Privacy Policy

Last updated: March 2026

This is a courtesy translation. The Portuguese version is the legally binding document and shall prevail in case of any discrepancy.

This Privacy Policy describes how Alro Labs ("we", "our") collects, uses, stores, shares, and protects information from users ("you") of our mobile applications. This Policy applies to all applications published by Alro Labs, current and future. See the full list on our Apps page.

1. Data We Collect

1.1 Automatically collected data

  • Usage data: screens accessed, features used, time spent, frequency, and in-app interactions.
  • Device data: device model, OS version, system language, screen resolution, and anonymous device identifiers.
  • Performance data: crash reports, error logs, and performance metrics (via Firebase Crashlytics in selected apps).
  • Advertising identifiers: Google AdMob may collect your device's Advertising ID for ad personalization.

Note: Not all applications collect all data types listed. Collection depends on each app's specific features.

1.2 Locally stored data

Our applications may store data directly on your device (not transmitted to our servers):

  • Favorites, bookmarks, notes, highlights, and usage progress.
  • Personal content you create (reflections, annotations, custom affirmations).
  • App preferences (language, theme, notification settings).
  • Gamification data (scores, streaks, levels).
  • Content cache for offline access.
  • Home screen widget data.

Your personal content (notes, reflections, custom affirmations) stays exclusively on your device and is never transmitted externally.

1.3 Data you provide

  • Name and email when contacting us.
  • Feedback, suggestions, or bug reports.

1.4 Data we do NOT collect

  • Precise geolocation (GPS).
  • Contacts, photos, camera, or microphone data.
  • Payment, credit card, or financial information (processed exclusively by app stores).
  • Biometric or health data.
  • Message content or personal communications.
  • Voice recordings — text-to-speech is processed entirely on-device.

2. How We Use Data

  • Provide and maintain app functionality.
  • Improve user experience based on usage patterns and feedback.
  • Fix problems: identify and resolve bugs, crashes, and technical issues.
  • Analytics: generate anonymous, aggregated statistics.
  • Advertising: display relevant ads in free-tier apps.
  • Communication: respond to your messages and requests.
  • Legal compliance: fulfill applicable legal obligations.

3. Legal Basis for Processing

  • Contract performance: to provide services you requested.
  • Consent: for personalized ads and non-essential analytics. You may withdraw consent at any time.
  • Legitimate interests: to improve apps, ensure security, and prevent fraud.
  • Legal obligation: when required by law.

4. Third-Party Services

4.1 Analytics and performance

  • Firebase Analytics (Google): anonymous usage analysis (not used in all apps). Firebase Privacy
  • Firebase Crashlytics: crash reports in selected apps.
  • Firebase Remote Config: remote feature configuration.

4.2 Advertising

Google AdMob: ads (banners, interstitials, rewarded) in free-tier apps. Google Privacy Policy

4.3 Distribution platforms

Google Play and Apple App Store for updates, in-app purchases, and basic functionality.

4.4 Content APIs

Some apps use third-party APIs for content (texts, quotes, audio). These APIs may log access metadata (e.g., IP address) per their own policies.

4.5 Device features

Native features (text-to-speech, home screen widgets, native sharing) process data entirely on-device — nothing is sent to external servers.

5. Data Storage and Security

  • Data-in-transit encryption (HTTPS/TLS).
  • Data minimization — we collect only what is strictly necessary.
  • Local-first storage — most usage data stays on your device.

Third-party data (Firebase, AdMob) is stored on Google's servers with internationally recognized security standards.

6. International Data Transfers

  • EU/EEA: Standard Contractual Clauses (SCCs) or adequacy decisions.
  • Brazil: In accordance with LGPD Article 33.
  • South Korea: Per PIPA requirements with adequate notification.
  • India: Per DPDP Act, except to restricted countries.
  • Japan: Per APPI with adequate protection guarantees.

7. Your Rights

7.1 Universal rights

  • Access: request information about your personal data.
  • Correction: request correction of inaccurate data.
  • Deletion: request deletion of your personal data.
  • Withdraw consent: withdraw consent at any time.

7.2 LGPD — Brazil

  • Data portability, anonymization, information about sharing, review of automated decisions.
  • Complaint to ANPD (National Data Protection Authority).

7.3 GDPR — EU/EEA

  • Data portability, restriction, objection to processing.
  • Complaint to your national DPA (CNIL, BfDI, Garante, etc.).

7.4 CCPA — California, USA

  • Right to know, right to delete, right to opt-out of data "sale". Alro Labs does not sell personal data.
  • Non-discrimination for exercising rights.

7.5 APPI — Japan

  • Disclosure, correction/deletion, cessation of third-party sharing.

7.6 PIPA — South Korea

  • Access, correction, suspension of processing, deletion.
  • Complaint to PIPC (Personal Information Protection Commission).

7.7 DPDP Act — India

  • Access, correction, deletion, appointment of representative.
  • Complaint to the Data Protection Board of India.

To exercise any of these rights, contact us at alro.labs.ctt@gmail.com. Response times: 15 days (LGPD), 30 days (GDPR/PIPA/DPDP), 45 days (CCPA).

8. Children's Privacy

Our applications are not intended for children under 13 (under 14 in South Korea, under 16 in EU/EEA). We do not knowingly collect data from children below these ages. If you believe a child has provided us with personal data, contact us at alro.labs.ctt@gmail.com.

9. Cookies and Tracking

Our mobile apps do not use browser cookies. Third-party SDKs (Firebase, AdMob) may use similar technologies. You can reset your Advertising ID or opt out of personalized ads in device settings.

10. Data Retention

  • Analytics data: up to 14 months (Firebase default).
  • Crash data: up to 90 days (Firebase Crashlytics).
  • Contact data: retained until your request is resolved.
  • Local data: on your device until you uninstall or clear data.

11. Changes to This Policy

We may update this Policy periodically. Material changes will be reflected in the "Last updated" date and may include in-app notifications. Changes requiring new consent will be requested before processing.

12. Contact

For questions about this Privacy Policy or data protection:

Use subject "Data Protection — [Your Right]" for data rights requests. EU/EEA users may also file complaints with their national supervisory authority.