Introduction
TinyGoods is an iOS coloring app that lets you paint pages and save your artwork on your device. This Privacy Policy explains what information the app handles, how it is used, and what rights you have. The app is supported by advertising; this policy describes the ad-related data flows in plain language.
Information We Collect
Content You Create
- Paintings and color choices — stored locally on your device using Apple's encrypted storage (SwiftData)
- Custom palettes and progress — stored locally
Your artwork never leaves your device unless you explicitly export or share it.
Subscription Information (when you purchase Pro)
- Apple processes the transaction; we receive a transaction identifier and entitlement status from RevenueCat
- We do not see your payment details, card number, or Apple ID
Device and Usage Data
- Identifier for Advertisers (IDFA) — only if you grant App Tracking Transparency permission
- Anonymous installation ID for analytics
- Device model, OS version, app version, language, country (derived from IP, not GPS)
- Feature interactions and crash reports for diagnostics
Data We Do NOT Collect
- ❌ Your name, email, phone number, or any account information
- ❌ GPS or precise location
- ❌ Contacts, calendar, photos (other than ones you explicitly import)
- ❌ Health, medical, or biometric data
- ❌ Browsing history or data from other apps
- ❌ Social media information
- ❌ Payment card numbers or banking details
How We Use Your Information
Information is used exclusively to:
- Provide and operate the app, including saving your paintings on your device
- Process subscriptions and verify Pro entitlements
- Display advertisements (personalized only with your consent under GDPR / ATT)
- Measure aggregate usage and diagnose crashes to improve the app
- Comply with legal obligations and prevent fraud or abuse
Data Processing Lifecycle
For transparency, here is how data flows through TinyGoods:
- Collection: The app reads minimal device signals on launch and prompts you for App Tracking Transparency consent
- Processing: Painting data is processed locally on your device; ad and analytics signals are sent to the third parties listed below over HTTPS
- Storage: Paintings stay on your device. Ad and analytics data are stored by their respective providers under their privacy policies
- Display: Information is shown to you through the app interface and through ads served by AdMob
- Retention: Local data persists until you delete it or uninstall the app. Ad/analytics retention follows provider policies (typically 13–24 months)
- Deletion: Uninstalling the app removes all local data permanently. To request deletion of data held by third parties, contact us
Third-Party Services
TinyGoods integrates with the following providers. Each operates under its own privacy policy.
| Provider | Purpose | Privacy policy |
|---|---|---|
| Google AdMob & User Messaging Platform | Ad delivery, GDPR consent management, fraud prevention | policies.google.com/privacy |
| RevenueCat | Subscription management and entitlement verification | revenuecat.com/privacy |
| PostHog | Product analytics, crash reports, feature usage metrics | posthog.com/privacy |
| Apple App Analytics & StoreKit | Aggregate usage stats and in-app purchase processing | apple.com/legal/privacy |
Advertising and Tracking (ATT)
TinyGoods is supported by advertising. The first time you use the app, iOS will ask whether you allow tracking via App Tracking Transparency (ATT). Your choice controls whether your IDFA is shared with advertisers:
- If you allow: AdMob and its partners may use your IDFA to deliver more relevant ads and measure performance
- If you do not allow: You will still see ads, but they will be non-personalized. We rely on Apple's SKAdNetwork / AdAttributionKit for privacy-preserving attribution
You can change your decision at any time in iOS Settings → Privacy & Security → Tracking.
Your Rights Under LGPD (Brazil)
As a Brazilian data subject, you have the following rights under Lei Geral de Proteção de Dados (LGPD), Article 18:
- Confirmation (Confirmação): Confirm that we process your data
→ Yes — primarily through ad and analytics SDKs as described above - Access (Acesso): View information about data processing
→ Available in: this Privacy Policy and provider policies linked above - Correction (Correção): Update or correct your data
→ The app does not store identifying personal data; for ad/analytics provider data, contact us - Anonymization or Deletion (Anonimização/Eliminação):
→ Uninstalling the app removes all local data. For provider-side deletion requests, contact us at the email below - Portability (Portabilidade): Export your paintings
→ Available in: Gallery → Long-press → Share image - Revocation (Revogação): Withdraw consent at any time
→ iOS Settings → Privacy & Security → Tracking (for ATT) and in-app Settings → Privacy choices (for GDPR/ad personalization) - Information about Sharing (Informação sobre Compartilhamento):
→ Listed in the Third-Party Services table above
How to Exercise Your Rights
- Most rights can be exercised directly in the app (Settings screen) or in iOS Settings
- For additional requests, contact: leobbbilhalva@gmail.com
Your Rights Under GDPR (EEA, UK, Switzerland)
If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have additional rights under the GDPR:
- Right to access your data
- Right to rectify inaccurate data
- Right to erase your data ("Right to be Forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Right not to be subject to automated decision-making
The app presents a Google-certified consent form (User Messaging Platform / UMP) on first launch in regulated regions. You can revisit your choice at any time via Settings → Privacy choices in the app.
Your Rights Under US State Privacy Laws
If you are a resident of California, Colorado, Connecticut, Utah, Virginia, or another US state with comprehensive privacy laws, you may have rights to know, delete, or correct personal information we process about you, and to opt out of "sharing" for cross-context behavioral advertising. We do not sell personal information for monetary value. To exercise rights, use the in-app Privacy choices entry point or contact us.
Children's Privacy
TinyGoods is rated 4+ on the App Store but is intended for a general audience and is not submitted to the Kids Category. We do not knowingly collect personal information from children under 13 in jurisdictions where COPPA applies, or under 13–16 in jurisdictions where GDPR-K applies, without verifiable parental consent.
If you believe a child has provided personal information through the app, contact us at leobbbilhalva@gmail.com and we will take appropriate action.
Data Storage and Security
Local Storage
All your paintings, custom palettes, and progress are stored locally using Apple's encrypted SwiftData. We do not upload your artwork to any server.
Network Transmission
- All network communication uses HTTPS
- Ad requests, subscription validation, and analytics are sent to the providers listed above and are governed by their security practices
Data Protection
- Local data is protected by Apple's iOS sandbox and on-device encryption
- We follow Apple's recommended secure storage practices
- No method of transmission over the internet or electronic storage is 100% secure
Security Incidents and Data Breach Response
Our Commitment
- We will notify affected users as soon as reasonably possible upon discovering any breach affecting their data, in compliance with LGPD requirements (typically within 72 hours)
- We will notify ANPD (National Data Protection Authority) and other relevant authorities as required
- Breach notifications will include: what happened, what data was affected, mitigation steps, and actions you can take to protect yourself
Reporting Issues
If you suspect a security issue, contact us immediately at leobbbilhalva@gmail.com.
Data Retention
- Paintings and local data: retained on your device until you delete them or uninstall the app
- Subscription records: retained as long as required by Apple and RevenueCat for billing and entitlement history
- Analytics data (PostHog): typically retained up to 24 months in identifiable form, then aggregated
- Ad-related identifiers (AdMob): retained per AdMob's policies, typically up to 13 months for billing and fraud prevention
International Data Transfers
The third-party services listed above may process data in the United States, the European Union, or other countries. Where required by law, these providers rely on Standard Contractual Clauses or equivalent transfer mechanisms.
Local painting data on your device does not cross national borders.
Data Protection Officer (Encarregado de Dados)
Under LGPD Article 41, we have designated a Data Protection Officer:
Name: Leonardo Bilhalva
Role: Data Protection Officer (DPO)
Email: leobbbilhalva@gmail.com
Responsibilities:
- Receive and respond to data subject requests
- Provide clarifications about data processing
- Accept complaints and inquiries about your data
- Serve as point of contact with ANPD (National Data Protection Authority)
Filing Complaints with ANPD
If you believe your data protection rights have been violated, you have the right to file a complaint with Brazil's data protection authority:
ANPD (Autoridade Nacional de Proteção de Dados)
- Website: https://www.gov.br/anpd/
- Email: anpd@anpd.gov.br
- Phone: 0800-740-0606
You can also contact us first at leobbbilhalva@gmail.com to resolve any concerns directly.
Compliance
LGPD (Brazil)
TinyGoods complies with the Lei Geral de Proteção de Dados (LGPD - Law 13.709/2018):
- Legal Basis: Legitimate interest for advertising-supported operation; explicit consent for personalized advertising via the Google UMP form when applicable
- Data Minimization: Only ad and analytics signals strictly needed to operate the app are collected (Article 6, VI)
- Purpose Limitation: Data is used solely for the purposes described in this policy (Article 6, I)
- User Rights: Full Article 18 rights honored (see "Your Rights Under LGPD")
- DPO Appointed: Data Protection Officer designated (Article 41)
- Transparency: Clear and accessible privacy policy (Article 9)
GDPR (European Union, UK, Switzerland)
We use a Google-certified Consent Management Platform (UMP) to collect and record user consent before serving personalized ads in regulated regions, in compliance with Google's EEA/UK/Switzerland consent requirements.
Apple App Store
The app and this policy comply with Apple App Store Review Guidelines, including Guideline 5.1 (Privacy) and the App Tracking Transparency framework.
Changes to This Policy
We may update this Privacy Policy from time to time. The "Last Updated" date at the top reflects the most recent change. Material changes will be announced within the app or via the App Store update notes. Continued use of the app after changes constitutes acceptance of the updated policy.
Contact Us
If you have questions about this Privacy Policy or how we handle your data:
Email: leobbbilhalva@gmail.com
Developer: Leonardo Bilhalva
Location: Brazil
Data Protection Officer: Leonardo Bilhalva
Response Time: We aim to respond to all inquiries within 5 business days.
Summary
In simple terms:
- ✅ Your paintings stay on your device — never uploaded
- ✅ We don't ask for your name, email, or any account
- ✅ Ads are how the app stays free; you can choose personalized or non-personalized
- ✅ You can revoke ad tracking any time in iOS Settings
- ✅ EU/UK users see a GDPR consent form on first launch
- ✅ Brazilian users have full LGPD Article 18 rights and a designated DPO
- ✅ Uninstalling the app deletes all your local data
- ✅ This is not a medical or financial app, and we don't collect sensitive data
Your privacy is our priority. 🔒
Acknowledgments
This Privacy Policy was created in compliance with:
- LGPD (Lei Geral de Proteção de Dados — Brazil)
- GDPR (General Data Protection Regulation — EU/UK/Switzerland)
- CCPA / CPRA and other US state privacy laws
- Apple App Store Review Guidelines (Guideline 5.1)
- App Tracking Transparency (ATT) framework
- Google AdMob and User Messaging Platform requirements