Controller: Flame Apps (“we”, “us”)
Email: info@flameappsdevelopment.com
Address: Flame Apps, Postfach 53 04, 97003 Würzburg, Germany
Effective date: 19 August 2025
This Privacy Policy explains how we collect, use, share, and protect information when you use the Meditation App (the “App”) and our related sites or help pages (the “Sites”). It is designed to satisfy legal requirements of the EU/EEA & UK (GDPR and ePrivacy), Switzerland (nFADP), and applicable U.S. state privacy laws (including California CPRA/CPRA Regulations, Colorado, Connecticut, Virginia, Utah, Oregon, Texas, and others that take effect during 2025). It also satisfies Google Play requirements including Data safety, account/data deletion, and consent/CMP rules for EEA/UK/CH. (Google Help, GDPR.eu)
Important: We do not use your meditation content (e.g., notes/journals, moods, goals, session selections, or wellbeing inputs) for targeted advertising, profiling for ads, or “sale”/“sharing” under U.S. state laws. Ads are based on your consented ad signals (e.g., mobile ad ID) or are contextual only.
If you consent (where required) or choose to view ads, our advertising/mediation SDKs may collect:
Identifiers & device info: Advertising ID (AAID/IDFA), app instance ID, IP address, user-agent, device model, OS version, language, network, coarse location derived from IP.
Ad interaction data: Ad requests, impressions, clicks, viewability, frequency capping, crash/diagnostic logs related to ad delivery.
Consent data: Your choices from our Google-certified CMP (IAB TCF v2.2) for EEA/UK/CH. (Google for Developers, Google Help)
See Section 10 for our Ad Technology Partners and their privacy notices.
We may collect anonymized, aggregated telemetry (e.g., session start, session duration, feature usage, crash logs) for app stability and quality. Where such telemetry is collected by platform services (e.g., Google Play services or our ad SDKs), we disclose this in the Google Play Data safety section and here. (Google for Developers)
If you email support, we process your email address, message content, and any attachments strictly to respond to you.
Some features are opt-in and disabled by default. If you enable them, additional data may be processed as described on the consent screen for that feature:
Microphone/voice assistant (for guided interaction): real-time audio processed on-device by default. If any cloud processing is offered later, we will show a separate notice and obtain consent.
Camera/posture guidance: images/video processed on-device to detect posture only; we do not store or upload media unless you explicitly save or share it.
Wellbeing inputs & journaling: notes, moods, tags stored on-device by default. If you opt in to sync/backup, we’ll identify the storage provider and the transfer safeguards in-app before activating.
Wearables/health integrations: if you connect a device or service, we process only the signals you permit and never use them for ads.
Special category/sensitive data (e.g., health/wellbeing) is processed only if you knowingly provide it and only for the feature you chose, based on your explicit consent (EU/UK/CH) or opt-in (certain U.S. states). We do not use such data for targeted advertising or “sale/share.” (Google Help, whitecase.com)
Serve ads / monetize the App (personalized or non-personalized, depending on your choices) — Consent (GDPR/ePrivacy in EEA/UK/CH via certified CMP); Opt-out rights in applicable U.S. states. (Google Help, GDPR.eu)
Measure ad performance & prevent fraud/abuse — Legitimate interests (security/anti-fraud), consent where required.
Provide core App functionality, stability & security — Legitimate interests and/or contract.
Support — Contract (respond to your request) and legitimate interests (quality assurance).
Optional wellbeing features — Explicit consent (EU/UK/CH) or opt-in (U.S. states) for any sensitive data. (dlapiperdataprotection.com)
You can withdraw consent at any time in the Consent or Privacy screen in the App, or via our web preferences (see Section 9).
We use a Google-certified CMP integrated with IAB TCF v2.2. You can Accept, Reject, or Customize purposes and vendors. Without consent, we serve non-personalized (contextual) ads or restrict ad serving where required. Switzerland is included per Google’s CMP policy. (Google Help)
For residents of California and many other states, you may opt out of:
“Sale” or “Sharing” of personal information (including cross-context behavioral advertising), and
Targeted advertising and certain profiling.
We honor browser/OS opt-out preference signals like Global Privacy Control (GPC) and Colorado UOOM where required. You can also use the in-App Privacy screen to manage these choices. (European Data Protection Board, Duane Morris, Colorado Attorney General)
We do not use your meditation content or wellbeing inputs for ads personalization.
This App is not directed to children under 13 and is intended for general audiences 13+. We apply child-directed flags and disable interest-based ads if we ever identify child-directed traffic (e.g., COPPA tags / AdMob settings). If your target audience includes children, only contextual ads are shown and we use Families-compliant SDK settings. (Google Help, Google for Developers)
We share limited data with ad technology partners (SDKs, exchanges, mediation) to serve ads, measure performance, enforce frequency caps, and prevent fraud—only according to your choices and the CMP signals where applicable. See Section 10 for partners and links to their privacy notices.
We do not sell your personal information for money. In certain U.S. states, disclosures for cross-context behavioral advertising can be deemed a “share”; you can opt out (see Section 3B).
We may also share data with service providers (e.g., crash logging, content delivery) under contracts that prohibit using your data for their own purposes.
Where partners or processors are outside the EEA/UK/CH, we rely on appropriate safeguards, including EU Standard Contractual Clauses (SCCs) and, where applicable, the UK IDTA or UK Addendum to the SCCs. (service.betterregulation.com, twobirds.com)
Ad & telemetry data: kept only as long as necessary for the purposes described (typically short windows defined by partners’ policies).
Support emails: retained while your request is open and for a reasonable period to establish or defend legal claims.
Optional wellbeing data (on device): remains on your device until you delete it or uninstall the App. If you enable cloud sync later, you’ll see specific retention and deletion options in-app.
We implement appropriate technical and organizational measures to protect data against unauthorized access, alteration, disclosure, or destruction. No system is 100% secure, but we continually improve controls.
You have the right to access, rectify, erase, restrict, object, portability, and (where processing is based on consent) withdraw consent at any time. You also have the right to lodge a complaint with your data-protection authority. For Bavaria (our location): Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Promenade 18, 91522 Ansbach, Germany (online forms available). (Google Help, lda.bayern.de)
Depending on your state, you may have rights to access/copy, correct, delete, port, and opt out of targeted advertising, “sale,” and certain profiling. Some states require an appeal process if we deny a request; you can appeal by replying to our decision email and we will review. We also honor recognized opt-out signals (e.g., GPC, Colorado UOOM). (osano.com, Duane Morris)
To exercise any rights, use the Privacy/Consent controls in the App, use our web form ([link below]), or email info@flameappsdevelopment.com.
If the App ever offers account creation, you will have:
An in-app path to delete your account and associated data, and
A web link you can use even if you’ve uninstalled the App: [DELETE ACCOUNT URL — replace with your live page].
We will delete associated data unless retention is required by law (e.g., fraud prevention). This satisfies Google Play’s account deletion requirement and Data safety disclosures. (Google Help, androidpolice.com)
We monetize with ads through the following partners (including mediation/exchange). Please review their notices to learn how they process data and how to opt out:
Google AdMob — Data & SDK disclosures + EU consent requirements. (Google for Developers, Google Help)
Meta Audience Network — Data processing options/limited data use. (developers.facebook.com)
InMobi Exchange (via AdMob Open Bidding) — Privacy & compliance resources. (support.inmobi.com)
Liftoff Monetize (Vungle) — Privacy Policy / SDK privacy controls. (Liftoff, support.vungle.com)
AppLovin (MAX) — Privacy Policy and publisher policies. (AppLovin)
OneTag Exchange — Platform privacy policy/center. (onetag.com)
We may update this list as we add or remove SDKs; the in-app CMP vendor list (EEA/UK/CH) will always reflect the current vendors shown to you at consent time. (Google Help)
We do not respond to legacy Do Not Track headers, but we honor Global Privacy Control and other recognized opt-out signals where required by law (e.g., Colorado UOOM). (European Data Protection Board, Colorado Attorney General)
We will update this Policy as our App or laws evolve. We will post updates in-app and on the Sites. If changes materially affect your rights, we will provide prominent notice and, where legally required, obtain consent again.
Controller: Flame Apps
Email: info@flameappsdevelopment.com
Mail: Flame Apps, Postfach 53 04, 97003 Würzburg, Germany
Supervisory authority (Germany/Bavaria private sector): BayLDA, Promenade 18, 91522 Ansbach, Germany, online complaint forms available. (lda.bayern.de)
Category
Examples
Purpose
Legal basis
Typical retention
Recipients
Device/Ad IDs & network
AAID, IP, UA, OS
Serve ads, cap frequency, measure, fraud prevention
Consent (EEA/UK/CH ads); legitimate interests (security); opt-out in U.S.
As short as partners permit
Ad tech partners (Sec. 10)
Ad events
request, impression, click
Monetization, reporting
Consent (where required)
Short windows (per partner)
Ad tech partners
Telemetry
crashes, session length
App quality, debugging
Legitimate interests
Short operational windows
Service providers
Support data
email, message
Respond to you
Contract/legitimate interests
Until resolved + legal hold if needed
Email provider
Optional wellbeing
notes, moods, posture hints
Feature you enabled
Explicit consent / opt-in
On-device until you delete; cloud per feature notice
Only if you enable sync provider