Union (Finland and Germany), operated by Hetzner Online GmbH. Failover infrastructure is maintained in the United States, operated by Google Cloud Platform.
For users in the European Economic Area (“EEA”), the United Kingdom, or Switzerland, Personal Data is primarily stored and processed within the EU. Personal Data may be transferred to the United States or other jurisdictions outside the EEA in connection with: failover events; processing by US-based service providers (Stripe, Google, Cloudflare); and certain operational or administrative purposes.
Where Personal Data originating in the EEA, United Kingdom, or Switzerland is transferred to a country without an adequacy determination from the European Commission (or the UK Secretary of State, as applicable), we rely upon one or more of the following safeguards: Standard Contractual Clauses pursuant to Commission Implementing Decision (EU) 2021/914, together with the UK International Data Transfer Addendum where applicable; certification under the EU-U.S. Data Privacy Framework, the UK Extension thereto, or the Swiss-U.S. Data Privacy Framework; or any other transfer mechanism recognized under applicable law as providing appropriate safeguards.
You may request a copy of the applicable transfer safeguards by contacting us as set forth in Section 13.
8. Your Rights Under the GDPR and UK GDPR
If you are located in the European Economic Area, the United Kingdom, or Switzerland, you are entitled to exercise the following rights with respect to your Personal Data under the GDPR and/or the UK GDPR:
Right of Access (Article 15). You have the right to obtain from us confirmation as to whether we are processing your Personal Data and, where we are, to access that data together with information about the purposes of processing, the categories of data concerned, the recipients or categories of recipients, the retention period, and your rights with respect to the data.
Right to Rectification (Article 16). You have the right to obtain the correction of inaccurate Personal Data and the completion of incomplete Personal Data.
Right to Erasure (Article 17). You have the right to obtain the erasure of your Personal Data, subject to the exceptions set forth in Article 17(3), including where retention is necessary for compliance with a legal obligation or for the establishment, exercise, or defense of legal claims.
Right to Restriction of Processing (Article 18). You have the right to obtain the restriction of processing in certain circumstances, including where you contest the accuracy of the data, where the processing is unlawful and you oppose erasure, or where you have objected to processing pending our verification of legitimate grounds.
Right to Data Portability (Article 20). Where processing is based on your consent or on a contract and is carried out by automated means, you have the right to receive your Personal Data in a structured, commonly used, and machine-readable format and to transmit that data to another controller without hindrance from us.
Right to Object (Article 21). You have the right to object, on grounds relating to your particular situation, to the processing of your Personal Data based on legitimate interests. Upon receipt of such objection, we shall cease processing unless we demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims. You have the unconditional right to object at any time to the processing of your Personal Data for direct marketing purposes.
Right to Withdraw Consent (Article 7(3)). Where processing is based on your consent, you have the right to withdraw that consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent prior to its withdrawal.
Right Regarding Automated Decision-Making (Article 22). You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, except where permitted under Article 22(2). See Section 15 for further information regarding our practices.
Right to Lodge a Complaint. You have the right to lodge a complaint with the supervisory authority in the Member State of your habitual residence, place of work, or place of the alleged infringement. A directory of EEA supervisory authorities is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en.
How to Exercise Your Rights. Contact us at privacy@androidacy.com or submit a request through https://www.androidacy.com/data-subject-access-request/. We shall respond without undue delay and in any event within one calendar month of receipt. Where additional time is required due to complexity or volume (up to a further two calendar months), we shall inform you of the extension and the reasons therefor within the initial period. We may require identity verification prior to processing your request; any documents submitted for such purpose are used solely for verification, are not shared with third parties, and are deleted promptly upon completion.
9. Your Rights Under United States State Privacy Laws
9.1 California (CCPA/CPRA)
If you are a resident of the State of California, the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, the “CCPA”), provides you with certain rights with respect to your personal information, as that term is defined under the CCPA:
Right to Know. You have the right to request that we disclose to you the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected that information, the business or commercial purposes for collecting or sharing that information, and the categories of third parties to whom we have disclosed that information.
Right to Delete. You have the right to request that we delete personal information that we have collected from you, subject to the exceptions enumerated in California Civil Code Section 1798.105(d).
Right to Correct. You have the right to request that we correct inaccurate personal information that we maintain about you.
Right to Opt Out of Sale and Sharing. We do not “sell” personal information as defined by the CCPA. The serving of personalized advertisements through Google AdSense and AdMob to free users, and the deployment of Google Ads and Reddit Ads tracking technologies during active campaigns, may constitute “sharing” for cross-context behavioral advertising as defined under the CPRA. You may opt out by: utilizing the applicable consent dialog (FCM on web, UMP in applications); contacting privacy@androidacy.com; or enabling Global Privacy Control.
Right to Limit Use of Sensitive Personal Information. As described in Section 2.5, we do not knowingly collect sensitive personal information as defined under the CCPA. Accordingly, we do not use or disclose sensitive personal information for purposes that would trigger the right to limit use under California Civil Code Section 1798.121.
Right to Non-Discrimination. We will not discriminate against you for exercising any of your rights under the CCPA.
Categories of Personal Information Collected in the Preceding Twelve Months. The following table sets forth the categories of personal information, as defined by California Civil Code Section 1798.140(v), that we have collected in the preceding twelve (12) months:
Identifiers. Including name, email address, anonymized IP address, pseudonymous device identifiers, and username. Sources: directly from you and collected automatically. Purposes: account management, security and fraud prevention, and service operation. Disclosed to: service providers (Cloudflare, Hetzner, Google Cloud Platform, Stripe).
Internet or Other Electronic Network Activity Information. Including information regarding your interaction with the Service, device attributes, error data, and operational telemetry. Sources: collected automatically. Purposes: service operation, performance monitoring, security, and fraud prevention. Disclosed to: service providers (Cloudflare). For free users: shared with Google for advertising purposes. During active advertising campaigns: shared with Reddit for advertising purposes.
Geolocation Data. Approximate location derived from your IP address at the city or regional level; not precise or GPS-based. Sources: collected automatically. Purposes: personalization, security, and regulatory compliance. Disclosed to: service providers (Cloudflare).
Commercial Information. Including subscription status and transaction records. Sources: directly from you and from payment processors. Purposes: transaction processing and account management. Disclosed to: payment processors (Stripe, Google Play).
We have not sold personal information, as that term is defined by the CCPA, in the preceding twelve (12) months. We have shared Identifiers and Internet or Other Electronic Network Activity Information with Google for cross-context behavioral advertising purposes (free users), and during active advertising campaigns, with Reddit for the same purpose.
Authorized Agents. You may designate an authorized agent to submit a privacy rights request on your behalf. We may require written proof of the agent’s authorization, such as a signed letter or a valid power of attorney, and we may still require you to verify your identity directly with us.
How to Exercise Your Rights. Submit a verifiable consumer request at privacy@androidacy.com or through https://www.androidacy.com/data-subject-access-request/. We shall verify your identity against information on file. We shall acknowledge receipt and respond substantively within forty-five (45) calendar days, with one extension of up to forty-five (45) additional days upon notice.
9.2 Other United States State Privacy Laws
Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), Delaware (DPDPA), Iowa (ICDPA), Tennessee (TIPA), Indiana (ICDPA), Kentucky (KCDPA), Rhode Island (RIDTPPA), Maryland (MODPA), Minnesota (MCDPA), Nebraska (NDPA), New Hampshire (NHPA), New Jersey (NJDPA), and other states with comprehensive privacy legislation may exercise rights substantially similar to those in Section 9.1, including the rights to access, correct, and delete personal data; obtain portable copies; and opt out of targeted advertising, sale of personal data, and profiling producing legal or similarly significant effects.
To exercise these rights, contact us as set forth in Section 13. We shall respond within the timeframe required by applicable law. Where we decline a request, we shall inform you of the reasons and your right to appeal. Denied appeals include information regarding the applicable regulatory authority.
10. Data Retention
We retain Personal Data only as long as reasonably necessary for the purposes described herein, or as required by law.
Account Data. Retained for the duration of the active account or twelve (12) months following last activity, whichever is longer. Deletion may be initiated at https://www.androidacy.com/account, subject to a three-day holding period, identity verification, and in certain cases manual approval. Upon completion, account data is deleted or irreversibly anonymized within thirty (30) calendar days, except as provided below.
Device Identifiers. Retained for the duration of the associated account and deleted therewith, except where subject to the security retention period below.
Post-Deletion Backup Retention. Data may persist in backup systems for up to ninety (90) days as part of routine backup cycles and is not actively processed during that period.
Post-Deletion Security Retention. Security-related data, including device identifiers and security logs, may be retained for up to twenty-four (24) months following account deletion where necessary for investigation of fraud or abuse, or for the establishment, exercise, or defense of legal claims.
Server Logs. Retained for up to fourteen (14) days for operational purposes. Our logs do not contain unredacted IP addresses.
Security Logs. Retained for up to twenty-four (24) months.
Telemetry and Performance Data. Retained in pseudonymized or aggregated form for up to twelve (12) months.
Identity Verification Documents. Retained only for the duration necessary to process the associated request; deleted promptly thereafter and never shared with third parties.
Anonymized and Aggregated Data. Data that has been irreversibly anonymized or aggregated such that it cannot reasonably identify any natural person is not Personal Data and may be retained indefinitely.
Inactive Accounts. Accounts inactive for twelve (12) months may be flagged for deletion. Where required by law, notice shall be provided prior to deletion.
Legal Holds. Notwithstanding the foregoing, Personal Data may be retained as required by law or as necessary for the establishment, exercise, or defense of legal claims.
When no longer required, Personal Data is securely deleted or irreversibly anonymized.
11. Data Security
We implement commercially reasonable technical and organizational measures to protect Personal Data against unauthorized access, alteration, disclosure, destruction, or accidental loss, including: encryption in transit (TLS 1.2 or higher); encryption at rest for sensitive data and credentials; web application firewall protection; IP address anonymization; access controls based on the principle of least privilege; and regular security monitoring.
No method of electronic transmission or storage is completely secure. We cannot guarantee the absolute security of any data transmitted to, from, or stored by us. You are responsible for maintaining the confidentiality of your account credentials.
Data Breach Notification. In the event of a breach likely to result in a risk to the rights and freedoms of natural persons, we shall notify the competent supervisory authority without undue delay and, where feasible, within seventy-two (72) hours, in accordance with GDPR Article 33. Where the breach is likely to result in a high risk, we shall communicate it to affected individuals without undue delay pursuant to Article 34. For United States residents, we shall comply with all applicable state breach notification laws.
Vulnerability Disclosure. If you become aware of a security vulnerability affecting the Service, please report it immediately to privacy@androidacy.com.
12. Children’s Privacy
The Service is not directed to or intended for children under sixteen (16). We do not knowingly collect Personal Data from children under sixteen. Use of the Service by such persons is prohibited by our Terms of Service. We reserve the right to terminate accounts and delete associated data where we become aware or reasonably believe a user is under sixteen.
If you are a parent or guardian who believes a child under sixteen has provided Personal Data to us, contact privacy@androidacy.com. Upon verification, we shall promptly delete such data and terminate any associated account.
We comply with the Children’s Online Privacy Protection Act (“COPPA,” 15 U.S.C. §§ 6501-6506) with respect to children under thirteen and with GDPR Article 8 regarding children’s consent in relation to information society services.
13. Contact Information
For questions regarding this Privacy Policy or to exercise any privacy right described herein:
Androidacy, LLC
c/o Legalinc Corporate Services Inc.
131 Continental Dr Suite 305
Newark, DE 19713
Email: privacy@androidacy.com
Data Subject Access Requests: https://www.androidacy.com/data-subject-access-request/
14. Third-Party Links and Services
The Service may contain hyperlinks to websites or services operated by third parties not owned or controlled by Androidacy. This Privacy Policy applies solely to the Service and does not govern the practices of any third party. The inclusion of a hyperlink does not constitute endorsement by Androidacy.
15. Automated Decision-Making
In the ordinary course of operations, we do not engage in solely automated decision-making that produces legal effects or similarly significantly affects you within the meaning of GDPR Article 22(1), except as described below.
Standard Security Processing. Automated systems used for security and anti-fraud purposes may contribute to decisions regarding access to the Service. Decisions to restrict, suspend, or terminate access on the basis of such processing are subject to human review upon request pursuant to Section 13.
Emergency Automated Enforcement. Where our automated systems detect activity posing an imminent and significant risk of harm to the Company, the Service, or its users, and the severity of the threat substantially outweighs potential disruption to the affected user, we may restrict, suspend, or block access without prior human review. Such actions are reserved for extreme circumstances, including active exploitation of vulnerabilities, coordinated abuse patterns, and activity posing immediate risk to others. You may request human review of any such action by contacting privacy@androidacy.com.
Recommendation Features. Certain optional features within our applications use automated processing of usage data to generate personalized content recommendations. This processing evaluates user preferences but does not produce legal effects or similarly significant effects, does not result in the creation of persistent user profiles, and is subject to user control through in-app settings. This processing does not constitute solely automated decision-making within the meaning of GDPR Article 22(1).
16. Changes to This Privacy Policy
We may modify this Privacy Policy at any time to reflect changes in our practices, technologies, or applicable law. Changes take effect upon posting the revised version with an updated “Last Updated” date.
For material changes, including those that expand the categories of Personal Data collected, the purposes of processing, or the categories of recipients, or that diminish your rights, we shall provide additional notice through the Service, by email, or by in-app notification.
Material changes shall not apply retroactively to Personal Data collected prior to the effective date without your affirmative consent where required by law. Where a material change requires a new legal basis for processing, we shall obtain the applicable consent before processing under the revised terms.
17. Governing Law and Dispute Resolution
This Privacy Policy is governed by the laws of the State of Delaware, United States, without regard to conflict of laws principles, except to the extent superseded by mandatory data protection law, including the GDPR, UK GDPR, and applicable state privacy laws.
Disputes not subject to mandatory jurisdiction shall be subject to the exclusive jurisdiction of the state and federal courts in Delaware.
18. Severability
If any provision of this Privacy Policy is held invalid, illegal, or unenforceable, such determination shall not affect the remaining provisions, which shall continue in full force and effect. The invalid provision shall be deemed modified to the minimum extent necessary to render it enforceable while preserving its original intent.
19. Relationship to Other Policies
This Privacy Policy should be read in conjunction with our Terms of Service. In the event of conflict regarding data protection matters, this Privacy Policy prevails. Nothing herein limits any rights under applicable mandatory data protection law.
This Privacy Policy was last reviewed on February 8, 2026.
