Privacy Policy

1. Introduction

Krickets LLC ("Company," "we," "our," or "us") operates mobile applications for iOS (iPhone, iPad, Apple Watch, Apple TV) and Android devices, as well as the website located at kricketsllc.com (collectively, the "Services"). This Privacy Policy describes how we collect, use, share, and protect your personal information when you use any of our Services.

This Privacy Policy applies to all of our mobile applications published on the Apple App Store and Google Play Store, including any updates, new features, and supplements to such applications. By downloading, installing, accessing, or using any of our applications or Services, you acknowledge that you have read and understood this Privacy Policy.

If you do not agree with our policies and practices, do not download, register with, or use our Services. If you change your mind later, you may stop using our Services and request deletion of your data at any time.

2. Information We Collect

2.1 Information You Provide to Us

We collect information that you voluntarily provide when using our Services:

• Account Registration Data: Name, email address, username, password, date of birth, and profile photo when you create an account.
• Profile Information: Biographical information, preferences, interests, and other profile details you choose to provide.
• User-Generated Content: Photos, videos, audio recordings, text, comments, reviews, messages, and any other content you create or upload through our Apps.
• Purchase Information: Transaction history, subscription plans, and payment-related information. Note: Full payment card details are processed and stored exclusively by Apple (App Store), Google (Play Store), or Stripe, and are never stored on our servers.
• Communications: Information you provide when contacting us for support, reporting issues, participating in surveys, contests, or promotions, or providing feedback.
• Form Submissions: Information submitted through forms on our Website, including contact forms, quote requests, and newsletter signups.

2.2 Information Collected Automatically

When you access or use our Services, we automatically collect certain information:

2.2.1 Device and Technical Information

• Device type, model, and manufacturer (e.g., iPhone 15 Pro, Samsung Galaxy S24)
• Operating system and version (e.g., iOS 18.2, Android 15)
• Unique device identifiers (IDFV on iOS, Android ID)
• Advertising identifiers (IDFA on iOS, Google Advertising ID on Android) — only with your consent where required
• App version and build number
• Screen resolution, display size, and device orientation
• Device language, timezone, and regional settings
• Available storage space and memory (RAM)
• Network type (Wi-Fi, cellular), carrier name, and connection speed
• Bluetooth and accessibility settings status
• Battery level and charging state
• Jailbreak/root detection status (for security purposes)

2.2.2 Usage and Behavioral Data

• App launch events, session duration, and session frequency
• Screens and features accessed, buttons tapped, and navigation paths
• In-app search queries and content interactions
• Time spent on specific screens or features
• App installation source and referral data
• App foreground/background events
• Error logs, crash reports, diagnostics, and performance metrics
• Content viewed, saved, shared, liked, or downloaded
• Notification interaction data (received, opened, dismissed)
• Purchase funnel events (viewed, initiated, completed, abandoned)

2.2.3 Location Data

• Approximate Location: IP-based geolocation (city/region level) is collected automatically for analytics and content localization.
• Precise Location: GPS-based precise location is collected only with your explicit consent via the iOS or Android permission prompt. You may revoke this at any time through your device settings (iOS: Settings > Privacy & Security > Location Services; Android: Settings > Location > App permissions).
• Background Location: If applicable, background location access is requested separately and only for features that require it (e.g., location-based reminders). This requires additional explicit consent.

2.2.4 Log and Server Data

• IP address (anonymized after 30 days where possible)
• Access timestamps and referring URLs
• Browser type and version (for Website visitors)
• API request metadata

2.3 Information from Third-Party Sources

• Sign-In Providers: When you sign in using Apple Sign In, Google Sign In, or Facebook Login, we receive your name, email address, and profile picture as permitted by your account settings and the provider's policies.
• App Store Platforms: Apple and Google provide us with aggregated and anonymized app analytics, subscription status, and refund information through App Store Connect and Google Play Console.
• Analytics Providers: We receive aggregated data from Firebase Analytics, Google Analytics, and other analytics services regarding app usage trends.
• Advertising Partners: If our Apps contain advertisements, ad networks may provide us with ad performance metrics and de-identified audience insights.
• Attribution Partners: We may receive install attribution data to understand which marketing channels drive app downloads.

2.4 Sensitive Information

We do not intentionally collect sensitive personal information such as racial or ethnic origin, political opinions, religious beliefs, genetic or biometric data, health data, or sexual orientation. If any of our Apps process health-related data (e.g., fitness tracking), such processing is done locally on your device or with your explicit opt-in consent, and this will be clearly disclosed within the specific App.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Core Service Delivery

• Providing, operating, and maintaining our Apps and their features
• Creating and managing your user account
• Processing transactions, subscriptions, and in-app purchases
• Syncing your data and preferences across devices
• Delivering content, recommendations, and personalized experiences
• Enabling user-to-user communication features (where applicable)

3.2 Improvement and Analytics

• Understanding how users interact with our Apps to improve functionality
• Identifying and fixing bugs, crashes, and performance issues
• Conducting A/B testing and feature experiments
• Analyzing usage trends, feature adoption, and user retention
• Developing new features, products, and services

3.3 Communication

• Sending transactional notifications (purchase confirmations, password resets, account alerts)
• Delivering push notifications related to app activity (with your consent)
• Responding to your inquiries, support requests, and feedback
• Sending product updates, feature announcements, and service-related notices
• With your opt-in consent, sending promotional emails and marketing communications

3.4 Safety, Security, and Legal

• Detecting, investigating, and preventing fraud, abuse, and security threats
• Enforcing our Terms of Service and other policies
• Protecting the rights, property, and safety of Krickets LLC and our users
• Complying with applicable laws, regulations, court orders, and legal processes
• Verifying identity and preventing unauthorized access
• Moderating user-generated content for policy compliance

3.5 Advertising

• Displaying advertisements within our free Apps (where applicable)
• Measuring ad performance and campaign effectiveness
• With your consent (via ATT on iOS or equivalent), delivering personalized ads based on your interests
• Without consent, displaying contextual (non-personalized) ads only

4. Legal Bases for Processing (EEA/UK Users)

If you are in the European Economic Area or United Kingdom, we process your personal data based on the following legal grounds:

• Contractual Necessity: Processing necessary to perform our contract with you (e.g., providing the App, managing your account, processing purchases).
• Consent: Where you have given explicit consent (e.g., push notifications, precise location, personalized advertising, marketing emails). You may withdraw consent at any time.
• Legitimate Interests: Processing necessary for our legitimate interests that are not overridden by your rights (e.g., analytics, fraud prevention, product improvement, security).
• Legal Obligation: Processing necessary to comply with legal requirements (e.g., tax records, law enforcement requests).

5. How We Share Your Information

We do not sell your personal information. We do not rent or trade your personal information with third parties for their own marketing purposes. We share your information only in the following circumstances:

5.1 Service Providers and Processors

We engage trusted third-party companies to perform services on our behalf, including:

• Cloud Hosting: Google Cloud Platform (Firebase), Amazon Web Services (AWS)
• Analytics: Firebase Analytics, Google Analytics, Mixpanel, Amplitude
• Crash Reporting: Firebase Crashlytics, Sentry
• Push Notifications: Firebase Cloud Messaging (FCM), Apple Push Notification Service (APNs)
• Email Services: SendGrid, Mailchimp (for transactional and marketing emails)
• Payment Processing: Apple In-App Purchase, Google Play Billing, Stripe
• Advertising: Google AdMob, Meta Audience Network, Unity Ads (in free apps with ads)
• Attribution: AppsFlyer, Adjust, or Branch (for install attribution)
• Customer Support: Intercom, Zendesk, or similar support platforms
• Content Delivery: Cloudflare, AWS CloudFront

All service providers are contractually obligated to process your data only as instructed by us, maintain confidentiality, and implement appropriate security measures. Where required, we have Data Processing Agreements (DPAs) in place.

5.2 App Store Platforms

Apple (via the App Store) and Google (via Google Play) process your purchase information, subscription management, and provide us with analytics data as part of their platform services. Their respective privacy policies govern their processing:

• Apple Privacy Policy: apple.com/legal/privacy
• Google Privacy Policy: policies.google.com/privacy

5.3 Legal and Safety Disclosures

We may disclose your information if we believe in good faith that disclosure is necessary to:

• Comply with a legal obligation, court order, or governmental request
• Enforce our Terms of Service or other agreements
• Protect and defend the rights, property, or safety of Krickets LLC
• Prevent or investigate possible wrongdoing, fraud, or security issues
• Protect the personal safety of users or the public

5.4 Business Transfers

If Krickets LLC is involved in a merger, acquisition, asset sale, bankruptcy, or reorganization, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice within our Apps before your information becomes subject to a different privacy policy.

5.5 Aggregated and De-identified Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you. This data may be used for industry analysis, benchmarking, research, and marketing.

6. Third-Party SDKs and Services in Our Apps

Our mobile applications may include third-party software development kits (SDKs) that collect data independently. Below is a list of categories of SDKs we may use:

6.1 Analytics SDKs

• Firebase Analytics (Google) — Collects app usage events, user properties, screen views, session data, and crash information. Firebase Privacy
• Google Analytics for Firebase — Provides audience insights, funnel analysis, and retention metrics.

6.2 Advertising SDKs

• Google AdMob — Serves display and video advertisements. May collect device identifiers, IP address, and ad interaction data. Google Ads Privacy
• Meta Audience Network — Serves advertisements from Meta's ad network. Meta Privacy Policy
• Unity Ads — Serves video and playable advertisements. Unity Privacy Policy

6.3 Authentication SDKs

• Firebase Authentication — Manages user sign-in via email/password, phone number, Google, Apple, and Facebook.
• Sign in with Apple — Apple's privacy-focused authentication. Users may choose to hide their email. Apple Privacy
• Google Sign-In — Google's authentication service. Google Privacy

6.4 Cloud and Infrastructure SDKs

• Firebase Cloud Firestore / Realtime Database — Cloud-based database for data storage and sync.
• Firebase Cloud Storage — Stores user-uploaded files (images, videos, documents).
• Firebase Cloud Messaging (FCM) — Delivers push notifications.
• Firebase Remote Config — Manages app configuration and feature flags.

6.5 Crash and Performance SDKs

• Firebase Crashlytics — Collects crash reports, stack traces, device state at time of crash, and performance traces.
• Firebase Performance Monitoring — Measures app startup time, HTTP request latency, and screen rendering performance.

6.6 Payment SDKs

• StoreKit (iOS) / Google Play Billing (Android) — Handles in-app purchases and subscriptions through the respective app store.
• RevenueCat (if applicable) — Manages cross-platform subscriptions and purchase tracking.

7. Apple App Tracking Transparency (ATT)

On iOS 14.5 and later, our Apps comply with Apple's App Tracking Transparency framework. Before accessing your device's advertising identifier (IDFA) or tracking your activity across other companies' apps and websites, we will present the ATT permission prompt.

• If you Allow Tracking: We and our advertising partners may use your IDFA to deliver personalized ads and measure ad effectiveness across apps.
• If you Ask App Not to Track: We will not access your IDFA. You will still see ads, but they will be contextual (non-personalized). We will not track your activity across other companies' apps and websites.
• You can change your choice at any time: iOS Settings > Privacy & Security > Tracking.

8. Google Play Data Safety

Our Android apps comply with Google Play's Data Safety requirements. The data safety section on each app's Google Play listing accurately reflects the data we collect, share, and our security practices. Data handling details include:

• Types of data collected and whether each type is required or optional
• Whether data is encrypted in transit
• Whether users can request data deletion
• Whether the app follows the Google Play Families Policy (for apps targeting children)

9. Push Notifications

Our Apps may send push notifications for:

• Important account and security alerts
• Transaction and subscription-related updates
• App feature updates and product announcements
• Personalized content and engagement reminders
• Promotional offers (with your consent)

Push notifications are delivered via Apple Push Notification Service (APNs) on iOS and Firebase Cloud Messaging (FCM) on Android. We store a device push token to deliver notifications. You may disable push notifications at any time:

• iOS: Settings > Notifications > [App Name] > Allow Notifications OFF
• Android: Settings > Apps > [App Name] > Notifications OFF

10. Device Permissions

Our Apps may request the following device permissions. Each permission is requested at the point of use and is optional unless stated otherwise:

• Camera: To take photos or videos within the App (e.g., profile picture, content creation).
• Photo Library / Storage: To upload or save images and files.
• Microphone: For audio recording features, voice messages, or voice search.
• Location (When In Use): For location-based features, local content, or nearby search.
• Location (Always): For background location features such as geofencing or location-based reminders. Requires separate explicit consent.
• Contacts: To find friends or invite contacts (data is processed locally and not uploaded without consent).
• Notifications: To deliver push notifications.
• Biometrics (Face ID / Touch ID / Fingerprint): For secure app unlock or payment authentication. Biometric data is processed entirely on-device by the operating system and is never accessed or stored by our Apps.
• Bluetooth: For connecting to wearable devices or peripherals.
• Health Data (HealthKit / Health Connect): If applicable, for reading or writing health and fitness data with your explicit consent. Health data is never used for advertising.
• Calendar: For scheduling and reminder features.
• Motion & Fitness: For step counting and activity detection features.

You may revoke any permission at any time through your device settings. Revoking a permission may limit the functionality of certain features.

11. Data Retention

We retain your information only for as long as necessary to fulfill the purposes described in this Privacy Policy:

• Active Account Data: Retained for the duration your account is active.
• Post-Deletion Account Data: After account deletion request, data is permanently deleted within 30 days, except where legal retention is required.
• Usage and Analytics Data: Retained in identifiable form for up to 14 months, then aggregated or anonymized.
• Crash and Performance Logs: Retained for up to 90 days.
• Customer Support Records: Retained for up to 3 years after resolution for quality assurance and legal purposes.
• Transaction Records: Retained for up to 7 years as required by tax and financial regulations.
• Marketing Consent Records: Retained for the duration of consent plus 3 years after withdrawal for compliance documentation.
• Server Logs: IP addresses anonymized after 30 days; logs retained for up to 90 days.

12. Data Security

We implement industry-standard technical and organizational measures to protect your personal information:

• Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher.
• Encryption at Rest: Sensitive data stored on our servers is encrypted using AES-256 encryption.
• Authentication Security: Passwords are salted and hashed using bcrypt. We support multi-factor authentication where applicable.
• Access Controls: Employee access to user data is restricted on a need-to-know basis with role-based permissions and audit logging.
• Infrastructure Security: Our cloud infrastructure includes firewalls, intrusion detection, DDoS protection, and automated vulnerability scanning.
• Security Audits: We conduct regular security assessments, code reviews, and penetration testing.
• Incident Response: We maintain an incident response plan and will notify affected users and relevant authorities of a data breach within 72 hours as required by applicable law.
• Secure Development: Our development team follows OWASP Mobile Security guidelines and secure coding practices.

13. Your Rights and Choices

13.1 All Users

• Access Your Data: View and download your personal data through the App settings or by contacting us.
• Update Your Data: Edit your profile and account information directly in the App.
• Delete Your Account: Request account deletion through the App settings or by emailing ceo@kricketsllc.com. See our Data Deletion Policy for details.
• Opt Out of Marketing: Unsubscribe from emails via the "unsubscribe" link, or disable promotional push notifications in the App or device settings.
• Manage Permissions: Revoke device permissions (camera, location, notifications, etc.) through your device settings at any time.
• Opt Out of Personalized Ads: Use the ATT prompt on iOS or Google ad settings on Android. You may also enable "Limit Ad Tracking" on your device.
• Disable Analytics: Where available, opt out of analytics collection through the App privacy settings.

13.2 California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act and California Privacy Rights Act:

• Right to Know: Request disclosure of the categories and specific pieces of personal information we collected, the sources, business purposes, and third parties with whom we share it.
• Right to Delete: Request deletion of personal information we collected from you, subject to certain exceptions.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt Out of Sale/Sharing: We do not sell or share personal information for cross-context behavioral advertising. No opt-out action is needed.
• Right to Limit Use of Sensitive Personal Information: Where applicable, limit our use of sensitive personal information to what is necessary.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

How to Exercise: Submit a request to ceo@kricketsllc.com with the subject "CCPA Request." We will verify your identity and respond within 45 days (extendable by an additional 45 days with notice).

Authorized Agents: You may designate an authorized agent to make a request on your behalf. We may require written proof of authorization and verify your identity directly.

Annual Metrics: We receive and process privacy requests in compliance with CCPA requirements. Contact us for a summary of our annual request metrics.

13.3 European Economic Area and United Kingdom (GDPR/UK GDPR)

If you are in the EEA or UK, you have the following rights under the General Data Protection Regulation:

• Right of Access (Art. 15): Obtain confirmation of whether we process your data and receive a copy of your personal data.
• Right to Rectification (Art. 16): Correct inaccurate or incomplete personal data.
• Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten") where applicable.
• Right to Restriction (Art. 18): Request restriction of processing in certain circumstances.
• Right to Data Portability (Art. 20): Receive your personal data in a structured, commonly used, machine-readable format (JSON or CSV).
• Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent (Art. 7): Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.
• Right to Lodge a Complaint: File a complaint with your local data protection authority (e.g., ICO in the UK, CNIL in France, BfDI in Germany).

How to Exercise: Submit a request to ceo@kricketsllc.com with the subject "GDPR Request." We will respond within 30 days.

13.4 Other Jurisdictions

• Brazil (LGPD): Brazilian users have rights similar to GDPR, including access, correction, deletion, and data portability. Contact us to exercise your rights under the Lei Geral de Proteção de Dados.
• Canada (PIPEDA): Canadian users may access, correct, or request deletion of personal information. Contact us with your request.
• Australia (APPs): Australian users have rights under the Australian Privacy Principles. Contact us for access or correction requests.
• Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA): Residents of these US states have rights to access, delete, correct, and opt out of targeted advertising and profiling. Contact us to exercise these rights.

14. Children's Privacy

Our Services are not directed to children under 13 years of age (or the applicable minimum age in your jurisdiction: 16 in the EEA, 14 in South Korea, etc.).

• We do not knowingly collect personal information from children under the applicable minimum age.
• We do not knowingly allow children under the applicable age to register for accounts.
• Our Apps are not designed to attract children and do not contain content specifically targeted at children.
• We comply with the Children's Online Privacy Protection Act (COPPA), the EU's Age-Appropriate Design Code (UK), and other applicable children's privacy laws.
• If we learn that we have inadvertently collected personal information from a child under the applicable age, we will delete that information as quickly as possible.
• If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at ceo@kricketsllc.com.

If any of our Apps are specifically designed for family use or may be accessed by children, we will comply with all applicable requirements including the Apple App Store Kids Category guidelines, Google Play Families Policy, and COPPA, and will provide additional disclosures within the App.

15. International Data Transfers

Your information may be transferred to, stored in, and processed in countries other than your country of residence, including the United States, where our servers and service providers are located.

When we transfer personal data internationally, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs): We use EU-approved SCCs for transfers from the EEA to countries without an adequacy decision.
• UK International Data Transfer Agreement (IDTA): For UK-originating transfers.
• Adequacy Decisions: We rely on adequacy decisions where applicable (e.g., EU-US Data Privacy Framework).
• Supplementary Measures: Where necessary, we implement additional technical and organizational measures to ensure protection equivalent to that in the originating jurisdiction.

16. Do Not Track / Global Privacy Control

• Do Not Track (DNT): There is no industry-standard technology for recognizing DNT browser signals. We do not currently respond to DNT signals.
• Global Privacy Control (GPC): We recognize and honor GPC signals as a valid opt-out request for the sale/sharing of personal information under applicable US state privacy laws.

17. Third-Party Links

Our Apps and Website may contain links to third-party websites, services, or content. This Privacy Policy does not apply to third-party services. We encourage you to review the privacy policies of any third-party services before providing them with your personal information. We are not responsible for the privacy practices or content of third-party services.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make changes:

• We will update the "Last updated" date at the top of this policy.
• For material changes, we will provide notice through our Apps (via in-app notification or popup), by email, or by posting a prominent notice on our Website.
• Where required by law, we will obtain your consent before applying material changes.
• Your continued use of our Services after the effective date of the revised Privacy Policy constitutes acceptance of the changes.

19. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: ceo@kricketsllc.com
• Company: Krickets LLC
• Website: kricketsllc.com/contact
• Data Deletion Requests: kricketsllc.com/data-deletion

We aim to respond to all inquiries within 30 days. For GDPR requests, we respond within 30 days. For CCPA requests, we respond within 45 days.