Privacy Policy

Effective Date: 2025-09-01

1. Introduction

This Privacy Policy delineates the data handling practices of Coffee Break Ideas LLC ("Company," "we," "our," or "us"), located at 30 N Gould St Ste R, Sheridan, WY 82801, USA, concerning the mobile application Polarytics ("App").

This document outlines:

• The limited information processed by the App.
• The purposes and methods of such information processing.
• The engagement of select third-party service providers.
• Your rights and choices available under applicable data protection laws, including the General Data Protection Regulation (GDPR) of the European Union and the California Consumer Privacy Act/California Privacy Rights Act (CCPA/CPRA).

App is developed with a core focus on privacy. We do not collect personal identifiers such as your name, email address, telephone number, demographic information, or payment card details. The data that are transmitted from your device are strictly limited to:

• Anonymous purchase receipts, which are processed by RevenueCat to facilitate your in-app subscription functionality.
• Optional push-notification tokens, which are necessary for delivering premium real-time alerts through Firebase Cloud Messaging (which, in turn, utilizes the Apple Push Notification service on iOS devices).

By installing or utilizing the App, you acknowledge your understanding and acceptance of the terms outlined in this Privacy Policy. Should you disagree with any provision herein, please refrain from using the App.

2. Information Processed and Purposes

App is engineered to minimize data transmission. We process only two distinct categories of data, neither of which directly identifies you as an individual.

Categories of Data Processed

Anonymous Purchase Receipts

• Description: This category includes non-personal identifiers such as RevenueCat customer ID (App User ID), receipt token, product identifiers, and purchase dates, generated upon the purchase or renewal of a subscription.
• Purpose: These receipts are used to validate your active subscription plan within the App and to enable the restoration of purchases on a new device.
• Recipient: This information is transmitted solely to RevenueCat, Inc. (USA) to ensure your subscription functions correctly across multiple devices.

Push-Notification Tokens (Optional)

• Description: These are randomly generated strings issued by Apple (via Apple Push Notification service - APNs) or Google/Firebase (via Firebase Cloud Messaging - FCM) when you affirmatively opt-in to receive premium real-time alerts.
• Purpose: These tokens are utilized to deliver notifications pertaining to new orders, revenue fluctuations, or subscription events directly to your device.
• Storage and Relay: Tokens are stored by Firebase Cloud Messaging (Google, USA) and are relayed via APNs for iOS devices.

Information We Do Not Collect

We affirm that app does not collect the following types of information:

• Personal identifiers (e.g., name, email address, telephone number, postal address).
• Demographic attributes (e.g., age, gender, race, religion, political affiliations, income).
• Payment card numbers; all billing operations are managed by Apple or Google through their respective in-app purchase systems.
• Usage analytics, IP addresses, device model information, or crash logs.

Data Stored Locally on Your Device (Not Transmitted)

The following data are stored exclusively on your device and are not transmitted from it:

• Your Polar access token, which are secured within the device's Secure Enclave (iOS) or Keystore (Android).
• Cached store metrics, which are encrypted using AES in a local database on your device.

Legal Bases for Processing (GDPR)

• Anonymous Purchase Receipts: Processing is founded on Contract Performance (Article 6(1)(b) of the GDPR), as this information is essential to deliver the service you have requested (i.e., the subscription).
• Push-Notification Tokens: Processing is based on Consent (Article 6(1)(a) of the GDPR). You may withdraw your consent at any time through your device's operating system settings.

Data Retention and Deletion

• Purchase Receipts: Anonymous purchase receipts are retained by RevenueCat. To request deletion, please email support@polarytics.app. Upon your request, we will initiate RevenueCat's "delete user " procedure, which will erase all associated receipts and the anonymous customer ID.
• Push Tokens: Push-notification tokens are retained until you either (a) disable notifications for the App through the App's settings or your device's operating system settings, or (b) unsubscribe from the premium plan. Upon such an event, the token is deleted from our Firebase Cloud Messaging topic.

3. Utilization of Information

The information processed is utilized strictly as follows:

Anonymous Purchase Receipts are used to:

• Verify an active subscription when the App is launched or when you switch to a new device.
• Unlock premium widgets and features commensurate with your subscription status.
• Synchronize entitlement status following refunds or subscription renewals.
• Necessity: This process is indispensable for the App to ascertain whether you have a paid entitlement to premium access.

Push-Notification Tokens (Opt-In) are used to:

• Transmit real-time alerts for new orders, new subscribers, and revenue milestones that you elect to monitor.
• Necessity: The token is the exclusive mechanism by which Apple or Google can route a notification to your specific device.

We affirm that neither category of data is used for advertising, cross-site tracking, analytics profiling, or any marketing campaigns.

4. Disclosure to Service Providers

We share the minimal data, as detailed in Section 2, exclusively with trusted third-party service providers whose services are essential for app to operate. We do not sell or rent any data to advertisers, data brokers, or analytics platforms.

Service Provider Details

RevenueCat, Inc.

• Data Shared: Anonymous purchase receipts, including app_user_id, product identifiers, transaction dates, and the receipt token.
• Purpose: To verify and synchronize your subscription entitlements across various devices.
• Jurisdiction & Safeguards: Servers are located in the United States. Data transfers from the European Economic Area (EEA) or the United Kingdom (UK) are protected under Standard Contractual Clauses (SCCs).
• Policies: revenuecat.com/privacy

Firebase Cloud Messaging (Google LLC) & Apple Push Notification service (Apple Inc.)

• Data Shared: Push-notification token and the alert payload (e.g., "You have a new order! ").
• Purpose: To deliver real-time, user-requested alerts to your device.
• Jurisdiction & Safeguards: Servers may be situated in the United States or other global regions. Both Google and Apple adhere to GDPR requirements for data transfers through the implementation of Standard Contractual Clauses (SCCs).
• Policies: Google FCM: firebase.google.com/support/privacy; Apple APNs: developer.apple.com/support/privacy

Other Potential Disclosures

• Legal or Safety Requirements: We may disclose information if compelled to do so by law, to protect our rights and the safety of others, or to address instances of fraud or security threats.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, we will notify you of any changes concerning the ownership or use of your information, as well as any choices you may have regarding that information.

5. Security Measures

We implement robust security measures to protect the limited data processed by the App.

Transport Security

• Measures: All outbound network traffic from the App utilizes HTTPS/TLS 1.2+ encryption. Only GET requests are transmitted from the device.
• Rationale: This prevents unauthorized interception and modification of data during transit.

On-Device Protections

• Measures: Access tokens are stored in the device's Secure Enclave (iOS) or Keystore (Android). The local cache is encrypted using AES. The App incorporates detection mechanisms for root/jailbreak status, emulators, and instrumentation.
• Rationale: These measures protect sensitive information even if the device itself is compromised.

Server-Side Safeguards (Applicable to Service Providers)

• Measures: Our service providers utilize TLS-protected API calls. Dashboards for managing services are protected by Role-Based Access Control (RBAC) and Multi-Factor Authentication (MFA). Providers undergo SOC 2 / ISO 27001 audits.
• Rationale: This ensures that our service providers adhere to recognized industry security standards.

Cross-Border Data Transfers

• Measures: Standard Contractual Clauses are in place for data transfers from the EU/UK to our service providers.
• Rationale: This provides a legal framework for such international data transfers.

Organizational Practices

• Measures: We adhere to the principle of least-privilege access. Access logs are maintained and reviewed annually.
• Rationale: These practices minimize risks associated with human access to data.

6. Your Rights and Choices

You possess specific rights concerning your information under applicable data protection laws.

• Right to Access / Know: You may request a copy of the data we process. This can be exercised by emailing support@polarytics.app.
• Right to Rectification: You may request the correction of any inaccuracies in the data. This can be exercised by emailing support@polarytics.app.
• Right to Erasure / Deletion: You may request the removal of your anonymous purchase receipts and associated push-notification token. This can be exercised by emailing support@polarytics.app. Requests are typically completed within 30 days.
• Right to Portability: You may request that your data be provided in a machine-readable format. This can be exercised by emailing support@polarytics.app.
• Right to Restriction of Processing: You may request a temporary halt to the processing of your data. This can be exercised by emailing support@polarytics.app.
• Right to Withdraw Consent: You can disable push notifications at any time via the App's settings or your device's operating system settings. This action effectively withdraws consent for the processing of push-notification tokens.
• Right to Non-Discrimination: We will not subject you to adverse treatment for exercising your privacy rights. This right is always respected.
• Right to Lodge a Complaint: Users in the EU/UK may lodge a complaint with their relevant Data Protection Authority (DPA). Contact details for DPAs can be found at: edpb.europa.eu/about-edpb/board/members_en

Verification of identity may be required to process certain requests. We endeavor to respond to all requests within 30 days (as per GDPR requirements) or 45 days (as per CCPA/CPRA requirements).

7. International Data Transfers

Information processed by the App may be transferred to and processed in the United States or other countries where our service providers maintain operations. We rely on the following safeguards for such transfers:

• Standard Contractual Clauses (SCCs) executed by RevenueCat, Google, and Apple to govern data transfers from the EEA/UK.
• TLS encryption for data in transit and robust device-level security safeguards as described in Section 5.
• The inherently minimal and non-identifying nature of the data being transferred.

8. Children's Privacy

The App is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If a parent or guardian becomes aware that their child has provided us with information without their consent, they should contact us at support@polarytics.app. We will take steps to delete such information from our files.

9. Data Retention Schedule

The retention periods for data associated with the App are as follows:

Location: RevenueCat

• Data: Anonymous Purchase Receipts
• Standard Retention: Retained for the duration of an active subscription plus an additional 30 days.
• Early Deletion: Can be deleted earlier upon a user's deletion request submitted to support@polarytics.app.

Location: Firebase Cloud Messaging (FCM) / Apple Push Notification service (APNs)

• Data: Push-Notification Token
• Standard Retention: Retained until push notifications are disabled by the user (either in-app or via OS settings) or the premium subscription is canceled.
• Early Deletion: Automatically deleted from our FCM topic, typically within 24 hours of disabling notifications or subscription cancellation.

Location: User's Device Storage

• Data: Polar access tokens & Cached Store Metrics
• Standard Retention: Persist solely on the user's device.
• Early Deletion: Removed when the App is uninstalled or its data is cleared by the user.

Location: Company's Internal Logs

• Data: Deletion Audit Log (records of deletion requests)
• Standard Retention: Maintained for 3 years for compliance and auditing purposes.
• Early Deletion: May be removed if no longer legally required.

10. Modifications to This Privacy Policy

We reserve the right to modify this Privacy Policy. We will provide 7 days advance notice within the App before any material changes become effective. The "Effective Date" at the commencement of this Policy will indicate when it was last revised. Your continued use of the App after the effective date of any modifications signifies your acceptance of the revised Privacy Policy.

11. Contact Information

Should you have any questions or concerns regarding this Privacy Policy or our data practices, please email us at support@polarytics.app.

We aim to respond to all privacy-related inquiries within 30 days of receipt.