Privacy Policy

1. Who we are (data controller)

The data controller responsible for the processing of your personal data through QuotesWidgetApp ("the App") is:

Cedric Leger
Individual developer
Residence Azteca, Porte 11
97233 Schoelcher, Martinique, France
Email: legal@tephra-tech.fr

QuotesWidgetApp is independently developed and published by Cedric Leger. Tephra-Tech is the publishing identity used to host these legal pages and provide a contact channel.

2. Scope of this Policy

This Privacy Policy describes how we collect, use, share, and protect personal data in connection with your use of QuotesWidgetApp on Android. It does not cover:

• The Google Play Store and Google’s own data processing — see Google’s Privacy Policy.
• Other websites or services we may link to.

3. Summary of what we collect

What we do not collect: we do not collect your name, email address, phone number, precise location, contacts, photos, or device identifiers for advertising. The App contains no third-party advertising SDKs, no third-party analytics SDKs (such as Firebase Analytics, Google Analytics, Mixpanel, Amplitude), and no crash-reporting SDKs (such as Crashlytics, Sentry).

4. Data we collect, in detail

4.1 Data stored locally on your device

The following data is stored on your device using the standard Android SharedPreferences mechanism. It never leaves your device unless you explicitly back it up via Android’s system backup feature, which is controlled by you and Google:

• App settings: notification on/off, notification frequency (1h, 4h, 8h, 24h), selected anime filter, the timestamp of the next scheduled notification.
• Favorites: the identifiers of the quotes you have marked as favorite.
• Discovery state: identifiers of free-tier quotes you have already viewed and a counter, used to display your free-quote progress and to determine when to show the paywall.
• Promotional notification state: timestamps and boolean flags to avoid sending the same conversion notification more than once (e.g., 14-day inactivity reminder, 30-day anniversary, free-quote-completion reminders).
• Local cached subscription state: a copy of your current subscription tier (free or Premium), the entitlement type, expiry date, and a timestamp of the last verification, kept locally so the App can work offline. This cache is refreshed from RevenueCat when the App has network access.

4.2 Subscription data (RevenueCat)

If you open the in-App paywall or purchase a Premium subscription, the App uses the RevenueCat SDK (provided by RevenueCat, Inc., a US-based company) to manage your subscription state. RevenueCat receives:

• An anonymous user identifier generated by the RevenueCat SDK (a random ID; not linked to your name, email, or device ID by us);
• Information about your device and app version (operating system version, country, time zone, app version, SDK version), as collected by RevenueCat;
• Your subscription events (purchase, renewal, cancellation, refund) and entitlement state;
• The purchase token issued by Google Play, which RevenueCat uses to validate the purchase with Google.

We use RevenueCat solely to validate and synchronize your subscription state across reinstalls and devices. We do not use RevenueCat for advertising, profiling, or analytics. For more information, see RevenueCat’s Privacy Policy at revenuecat.com/privacy.

4.3 Payment data (Google Play Billing)

All purchases are processed by Google Play Billing. We never see your full payment-method details (credit card number, billing address). Google provides us only with the information strictly required to deliver and validate your subscription — namely, the purchase token, the product identifier, and the purchase status. Google’s processing of your payment data is governed by Google’s Privacy Policy.

4.4 Notifications permission

To deliver scheduled quote notifications, the App requests the Android POST_NOTIFICATIONS permission. This permission is used only to display local notifications generated on your device by the App. No notification content is sent to or stored on a remote server.

4.5 Network connections

The App makes outbound network connections only:

• To RevenueCat servers, when checking or refreshing your subscription state, opening the paywall, completing a purchase, or restoring purchases.
• To Google Play services, when initiating or restoring a purchase.

The App does not call any other external service. All anime images and quote text are bundled inside the App package and loaded from your device’s local storage.

5. Why we use your data

We process your data for the following purposes only:

• Providing core App functionality: showing quotes, managing favorites, scheduling local notifications, displaying the home-screen widget.
• Personalization: respecting your settings (notification frequency, anime filter).
• Selling and managing Premium subscriptions: processing purchases, tracking entitlements, restoring purchases on reinstall, ensuring you receive the features you paid for.
• Sending in-App promotional notifications related to QuotesWidgetApp itself (e.g., reminding you that you reached the free-quote limit). These are local notifications generated by the App; no marketing data is shared with third parties. You can disable them at any time from the App settings or from your device’s notification settings.
• Complying with our legal obligations (accounting, tax, fraud prevention) when applicable.
• Defending our legal rights in case of disputes.

We do not profile you for advertising, do not sell your personal data, and do not use automated decision-making with legal or significant effects on you.

6. Legal basis (GDPR)

Under the EU General Data Protection Regulation ("GDPR") and the equivalent UK GDPR, we rely on the following legal bases:

• Performance of a contract (Art. 6(1)(b) GDPR): to deliver the App functionality you requested, including processing your subscription.
• Legitimate interests (Art. 6(1)(f) GDPR): to keep the App secure, prevent abuse and fraud, and send App-related promotional notifications about features you may not yet have discovered. Our interests are balanced against your rights, and you can object at any time (see Section 10).
• Legal obligation (Art. 6(1)(c) GDPR): to comply with our accounting, tax, and consumer-protection obligations.
• Consent (Art. 6(1)(a) GDPR): for the Android notifications permission, which you can grant or revoke at any time in your device settings.

7. Sharing and service providers

We do not sell, rent, or trade your personal data. We share data only with the limited set of service providers strictly necessary to operate the App:

We may also disclose data to public authorities when we are required to do so by a binding legal request (court order, valid judicial or regulatory request) and only to the extent strictly necessary to comply.

8. International data transfers

RevenueCat is established in the United States. When the App communicates with RevenueCat, your data is transferred outside the European Economic Area. RevenueCat relies on the European Commission’s Standard Contractual Clauses (SCCs) as a safeguard for international transfers, as documented in their privacy materials.

Google operates a global infrastructure; transfers from Google Ireland Ltd to Google LLC and other Google entities are likewise governed by SCCs and other appropriate safeguards.

You can request a copy of the relevant safeguards by contacting legal@tephra-tech.fr.

9. Storage location and retention

• Local data (favorites, settings, discovery state, promotional flags, cached subscription state) is stored on your device for as long as the App is installed. Uninstalling the App deletes all local data.
• RevenueCat data is retained according to RevenueCat’s own policies, generally for as long as your subscription remains active and for a reasonable period thereafter to handle refunds, disputes, and legal obligations.
• Google Play data is retained according to Google’s policies and applicable law (including accounting requirements, typically 10 years in France for transaction records).

10. Your rights under GDPR

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights with respect to your personal data:

• Right of access — ask whether we hold data about you and obtain a copy.
• Right to rectification — ask us to correct inaccurate or incomplete data.
• Right to erasure ("right to be forgotten") — ask us to delete data we hold about you.
• Right to restriction — ask us to limit our processing of your data.
• Right to data portability — receive your data in a structured, commonly used, machine-readable format.
• Right to object — object to processing based on our legitimate interests.
• Right to withdraw consent — where processing is based on consent, you can withdraw it at any time without affecting prior lawful processing.
• Right to lodge a complaint — with your local data-protection authority. In France this is the CNIL (cnil.fr, 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07).

Because we do not require an account, the data we hold off-device about you is limited to the anonymous identifier processed by RevenueCat. For most rights requests, the most direct way to exercise them is to uninstall the App, which deletes all local data, and then contact us to ensure any RevenueCat-side data is also deleted.

11. How to exercise your rights

Send a request to legal@tephra-tech.fr with:

• The right you want to exercise;
• Your country of residence;
• If known, your RevenueCat anonymous user ID (you can find it in the App: Settings → Subscription → "About this app" if available, or we will help you locate it);
• Any information that helps us identify the records to act on (e.g., approximate purchase date and product).

We will respond within one (1) month. This period may be extended by up to two additional months for complex or numerous requests, in which case we will inform you of the extension and the reasons within one month.

We may need to verify your identity before acting on your request — for example, by asking you to confirm the request from the same email address used for any prior contact, or by asking for a piece of information only you would know.

12. California residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA"), grants you certain rights regarding personal information we may have collected about you in the past 12 months:

• Right to know what categories and specific pieces of personal information we have collected, the sources, the purposes, and the categories of third parties with whom we share it.
• Right to delete personal information we have collected, subject to legal exceptions.
• Right to correct inaccurate personal information.
• Right to opt out of "sale" or "sharing" of personal information. We do not sell or share personal information as those terms are defined under the CCPA/CPRA.
• Right to limit use of sensitive personal information. We do not collect sensitive personal information as defined under the CCPA/CPRA.
• Right to non-discrimination for exercising your CCPA/CPRA rights.

The categories of personal information we have collected over the past 12 months are limited to: identifiers (the anonymous RevenueCat user ID), commercial information (subscription purchases), and internet/device information (device and app metadata via RevenueCat). The sources and purposes are described in Section 4.

To exercise your CCPA/CPRA rights, contact legal@tephra-tech.fr. You may use an authorized agent to submit a request on your behalf, subject to our verification of the agent’s authority.

13. Children’s privacy

The App is not directed at children under 13 (or 16 in jurisdictions where this is the relevant age threshold under GDPR). We do not knowingly collect personal information from children. If you are a parent or legal guardian and believe your child has used the App, contact us at legal@tephra-tech.fr and we will take appropriate steps, including deleting any data we may have inadvertently received.

14. Security

We take reasonable technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. In particular:

• All network communications between the App and RevenueCat / Google use HTTPS (TLS).
• Local data on your device is protected by the security model of the Android operating system.
• We do not store or transmit your payment-method details ourselves; they are handled by Google Play.

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee its absolute security.

15. Account and data deletion

QuotesWidgetApp does not create user accounts. There is no username, password, or profile to delete.

To delete the personal data associated with your use of the App:

1. Uninstall the App from your Android device. This removes all locally stored data (favorites, settings, discovery state, promotional flags, cached subscription state).
2. For data held by our subscription provider RevenueCat (anonymous user ID and subscription history), email legal@tephra-tech.fr. Please indicate "Data deletion request — QuotesWidgetApp" in the subject line.
3. For data held by Google Play, please use Google’s own account-deletion and privacy controls at myaccount.google.com/data-and-privacy.

Note that some data may be retained for a limited period to comply with legal obligations (such as accounting and tax records) or to handle refund and dispute requests, as described in Section 9.

16. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in the App, in our service providers, or in applicable law. The updated version becomes effective on the "Effective date" shown at the top of this page. For material changes, we will give reasonable advance notice through the App or by another appropriate means. Continued use of the App after the effective date constitutes acceptance of the updated Policy.

17. Contact

For any question or request regarding this Privacy Policy or your personal data, contact:

Cedric Leger
Residence Azteca, Porte 11
97233 Schoelcher, Martinique, France
Email: legal@tephra-tech.fr

You also have the right to lodge a complaint with your local data-protection authority. In France: CNIL, cnil.fr.