Privacy Policy for App.

Last updated: 26 April 2026

This Privacy Policy describes how the mobile application App. (package co.appdot, hereafter "the App", "we", "us") collects, uses, and protects information when you use the App on Android, iOS, Web, or Desktop.

By installing or using the App, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

We collect only the information needed to provide the App's features.

1.1 Information you provide

• Account information — when you sign up, we collect your email address, username, and password. The password is stored on our servers in hashed form; we never store or transmit your plaintext password.
• Phone number — if you choose to sign in via SMS one-time password (OTP), we collect your phone number to send the verification code.
• Sign-in identifiers — if you sign in with Google or Apple, we receive a unique identifier and your email address from the identity provider. We do not receive your Google or Apple password.
• Profile image — if you upload a profile picture, it is stored on our cloud storage.
• Content you create — any data you create inside the App, including:
  • Apps you build (name, description, color, icon, banner, modules)
  • Calendar events (title, date, time, description, attendee emails)
  • Contacts you add (names, phone numbers, emails, and other contact fields you enter)
  • Tasks you create (title, description, status)

1.2 Information collected automatically

• Authentication tokens — bearer tokens generated by our server to keep you signed in.
• Network connectivity state — the App checks whether your device is online (the ACCESS_NETWORK_STATE Android permission) so it can sync data when a connection is available.

The App does not collect your location, contacts list (we only store contacts you manually enter inside the App), call logs, SMS messages, browsing history, advertising identifiers, or biometric data.

1.3 Device permissions

• Internet (Android) — required to sync data with our server.
• Photo library (iOS) — used only when you choose to pick an image for your profile, app icon, or banner. The App does not browse, scan, or upload any photos other than the ones you explicitly select.

2. How We Use Your Information

• To create and manage your account and authenticate you on each visit.
• To store and synchronize the apps, calendar events, contacts, and tasks you create across your devices.
• To send SMS verification codes if you use phone-based sign-in.
• To export calendar events to Google Sheets when you explicitly request the export.
• To maintain the security and reliability of the service (e.g., detecting and preventing abuse).

We do not sell your personal information. We do not use your data for advertising or behavioral profiling. The App does not contain third-party advertising SDKs or analytics SDKs (no Firebase Analytics, Crashlytics, Mixpanel, Sentry, AppsFlyer, or similar trackers).

3. How We Share Information

We share information only with the service providers listed below, and only to the extent needed to operate the App:

• Backend hosting (Render) — our backend API is hosted at appdotserver.onrender.com on Render. All account and content data is transmitted to and stored on this backend.
• File storage (Cloudflare R2) — images you upload (profile pictures, app icons, banners) are stored in Cloudflare R2 object storage via short-lived signed URLs.
• Google Sign-In — if you sign in with Google, the authentication is handled by Google. Their Privacy Policy applies to that flow.
• Sign in with Apple — if you sign in with Apple, the authentication is handled by Apple. Their Privacy Policy applies.
• Google Sheets API — only when you explicitly choose to export a calendar event to Google Sheets. The exported data is sent to Google to create the spreadsheet on your behalf.
• SMS provider — if you use phone sign-in, your phone number is passed to a third-party SMS gateway to deliver the OTP code.
• Other users in shared apps — if you choose to share an app with other users, the content of that shared app (modules, events, contacts, tasks you add to it) is visible to the other members of that app.

We may also disclose information if required by law, subpoena, or other legal process, or to protect the rights, property, or safety of our users or the public.

4. Data Storage and Security

• Data in transit between the App and our servers is encrypted using HTTPS/TLS.
• Passwords are stored as salted hashes; we cannot recover or read your password.
• The App also keeps a local copy of your data on your device (using a local SQLite database) so it can work offline. This local data is removed when you sign out.

No method of transmission or storage on the Internet is 100% secure. While we use reasonable measures to protect your information, we cannot guarantee absolute security.

5. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we delete your account record and the content associated with it from our active databases. Backups and logs may retain residual copies for a limited period before being overwritten in the normal course of operations.

6. Your Rights

Depending on where you live, you may have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your account and personal data.
• Withdraw consent or object to processing.
• Request a copy of your data in a portable format.

To exercise any of these rights, contact us at the email address below. We will respond within a reasonable time and, where required, within the timeframes set by applicable law (e.g., GDPR, CCPA).

7. Children's Privacy

The App is not directed to children under the age of 13 (or under 16 in the European Economic Area), and we do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided personal information to us, please contact us so we can delete it.

8. International Transfers

Our backend and storage providers (Render, Cloudflare, Google, Apple) operate data centers in multiple countries, including the United States and the European Union. By using the App, you understand that your information may be transferred to and processed in countries other than the one in which you reside.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. Significant changes will be communicated through the App or by email. Continued use of the App after the changes take effect constitutes acceptance of the updated policy.

10. Contact Us

If you have any questions about this Privacy Policy or our data practices, contact us at:

Email: appdotcm@gmail.com