Privacy Policy

This Privacy Policy describes how KBWorks ("we", "us", or "our") collects, uses, and handles information when you use Pomodoro RPG ("the Application") on iOS or Android. Please read this policy carefully before using the Application.

Data Controller

The data controller for the Application is:
KBWorks — an independent mobile developer based in Ho Chi Minh City, Vietnam.
Contact: kbsoft.support@gmail.com

No Account Required

Pomodoro RPG does not require you to create an account. All game data — your hero, progress, stats, quests, and streaks — is stored entirely on your device. We do not have access to your game save data. Third-party analytics services (described below) do collect limited anonymous usage data.

Information We Collect

The Application itself does not directly collect personal information. However, the third-party services it integrates with automatically collect the following data:

• In-app screens and features used, event timing, and session duration
• Device model, OS version, and app version
• IP address (processed by Firebase; truncated and not stored by us)
• Advertising identifiers (IDFA on iOS, AAID on Android) — for ad personalization only when you have given consent
• Push notification device token — used solely to deliver reminders you have enabled; not shared with advertisers

We do not collect your name, email address, precise location, or payment details. We do not use Artificial Intelligence (AI) technologies to process your personal data.

Legal Basis for Processing (EEA / UK / Switzerland)

Where the General Data Protection Regulation (GDPR) applies, we rely on the following legal bases:

• Consent — for advertising identifiers (IDFA/AAID) and personalized advertising. You can withdraw consent at any time via your device settings.
• Legitimate interests — for anonymous crash reporting and aggregate analytics that help us maintain a stable and improving app, where these interests are not overridden by your rights.

Advertising Identifiers

iOS (Apple IDFA): We request access to the Identifier for Advertisers (IDFA) via the App Tracking Transparency (ATT) prompt at first launch. If you consent, ads may be personalized. If you deny, non-personalized ads will still be shown but no cross-app tracking occurs. You can change this at any time via Settings → Privacy & Security → Tracking.

Android (Google AAID): Google AdMob uses the Android Advertising ID (AAID) for advertising purposes. You can opt out via Settings → Google → Ads → Delete advertising ID. Deleting the AAID means ads will no longer be personalized on that device.

In jurisdictions requiring consent (EEA, UK, Switzerland), the Application uses Google's User Messaging Platform (UMP) to collect your consent before showing personalized ads. You can review or change your consent at any time within the app.

Push Notifications

If you enable notifications, the Application requests a device push token from Apple (APNs) or Google (FCM). This token is used only to deliver the reminders you have configured (e.g., daily quest reset, inactivity nudge). It is not shared with advertisers or any third party beyond the notification delivery infrastructure. You can disable notifications at any time in your device's Settings.

Third-Party Services

The Application integrates with the following third-party services, each governed by their own privacy policies:

• Google Play Services
• Google AdMob — Privacy Policy
• Google Analytics for Firebase — Privacy Policy
• Firebase Crashlytics — Privacy Policy
• Apple App Store & APNs

We may disclose information to comply with legal obligations, protect the safety of users, or investigate fraud. We do not sell personal data to third parties.

Data Stored on Your Device

All game progress, character data, and settings are saved locally on your device using standard on-device storage. This data is never transmitted to our servers. You can delete all local data at any time by uninstalling the Application.

Data Retention

Firebase Analytics data is retained for 14 months by default, after which it is automatically deleted by Google. Crash reports in Firebase Crashlytics are retained for 90 days. We do not maintain separate user databases — all game data lives on your device and is removed when you uninstall the app.

Your Rights

Depending on your location, you may have the following rights regarding your data:

• Access — request a copy of the data we hold about you
• Rectification — request correction of inaccurate data
• Erasure — request deletion of your data ("right to be forgotten")
• Portability — request your data in a portable format
• Objection — object to processing based on legitimate interests
• Withdraw consent — at any time for consent-based processing (e.g., ad personalization) without affecting prior lawful processing
• California (CCPA) — right to know, delete, and opt out of the sale of personal information. We do not sell personal information.

To exercise any of these rights, email kbsoft.support@gmail.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

Opt-Out

• Uninstall the Application to stop all data collection and remove all local data.
• Deny or revoke ATT permission (iOS) to disable ad personalization.
• Delete your Advertising ID (Android) to disable ad personalization.
• Disable notifications in device Settings to stop push reminders.
• Email kbsoft.support@gmail.com to request deletion of any data held by our services.

Children's Privacy

The Application is not directed at children under 13 (or under 16 in the EEA/UK where a higher age threshold applies). We do not knowingly collect personal data from children below these ages. If we become aware that a child has provided personal data without appropriate parental consent, we will delete it promptly. If you believe a child has submitted data to us, please contact us at kbsoft.support@gmail.com.

Security

We take reasonable technical and organizational measures to protect the information processed in connection with the Application. All data transmitted to Firebase services is encrypted in transit (TLS). Game data stored on your device is protected by your device's own security model. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. For material changes, we will make reasonable efforts to notify users (e.g., via an in-app notice). Your continued use of the Application after changes are posted constitutes acknowledgment of the updated policy.

Contact

Questions or concerns about this Privacy Policy?
Email: kbsoft.support@gmail.com
We respond within 2 business days.