Privacy Policy

1. Information We Collect

We collect:

• Contact information — name, email, and message content when you contact us via the Contact page or email.
• App data — information you enter in our apps (e.g., ZenShield settings or progress data) to provide and personalize the app.
• Usage and device data — on the website: IP address and usage data to operate and secure the site. In apps: app activity, feature usage, device type, OS, and app version, as shown in each app's App Store privacy label.

We do not sell personal information. If an app does not collect personal information, we say so in the app listing.

2. How We Use Your Information

We use the information above to provide and improve our services, respond to inquiries, send important notices where needed, and comply with the law. We do not use your personal information for cross-app or cross-site advertising tracking.

3. Legal Basis for Processing (EEA/UK)

For users in the European Economic Area and the UK, we process personal information on these bases:

• Contract — to provide the service you use.
• Legitimate interests — for security, improving our services, and similar purposes, where your rights do not override them.
• Consent — where we ask for consent for specific processing; you can withdraw it at any time.
• Legal obligation — when the law requires it.

You have the rights in Section 6 (including access, correction, deletion, restriction, portability, objection, and the right to complain to a supervisory authority).

4. Data Sharing

We do not sell or rent your personal information. We share data only:

• With service providers — e.g., cloud hosting, analytics — who process data on our behalf under contracts that protect your information. We declare third-party SDKs in our apps (e.g., Apple) in App Store Connect and in-app where required.
• When the law requires it — or to protect rights, safety, or property.
• In a business transfer — if we merge, are acquired, or sell assets, your information may transfer to the new owner under this policy.

5. Data Security

We take reasonable steps to protect your personal information. No internet or storage method is 100% secure; we cannot guarantee absolute security. We encourage you to keep your devices and passwords secure.

6. Your Rights

Depending on where you live, you may have the right to access, correct, delete, restrict, or port your personal information, or to object to certain processing. We may need to verify your identity before processing certain privacy requests. To exercise these rights, contact us via the Contact page. We respond within the time required by law (typically within 30 days where applicable).

6.1 California (CCPA)

We do not sell personal information. California residents have the right to know what we collect and use, the right to delete (subject to legal exceptions), and the right to non-discrimination for exercising these rights. Contact us via the Contact page to request to know or delete. We will not discriminate against you for exercising your privacy rights.

7. Data Deletion and Retention

You can request deletion of your personal information by contacting us via the Contact page. We will process verifiable requests within about 30 days where the law requires. Data may remain in backups for a short time after deletion before it is overwritten; we do not use backup copies for active processing. We keep personal information only as long as needed for our services or the law (e.g., tax); when the law requires us to keep certain information, we will not delete it but will use it only for that purpose. For example, contact emails are generally retained for up to 12 months unless a longer retention period is required by law.

8. Cookies

Our website may use cookies to operate the site and understand usage. We do not use them to track you across other sites or apps for advertising. You can control cookies in your browser or device settings.

9. Third-Party Links

Our site or apps may link to other websites or services. We are not responsible for their privacy practices. Please check their policies before sharing your information.

10. Children's Privacy

Our services are not aimed at children under 13 (or the applicable age where you live). We do not knowingly collect personal information from children. If you think a child has given us their information, contact us and we will delete it.

11. International Transfer

We are based in Japan. If you are elsewhere, your personal information may be processed in Japan or where our providers operate. Where the law requires (e.g., for EEA/UK users), we use appropriate safeguards such as standard contractual clauses or other approved mechanisms for such transfers.

12. Updates

We may update this policy from time to time. We will post the new version here and update the Effective Date above. For important changes, we will notify you in the app, by email, or on the website where required. Please check this page periodically.

13. Contact

For privacy questions or to exercise your rights, contact us via the Contact page or at contact@flow-craft.dev. We will respond as required by applicable law.