2. Data Collection & Processing (Explicit Consent)

To provide, optimize, and secure our platforms, we collect specific categories of data. We process this data strictly for functionality, analytics, and advertising, as declared in our Google Play Data Safety section and web compliance standards.

Data Provided by the User

We collect information that you explicitly submit to us. This includes:

• Support Correspondence: Email addresses and communication content provided when contacting customer support.
• Account Information: Usernames, passwords, and profile details provided if an in-app or website account creation flow is utilized.

Automatically Collected Data

When you interact with our applications and websites, our systems and integrated third-party services automatically collect the following telemetry and device metrics:

• Device Identifiers: Device IDs, Android Advertising ID (AAID) / Google Advertising ID (GAID).
• Network Information: IP addresses and network connection types.
• Performance Logs: App crash reports, diagnostic data, and performance analytics.

3. Third-Party SDK Disclosures

Our platforms utilize trusted third-party Software Development Kits (SDKs) and web services to facilitate analytics, backend infrastructure, and advertising delivery. These third parties act as Data Processors and collect data according to their respective privacy policies.

The integrated third-party services include:

• Google Play Services: Utilized for core device functionalities, security, and authentication.
• AdMob (Google Advertising): Utilized for the delivery of advertisements.
• Firebase (Analytics & Crashlytics): Utilized to monitor application stability, track usage metrics, and capture crash logs.

These third parties process data according to their respective privacy policies, which govern their independent data processing and retention mechanisms.

4. Data Security Measures

We implement robust, industry-standard security protocols, including encryption in transit (HTTPS/SSL) and encryption at rest, to safeguard your personal data against unauthorized access, alteration, disclosure, or destruction. Access to user data is strictly limited to authorized personnel who require it to perform their designated duties.

5. User Rights & Data Control

In compliance with global data protection frameworks, including the GDPR and Google Play's Data Safety requirements, you maintain absolute control over your personal data. You retain the right to:

• Access: Request a comprehensive export of your personal data currently retained by our systems.
• Correction: Request modifications to correct inaccurate or incomplete personal information.
• Portability: Receive your data in a structured, commonly used, and machine-readable format.
• Restriction: Demand the restriction or cessation of processing for specific data categories.

6. Dedicated Account & Data Deletion

We provide an unambiguous and accessible mechanism for the permanent erasure of your account and associated data, fulfilling Google Play's mandatory web-based data deletion path requirement.

If you wish to terminate your account and have all associated personal data permanently deleted from our servers, you can initiate this through two primary methods:

1. Web Portal: Submit a deletion request directly through the dedicated Data Deletion portal available on the home page of our website.
2. Email Request: Send a formal deletion request to support@codiflytech.com using the subject line "Account and Data Deletion Request."

Upon receipt, your data will be permanently purged from our active databases and third-party processing logs, except where retention is strictly required for legal compliance or anti-fraud measures.

7. Data Retention & International Transfers

We retain user data only for as long as is necessary to fulfill the purposes outlined in this Privacy Policy, provide our services, or comply with our legal obligations. Due to our integration with global services like Google AdMob and Firebase, your data may be processed on servers located outside of India. In such instances, we ensure that these cross-border data transfers comply with applicable data protection laws and that adequate security safeguards are maintained.

8. Indian DPDP Act Compliance & Grievance Redressal

In accordance with the Indian Digital Personal Data Protection (DPDP) Act, ARUMA PRODUCTS PRIVATE LIMITED acts as a Data Fiduciary. We recognize and enforce the rights of all "Data Principals" within Indian jurisdiction.

Data Principals have the statutory right to request a summary of data processed, the identities of all Data Processors to whom data has been shared, and the right to nominate an individual to act on their behalf in the event of incapacity. Valid consent is recorded prior to processing, and individuals retain the absolute right to withdraw this consent at any time.

9. Grievance Officer Identifier

In strict compliance with Indian legal mandates, we have appointed a dedicated Grievance Officer to address privacy concerns, data rights requests, and compliance inquiries.

10. Children's Privacy

We comply strictly with the Children's Online Privacy Protection Act (COPPA) and the Google Play Families Policy. Our data processing systems are explicitly configured to avoid the collection of personal information from users under the age of 13 (or the applicable digital age of consent in the user's jurisdiction).

If a user identifies as a child, all advertising is served exclusively via Google Play Families Self-Certified Ads SDKs, and targeted data collection is disabled. If we become aware that we have inadvertently collected personal data from a child without verified parental consent, we will take immediate steps to permanently delete that information from our systems.

11. Changes to This Policy

We reserve the right to update this Privacy Policy to reflect changes in regulatory requirements, app functionality, or SDK integrations. All significant changes will be communicated via an in-app notification upon the user's next launch of the application, or via a prominent notice on our website. Continued use of our platforms following such notifications constitutes acknowledgment and acceptance of the amended policy.