Privacy Policy

Last Updated: November 15, 2025

Company: TinyUtility Limited
Address: 15 A Street, Belize City, Belize
Contact: contact@tinyutility.com

1. Introduction

TinyUtility Limited operates mobile applications and software-as-a-service platforms. This Privacy Policy explains how information is collected, used, disclosed, and safeguarded when using these Services.

By using any Services, you agree to the collection and use of information per this policy. Services are intended for users aged 13 and older; no information is knowingly collected from children under 13.

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: name, email, username, password, profile data
• User Content: posts, comments, photos, videos, messages
• Communication Data: messages, feedback, support requests
• Payment Information: processed through Apple App Store or Google Play Store
• Health and Fitness Data: weight, height, activity levels, heart rate, sleep patterns, nutrition (with explicit consent)
• Financial Information: salary, wages, budgets, expenses, financial goals
• Profile Information: age, gender, preferences, demographics

IMPORTANT — Local Storage: Most financial information is stored locally on your device only and never transmitted to servers unless you explicitly use cloud sync or AI-powered features.

2.2 Information Collected Automatically

• Device Information: device type, OS, unique identifiers, network information
• Usage Data: app interactions, features used, session frequency, navigation patterns
• Location Data: approximate location via IP address; precise location requires permission
• Log Data: IP address, browser type, access times, error logs, crash reports
• Analytics Data: performance metrics, engagement statistics, feature usage
• Session Recordings: Gleap.io may record visual app interaction replays for debugging; does not capture passwords or payment information

2.3 Information from Third Parties

• Authentication Services: basic profile information from Google, Apple, Facebook
• Social Media: information you've made available on connected platforms
• Advertising Partners: de-identified ad interaction data

2.4 Cookies and Tracking Technologies

Cookies, pixels, SDKs, and similar technologies are used to remember preferences, analyze performance, deliver personalized content, and measure ad effectiveness. Device settings control cookie preferences.

3. How We Use Your Information

3.1 Service Delivery and Improvement

• Provide, maintain, and improve Services
• Process transactions and notifications
• Personalize experience and content
• Develop new features
• Conduct research and analytics
• Troubleshoot technical issues

3.2 Communication

• Send service-related announcements and updates
• Respond to requests, questions, and feedback
• Send promotional materials (with consent)
• Notify about changes to Services or policies

3.3 Safety and Security

• Detect, prevent, and address fraud and abuse
• Verify user identity
• Enforce Terms and Conditions
• Comply with legal obligations
• Monitor usage patterns to prevent misuse

3.4 Advertising and Marketing

• Display personalized advertisements
• Measure campaign effectiveness
• Conduct market research
• Create lookalike audiences

3.5 AI-Powered Features

IMPORTANT DISCLOSURE: Some Services include AI features powered by third-party large language models. When using these features:

• Data Processing: Input and queries may be sent to third-party AI providers including OpenAI, Google, Anthropic, xAI, Z.ai, DeepSeek, and others
• Anonymization: Personally identifiable information is removed where technically feasible before transmission, but query content and context may still be processed
• AI Provider Processing: Providers process data per their own privacy policies; select providers commit not to use customer data for training general models
• Health Data and AI: Health information may be processed by AI providers for insights and recommendations
• Financial Data and AI: Financial information including amounts and patterns may be processed by AI providers; personal identifiers removed before transmission
• No Training on Your Data: AI providers commit not to use individual customer data for training public models
• Your Control: You can choose not to use AI-powered features

By using AI-powered features, you consent to data being processed by third-party AI providers.

4. Third-Party Services and Data Sharing

4.1 Analytics and Performance Monitoring

• Firebase (Google): app analytics, crash reporting, performance monitoring, authentication
• Singular.net: attribution analytics, campaign tracking, user acquisition metrics
• Microsoft Clarity: user behavior analytics, session recordings, heatmaps
• Gleap.io: bug reporting, user feedback, session recordings, customer support

4.2 Advertising Networks

• Google AdMob: contextual and personalized advertising
• Meta Audience Network: personalized advertising across Meta platforms
• Other Partners: Unity Ads, AppLovin, ironSource, Chartboost, Vungle, and others

Advertisers use device advertising identifiers (IDFA on iOS, GAID on Android). Limit ad tracking or reset identifiers via device settings.

4.3 Authentication and Infrastructure

• Google Sign-In, Apple Sign-In, Facebook Login
• Cloud storage providers for backup and synchronization
• Content delivery networks

4.4 Payment Processing

All payments processed through Apple App Store or Google Play Store; company does not store payment card information directly.

4.5 When We Share Your Information

Information is shared with:

• Service providers performing services on behalf of the company
• AI service providers (as described in Section 3.5)
• Advertising partners for ad delivery and measurement
• Business transfer recipients during mergers, acquisitions, bankruptcies, or asset sales
• Legal authorities to comply with laws or enforceable governmental requests
• Safety and security purposes to protect rights, property, or safety
• With explicit user consent
• Aggregated, anonymized data that cannot identify individuals

The company does not sell personal information to third parties. However, sharing data with advertising partners for targeted advertising may be considered a "sale" or "sharing" under some privacy laws.

5. Health Data — Special Protections

5.1 Explicit Consent Required

Before collecting health data, the company will clearly explain what is collected, request explicit separate consent, allow data review and management, and provide deletion options.

5.2 Health Data We May Collect

• Physical metrics: weight, height, BMI, body measurements
• Activity data: steps, distance, exercise duration, calories burned
• Biometric data: heart rate, blood pressure, sleep patterns
• Nutrition information: meals, calorie intake, macronutrients
• Health goals and progress tracking

5.3 How We Use Health Data

• Provide personalized health insights and recommendations
• Track progress toward health and fitness goals
• Generate reports and visualizations
• Power AI-driven health coaching or analysis features (with consent)
• Conduct research in aggregated, de-identified form

5.4 Health Data Sharing

Health data is not sold. Sharing occurs only with explicit consent, AI service providers when using AI health features, aggregated de-identified form for research, or when required by law.

5.5 HealthKit and Google Fit Integration

• Specific permissions requested for each data type
• HealthKit data not shared with advertising partners
• Users can revoke permissions in device settings
• Company complies with Apple HealthKit and Google Fit policies

5.6 Your Health Data Rights

• Access and export health data anytime
• Correct inaccurate health data
• Delete health data
• Withdraw consent for health data collection
• Request cessation of AI processing of health data

5.7 Financial Data — Special Protections

Local-First Storage:

• Primary storage is on your device
• No automatic cloud sync
• Optional cloud backup is opt-in only and clearly labeled
• You control the data and can export or delete anytime

When Financial Data Leaves Your Device:

Data is transmitted only when you:

1. Enable cloud sync/backup (if available, opt-in only)
2. Use AI-powered financial features (requires explicit action)
3. Share financial reports or data (explicit sharing action)

The Company Does Not:

• Sell financial data to third parties
• Share financial data with advertisers
• Use financial data for targeted advertising
• Automatically upload financial data to cloud servers
• Share specific financial amounts with other users

6. Data Retention

Information is retained as long as necessary to provide Services and fulfill described purposes:

• Account Data: retained while active and for a reasonable period after deletion (typically 90 days)
• Usage and Analytics Data: typically retained for 24-26 months
• Session Recordings (Gleap): retained up to 90 days for debugging
• Health Data: retained as long as health features are used, then deleted within 90 days of account deletion or upon request
• User Content: may be retained longer if necessary for legal compliance or dispute resolution
• Backup Systems: data in backups may take up to 90 days to fully delete
• Legal Hold: data retained longer if required by law or ongoing legal proceedings

Users can request deletion anytime by contacting contact@tinyutility.com.

7. Your Privacy Rights

7.1 Rights for All Users

• Access: Request a copy of personal information held
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of personal information
• Data Portability: Request a copy in structured, machine-readable format
• Objection: Object to certain processing
• Withdraw Consent: Withdraw previously given consent anytime

Exercise rights through:

• Settings > Privacy > Data Rights (in-app)
• Email: contact@tinyutility.com

7.2 European Union (GDPR) Rights

Additional rights for users in the European Economic Area:

• Right to Restriction: Request limitation of data use
• Right to Lodge a Complaint: File complaint with local data protection authority
• Data Processing Basis: Consent, Contract Performance, Legitimate Interests, Legal Obligation

7.3 California (CCPA/CPRA) Rights

California residents have the right to know, access, delete, opt-out of sale/sharing, correct, limit use of sensitive personal information, and non-discrimination.

Do Not Sell or Share My Personal Information: To opt out, go to app Settings > Privacy > Do Not Sell My Information, or email contact@tinyutility.com with subject "CCPA Opt-Out".

7.4 Other Jurisdictions

Users in other regions (UK, Canada, Australia, Brazil, etc.) may have similar rights under local privacy laws. Contact the company to exercise rights.

7.5 How to Exercise Your Rights

1. In-App: Go to Settings > Privacy > Data Rights
2. Email: contact@tinyutility.com with subject "Privacy Rights Request"

The company will respond within 30 days (45 days for complex requests).

8. Data Security

Reasonable technical and organizational measures protect information including encryption (TLS/SSL in transit, industry-standard at rest), access controls, Firebase Security Rules, regular audits, secure development practices, and vendor security requirements.

No method of transmission or storage is 100% secure. While protection is prioritized, absolute security cannot be guaranteed.

9. International Data Transfers

TinyUtility Limited is based in Belize. Information may be transferred to and processed in countries other than your own. Standard Contractual Clauses (SCCs) are used for EU data transfers where required.

By using Services, you consent to the transfer of information to these countries.

10. Children's Privacy

Services are intended for users aged 13 and older; no personal information is knowingly collected from children under 13. Upon first use, age confirmation is requested. If you believe your child under 13 provided personal information, contact contact@tinyutility.com.

11. Changes to This Privacy Policy

The Privacy Policy may be updated to reflect changes in Services, legal requirements, user feedback, or technological developments. For material changes, notification occurs via in-app notification, email, or prominent website notice.

12. Opt-Out and Privacy Controls

Comprehensive control over data and privacy settings is available in Settings > Privacy, including toggles for analytics, personalized advertising, session recording, and "Do Not Sell My Information."

13. Contact Us

TinyUtility Limited
15 A Street
Belize City, Belize

Email: contact@tinyutility.com

Data Protection Officer: contact@tinyutility.com

Response Time: All inquiries receive responses within 48 business hours.

14. Specific Service Disclosures

Individual apps and Services may have additional privacy practices specific to their functionality, presented during onboarding or in-app.

15. Consent to Processing

By using Services, you acknowledge that you have read and understood this Privacy Policy, consent to the collection, use, and processing of information as described, and consent to international data transfers. You can withdraw consent anytime by disabling features in Settings > Privacy, ceasing to use Services, or requesting account deletion.