In short: We collect only what is necessary to deliver and improve our apps. We never sell your personal data. You have full control over your information, including the right to access, correct, and delete it at any time.
1. Introduction
INNOVASFT PTE. LTD. ("INNOVASFT," "we," "us," or "our") is a company registered in Singapore. We develop and publish mobile applications available on the Apple App Store and other platforms worldwide.
This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use any of our applications ("Apps") or visit our website. It applies to all users globally, including those in regions governed by the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), Singapore's Personal Data Protection Act (PDPA), and all other applicable privacy laws in jurisdictions where our Apps are available through the Apple App Store.
By using our Apps or website, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please discontinue use of our services.
2. Data We Collect
2.1 Information You Provide Directly
- Account Information: When you create an account, we may collect your name, email address, and profile preferences.
- User Content: Any content you create, upload, or store within our Apps.
- Communications: When you contact our support team, we collect your email address and the content of your correspondence.
- Feedback & Surveys: Responses you voluntarily provide in surveys, reviews, or feedback forms.
2.2 Information Collected Automatically
- Device Information: Device model, operating system version, unique device identifiers, language settings, and time zone.
- Usage Data: App features accessed, session duration, interaction patterns, and crash logs.
- Network Information: IP address (anonymized where possible), connection type, and carrier information.
2.3 Information from Third-Party Sources
- Apple Sign In: If you choose to sign in with Apple, we receive only the information you authorize (name and/or email address). We fully support Apple's "Hide My Email" feature.
- Analytics Providers: Aggregated, de-identified usage statistics from analytics services.
2.4 Information We Do NOT Collect
We do not collect, access, or store the following unless explicitly stated for a specific App:
- Precise geolocation data
- Contacts or address book data
- Photos, camera, or microphone data (unless the App's core functionality requires it, in which case we obtain explicit permission)
- Financial or payment card information (payments are processed entirely by Apple)
- Health or biometric data
3. How We Use Your Data
We use the collected data for the following purposes:
| Purpose | Data Used |
|---|---|
| Deliver & maintain our Apps | Account info, device info, user content |
| Improve user experience | Usage data, crash logs, feedback |
| Provide customer support | Communications, account info |
| Send service notifications | Email address, push token (with consent) |
| Ensure security & prevent fraud | Device info, IP address, usage patterns |
| Comply with legal obligations | As required by applicable law |
We do not use your data for behavioral advertising, user profiling for third-party marketing, or any form of automated decision-making that produces legal effects.
4. Legal Bases for Processing
Where applicable (e.g., under GDPR), we process your personal data based on the following legal grounds:
- Contractual Necessity: To provide the services you request when using our Apps.
- Legitimate Interests: To improve our Apps, ensure security, and communicate service updates — balanced against your rights and freedoms.
- Consent: For optional data processing such as analytics, marketing communications, and push notifications. You may withdraw consent at any time.
- Legal Obligation: To comply with applicable laws, regulations, or court orders.
5. Data Sharing & Disclosure
We do not sell, rent, or trade your personal data to third parties.
We may share your data only in the following limited circumstances:
- Service Providers: Trusted vendors who assist us in operating our Apps (e.g., cloud hosting, analytics, crash reporting). These providers are contractually obligated to protect your data and process it only on our behalf.
- Legal Requirements: When required by law, subpoena, or governmental request, or to protect the rights, property, or safety of INNOVASFT, our users, or the public.
- Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction. We will notify you before your data becomes subject to a different privacy policy.
6. Third-Party Services
Our Apps may integrate the following categories of third-party services. Each specific App's listing on the App Store discloses exactly which services it uses.
| Category | Purpose | Data Shared |
|---|---|---|
| Cloud Infrastructure | Data storage & sync | Encrypted user content |
| Analytics | App improvement | De-identified usage data |
| Crash Reporting | Stability monitoring | Device info, crash logs |
| Push Notifications | Service notifications | Device push token |
We carefully vet all third-party providers for their privacy practices and require them to meet standards consistent with this policy.
7. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes described in this policy. Specific retention periods are as follows:
| Data Type | Retention Period | After Expiry |
|---|---|---|
| Account data | Duration of account + 30 days | Permanently deleted |
| User-generated content | Duration of account + 30 days | Permanently deleted |
| Usage & analytics data | 24 months (aggregated) | Anonymized or deleted |
| Crash logs | 12 months | Automatically purged |
| Support correspondence | 36 months from last contact | Permanently deleted |
| Legal & compliance records | As required by law (typically 5–7 years) | Securely destroyed |
When data is no longer needed, it is either irreversibly anonymized or securely deleted using industry-standard methods.
8. Data Security
We implement appropriate technical and organizational measures to protect your data, including:
- Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher.
- Encryption at Rest: Sensitive personal data stored on our servers is encrypted using AES-256.
- Access Controls: Strict role-based access — only authorized personnel with a legitimate need can access personal data.
- Infrastructure Security: Our servers are hosted on industry-leading cloud platforms with SOC 2 Type II certification.
- Regular Audits: We conduct periodic security assessments and vulnerability testing.
- Incident Response: We maintain an incident response plan and will notify affected users and relevant authorities of any data breach within the timeframes required by applicable law (e.g., 72 hours under GDPR).
While we take extensive precautions, no method of electronic transmission or storage is 100% secure. We encourage you to use strong, unique passwords and keep your device software up to date.
9. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate or incomplete data.
- Erasure: Request deletion of your personal data ("right to be forgotten").
- Portability: Request your data in a structured, machine-readable format.
- Restriction: Request that we limit the processing of your data.
- Objection: Object to processing based on legitimate interests.
- Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
- Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
How to exercise your rights: Send an email to [email protected] with the subject line "Privacy Request." We will verify your identity and respond within 30 days (or sooner if required by your local law). There is no fee for reasonable requests.
10. International Data Transfers
As our Apps are available worldwide, your data may be transferred to and processed in countries other than your own, including Singapore (where INNOVASFT is headquartered).
When transferring data internationally, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission for transfers from the EEA.
- Adequacy decisions where the destination country has been recognized as providing adequate data protection.
- Binding contractual commitments with our service providers requiring equivalent levels of protection.
11. Children's Privacy
Our Apps are not directed at children under the age of 13 (or equivalent minimum age in your jurisdiction, such as 16 in certain EU member states). We do not knowingly collect personal data from children.
If we discover that we have inadvertently collected data from a child, we will promptly delete it. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at [email protected] and we will take immediate action.
For Apps that are specifically designed for use by children or families, additional safeguards and disclosures will be provided within the App and its App Store listing, in compliance with the Children's Online Privacy Protection Act (COPPA), GDPR-K, and Apple's guidelines for Kids Category apps.
12. Account & Data Deletion
In accordance with Apple App Store guidelines and applicable data protection laws, you have the right to delete your account and all associated data. You can do this through:
- In-App: Navigate to Settings → Account → Delete Account within the App.
- By Email: Send a request to [email protected] with the subject line "Account Deletion Request."
Upon receiving a deletion request:
- We will verify your identity to protect against unauthorized deletions.
- Your account and all associated personal data will be permanently deleted within 30 days.
- Certain data may be retained for a limited period if required by law (e.g., financial records, fraud prevention). Such data will be securely isolated and deleted at the earliest lawful opportunity.
- Data that has been irreversibly anonymized and aggregated may be retained for analytical purposes, as it can no longer be linked to you.
Please note: Account deletion is permanent and cannot be undone. We recommend exporting any data you wish to keep before initiating a deletion request.
13. Region-Specific Disclosures
13.1 European Economic Area, United Kingdom & Switzerland (GDPR / UK GDPR)
If you are located in the EEA, UK, or Switzerland:
- The data controller is INNOVASFT PTE. LTD., contactable at [email protected].
- You have the right to lodge a complaint with your local supervisory authority (e.g., the ICO in the UK, CNIL in France, or the relevant Data Protection Authority in your country).
- We rely on Standard Contractual Clauses for transfers outside the EEA/UK.
13.2 United States — California (CCPA / CPRA)
If you are a California resident:
- Right to Know: You may request details about the categories and specific pieces of personal information we have collected.
- Right to Delete: You may request deletion of your personal information.
- Right to Opt-Out: We do not sell or share your personal information for cross-context behavioral advertising.
- Right to Non-Discrimination: We will not deny services, charge different prices, or provide a different level of quality based on your exercise of privacy rights.
- To submit a request, email [email protected] or use the in-app privacy settings.
13.3 United States — Other State Privacy Laws
We also comply with privacy laws in Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and other U.S. states with applicable consumer privacy legislation. Residents of these states have similar rights as described in Section 9 and may exercise them by contacting us.
13.4 Singapore (PDPA)
Under the Personal Data Protection Act 2012 of Singapore:
- We collect, use, and disclose personal data only for purposes that a reasonable person would consider appropriate in the circumstances.
- You may withdraw consent, request access to, or request correction of your personal data.
- Complaints may be directed to the Personal Data Protection Commission (PDPC).
13.5 Japan (APPI)
For users in Japan, we handle personal information in compliance with the Act on the Protection of Personal Information. We will not provide personal data to third parties without your consent, except as permitted by law. You may request disclosure, correction, or deletion of your personal data.
13.6 South Korea (PIPA)
For users in South Korea, we comply with the Personal Information Protection Act. We notify you of the purpose, items, retention period, and third-party sharing of personal information. You have the right to request access, correction, deletion, and suspension of processing.
13.7 Australia (Privacy Act 1988)
For users in Australia, we comply with the Australian Privacy Principles (APPs). You may access and correct your personal information, and lodge complaints with the Office of the Australian Information Commissioner (OAIC).
13.8 Brazil (LGPD)
For users in Brazil, we process personal data in accordance with the Lei Geral de Proteção de Dados. You have the right to confirmation of processing, access, correction, anonymization, portability, deletion, and information about shared data. You may contact the Autoridade Nacional de Proteção de Dados (ANPD) with complaints.
13.9 Canada (PIPEDA)
For users in Canada, we comply with the Personal Information Protection and Electronic Documents Act. We collect personal information only for identified purposes with your knowledge and consent. You may challenge our compliance by contacting the Privacy Commissioner of Canada.
13.10 Other Jurisdictions
For users in any other jurisdiction where our Apps are available, we comply with all applicable local data protection and privacy laws. If your local law provides additional rights beyond those described in this policy, those rights are hereby incorporated. Please contact us for jurisdiction-specific inquiries.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:
- We will update the "Last Updated" date at the top of this page.
- For significant changes, we will provide prominent notice through our Apps (e.g., in-app notification or pop-up) or by email.
- Where required by law, we will obtain your consent before applying material changes to existing data.
We encourage you to review this policy periodically. Your continued use of our Apps after changes are posted constitutes acceptance of the updated policy.
15. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out to us:
We aim to respond to all inquiries within 5 business days. For formal privacy rights requests, we will respond within the timeframes required by your applicable local law (typically 30 days).