Privacy Policy

1. Who we are

iMobileMaster ("the App", "we", "us") is a mobile learning application for Indian languages, available on the Apple App Store and Google Play Store. The App and this website are operated by iMobileMaster, located in the State of Ohio, United States.

For privacy questions, contact us at namahaclouds@gmail.com.

2. What we collect

We collect only aggregate, anonymous usage events — counts of activities across all users combined, with no individual identification. Specifically:

• Event name — e.g., "chapter_opened", "lesson_completed", "game_played", "screen_view"
• Event properties — e.g., chapter ID, lesson type, game ID (never user-identifying)
• Duration on screen, in milliseconds, averaged across the user base
• Platform — iOS or Android, app version number

Each event is sent to our server as a count and immediately aggregated. We do not attach any user identifier, device identifier, advertising ID, IP address, precise or coarse location, or any other identifier to the event before processing or storage.

3. What we do not collect

To be explicit, we do not collect any of the following:

• Names, email addresses, phone numbers, or contact information (unless you choose to email us)
• Precise location (GPS) or coarse location (IP-based)
• Advertising identifiers — IDFA on iOS, AAID on Android — we do not request these
• Device identifiers — device model + OS combinations are not used to identify or fingerprint your device
• IP addresses — our server does not log or persist them with event data
• Photos, videos, microphone audio, or any device sensor data
• Contact lists, calendar, call logs, or any other system-level data
• Account credentials, biometric data, or login information from other services
• Browsing history or behavior outside the App
• Any data from third-party tracking SDKs — we do not integrate any (no Facebook SDK, no Google Analytics, no advertising SDKs, no analytics SDKs other than our own first-party aggregate counter)

4. Legal basis for processing

Where applicable law requires us to identify a legal basis for processing data, our basis for collecting aggregate usage events is our legitimate interest in understanding which parts of the App are used so we can improve the product. Because the data is fully aggregated and cannot identify any individual, the privacy impact to any user is zero.

5. In-app purchases

When you buy a book inside the App, the purchase is processed entirely by Apple (App Store) or Google (Play Store). Those platforms tell us only whether the purchase was successful — we never see your payment card details, billing address, or account information. Your purchases stay tied to your Apple ID or Google account; we do not maintain our own copy.

Refund decisions are handled by Apple or Google under their respective policies. See Terms of Service §6 for the refund process.

6. How long we keep data

Aggregate event counts are stored for up to 30 days for app-quality analysis. After that, they are automatically deleted via our CloudWatch Logs retention policy. We have no per-user records to delete because we never collect them.

If you email us, we keep the email thread until the conversation is resolved, then delete it within 12 months unless you request otherwise.

7. Where data is stored

Aggregate event counts are stored on Amazon Web Services (AWS) infrastructure in the United States, specifically in AWS CloudWatch Logs. AWS is a SOC 2 Type II, ISO 27001, and PCI DSS-certified provider. Because the data contains no personal information, the geographic storage location has no impact on your privacy.

8. Third-party processors

We use the following service providers to operate the App and website:

• Amazon Web Services (AWS) — Hosts the website (S3, CloudFront), the version-check endpoint, the in-app feedback endpoint, and the aggregate telemetry endpoint. AWS does not access the aggregate data and is bound by their standard data processing terms.
• Apple (App Store) — Distributes the iOS app and processes iOS in-app purchases.
• Google (Play Store) — Distributes the Android app and processes Android in-app purchases.

We do not use any advertising networks, analytics services (Firebase, Google Analytics, Mixpanel, Amplitude, etc.), CRM platforms, or third-party tracking pixels. Our aggregate telemetry is a first-party endpoint we built ourselves.

9. Security measures

Even though the aggregate data we collect is not sensitive, we apply the following safeguards:

• All communication between the App and our server uses HTTPS / TLS 1.2 or higher.
• AWS infrastructure is configured with least-privilege IAM roles.
• Our server endpoint enforces rate limiting to prevent abuse.
• The telemetry Lambda function is stateless — it writes to CloudWatch and discards.
• We do not store any personally identifying information, so there is no PII to protect.

10. Children and family use (COPPA, GDPR-K, DPDP Act)

iMobileMaster is designed for children to use. We chose the aggregate-only, zero-PII model specifically so that the App can be safely used by children under the world's strictest child-privacy regulations.

10.1 COPPA (United States, under 13)

Under the Children's Online Privacy Protection Act, an operator may not knowingly collect "personal information" from children under 13 without verifiable parental consent. iMobileMaster does not collect personal information from anyone — including children — so no parental consent flow is required. There are no profiles, no chat, no social features, no behavioral advertising, and no third-party tracking.

10.2 GDPR-K (European Union, under 16 / age varies by Member State)

Under the General Data Protection Regulation, processing personal data of children under 16 (or under 13-16 depending on Member State law) requires parental consent. iMobileMaster does not process personal data of any user, including children, so no parental consent mechanism is required.

10.3 DPDP Act (India, under 18)

Under India's Digital Personal Data Protection Act, processing personal data of children under 18 requires verifiable parental consent. iMobileMaster does not process personal data of any user, so no parental consent mechanism is required.

10.4 No advertising, no profiles, no social features

iMobileMaster contains no advertising of any kind (no banner ads, no interstitials, no rewarded video, no sponsored content), no user profiles that can be shared publicly, no chat or messaging features, and no user-generated content. Children cannot communicate with strangers through the App.

11. Regional rights (GDPR, CCPA, DPDP)

Many jurisdictions grant their residents specific privacy rights — for example, the right to access, correct, delete, or port their personal data, and the right to opt out of sale or sharing.

Because we do not collect personal data, these rights have no data to operate on. There is nothing for us to access, correct, delete, or transfer. If you've sent us an email and want us to delete the thread, write to namahaclouds@gmail.com and we will.

Specifically:

• EU / UK (GDPR) — Articles 15-22 rights (access, rectification, erasure, restriction, portability, objection): no personal data is held, so no action required.
• California (CCPA / CPRA) — Right to know, delete, correct, opt out of sale/sharing: we collect no personal information and do not sell or share data.
• India (DPDP Act) — Data Principal rights (access, correction, erasure, grievance redressal): no personal data is processed.
• Other states / countries — equivalent rights apply, with the same outcome: no PII to operate on.

12. International transfers

The aggregate data we collect is stored on AWS infrastructure in the United States. Because no personal data is collected, international data transfer protections (Standard Contractual Clauses, adequacy decisions, etc.) are not engaged. If you access the App from outside the United States, you understand and agree that the anonymous aggregate event counts will be processed in the United States.

13. Changes to this policy

We may update this Privacy Policy from time to time. If we change what data we collect or how we use it, we will:

• Update the "Last updated" date at the top of this page.
• If the change is material (for example, adding a new type of data collection or sharing data with a new service provider), we will surface an in-app notice the next time you open the App, before the change takes effect.
• Material changes will not be applied retroactively to data collected before the change.

14. Contact

If you have questions about this Privacy Policy, our data practices, or you'd like to make a request related to your privacy, write to namahaclouds@gmail.com. We read everything and respond within 14 days.

For unresolved privacy concerns, you may also contact your local data protection authority — for example, the U.S. Federal Trade Commission, the EU national supervisory authority for your country, or India's Data Protection Board.