Effective Date: January 1, 2025

Privacy Policy

1. Introduction

Haumea Labs ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the AdFlow mobile application (the "Service").

AdFlow is designed to help developers and publishers monitor their Google AdMob advertising performance through an intuitive mobile dashboard.

By using AdFlow, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use our Service.

2. Information We Collect

2.1 Information You Provide Directly

Google Account Information:
When you sign in with Google, we collect:

• Name and email address
• Profile picture (if available and you choose to display it)
• Google account ID (for authentication purposes)

App Preferences:

• Theme and display preferences
• Notification settings
• Currency and date format preferences
• Auto-refresh settings

2.2 Information We Access on Your Behalf

AdMob Account Data:
With your explicit authorization, we access the following from your Google AdMob account:

• Account information (publisher ID, account name, currency)
• Application data (app names, platform, store information, app icons)
• Revenue and earnings metrics (daily, weekly, monthly aggregations)
• Performance statistics (impressions, clicks, eCPM, fill rates)
• Historical reporting data (up to the limits set by Google's API)

OAuth Scope Permissions:

• https://www.googleapis.com/auth/admob.report - To read your AdMob reports
• https://www.googleapis.com/auth/admob.readonly - To read your AdMob account information
• Google Sign-In profile information (name, email, profile picture)

2.3 Information Automatically Collected

Device Information:

• Mobile device type and operating system
• App version and build information
• Device language and timezone settings
• Network connection type (WiFi, cellular)

Usage Analytics (Optional):
If you consent to analytics collection:

• App usage patterns and feature engagement
• Crash reports and error logs
• Performance metrics (load times, response times)
• General usage statistics (aggregated and anonymized)

Local Data Storage:

• Cached AdMob data for offline viewing
• Authentication tokens (stored securely)
• User preferences and settings

3. How We Use Your Information

3.1 Primary Service Functions

• Data Display: Present your AdMob data in an organized, mobile-friendly interface
• Authentication: Verify your identity and maintain secure access to your data
• Synchronization: Fetch and update your AdMob metrics in real-time
• Offline Access: Cache data locally for viewing without internet connectivity

3.2 Service Improvement

• Performance Optimization: Analyze usage patterns to improve app performance
• Feature Development: Understand which features are most valuable to users
• Bug Fixes: Identify and resolve technical issues through crash reporting
• User Experience: Enhance interface design and navigation based on usage data

3.3 Communication

• Service Updates: Notify you of important changes or new features
• Technical Issues: Alert you to service disruptions or account problems
• Security: Inform you of any security-related matters affecting your account

4. Data Storage and Security

4.1 Local Storage

• AdMob data is cached locally on your device for performance and offline access
• Authentication tokens are stored using platform-secure storage (iOS Keychain, Android Keystore)
• User preferences are stored locally using encrypted storage

4.2 Remote Storage

• We do not store your AdMob data on our servers
• Only authentication session data is temporarily stored server-side (expires after 24 hours)
• User account preferences may be synchronized across devices (if you choose)

4.3 Security Measures

• Encryption: All data transmission uses TLS 1.3 encryption
• Authentication: OAuth 2.0 with Google for secure API access
• Session Management: Secure session tokens with automatic expiration
• Access Controls: Principle of least privilege for data access
• Regular Security Audits: Periodic review of security practices and implementations

5. Data Sharing and Disclosure

5.1 No Sale of Personal Data

We do not sell, rent, or trade your personal information or AdMob data to third parties for commercial purposes.

5.2 Limited Sharing Scenarios

We may share your information only in these specific circumstances:

Service Providers:

• Google (for authentication and API access)
• Cloud infrastructure providers (for app hosting and delivery)
• Analytics services (only if you opt-in, and data is anonymized)

Legal Requirements:

• When required by law or legal process
• To protect our rights, property, or safety
• To prevent fraud or security threats
• In connection with legal proceedings

Business Transfers:

• In the event of a merger, acquisition, or sale of assets (with advance notice to users)

5.3 Google API Compliance

Our use of Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Your AdMob data accessed through Google APIs is used solely for providing and improving AdFlow's features.

6. Your Privacy Rights

6.1 Access and Control

• Data Access: View what data we have collected about you
• Data Correction: Update or correct your account information
• Data Deletion: Request deletion of your account and associated data
• Data Portability: Export your data in a structured format (where technically feasible)

6.2 Communication Preferences

• Opt-out: Unsubscribe from non-essential communications
• Notification Settings: Control in-app notification preferences
• Analytics: Disable optional usage analytics and crash reporting

6.3 Account Management

• Sign Out: Disconnect your Google account and clear local data
• Account Deletion: Permanently delete your account and revoke API access
• Data Retention Control: Set preferences for local data caching duration

7. Regional Privacy Rights

7.1 European Union (GDPR)

If you are located in the EU, you have additional rights under GDPR:

• Legal Basis: We process your data based on consent and legitimate interests
• Right to Rectification: Correct inaccurate personal data
• Right to Erasure: Request deletion of personal data ("right to be forgotten")
• Right to Restrict Processing: Limit how we process your data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to processing based on legitimate interests
• Right to Lodge Complaints: File complaints with your local data protection authority

7.2 California (CCPA/CPRA)

If you are a California resident, you have rights under the California Consumer Privacy Act:

• Right to Know: Information about data collection and use
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt-out of the sale of personal information (we don't sell data)
• Right to Non-Discrimination: Equal service regardless of privacy choices
• Right to Correct: Request correction of inaccurate information

7.3 Other Jurisdictions

We comply with applicable privacy laws in all jurisdictions where we operate and will honor equivalent rights where legally required.

8. Children's Privacy

AdFlow is not intended for children under the age of 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information.

AdMob accounts require users to be at least 18 years old, so our typical users are adults managing mobile applications for business purposes.

9. Data Retention

9.1 Account Data

• Account information is retained while your account is active
• Upon account deletion, personal data is removed within 30 days
• Some data may be retained longer for legal or security purposes

9.2 AdMob Data

• Cached AdMob data is stored locally based on your preferences
• Server-side session data expires after 24 hours
• You can clear cached data at any time through app settings

9.3 Analytics Data

• Usage analytics are retained for up to 24 months
• Crash reports are retained for up to 12 months
• All analytics data is aggregated and anonymized after initial analysis

10. International Data Transfers

Your information may be processed in countries other than your country of residence. We ensure adequate protection for international transfers through:

• Adequacy Decisions: Transfers to countries with adequate privacy protections
• Standard Contractual Clauses: EU-approved contractual safeguards
• Certification Programs: Participation in recognized privacy frameworks
• Your Consent: Explicit consent where required by law

11. Cookies and Tracking Technologies

11.1 Mobile App Context

AdFlow is a native mobile application and does not use traditional web cookies. However, we may use similar technologies:

Local Storage:

• Secure storage for authentication tokens
• User preference storage
• Data caching for offline functionality

Analytics SDKs:

• Anonymous usage analytics (optional)
• Crash reporting services (optional)
• Performance monitoring tools

11.2 Third-Party SDKs

Any third-party SDKs integrated into AdFlow are carefully selected and configured to minimize data collection while providing essential functionality.

12. Changes to This Privacy Policy

12.1 Notification of Changes

We may update this Privacy Policy from time to time. When we make material changes:

• We will notify you through the app or via email
• The "Effective Date" at the top will be updated
• Continued use of the Service constitutes acceptance of the updated policy

12.2 Policy Versioning

Previous versions of this Privacy Policy are available upon request for your reference.

13. Contact Information

13.1 Privacy Questions

If you have questions about this Privacy Policy or our privacy practices:

Email: privacy@haumealabs.com
Website: https://haumealabs.com/privacy
Response Time: We aim to respond to privacy inquiries within 30 days

13.2 Data Protection Officer

For EU residents, you may contact our Data Protection Officer:

Email: dpo@haumealabs.com

13.3 Privacy Rights Requests

To exercise your privacy rights:

Email: privacy-rights@haumealabs.com
Subject: Include "Privacy Rights Request" in the subject line
Information: Please include your account email and specific request details

14. Technical Safeguards

14.1 Encryption

• All data in transit is encrypted using TLS 1.3
• Local data storage uses platform-native encryption
• Authentication tokens are encrypted at rest

14.2 Access Controls

• Multi-factor authentication for administrative access
• Role-based access controls for internal systems
• Regular access reviews and permission audits

14.3 Monitoring

• 24/7 security monitoring of our systems
• Automated threat detection and response
• Regular security assessments and penetration testing

15. Compliance and Certifications

We maintain compliance with relevant privacy frameworks and industry standards:

• General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA/CPRA)
• Google API Services User Data Policy
• Mobile application platform privacy requirements

---

Last Updated: January 1, 2025

This Privacy Policy is part of our Terms of Service. By using AdFlow, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your information as described herein.