CODEDEVFLOW
Legal

Privacy Policy

Effective date: April 30, 2026. Last updated: April 30, 2026. This policy is written for global users and designed to align with GDPR, UK GDPR, CCPA/CPRA, COPPA, LGPD, DMA, ePrivacy expectations, and current Apple App Store and Google Play policies.

1. Overview

CodeDevFlow ("we", "our", or "us") respects and protects user information. This Privacy Policy explains how we collect, use, store, and share information when users interact with our applications and services. The policy applies globally and is adapted to regional legal requirements, including but not limited to EU GDPR, UK GDPR, California CCPA/CPRA, Brazil LGPD, and other local consumer privacy laws.

2. Information We Collect

Depending on app permissions, monetization configuration, and interaction mode, we may process the categories below:

  • Device Information: device identifiers (for example IDFA, IDFV, GAID, Android App Set ID), operating system version, language settings, device model, approximate region, IP address, and technical diagnostics metadata.
  • Application Activity: feature usage records, taps and interaction events, crash reports, performance logs, latency metrics, and analytics events.
  • In-App Purchase Data (IAP): transaction receipts, subscription status, order IDs, renewal state, and entitlement verification details. We do not directly process payment card data; payments are handled by Apple App Store or Google Play billing systems.
  • Advertising Interaction Data (IAA): ad impression events, ad click events, view completion events, rewarded conversion events, and anti-fraud telemetry generated by ad SDK partners.

Our apps commonly support App Open Ads, Rewarded Video Ads, Interstitial Ads, Banner Ads, and Native Ads.

3. Legal Bases For Processing

Where required by law, we process data under one or more legal bases:

  • Contract Performance: to provide app functions, purchase fulfillment, and account-free product features.
  • Legitimate Interests: to improve app stability, prevent abuse and fraud, and serve contextual or non-personalized advertising where allowed.
  • Consent: before processing precise location, personalized advertising identifiers, tracking across apps/sites, or direct marketing push activity in jurisdictions requiring consent.
  • Legal Obligation: to comply with lawful requests, tax/financial obligations, and statutory consumer rights handling.

4. Monetization And Third-Party Sharing

To support monetization and product analytics, we may integrate third-party SDKs and APIs. Data access is limited to operational necessity, and partner processing follows their own privacy documentation and applicable law.

4.1 Advertising Platforms (IAA)

  • Google AdMob / Google Ad Manager
  • AppLovin MAX
  • Unity Ads
  • ironSource
  • Meta Audience Network
  • Mintegral
  • Pangle (TikTok for Business ads ecosystem)
  • Vungle / Liftoff Monetize
  • Chartboost
  • InMobi
  • Moloco Ads
  • Smaato
  • Start.io
  • Ogury
  • Yandex Ads (regional use where legally allowed)

4.2 Measurement And Analytics Tools

  • Firebase Analytics / Crashlytics / Performance Monitoring
  • AppsFlyer
  • Adjust
  • Branch (deep linking and attribution)
  • Amplitude or similar behavioral analytics tools

4.3 Payment Processing

In-app payments are processed exclusively via Apple App Store and Google Play Billing. We do not collect or store full card numbers or bank account credentials directly.

4.4 Data Sale / Sharing Notice

For California and similar regimes, ad identifier transfers used for cross-context behavioral advertising may be considered "sharing" or "sale" under law. Where required, we provide "Do Not Sell or Share My Personal Information" controls.

5. Children Privacy And Age Policy

  • Minors Protection: we do not knowingly collect personal information from children under 13, or under 16 in regions applying higher digital consent age thresholds.
  • Age Threshold Actions: if we discover that children data was collected improperly, we will delete it without undue delay.
  • COPPA / GDPR-K Mode: for child-directed or mixed-audience scenarios, we disable personalized ads, tracking features, and non-essential identifier access where required.
  • 2026 Rule Adaptation: we support Apple and Google age-signal interfaces and apply strict privacy defaults based on returned age ranges.

6. Data Security And Cross-Border Transfers

We apply industry-standard safeguards such as encrypted transmission (TLS/SSL), least-privilege controls, environment hardening, and vendor risk review where cloud endpoints exist.

Because our user base is international, some data may be processed outside your country or region. For regulated transfers, we use approved mechanisms such as Standard Contractual Clauses (SCCs), transfer impact assessments, and contractual data processing terms as required by destination law.

For our local-first products, sensitive personal content is designed to remain on-device by default in encrypted local databases.

7. Your Privacy Rights

Depending on location, you may have the following rights:

  • Access and Correction: request access to personal data and correction of inaccurate data.
  • Deletion: request deletion of account-linked records or personal data we control.
  • Consent Withdrawal: withdraw ad tracking or marketing consent in app settings or OS privacy settings.
  • Opt-Out of Sale/Sharing: use "Do Not Sell or Share My Personal Information" controls where legally required.
  • Restriction and Objection: object to or restrict certain processing in regions where this right applies.
  • Portability: request export of eligible data in structured format where required by law.
  • Appeal: where required by local law, appeal rights decisions by contacting us.

iOS users can manage cross-app tracking permission through ATT prompts and system settings. Android users can manage ad ID preferences in system privacy settings.

8. Data Retention

We retain personal data only for as long as necessary for the purposes described in this policy, unless a longer retention period is required or permitted by law.

  • Diagnostics and Security Logs: retained for fraud prevention, abuse detection, service reliability, and legal defense for a limited period.
  • Transaction Records: retained as required for accounting, tax, anti-fraud, and platform dispute handling.
  • Support Communications: retained for ticket handling, quality control, and legal compliance for a limited period.
  • Local-First User Content: generally remains on user devices; users may export or delete local data directly from app controls where available.

9. Cookies, SDK Storage, And Similar Technologies

In mobile environments, "cookies" may be replaced by SDK local storage, device identifiers, and app instance tokens used for analytics, attribution, anti-fraud, ad delivery, and consent state management.

  • Essential Technologies: required for app integrity, security, crash handling, and purchase verification.
  • Analytics Technologies: used to measure feature usage and performance quality.
  • Advertising Technologies: used by ad networks to deliver and measure ad campaigns, including frequency capping and conversion measurement.

Where consent is required by law, non-essential tracking and personalized advertising technologies are activated only after valid user consent.

10. Automated Decision-Making And Profiling

We do not use fully automated decision-making that produces legal or similarly significant effects on users. Limited automated processing may be used for ad fraud detection, abuse mitigation, product analytics, or recommendation logic that does not create legally significant outcomes.

If this changes in the future for regulated jurisdictions, we will provide required notice, safeguards, and rights mechanisms under applicable law.

11. Region-Specific Disclosures

11.1 European Economic Area (EEA) And United Kingdom

  • Users may lodge complaints with local supervisory authorities.
  • International transfers rely on lawful mechanisms, including SCCs where applicable.
  • Users may object to certain processing based on legitimate interests.

11.2 United States (Including California)

  • Users may request to know, delete, correct, and opt out of sale/sharing or targeted advertising where required by law.
  • We will not discriminate against users for exercising statutory privacy rights.

11.3 Brazil (LGPD) And Other Regions

  • Users may exercise rights to confirmation, access, correction, anonymization, deletion, and portability as provided by law.
  • Where local law grants additional rights, we honor those rights according to legal requirements.

12. How To Submit Privacy Requests

To submit an access, deletion, correction, portability, consent-withdrawal, or opt-out request, contact us using the emails below and include enough information for identity verification.

  • Business Support: support@codedevflow.com
  • General Contact: contact@codedevflow.com
  • Request subject suggestion: "Privacy Rights Request"

We may request additional information to verify request authenticity and prevent unauthorized disclosure. Authorized agents may submit requests where local law permits.

13. Contact Us

If you have questions, requests, or regulatory concerns, contact us using:

  • Team: codedevflow.com
  • Office Address: No. 681 Huoju Avenue, Sicreate Technology Park, Nanchang High-Tech Zone, Nanchang, Jiangxi, China
  • Business Support: support@codedevflow.com
  • General Contact: contact@codedevflow.com

We may update this policy when legal requirements or product capabilities change. The latest version will be posted on this page with an updated effective date.