This Privacy Policy explains how Ulucado (individual developer based in U.S) ("we," "us," "our") collects, uses, discloses, and protects information when you use our mobile applications published on the Apple App Store and Google Play (the "Apps") and our website (the "Website"). The Apps and Website are collectively the "Services."

By using the Services, you agree to the practices described in this Privacy Policy.

1) Who we are (Controller / Business)

We are an individual app developer located in U.S. For purposes of applicable data protection laws, we are the data controller (GDPR) and the business (CCPA/CPRA) for personal information processed through the Services.

Privacy Contact

• Email: southaaicoo@gmail.com
• Web contact form: https://ulucado.com/contact/

2) Information we collect

We collect information in three main ways: (A) information you provide, (B) information collected automatically, and (C) information collected by third parties we use (e.g., analytics, ads, sign-in, app stores).

A) Information you provide to us

Account and login information

• Email address (including emails associated with Google Sign-In and Apple Sign-In; Apple may provide a relay email depending on your Apple settings).
• Depending on the sign-in method and your settings, we may also receive basic profile information such as name and profile photo (if provided by the identity provider).

User content (photos/pictures)

• Some Apps allow you to capture or upload pictures using your device camera or photo library.
• Where required for the App to function, we upload and store pictures temporarily using a third-party storage provider under our control (Cloudflare R2) (see Section 8).

Support communications

• If you contact us, we may collect information you include in your message (e.g., your email address and the content of your request).

B) Information collected automatically

Device and usage data

• Device type/model, operating system, app version, language, time zone, and similar technical information.
• Usage and interaction data (e.g., screens viewed, feature usage, session duration).
• IP address and general log data (timestamps, error logs).

Approximate location (coarse location)

• We may collect or infer approximate location (coarse, not precise) depending on your permissions and settings, to support app functionality and/or analytics and advertising signals.

C) Third-party SDKs, platforms, and partners used by the Services

We use third-party services that may collect or receive information automatically:

Authentication

• Firebase Authentication (Google Sign-In and Apple Sign-In)

Analytics and performance

• Google Analytics
• Firebase Analytics
• Firebase Crashlytics (crash reports and diagnostic/performance data)

Push notifications

• Firebase Cloud Messaging (FCM) (device token and delivery/engagement events)

Advertising

• Google AdSense (Website)
• Google AdMob (Apps)
• Other ad networks that may be enabled in one or more Apps: InMobi, AdColony, AppLovin, Vungle, Unity Ads

Advertising partners may process device identifiers (such as mobile advertising identifiers), IP address, approximate location, ad interaction events, and usage signals to serve and measure ads, including personalized ads where enabled (see Section 6).

Payments

• Apple In-App Purchases
• Google Play Billing

We do not receive your full payment card details; transactions are processed by Apple/Google under their own policies.

3) How we use information

We use information to:

1. Provide, operate, and maintain the Services
   • Sign-in/authentication, account access, and core features.
2. Enable required photo-related functionality
   • Uploading/processing/storing pictures via Cloudflare R2 where needed for the App to work, and deleting them according to Section 8.
3. Analytics, debugging, and product improvement
   • Understanding usage trends and improving features (Google Analytics/Firebase Analytics).
   • Detecting, diagnosing, and fixing crashes and stability issues (Crashlytics).
4. Send push notifications (where enabled)
   • Service-related notifications and/or user-triggered alerts depending on the App.
5. Advertising and monetization
   • Serving ads (including personalized ads where you permit) and measuring ad performance.
6. Security, fraud prevention, and compliance
   • Protecting users and Services; complying with legal obligations; enforcing policies.

We do not send marketing emails.

4) Legal bases for processing (GDPR)

If you are located in the EEA/UK or another jurisdiction with similar requirements, our processing may rely on:

• Performance of a contract: to provide the Services and requested features (e.g., login, photo-related functionality).
• Legitimate interests: improving the Services, securing them, preventing fraud, measuring performance, and supporting advertising where permitted.
• Consent: where required (e.g., personalized ads permission, certain device permissions, and certain cookies/technologies on the Website).
• Legal obligation: to comply with applicable laws and lawful requests.

You may withdraw consent at any time (see Sections 6 and 11).

5) How we share information

We may share information:

• With service providers/processors that help operate the Services (hosting, storage, analytics, crash reporting, push notifications).
• With Cloudflare R2 for storage of uploaded pictures required for app functionality.
• With advertising partners (AdSense/AdMob and other networks listed above) to display and measure ads and prevent fraud, including personalized advertising where enabled.
• With Apple and Google for in-app purchase processing.
• For legal and safety reasons if required by law or to protect rights, safety, and security.
• In connection with a business transfer (e.g., if the Services are transferred), subject to applicable law.

We do not use remarketing services as a separate marketing program; however, personalized advertising involves third-party advertising technologies (see Section 11B).

6) Personalized ads, tracking permissions, and your choices

Personalized advertising (Apps)

We use personalized ads. We will request the necessary permission/consent (for example, via an app start/onboarding screen and/or platform prompts where applicable). If you decline, we may still show non-personalized ads where supported by ad providers.

You can also control ads via:

• iOS: privacy settings (including app tracking choices) and Apple system controls.
• Android: Google/Android ad personalization controls and advertising ID settings.

Push notifications

You can opt out of push notifications any time through your device settings (and any in-app notification settings, if provided).

Location and camera/photo permissions

You can enable/disable location and camera/photo permissions in your device settings. Some features may not work without required permissions.

7) Cookies and similar technologies (Website)

Our Website uses cookies and similar technologies for:

• essential site operation,
• analytics (traffic measurement),
• advertising (e.g., AdSense) and ad measurement.

We use a cookie consent banner/manager. Where required, non-essential cookies/technologies are used only after consent and can be adjusted through the consent tool and/or your browser settings.

8) Data retention

We retain personal information only as long as necessary for the purposes described in this Policy.

Photos/pictures stored for app functionality

• Pictures uploaded through an App may be stored in Cloudflare R2 because this is necessary for the App to function.
• We delete stored pictures within 30 days.
• We also delete pictures promptly if:
  • you delete them within the App, or
  • you request deletion (in-app or by contacting us).
• Limited technical logs, caches, or backups may persist briefly for security and system integrity, but we aim to remove content from active systems promptly.

Account/authentication data

• Retained while your account is active and as needed to provide the Services. You can request deletion (see Section 11).

Analytics/crash data

• Retained for a reasonable period to monitor performance, diagnose issues, and improve reliability.

9) Security

We implement reasonable safeguards designed to protect information. No method of transmission or storage is completely secure; therefore, we cannot guarantee absolute security.

10) Children’s privacy

Our Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, contact us and we will take appropriate steps to delete it.

11) Your privacy rights

A) GDPR/EEA/UK rights

Depending on your location, you may have rights to:

• access,
• rectification,
• deletion,
• restriction,
• objection,
• data portability,
• withdraw consent (where applicable),
• lodge a complaint with a supervisory authority.

B) California privacy rights (CCPA/CPRA)

If you are a California resident, you may have the right to:

• Know what personal information we collect/use/disclose/share.
• Delete personal information (subject to exceptions).
• Correct inaccurate personal information.
• Opt out of "sale" or "sharing" of personal information (as defined under California law).
• Limit certain uses of sensitive personal information (where applicable).
• Non-discrimination for exercising your rights.

Do we sell personal information?
We do not sell personal information for money.

Do we share personal information for cross-context behavioral advertising?
Because we use personalized ads and third-party ad technologies, certain disclosures may be considered "sharing" under CPRA.

How to opt out

• Use device-level ad personalization controls (iOS/Android) described in Section 6.
• Adjust Website cookie preferences via the consent banner/manager.

How to exercise rights (GDPR and CCPA/CPRA)
You can request access, deletion, or correction:

• In-app (where the App provides account/data deletion controls), and/or
• By emailing us at southaaicoo@gmail.com or using https://ulucado.com/contact/.

We may need to verify your request consistent with applicable law.

12) CalOPPA disclosures

• This Policy is posted on our Website and made available where required for our Apps.
• We describe categories of personal information and third parties in this Policy.
• Do Not Track (DNT): We do not respond to DNT signals in a uniform way because there is no consistent industry standard. You can control cookies and ad preferences as described in Sections 6 and 7.

13) International data transfers

We are based in Turkey and use service providers that may process information in other countries. Where required, we use appropriate safeguards consistent with applicable law.

14) Third-party services

Our Services integrate third-party platforms/SDKs including Apple, Google, Firebase, Cloudflare, and advertising partners. Their processing is governed by their own privacy policies and terms. We recommend reviewing those policies for additional details.

15) Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated version on our Website and update the "Last updated" date above. Continued use of the Services after changes means you accept the updated Policy.

16) Contact us

For questions or requests about this Privacy Policy:

• Email: southaaicoo@gmail.com
• Contact page: https://ulucado.com/contact/