Privacy Policy
This version is the 2026 Global Compliance Deep-Enhanced Edition. It is a comprehensive upgrade from our previous policy, with material new content addressing the EU Digital Services Act (DSA) transparency requirements, U.S. state-level privacy differentiation (California CPRA, Texas, Virginia, Colorado, Washington and others), AI-generated content disclosure (where applicable), and refined IAP / IAA fraud enforcement rules. It is paired with our 2026 Technical Compliance Execution Guide and our Terms of Service, which together govern your use of every application, service, and digital surface published under the ZedLogic Cloud Pulse brand.
We are a small studio. Our privacy posture is structural: by default, your data does not leave the device. Where it must leave the device (for example, to satisfy a payment processor or to detect fraud), we minimize, encrypt, and disclose every step. This policy explains exactly what we collect, why, who we share with, and how you can exercise the rights granted to you by every regime we comply with.
§ 01 Preamble & Scope
This Privacy Policy is issued by ZedLogic Cloud Pulse ("we", "us", "our", "the studio"), a research-driven application studio headquartered at the University of Florida Innovation Center, Gainesville, Florida, United States. It applies to every product, website, and digital surface operated under the zedlogiccloudpulse.com domain or published under the ZedLogic Cloud Pulse developer account on the Apple App Store, Google Play Store, and any successor or affiliate storefront.
By installing, accessing, or using any of our products, you acknowledge that you have read and understood this policy. If you do not agree, please discontinue use and contact our Data Protection Officer (dpo@zedlogiccloudpulse.com) to request account closure and data deletion.
Our products are not directed to children under the age of 13. Users between 13 and the age of digital consent in their jurisdiction (16 in several EU member states, 14 in others, 13 in the United States under COPPA) must review this policy with a parent or legal guardian before use. We do not knowingly collect personal information from children below these thresholds. See Age Restrictions for the full statement.
§ 02 Data Collection Granularity & Purposes
We strictly follow the principle of minimum necessary collection. Through compliant technical means, we collect only the information required to (a) maintain normal operation of our IAA (in-app advertising) and IAP (in-app purchase) systems, (b) optimize user experience, and (c) prevent fraudulent activity. The collection, processing, and storage of any data described in this policy complies with the privacy laws of every region in which we operate, and we collect nothing that is unrelated to providing our services.
All collected data is encrypted in transit (HTTPS / TLS 1.3) and at rest (AES-256), stored on compliant servers, accessible only to authorized personnel under documented access controls, and access is logged in full for audit purposes.
§ 03 Device Fingerprint & Identification Codes
To provide attribution, anti-fraud, regional compliance, and ad mediation services, we (and our authorized third-party processors) collect a limited set of device-level identifiers and technical attributes:
- IDFA (Identifier for Advertisers) — Apple's iOS advertising identifier. Collected only after explicit consent via Apple's App Tracking Transparency (ATT) framework. See Regional Law Disclosures for the 2026 ATT enforcement details.
- GAID (Google Advertising ID) — Android's advertising identifier, subject to the Google Play Privacy Sandbox and user opt-out controls.
- OAID (Open Anonymous Device Identifier) — used for devices distributed in mainland China and other markets where IDFA / GAID are not available.
- Device brand, model, screen resolution, operating system version, language setting — for UI adaptation, crash diagnostics, and ad creative optimization.
- Battery state and system clock offset — used solely to detect timezone spoofing and prevent cross-regional price arbitrage; never used to track individual behavior.
- Device unique identifier — encrypted at rest, used only for fraud detection, never associated with your real-world identity, and purged upon account deletion.
We do not collect hardware-level identifiers that bypass platform controls (for example, MAC addresses are not used as IDFA substitutes), and we do not fingerprint devices in ways that are resistant to user opt-out.
§ 04 Network Environment Data
- IP address — collected only to determine the user's geographic region for legal compliance, fraud prevention, and ad creative localization. IP addresses are not used for precise geolocation and are truncated to /24 (IPv4) or /48 (IPv6) within 24 hours of collection for analytical use.
- Mobile network operator name — for regional compliance verification and ad performance diagnostics.
- Wi-Fi connection status — used to determine whether to route traffic over cellular or Wi-Fi, and to provide offline-first features where appropriate.
- Network type (4G / 5G / Wi-Fi) — for app performance diagnostics and ad creative selection (e.g., video quality).
§ 05 Behavioral Trajectories (IAA & UX)
Two categories of behavioral data are collected: advertising-related signals used for IAA optimization, and product-related signals used to improve user experience. None of this data is used to construct a profile of your identity outside of the application context.
5.1 · Advertising Behavior
- Advertising display identifier (see §03)
- Click timestamps and conversion paths
- Rewarded video ad viewing duration, completion, and mid-watch exit events
- Ad dwell time and engagement signals
This data is used to optimize ad delivery effectiveness and prevent ad fraud. It is processed internally and, in anonymized or pseudonymized form, shared with third-party monetization platforms only as required for real-time bidding, attribution, and fraud prevention. We do not enrich advertising identifiers with off-app personal data.
5.2 · Game / Application Logic
- Frequency of core feature loop triggers
- Click-through rates on paywall prompts
- Onboarding drop-off points
- Feature usage frequency
Used exclusively to improve product interaction, refine feature layout, and enhance user convenience. We do not collect specific user-generated content, private journal entries, financial transaction details, health measurements, or biometric data through these signals.
§ 06 Financial Transaction Data (IAP)
We process in-app purchases exclusively through Apple's App Store and Google Play official payment APIs. We do not directly collect, transmit, or store any of the following sensitive payment information: bank card numbers, CVV codes, payment passwords, card expiration dates, or bank account credentials. All payment operations are conducted within Apple's or Google's certified payment infrastructure.
| Field | Source | Used For |
|---|---|---|
| Order ID | App Store / Play receipt | Order tracking, refund processing |
| Item name & quantity | App Store / Play receipt | Entitlement validation |
| Currency | App Store / Play receipt | Financial reporting, currency-aware UX |
| Amount paid | App Store / Play receipt | Financial reconciliation |
| Country code | App Store / Play receipt | Regional tax compliance |
| Transaction time | App Store / Play receipt | Audit, dispute resolution |
| Sandbox test order flag | App Store / Play receipt | Filtering test transactions |
| Order status | App Store / Play receipt | Success / failure / refund tracking |
This data is used for order validation, refund processing, financial reconciliation, and payment fraud prevention. Receipts are validated server-side using Apple's App Store Server Notifications and Google Play Real-Time Developer Notifications; we never replicate or persist payment credentials.
§ 07 Third-Party Data Sharing Architecture
To achieve legitimate monetization, service optimization, and anti-fraud objectives, we share the minimum necessary data with a vetted ecosystem of compliant third-party processors. The principles are: minimum necessary, encrypted in transit, fully controlled. We do not share sensitive personal information. You may review the third-party privacy practices of every partner at their respective websites.
7.1 · Aggregation Layer (Mediation)
- AppLovin (MAX) — real-time bidding (RTB), fill rate optimization, monetization efficiency.
- Google AdMob — RTB, fill optimization, ad quality scoring.
- Unity LevelPlay (Unity Ads) — RTB, cross-format mediation (banner, interstitial, rewarded).
Shared data is limited to anonymized device information, ad display / click events, and ad performance metrics. No real-world identity is shared.
7.2 · Attribution & Anti-Fraud (MMP)
- AppsFlyer — install attribution, fraud detection (install hijacking, click flooding, etc.).
- Adjust — attribution, fraud prevention, cohort analytics.
- Singular — attribution, ROI analytics, fraud prevention.
Shared data is limited to anonymized device information, install attribution data, and engagement events. We do not collect or transmit private user information.
7.3 · Payment Processors
- Apple Inc. — iOS in-app purchase processing, App Store Server Notifications, StoreKit 2 receipt validation.
- Google LLC — Android in-app purchase processing, Google Play Billing v6+, Real-Time Developer Notifications.
Shared data is limited to order information (excluding sensitive payment credentials) for transaction reconciliation and entitlement validation, in strict compliance with Apple's and Google's data handling rules.
We sign strict non-disclosure and data-processing agreements with every third-party partner, defining data use scope, retention period, and security responsibility. We audit partner compliance on a quarterly basis. If a partner is found to violate these terms, we terminate the relationship immediately and pursue remediation. Users can review the third-party sharing manifest in the application's in-app settings, and may revoke consent at any time (revocation may degrade advertising relevance or certain service features).
§ 08 Advertising Platform Disclosure
Our applications integrate ad SDKs to monetize free-tier features. Each SDK has its own data practices, which are summarized below and detailed at the linked privacy policies:
| Platform | Role | Ad Formats Supported |
|---|---|---|
| Google AdMob / AdSense | Mediation, direct demand | Banner, Interstitial, Rewarded Video, App Open |
| AppLovin MAX | Mediation, in-house demand | Banner, Interstitial, Rewarded Video, App Open, Playable |
| Unity LevelPlay | Mediation | Banner, Interstitial, Rewarded Video |
| Meta Audience Network | Direct demand | Banner, Interstitial, Rewarded Video, Native |
| Pangle (ByteDance) | Direct demand, mediation | Banner, Interstitial, Rewarded Video, Splash |
| Vungle (Liftoff) | Direct demand | Interstitial, Rewarded Video |
| ironSource (Liftoff) | Direct demand, mediation | Interstitial, Rewarded Video |
| InMobi | Direct demand | Banner, Interstitial, Rewarded Video, Native |
| Mintegral | Direct demand | Banner, Interstitial, Rewarded Video, App Open, Native |
| Chartboost (now Digital Turbine) | Direct demand | Interstitial, Rewarded Video |
| Tapjoy | Direct demand (offerwall) | Offerwall, Rewarded Video |
| AdColony (now Digital Turbine) | Direct demand | Interstitial, Rewarded Video |
| Start.io | Direct demand | Banner, Interstitial, Native, Rewarded Video |
| Digital Turbine | Direct demand, mediation | Banner, Interstitial, Rewarded Video |
| Fyber (now Digital Turbine) | Direct demand, mediation | Banner, Interstitial, Rewarded Video |
| AppsFlyer | MMP (attribution) | n/a — measurement only |
| Adjust | MMP (attribution) | n/a — measurement only |
| Singular | MMP (attribution) | n/a — measurement only |
Every SDK is integrated in compliance with Apple's App Store Review Guidelines (including mandatory ATT consent for IDFA access on iOS) and Google Play's User Data Policy (including Privacy Sandbox alignment for Android 14+). SDK versions are reviewed and updated on a quarterly cadence. We do not integrate any SDK that lacks a public privacy policy, that is known to violate platform policy, or that requests permissions beyond what is necessary for its declared function.
§ 09 Global Region-Specific Legal Disclosures
We adapt to the privacy regulations of every country and region in which we operate, incorporating the 2026 policy changes highlighted below. Compliance is verified for every release against the strictest applicable regime.
9.1 · European Union (GDPR) & United Kingdom (UK-GDPR)
Legal Basis. Our lawful bases for processing personal data include: performance of the service agreement with you, your explicit consent, and our legitimate interests (such as fraud prevention and service optimization). All processing complies with Article 6 of the GDPR / UK-GDPR.
EU / UK Representative. For GDPR Article 27 purposes, our EU representative contact details are: [Reserved — to be filled in upon appointment of statutory EU representative per Article 27 GDPR]. UK representative contact details: [Reserved — to be filled in upon appointment of UK representative per UK-GDPR Article 27]. These addresses accept all EU / UK data subject correspondence and respond within 7 working days.
DSA Transparency. We comply in full with the European Union Digital Services Act (DSA) latest transparency requirements, including public disclosure of advertising delivery rules, algorithmic recommendation logic, content moderation standards, and periodic transparency reports. Where applications involve user-generated content (UGC), we publish our content moderation mechanism, complaint-handling process, and standards for removing illegal or harmful content, ensuring user right to information. We accept supervision by relevant EU regulatory bodies and respond to inquiries within statutory windows.
Your Rights as an EU / UK User. You may at any time access, rectify, or erase your personal data; withdraw consent; obtain a portable copy of your personal data (data portability); and lodge a complaint with the European Data Protection Board (EDPB) or the UK Information Commissioner's Office (ICO) if you believe your data has been mishandled.
9.2 · United States (CCPA / CPRA / VCDPA / Other State Laws)
No Sale of Personal Information. We commit to not selling your personal information to any third party (including advertisers or data brokers). However, under definitions in the California CPRA and Virginia VCDPA, sharing device identifiers with mediation partners for ad personalization may be characterized as "sharing" rather than "selling." We disclose this sharing in-app and offer an opt-out path at all times.
Do Not Track. We fully honor the device system-level "Do Not Track" setting. If enabled, we cease collection of behavioral trajectory data used for ad targeting or personalized recommendation, retaining only the minimum data necessary for service operation.
State-Specific Adaptations.
- California (CPRA): You may request disclosure of personal information collected, used, or shared over the past 12 months, request deletion, and opt out of personal information use for targeted advertising. We respond to verifiable requests within 45 calendar days.
- Texas: Strengthened data access rights — you may request a free copy of collected personal data without unreasonable barriers. Sharing of sensitive personal information (biometric, financial) with third parties requires your written consent.
- Virginia (VCDPA): You may request correction of inaccurate personal data and opt out of third-party sharing. We complete corrections or opt-outs within 30 calendar days.
- Other States: We adapt to the latest privacy regulations in Washington, Colorado, Connecticut, Utah, and other states, ensuring full compliance with nationwide operating requirements.
9.3 · Brazil (LGPD)
We comply with Brazil's Lei Geral de Proteção de Dados. We obtain explicit consent before collecting personal information, with clear notice of purpose, scope, and method. Brazilian users retain the rights of access, rectification, deletion, and consent withdrawal. We designate a compliance officer responsible for Brazilian user data requests. Brazilian user data is stored on servers located within Brazil and is not transferred abroad without approval from the Autoridade Nacional de Proteção de Dados (ANPD).
9.4 · Other Priority Regions
- China: Compliance with the Personal Information Protection Law (PIPL), Data Security Law (DSL), and Cross-Border Data Flow Provisions. Explicit consent is obtained before collection; data of Chinese users is stored on servers within mainland China. We cooperate with the Cyberspace Administration of China (CAC) for regulatory inspection.
- India: Compliance with the Digital Personal Data Protection Act (DPDP Act). Data is collected with your written consent, a Data Protection Officer (DPO) is appointed, you may request deletion, and cross-border transfer requires approval from the Ministry of Electronics and Information Technology (MeitY).
- Saudi Arabia: Compliance with the Personal Data Protection Law (PDPL). Saudi user data is stored within Saudi Arabia and is not transferred abroad without authorization. We accept supervision by the National Data Management Office (NDMO) / Saudi Data & AI Authority (SDAIA).
- Canada & Japan: Adaptation to Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), the Consumer Privacy Protection Act (CPPA), and Japan's Act on the Protection of Personal Information (APPI), with clear data-handling rules, user rights, and cooperation with local regulators in response to the 2026 global data sovereignty upgrades.
§ 10 Auto-Renewing Subscription Transparency
Where applications include auto-renewing subscription services, we strictly follow Apple App Store and Google Play Store subscription rules and global regional compliance requirements. The following disclosures protect your right to information and choice.
Data collected for subscription management: subscription period, remaining trial time, subscription status (active / expired / paused), and renewal time. This data is used solely for subscription management and service delivery.
10.1 · Transparency Guarantees
- Before subscribing: subscription period (weekly / monthly / annual), price, trial duration (if any), renewal rules, and cancellation method are clearly disclosed — no hidden clauses.
- Charge notification: 24 hours before each auto-renewal charge, an in-app banner and system push notification inform you of the charge amount, time, and direct path to cancel.
- Subscription management: You may cancel auto-renewal at any time via the in-app Settings → Subscriptions menu, the App Store / Google Play subscription management page. No further charges will occur after cancellation. Cancellation during a free trial incurs no fees.
10.2 · Free Trial Statement
If a free trial is offered, the subscription automatically converts to a paid plan and is charged at trial end. You may cancel during the trial to avoid any charge. If you have used subscription-exclusive features during the trial and then cancel, those features become unavailable immediately upon cancellation.
§ 11 AI-Generated Content Disclosure (Where Applicable)
Where applications include AI-generated content — including but not limited to text, audio, images, and interactive scenes — we strictly follow global AI compliance requirements and issue the following disclosures to protect your right to information and your lawful rights.
11.1 · Clear Labeling
All AI-generated content is clearly labeled "AI Generated" and distinguished from human-authored content. We do not mislead users about the source of generated outputs. This complies with the EU AI Act and U.S. state-level AI transparency requirements.
11.2 · Content Compliance
AI-generated content strictly follows global content moderation standards. Generation of violent, pornographic, vulgar, false, politically sensitive, or racially discriminatory content is prohibited. A dual mechanism — automated filtering plus human review — is applied to ensure compliance.
11.3 · Liability Boundaries
AI-generated content is provided as an assistive function and does not constitute advice, commitment, or warranty. We are not liable for losses you incur as a result of relying on AI-generated content. Where AI output infringes the intellectual property, reputation, or other lawful rights of a third party, we assume corresponding responsibility and remove the offending content promptly.
11.4 · Data Security
Data used to train our AI models is either compliantly collected or used under authorization. We do not use personal or private user data to train or fine-tune models. Your data remains your data.
§ 12 Data Subject Requests & Your Rights
Regardless of your jurisdiction, you have the following rights with respect to personal data we hold about you:
- Right of Access — request a copy of the personal data we hold about you.
- Right of Rectification — request correction of inaccurate or incomplete data.
- Right of Erasure — request deletion of your personal data, subject to legal retention obligations.
- Right of Restriction — request limitation of processing in specific circumstances.
- Right of Portability — receive your data in a structured, commonly used, machine-readable format.
- Right to Object — object to processing based on legitimate interest, including profiling.
- Right to Withdraw Consent — at any time, without affecting the lawfulness of prior processing.
- Right to Lodge a Complaint — with your local data protection authority (EDPB / ICO / FTC / AG / ANPD / CAC / MeitY / NDMO / OPC / PPC).
Email dpo@zedlogiccloudpulse.com with subject line "Data Subject Request" and describe your request. Include sufficient information to verify your identity (we will never ask for sensitive payment data; identity verification follows Apple's and Google's official account authentication flows).
Response window: 7 working days for EU / UK; 45 calendar days for California; 30 calendar days for Virginia; 15 days for Brazil (ANPD); reasonable periods for other jurisdictions. Where additional time is required for legitimate reasons, we will notify you within the initial window.
§ 13 Cookies & Tracking Technologies
Our public-facing website (zedlogiccloudpulse.com) uses a minimal set of cookies and similar technologies. Where you arrive from the European Economic Area, the United Kingdom, or any region requiring prior consent, you are presented with a consent banner before any non-essential cookie is set.
| Category | Provider | Purpose | Lifetime |
|---|---|---|---|
| Strictly necessary | First-party | Session integrity, CSRF protection | Session |
| Preferences | First-party | Remember language, region, theme | 12 months |
| Analytics (anonymized) | First-party aggregate | Page views, scroll depth, no third-party transfer | 12 months |
| No advertising cookies | n/a | This website does not run advertising trackers | n/a |
You may reset cookie preferences at any time using the "Cookie Settings" link in the website footer (where required by applicable law) or by clearing your browser's site data. The websites we operate do not engage in cross-site tracking and do not share cookie data with advertising networks.
§ 14 Age Restrictions
Our products are not directed to children under the age of 13 (the threshold under the U.S. Children's Online Privacy Protection Act — COPPA). In jurisdictions where the age of digital consent is higher (such as 16 in France, Germany, Italy, the Netherlands, Slovakia, and Sweden; 14 in Austria, Bulgaria, Cyprus, Latvia, Lithuania, Portugal, and Spain), users below that age must review this policy with a parent or legal guardian before use.
We do not knowingly collect personal information from children below the applicable age thresholds. If we learn that we have inadvertently collected such information, we will delete it within 7 working days. Parents or guardians who believe their child has provided personal information to us may contact dpo@zedlogiccloudpulse.com to request deletion and account closure.
Features that involve subscriptions, IAP, or advertising are not targeted at minors and require verifiable parental consent where mandated by local law (for example, under California's SB-976 or the UK's Age-Appropriate Design Code).
§ 15 Security & Storage
All data in transit is protected by TLS 1.3 with modern cipher suites. All data at rest in our infrastructure is encrypted using AES-256 or stronger. Access to production systems requires multi-factor authentication, is logged in full, and is reviewed quarterly. Penetration testing is conducted annually by independent third-party assessors.
Data residency is configured per region. Brazilian users' data is stored in Brazil. Chinese users' data is stored in China. Saudi users' data is stored in Saudi Arabia. EU users' data is stored in EU jurisdictions subject to GDPR Chapter V transfer mechanisms. Where a region is not subject to mandatory residency requirements, data may be stored in the United States or in EU jurisdictions under standard contractual clauses.
Data retention is governed by the principle of minimum necessary. Behavioral and analytics data is retained for up to 13 months. Financial transaction records are retained for 10 years in compliance with applicable tax and audit obligations. Account data is retained for the active life of the account and deleted within 30 days of account closure, except where retention is mandated by law.
§ 16 Changes to This Policy
We review this Privacy Policy at least every six months and update it to reflect changes in applicable law, platform policies, or our processing activities. The "Effective" date at the top of this document reflects the most recent update. Material changes — those that affect your rights, the categories of data we collect, or the purposes for which we use it — are announced via in-app notification and, where required by law, via email at least 30 days before they take effect.
Previous versions of this Privacy Policy are archived and available on request to dpo@zedlogiccloudpulse.com.
Compliance & Data Protection Contact
For any privacy, data protection, compliance, or rights-related inquiry, contact our Data Protection Officer. We respond within statutory windows for every region we serve.
Gainesville, Florida, USA