Legal

Privacy Policy

Effective Date: 2026

This Privacy Policy explains how DevVisionLab handles website inquiries, app monetization data flows, subscription-related metadata, compliance requests, and local-first product experiences across our mobile app portfolio.

Core Principle

Local-first, privacy-first design

Main Contact

contact@devvisionlab.com

Region

EU / US / Global operations

1. Scope and Applicability
2. Data Collection
3. Third-Party Data Sharing
4. Global Regional Legal Declarations
5. Auto-Renewal Subscription Transparency
6. AI Generated Content Declaration
7. Data Retention
8. Security Measures
9. Children's Privacy
10. User Rights and Requests
11. International Processing and Transfers
12. Policy Updates
13. Contact Information

1. Scope and Applicability

This Privacy Policy applies to DevVisionLab-operated websites, mobile applications, subscription flows, advertising-supported app experiences, and related support or compliance communications, unless a product-specific notice states otherwise.

The exact data footprint may differ by app, feature, device platform, monetization model, and jurisdiction.

2. Data Collection

DevVisionLab develops mobile applications with a privacy-first architecture. Depending on the app feature set, platform requirements, and monetization model, we may collect or process the following categories of data:

1.1 Device Fingerprints and Advertising Identifiers

Identifiers may include IDFA (iOS), GAID (Google Android Advertising ID), OAID (Open Anonymous Device Identifier), IP address-derived coarse location, app instance ID, SDK-generated session IDs, and anti-fraud device hashes.
These identifiers are used for ad delivery, ad frequency control, attribution, anti-fraud, and measurement of IAA campaigns.
Where required by law, consent is collected before enabling personalized ads or identifier access.

1.2 Network and Diagnostics Data

Network type, region-level locale, app version, crash logs, error traces, and performance telemetry may be processed to maintain security, stability, and service quality.
Diagnostics are used for debugging, abuse prevention, and compatibility optimization across devices and OS versions.

1.3 Behavioral Data for IAA Monetization

For advertising-supported experiences, SDKs may process event-level data such as ad impression, ad click, rewarded completion, and basic engagement context.
Behavioral signals are used for ad relevance, capping, attribution, and fraud detection.

1.4 Financial and Transaction Data for IAP

For in-app purchases and subscriptions, we may receive transaction status metadata from platform payment providers (for example receipt validity, subscription state, product SKU, currency, and renewal status).
We do not directly store full card numbers. Payment processing is handled by authorized platform providers.

1.5 Support, Contact, and Compliance Request Data

If you contact us by email or through our website forms, we may process your name, email address, organization name, inquiry subject, message content, and any materials you voluntarily provide.
These records are used to answer support requests, resolve disputes, document compliance handling, and improve customer experience.

1.6 Local-First Product Data

Many DevVisionLab apps are built so that primary user content such as notes, habits, journals, personal metrics, categories, and encrypted files remain stored locally on the user's device.
Where data stays exclusively on-device, DevVisionLab does not receive or centrally host that content unless you deliberately export, share, or transmit it to us for support or legal review.

To provide core business functions, certain data may be processed by vetted third parties under contractual controls.

2.1 Ad Mediation and Monetization Partners

AppLovin MAX
Google AdMob
Unity LevelPlay

These partners may process advertising identifiers, contextual app signals, and ad interaction data to serve and measure ads.

2.2 Attribution and Measurement (MMP) Partners

AppsFlyer
Adjust
Singular

These services may process campaign, install, and post-install events for attribution, anti-fraud, and performance analysis.

2.3 Payment and Commerce Providers

Apple Inc. (App Store in-app purchase and subscription billing)
Google LLC (Google Play billing services)

Billing providers process payment transactions and provide limited order/subscription metadata back to the app ecosystem.

2.4 Legal, Security, and Compliance Disclosures

We may disclose information where reasonably necessary to comply with law, enforce platform rules, prevent fraud, protect our users, respond to valid legal requests, or defend legal claims.
Where legally permitted, we seek to limit disclosures to the minimum data required for the stated purpose.

2.5 No Sale of Personal Data by Default Design

DevVisionLab does not build business operations around selling raw user-created local content.
Where a jurisdiction interprets certain ad-tech disclosures as a "sale" or "sharing" under local law, we provide applicable rights and opt-out handling in accordance with that law.

4. Global Regional Legal Declarations

DevVisionLab supports a global user base. We implement compliance controls based on user location and applicable law.

3.1 European Union and United Kingdom

GDPR and UK-GDPR legal bases, transparency notices, and data subject rights support.
DSA transparency obligations for ad disclosure and complaint channels, where applicable.
Users may request access, correction, deletion, restriction, or objection as required by law.

3.2 United States

CCPA/CPRA-aligned rights for California users, including right to know, delete, and correct.
Regional state-level frameworks may include Virginia (VCDPA), Colorado, Texas, Washington and other enacted privacy statutes.
Where applicable, users may opt out of certain targeted advertising or profiling activities.

3.3 Brazil

LGPD compliance processes are implemented for lawful processing, user requests, and cross-border safeguards.

3.4 China

PIPL-oriented transparency, purpose limitation, and consent handling are applied where China-region data processing is involved.

3.5 India

DPDP Act principles are reflected in notice design, consent preference handling, and grievance workflows.

3.6 Saudi Arabia

PDPL requirements are considered for lawful basis, minimization, and governance controls where applicable.

3.7 Canada

PIPEDA-aligned practices are used for transparency, accountability, and user-request workflows.

3.8 Japan

APPI-compatible practices are used for notice, purpose use boundaries, and international transfer safeguards where required.

Where multiple legal frameworks apply at once, DevVisionLab may adopt the stricter requirement set as an operational baseline, especially for transparency, consent capture, deletion workflows, and anti-fraud governance.

5. Auto-Renewal Subscription Transparency

Subscription products may renew automatically unless canceled before the end of the current billing period.
Billing frequency, trial terms, renewal price, and cancellation pathways are presented prior to purchase.
Users can manage or cancel subscriptions through Apple App Store or Google Play account settings.
Refund handling follows applicable platform rules and local legal obligations.

Where required by consumer protection law, we aim to present renewal terms in a clear, conspicuous, and pre-purchase format, including renewal cadence, trial conversion timing, and any materially different renewal pricing.

6. AI Generated Content Declaration

Some app features may use AI-assisted generation or AI-assisted suggestion logic.
AI outputs may be probabilistic and can contain inaccuracies; users should independently verify critical content.
AI-generated outputs do not automatically represent professional, medical, legal, tax, or financial advice.
Where model services are used, only necessary data is processed and governed by contractual and compliance controls.

7. Data Retention

We retain data only for as long as necessary for the purposes described in this Policy, including legal compliance, fraud prevention, billing verification, dispute handling, and service integrity.
App content that remains solely on your device is primarily controlled by you and may persist until you delete the app, delete local content, or remove device backups.
Support emails, compliance requests, and abuse investigation records may be retained for a reasonable period to document resolution, enforce rights, and respond to repeat issues.
Advertising and attribution partners may retain data under their own retention schedules, subject to their contracts, policies, and applicable law.

8. Security Measures

We implement technical and organizational safeguards appropriate to the nature of the processing, including access limitation, vendor review, encrypted local storage patterns where supported, and fraud monitoring.
No system can be guaranteed to be completely secure, but we design products to minimize central exposure by preferring local-device storage whenever practical.
If a security incident materially affects personal data under our control, we will respond in accordance with applicable breach-notification obligations.

9. Children's Privacy

DevVisionLab services are not intentionally directed to children where collection, advertising, or subscription handling would require special legal treatment without verified parental authorization.
If we learn that personal data has been collected from a child in violation of applicable law, we will take reasonable steps to delete or de-identify the data and restrict further processing.
Parents or guardians who believe a child has provided personal data may contact us for review and assistance.

10. User Rights and Requests

Depending on your jurisdiction, you may have rights relating to your personal data, including:

Right to know or access the categories and sources of data processed.
Right to request correction of inaccurate data.
Right to request deletion, subject to legal or security exceptions.
Right to object to or restrict certain processing in specific circumstances.
Right to withdraw consent where processing relies on consent.
Right to opt out of certain targeted advertising or data-sharing frameworks where required by regional law.
Right to appeal or lodge a complaint with a competent regulator where applicable.

To exercise these rights, contact us using the email details listed below. We may request enough information to verify identity and prevent unauthorized disclosure.

11. International Processing and Transfers

DevVisionLab operates internationally and may rely on vendors, platforms, and support workflows that involve processing across multiple jurisdictions.
Where cross-border transfers occur, we seek to apply lawful transfer mechanisms, supplementary safeguards, contractual controls, and minimization practices required by applicable law.
Data localization or residency requirements may apply in certain markets, and we may adapt product behavior, vendor configuration, or legal workflows accordingly.

12. Policy Updates

We may update this Privacy Policy to reflect legal changes, platform policy updates, new product features, vendor changes, or security and compliance improvements.
When changes are material, we may provide notice through the website, in-app messaging, or other reasonable communication channels.
Your continued use of the relevant services after the updated Policy becomes effective may constitute acknowledgment of the revised terms, subject to mandatory law.

13. Contact Information

For privacy requests, legal notices, or compliance inquiries:

Email: contact@devvisionlab.com
Support: support@devvisionlab.com
Address: Hoa Lac Hi-Tech Park, Hanoi, Vietnam