Privacy Policy

The short version

- Your drawings stay on your device. We don't run a server. We don't see your art.
- We don't sell your data. Not to advertisers, not to data brokers, not to anyone.
- The app ships standard Google services for crash reporting, analytics, ads, and in-app purchases. Everything they collect is listed below, in detail.

Who runs this app

Kampelaz Coloring Library is operated by an independent developer based in the European Union (the "developer," "we," "us"). The developer is the data controller for any personal data described in this policy. Contact for privacy questions, data-access requests, and deletion requests: customer@kampelazstudios.com. We will respond to every request within 30 days (sooner where the law requires).

What data the app may send off your device

1. Crash reports — Firebase Crashlytics

2. Product-quality events — Firebase Analytics

What: When the app crashes or freezes, we receive a stack trace, the app version, the Android version, the device model, an anonymous Crashlytics install ID, and a small set of structured context keys (e.g., "active tool at time of crash: brush", "current puzzle kind: sudoku"). No drawings. No words you typed. No photos. No identifying information about you.

Why: So we can fix the crash. There's no other way to know the app broke without you telling us.

Sent to: Google (Firebase Crashlytics). Google's own privacy policy applies on their end: https://firebase.google.com/support/privacy

Your control: off by default; you opt in. The first time you open the app, a consent card surfaces a "Crash reporting" toggle defaulted off. You decide whether to enable it before tapping "Continue."
You can change your choice any time in Settings → Privacy. Turning it on makes collection active on the next launch (Crashlytics' standard semantics); turning it off stops collection on the next launch.

Legal basis (GDPR Art. 6): explicit consent — Art. 6(1)(a). Retention: Google retains crash reports for 90 days, then autodeletes (per Firebase's published retention policy).

3. Ad delivery — Google AdMob

What: When you're on the free tier (not subscribed to Kampelaz+), the app may show ads. To serve them, the AdMob SDK sends Google: your device's advertising ID, your approximate location (IP-derived, country-level), the device model, the slot you're seeing (gallery banner / canvas-exit interstitial / opt-in rewarded), and the consent state you provided in the consent dialog. No drawings. No purchases data. No Google account info.

Why: So that AdMob can bid on, fill, and report on the ad shown.

Sent to: Google AdMob, plus AdMob's authorised demand partners that participate in the auction for each impression. The full list of demand partners lives at . Google's privacy policy: https://policies.google.com/privacy

Your control: - Subscribe to Kampelaz+ — no ad requests will ever fire from your device. - "Manage ad consent" in Settings re-opens the regional consent form (EEA, UK, Switzerland, California users). - Reset your advertising ID at the Android system level (Settings → Privacy → Ads → Reset advertising ID).

Legal basis (GDPR Art. 6): for EEA/UK/CH users, explicit consent — Art. 6(1)(a) — collected via the IAB-TCF-certified Google UMP form. Outside regulated regions, ads serve under the operational legitimate-interest basis (Art. 6(1)(f)) with the advertising ID always resettable from Android system settings.

Retention: Ad-request telemetry is retained per AdMob's standard publisher data policy.

4. Purchases — Google Play Billing

What: When you buy a Kampelaz+ subscription, a "Remove Ads" purchase, or a tip-jar contribution, Google Play handles the transaction. The app receives a Play purchase token, the product ID purchased, and the purchase timestamp. We use these to verify your entitlement and unlock the corresponding feature.

Why: The purchases need to attach to your account so they persist across re-installs and across devices that share the same Google account.

Sent to: Google Play Billing. The app never sees your payment method, your card details, or your billing address — those are handled inside the Play Store, not by us. Google's billing privacy: https://policies.google.com/privacy

Your control: - Manage / cancel subscriptions in Google Play (Settings → Subscriptions). - Refund requests follow Google Play's standard refund policy.

Legal basis (GDPR Art. 6): contract performance — Art. 6(1)(b). The processing is required to deliver the product you bought.

5. Consent state — Google UMP

What: Your answers to the regional consent dialog (GDPR / CCPA-style) are stored locally on your device. The UMP SDK syncs your choice with Google so that subsequent ad requests from your device honour your decision.

Why: Compliance with GDPR, the ePrivacy Directive, the UK GDPR, and the California Consumer Privacy Act.

Sent to: Google (UMP).

Your control: "Manage ad consent" in Settings re-opens the form so you can change your answer.

Legal basis (GDPR Art. 6): legal obligation — Art. 6(1)(c). We're required to collect + store a consent signal for ad personalization in regulated regions

What: A bounded list of events tells us how the app is being used: app open, screen view, page opened, page completed, tool changed, puzzle solved, purchase started, purchase completed. No content, no text you typed, no photo bytes, no specific region-of-the-page identifiers. Each event carries the app version + device class + a Firebase-managed pseudonymous instance ID. No name, no email, no Google account info attaches to these events.

Why: To know which features people actually use and where they get stuck. Without this we'd be guessing.

Sent to: Google (Firebase Analytics). Same Firebase privacy policy as above.

Your control: off by default; you opt in. The first-launch consent card carries a "Usage analytics" toggle defaulted off. You decide before tapping "Continue." Settings → Privacy keeps the same toggle so you can change your mind at any time. Turning it off stops sending events immediately.

Legal basis (GDPR Art. 6): explicit consent — Art. 6(1)(a).

Retention: Firebase retains event-level data for 14 months by default; aggregated reports are retained beyond that.

Permissions the app requests

Internet access: Required for Google Play services (Crashlytics, Analytics, Billing, AdMob, UMP). Granted at install (Android does not show a dialog for this).nted at install (Android does not show a dialog for this).

Network state: Firebase Analytics uses this to batch event uploads when you're online. Granted at install.

Wake lock: Firebase Analytics needs a brief CPU wake to upload batched events. Granted at
install.

That's the complete list of permissions the app currently declares in its manifest. The Google Play permissions page on the Play Store listing will show exactly these and nothing else.

Your rights

- Right to access (GDPR Art. 15) — request a copy of the data we hold about you.
- Right to erasure / "right to be forgotten" (GDPR Art. 17) — request that we delete data we hold about you.
- Right to rectification (GDPR Art. 16) — request that inaccurate data be fixed.
- Right to data portability (GDPR Art. 20) — request your data in a machine-readable format.
- Right to restrict processing (GDPR Art. 18) — request that we temporarily stop processing while a dispute is resolved.
- Right to object (GDPR Art. 21) — object to processing based on legitimate interests.
- Right to withdraw consent (GDPR Art. 7(3)) — for the Crashlytics + Analytics + AdMob personalisation flows that are consent-based, withdraw your consent any time in Settings → Privacy or via the in-app "Manage ad consent" link. Withdrawal is as simple as the original opt-in (one tap).
- Right not to be subject to automated decision-making (GDPR Art. 22) — not applicable. We do not run automated decisioning on your data.
- Right to opt out of "sale" or "sharing" (CCPA) — we don't sell or share data, so this is already in effect by default.
- Right to lodge a complaint with a supervisory authority (GDPR Art. 77). For requests that aren't simply settings toggles in the app itself, email customer@kampelazstudios.com. We respond within 30 days. EEA users have the right to complain to their own national supervisory authority too if they prefer. UK residents: [Information Commissioner's Office](https://ico.org.uk/). Swiss residents: [FDPIC](https://www.edoeb.admin.ch/). California residents: [California Privacy Protection Agency](https://cppa.ca.gov/). Note: most of the data described in this policy never leaves your device. For data we hold (= the Firebase + AdMob + Play Billing side), we are not the data controller in the legal sense — Google is. We can help you understand which Google product holds what, but for direct access/deletion of data held by Google services, the canonical paths are: - Google Play purchase history: https://play.google.com/store/account - Google Account data: https://myaccount.google.com/ - AdMob ad personalisation: https://adssettings.google.com/

Data transfers

Firebase, AdMob, Google Play Billing, and UMP all run on Google infrastructure that spans the EU, US, and other regions. Data sent to these services may be processed outside your country of residence. Google uses Standard Contractual Clauses (SCCs) and other approved mechanisms for cross-border data transfers; see https://policies.google.com/privacy/frameworks. We don't operate any infrastructure of our own, so we don't perform any independent cross-border data transfers.

Contact

Privacy questions, data-access requests, GDPR / CCPA requests: customer@kampelazstudios.com