This Privacy Policy describes how Ibrahim Oktay ("we," "us," or "our") collects, uses, and shares information about you when you use the SpookyBox mobile application (the "App"). We are committed to protecting your privacy and handling your data in an open and transparent manner.
By using the App, you agree to the collection and use of information in accordance with this Privacy Policy.
1. Information We Collect
We collect several types of information to provide and improve our services to you:
1.1 Personal Information You Provide
When you create an account or use the App, we collect:
- Email Address: Required for account creation and authentication
- Display Name: Your chosen username for the App
- Password: Encrypted and stored securely (we cannot see your actual password)
- Age Confirmation: Confirmation that you are 13 years or older
1.2 Usage Information
We automatically collect certain information about how you use the App:
- User Preferences: Your favorited tips, recipes, and sounds
- Fortune History: Record of your last daily fortune date
- Feature Usage: Which features and content you access
- App Interactions: Actions you take within the App
1.3 Device and Technical Information
We collect technical information about your device and App usage:
- Device Information: Device type, operating system version, device identifiers
- App Version: Version of the App you are using
- Crash Reports: Technical data when the App crashes or encounters errors
- Performance Data: App performance metrics and diagnostics
1.4 Subscription and Purchase Information
When you make purchases:
- Subscription Status: Whether you have an active premium subscription
- Purchase History: Records of your in-app purchases
- Transaction Data: Processed through Apple's App Store (we do not store payment card information)
1.5 Information We Do NOT Collect
We want to be clear about what we don't collect:
- We do NOT collect precise location data
- We do NOT access your contacts or photos
- We do NOT collect health or biometric data
- We do NOT knowingly collect data from children under 13
- We do NOT track you across other apps or websites
2. How We Use Your Information
We use the collected information for the following purposes:
2.1 To Provide and Maintain the App
- Create and manage your account
- Authenticate your identity
- Provide personalized content and features
- Save your favorites and preferences
- Deliver daily fortunes (one per day feature)
2.2 To Process Subscriptions and Purchases
- Process premium subscription payments
- Grant access to premium features
- Manage subscription renewals and cancellations
- Provide purchase receipts and confirmations
2.3 To Improve the App
- Analyze usage patterns to improve features
- Identify and fix bugs and technical issues
- Develop new features based on user behavior
- Optimize App performance and user experience
2.4 To Communicate With You
- Send important service announcements
- Respond to your support requests
- Notify you of App updates (if you opt in)
- Send subscription-related information
2.5 To Ensure Security and Prevent Fraud
- Detect and prevent fraudulent transactions
- Monitor for suspicious activity
- Protect against security threats
- Enforce our Terms of Service
3. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), UK, or Switzerland, we process your personal data based on the following legal grounds:
- Contract Performance: Processing necessary to provide the App services you requested
- Consent: You have given explicit consent for specific processing activities
- Legitimate Interests: Processing necessary for our legitimate business interests (e.g., improving the App, preventing fraud)
- Legal Obligations: Processing necessary to comply with legal requirements
4. How We Share Your Information
We do not sell your personal information to third parties. We may share your information only in the following circumstances:
4.1 Service Providers
We share information with trusted third-party service providers who assist us in operating the App:
- Firebase (Google): Authentication, database, and analytics services
- RevenueCat: Subscription and payment management
- Apple: App Store distribution and in-app purchase processing
These providers are contractually obligated to use your information only to provide services to us and to protect your information.
4.2 Legal Requirements
We may disclose your information if required by law or in response to:
- Valid legal processes (subpoenas, court orders)
- Governmental requests
- Legal claims or disputes
- Protection of our rights and property
- Public safety or law enforcement purposes
4.3 Business Transfers
If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and choices you may have.
4.4 With Your Consent
We may share information with third parties when you have given us explicit consent to do so.
5. Third-Party Services
The App integrates with the following third-party services, each with their own privacy policies:
5.1 Firebase (Google)
We use Firebase for authentication, database, and analytics. Firebase may collect:
- Device identifiers and app usage data
- Crash reports and performance data
- Analytics information
Privacy Policy: https://firebase.google.com/support/privacy
5.2 RevenueCat
We use RevenueCat for subscription management. RevenueCat may collect:
- Subscription status and purchase history
- Device identifiers
- Transaction information
Privacy Policy: https://www.revenuecat.com/privacy
5.3 Apple App Store
All purchases are processed through Apple's App Store, which has its own privacy practices.
Privacy Policy: https://www.apple.com/legal/privacy/
6. Children's Privacy (COPPA Compliance)
6.1 Age Restrictions
The App is not intended for children under the age of 13. We comply with the Children's Online Privacy Protection Act (COPPA):
- We do NOT knowingly collect personal information from children under 13
- We require users to confirm they are 13 years or older
- If we discover we have collected information from a child under 13, we will delete it immediately
6.2 Parental Rights
If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us immediately at spookybox.app@gmail.com and we will delete such information.
6.3 Users Aged 13-17
If you are between 13 and 17 years old:
- You should review this Privacy Policy with your parent or guardian
- Your parent or guardian should supervise your use of the App
- In-app purchases require parental permission
7. Your Rights and Choices
You have several rights regarding your personal information:
7.1 Access and Portability
- Right to Access: Request a copy of the personal information we hold about you
- Right to Portability: Receive your data in a structured, machine-readable format
7.2 Correction and Deletion
- Right to Rectification: Correct inaccurate or incomplete information
- Right to Erasure: Request deletion of your personal information (subject to legal requirements)
7.3 Restriction and Objection
- Right to Restriction: Request that we limit the processing of your information
- Right to Object: Object to certain types of processing
7.4 Withdraw Consent
- You can withdraw consent at any time where processing is based on consent
- This will not affect the lawfulness of processing before withdrawal
7.5 How to Exercise Your Rights
To exercise any of these rights, please contact us at: spookybox.app@gmail.com
We will respond to your request within 30 days. In some cases, we may need to verify your identity before processing your request.
8. Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:
- Active Account Data: Retained while your account is active
- Deleted Account Data: Most data is deleted within 30 days of account deletion
- Legal Requirements: Some data may be retained longer if required by law
- Backups: Deleted data may persist in backups for up to 90 days
- Analytics Data: Aggregated and anonymized data may be retained indefinitely
9. Data Security
We implement appropriate technical and organizational measures to protect your personal information:
9.1 Security Measures
- Encryption: Data is encrypted in transit using TLS/SSL and at rest
- Authentication: Secure authentication through Firebase Auth
- Access Controls: Limited access to personal data on a need-to-know basis
- Regular Updates: We keep our security practices up to date
- Monitoring: We monitor for security threats and unauthorized access
9.2 No Absolute Security
While we strive to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we implement industry-standard practices to protect your data.
9.3 Your Responsibility
You are responsible for:
- Keeping your password confidential
- Not sharing your account credentials
- Notifying us of any unauthorized access
- Using a secure device and internet connection
10. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws:
- We use Firebase (Google Cloud Platform) which has servers worldwide
- Data may be stored in the United States or other countries
- We ensure appropriate safeguards are in place for international transfers
- For EU users, we comply with GDPR requirements for international transfers
11. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to Know: Request information about the categories and specific pieces of personal information we collect
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: We do not sell personal information, so there is nothing to opt out of
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
To exercise these rights, contact us at: spookybox.app@gmail.com
12. European Union Privacy Rights (GDPR)
If you are located in the EU, EEA, UK, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):
- All rights listed in Section 7 above
- Right to lodge a complaint with a supervisory authority
- Right to withdraw consent at any time
- Right to object to automated decision-making (we do not use automated decision-making)
Data Controller: Ibrahim Oktay
EU Representative: Not required (small business exemption applies)
13. Cookies and Tracking Technologies
The App itself does not use cookies. However, third-party services we integrate with may use tracking technologies:
- Firebase Analytics: May use device identifiers for analytics
- RevenueCat: Uses device identifiers for subscription management
You can manage or disable analytics through your device settings:
- iOS: Settings > Privacy > Analytics & Improvements
14. Do Not Track
Some browsers support "Do Not Track" (DNT) signals. As the App is a mobile application and not a website, DNT signals do not apply. However, we do not track you across other apps or websites.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for legal reasons. When we make changes:
- We will update the "Last Updated" date at the top of this policy
- We will notify you through the App or via email (if applicable)
- Material changes will be announced at least 30 days in advance
- Your continued use of the App after changes constitutes acceptance
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
16. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: spookybox.app@gmail.com
Developer: Ibrahim Oktay
Response Time: We aim to respond to all privacy inquiries within 30 days
EU/EEA Users
If you are located in the EU/EEA and have concerns about our data practices, you also have the right to lodge a complaint with your local data protection authority.
17. Data Protection Officer
As a small business, we are not required to appoint a Data Protection Officer (DPO). For all privacy-related matters, please contact us at the email address provided above.
18. Your Consent
By using the App, you consent to this Privacy Policy and agree to its terms. If you do not agree with this Privacy Policy, please do not use the App.
← Back to Legal Documents