devshelltech logodevshelltech.com
Home Services Culture News Contact
Legal Document

Privacy Policy (Global Compliance Edition)

This policy is part one of the "Privacy Policy and User Service Agreement (Global Compliance Upgrade Edition)". It applies to all users who download, install, and use app products published by our R&D team through APPstore, Google Play, and other compliant distribution channels.

This agreement is concluded between us ("R&D Team", "we", "our") and you ("user", "you"). Our app products adopt a dual monetization model of IAA (in-app advertising monetization) and IAP (in-app purchases), and operate under applicable privacy, minor protection, and data security laws globally, together with platform governance requirements from APPstore, Google Play, and compliant monetization partners.

I. Policy Principles

1.1 Purpose and Legal Basis

This Privacy Policy explains, in a transparent and specific manner, the scope, methods, and core purposes of personal information collection, use, storage, transmission, and disclosure. We follow the principles of legality, legitimacy, necessity, and good faith. We align with major frameworks including, but not limited to, the Personal Information Protection Law of the People's Republic of China (PIPL), the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act and California Privacy Rights Act (CCPA/CPRA), the Brazilian General Data Protection Law (LGPD), platform review standards of APPstore and Google Play, and relevant technical guidance such as GBT35273-2020. We do not collect unrelated data, and we do not abuse or disclose user data unlawfully.

1.2 Global Coverage and Priority Rule

This policy covers all global users. Region-specific adaptation terms are provided in this document. Where local law in your jurisdiction imposes stricter requirements, local law and relevant app-platform rules shall prevail.

1.3 Your Rights and Explicit Consent

You have the right to access, correct, and delete personal information, withdraw consent, and request anonymization. We provide efficient operation paths. Consent prompts are displayed without pre-checked boxes. Collection and related processing start only after your active confirmation.

II. Scope and Methods of Personal Information Collection

2.1 Core Necessary Information (required for core functionality)

  • Device information: including but not limited to device model, OS version, anonymized device identifiers (such as IMEI, IDFA, Android ID), MAC address, screen resolution, and network type (Wi-Fi/mobile). Purposes include compatibility, core operation, troubleshooting, and security. Collection follows the minimum-necessary principle required by APPstore and Google Play.
  • App usage information: including but not limited to feature modules used, usage duration, operation logs, and preference patterns. Used for product optimization, UX enhancement, optional personalized recommendations, and monetization statistics. Collection strictly follows data minimization.

2.2 Optional Information (you may choose to provide)

  • Identity and contact information: name, email, phone number. Used only for account registration, password recovery, IAP verification, and customer support communication. Anonymous use is supported where technically feasible.
  • Location information: collected only for scenario-specific features after your explicit permission. You can revoke permission in device settings at any time. We do not continuously track real-time location beyond explicit scenario needs.
  • Album/file permissions: used only for user-initiated save/upload functions. Access is permission-based, revocable at any time, and limited to user-selected content. We do not access files that you did not actively choose to provide.

2.3 Third-Party Information Collection (monetization and distribution adaptation)

For IAA monetization, we may integrate compliant ad/mediation platforms, including but not limited to: Google AdMob, Google Ad Manager, AppLovin MAX, Unity Ads, ironSource LevelPlay, Meta Audience Network, Mintegral, Pangle, Liftoff/Vungle, Chartboost, InMobi, Moloco, Smaato, Start.io, and other compliant networks. These providers may collect device and usage signals and ad interaction events for ad delivery, frequency control, anti-fraud, measurement, and optimization according to their own policies and applicable laws.

For IAP monetization, payment information is processed by APPstore, Google Play, or other compliant stores. We do not directly obtain your full payment credentials. We receive only transaction verification data necessary to activate purchase entitlements and maintain order integrity.

Typical ad formats in our apps may include splash ads, rewarded video ads, interstitial ads, banner ads, native ads, and app-open ads, all implemented under applicable policy constraints, age suitability requirements, and user transparency obligations.

2.4 Collection Methods and Consent Integrity

Collection occurs through your explicit authorization and manual operations (for example registration, upload, check-in) or automated collection strictly limited to necessary technical data. We do not collect data via hidden, deceptive, or coercive means. Before collection, we disclose purpose, scope, method, and retention period. We do not use default consent, forced consent, or bundled unauthorized processing.

III. Purposes and Scope of Use

3.1 Core Service Purpose

To provide full product functionality, ensure stable operation, diagnose faults, improve product quality, and serve your daily productivity and lifestyle scenarios. We do not use personal information for unrelated purposes.

3.2 Monetization-Related Use

IAA: ad delivery and ad performance analytics, with optional ad personalization controls where supported. IAP: purchase validation, order lookup, and entitlement management. Processing is performed in compliance with Apple ATT-related expectations, Android privacy requirements, and partner policy obligations.

3.3 Optimization and Security Use

We analyze product interaction data to improve interface layout and flow efficiency. We detect abnormal logins, malicious abuse, fraud patterns, and cheating behavior to protect accounts, data, and ecosystem integrity.

3.4 Compliance and Audit Use

We may retain necessary records to satisfy legal requirements, platform compliance review, and regulatory audits, including internal personal information protection compliance audit obligations.

3.5 Prohibited Uses

We do not sell, rent, or lend your personal information to third parties except where required for lawful app distribution, compliant monetization operations, or legally binding regulatory processes. We do not process data for unlawful purposes.

IV. Storage and Data Security Safeguards

4.1 Storage Location

We follow a local-storage-priority principle with optional cloud backup where enabled by you. By default, information is stored on your device. If cloud backup is enabled, data is stored in compliant data centers, regionally adapted to legal requirements (for example EU data localization obligations under GDPR for EU users).

4.2 Retention Period

We retain personal information only for the reasonable period necessary for the stated purposes. After expiry, data is anonymized or deleted. You may delete data manually at any time. If you delete your account, we delete your personal information within 15 working days unless legal retention obligations apply.

4.3 Security Controls

We apply industry-standard safeguards including encrypted storage (for example AES-256), encrypted transport (HTTPS/TLS), access control, operation logging, and security audit workflows. We maintain data governance procedures, conduct regular risk assessments, and impose confidentiality obligations on personnel and service providers. Security governance references ISO27001 and ISO27701 control models and relevant app privacy practice guidance.

4.4 Data Breach Response

In the event of a personal information breach, we activate incident response immediately, implement containment and remediation, and where required by law notify affected users and regulators within required timelines (including 72-hour reporting obligations in applicable jurisdictions). We provide cause analysis, mitigation details, and prevention measures, and cooperate with regulatory investigation.

V. Personal Information Transfer and Disclosure

5.1 Transfer Scope

Transfers are limited to necessary flows among our app products, compliant servers, monetization partners, and app distribution platforms. Data transfer is encrypted and restricted to minimum necessary scope.

5.2 Disclosure Scenarios

  • Disclosure with your explicit consent (for example authorized third-party login or sharing).
  • Disclosure to compliant monetization partners and app stores only to the extent needed for monetization, listing, anti-fraud, and transaction verification.
  • Disclosure required by law, court order, law enforcement, or administrative regulators under due process.
  • Disclosure in reasonable necessity to protect rights, service order, or anti-abuse needs, such as account theft, malicious order manipulation, or fraud prevention.

5.3 Cross-Border Transfers

Where cross-border transfer applies, we follow applicable transfer frameworks and safeguards, including adequacy, standard contractual clauses, certification mechanisms, security assessment obligations, and region-specific filing requirements where applicable. We do not transfer data to unqualified destinations in violation of law.

VI. Country/Region-Specific Adaptation Clauses

6.1 European Union (GDPR adaptation)

  • Rights coverage: information, access, rectification, erasure, withdrawal, and portability.
  • DPO governance and 72-hour breach notification mechanisms where required.
  • EU user data localization and lawful transfer safeguards.
  • Cooperation with EU supervisory authorities.

6.2 United States (CCPA/CPRA + COPPA adaptation)

  • Rights to know collected/used data categories and request deletion.
  • Rights to opt out of targeted advertising where required by law.
  • Explicit "Do Not Sell or Share Personal Information" handling where applicable.
  • Strict COPPA compliance, including no personal data processing for children under 13.

6.3 China (PIPL + data flow regulations + GBT35273-2020 adaptation)

  • Explicit consent before collection, with clear purpose/scope/method notice.
  • No unrelated or excessive personal information collection.
  • User rights support: access, correction, deletion, and withdrawal.
  • Compliance audit implementation and cross-border data flow rule adherence.

6.4 Brazil (LGPD adaptation)

  • Clear consent basis and rights to access/correct/delete.
  • Security governance to prevent leakage and unauthorized disclosure.
  • Operational compliance aligned with local filing and legal obligations.

6.5 Southeast Asia (local adaptation)

  • Alignment with local filing and data compliance obligations where applicable.
  • Support for country-level policy adaptation including Thailand and Singapore requirements.
  • Regulatory cooperation and periodic compliance updates for local app operation.

6.6 Other Regions

We adapt to local privacy and data requirements globally. Where local law provides stricter protections, those stricter protections apply.

VII. Age Policy (Global Baseline + Local Supplements)

7.1 Global Baseline

  • Service is not provided to children under 13. If discovered, service is terminated and related data deleted.
  • Users aged 13-18 require guardian consent according to applicable law.
  • Content and advertising are filtered for minor protection. Violent, sexual, obscene, illegal, or otherwise age-inappropriate content is prohibited from minors' exposure.
  • Combined automated and human review controls are used for age-safety quality management.

7.2 Local Supplement Rules

If local law sets a higher age threshold (for example under 16 in certain jurisdictions), local legal thresholds and guardian consent requirements prevail.

VIII. User Privacy Rights and Operational Paths

8.1 Rights

You have the rights of information, access, correction, deletion, consent withdrawal, data portability, complaint/reporting, and lawful remedy where applicable.

8.2 Operational Paths

  • Access/correct/delete: App → My → Privacy Settings → Personal Information Management.
  • Revoke permissions: App → My → Privacy Settings → Permission Management, or revoke permissions directly through device system settings.
  • Account deletion: App → My → Account Settings → Delete Account. After successful deletion, personal data is deleted according to this policy, except where legal retention applies.
  • Complaint/report: App → My → Support Center → Privacy Complaint. We respond within 3 working days and provide an outcome within 7 working days where practicable.

IX. Policy Updates and Notification

9.1 Update Triggers

We may update this policy according to legal changes, platform policy updates, product feature changes, and regulatory requirements. Updates will not reduce our privacy obligations or lower protection standards.

9.2 Notification Method

Updates are communicated by in-app popups, push notifications, or in-app notices. Continued use after update indicates acceptance of the updated policy. If you disagree, you may stop using the app and uninstall it, and we will stop relevant processing and delete data where legally permissible.

X. Disclaimer

  • Force majeure events (for example natural disasters, network interruptions, unforeseeable infrastructure failures) may cause service or data risk. We will still take remediation actions and provide required notifications.
  • Risks caused by user-side behavior (for example leaked credentials, unauthorized third-party authorization, lost devices) are user-side responsibilities; we recommend secure account and device practices.
  • If third-party ad networks, distribution platforms, or cloud providers violate their obligations, those third parties bear corresponding liability; we will assist users and strengthen partner compliance review.
  • Lawful disclosure under legal/regulatory orders follows statutory procedures, with records retained.
  • If user-provided information is false or incomplete, resulting losses are the user's responsibility.

Contact for Privacy Matters

Team Name: devshelltech.com
Support Email: support@devshelltech.com
Contact Email: contact@devshelltech.com
Legal Service Email (as published in legal section): contact@rdevshelltech.com
Address: Hoa Lac High-Tech Park, Hanoi, Vietnam

Appendix A: Advertising and Monetization Compliance Matrix

To improve transparency, we maintain ad and monetization controls that align with store policies, partner requirements, and region-specific legal constraints. This appendix summarizes core practices.

  • Supported ad types may include splash/app-open, rewarded video, interstitial, banner, and native ad units.
  • Ad display frequency controls are configured to avoid excessive interruption and preserve core usability.
  • Ad personalization controls are enabled where legally required and technically supported by partner SDKs.
  • Minor-safe filtering, prohibited category blocking, and geographic compliance controls are applied.
  • IAP transaction states are verified through app-store receipts or equivalent platform verification mechanisms.
  • We retain partner integration inventories and review SDK policy changes on an ongoing basis.

Appendix B: Security and Access Control Baseline

  • Role-based access control and operation logging are used for internal data handling activities.
  • Credentials and secrets are managed with least-privilege principles.
  • Transport-layer encryption is enforced for applicable network communication paths.
  • Data export and deletion requests are tracked with process accountability and verification steps.
  • Regular internal checks are performed for retention-policy compliance and anomaly detection.