Privacy Policy

1) Categories of data processed

• Profile entries inside the relevant app, in particular name or alias, age, language, settings and, where applicable, avatar configuration.
• Progress and usage data such as completed levels, stars, unlocks, last opened sections, interaction states and settings.
• Depending on the app: drawings, preview images, locally generated media content or other user-generated content.
• Technical state data for ad pacing, purchase status, stability and operational functionality.
• Data received through operating-system or third-party services to the extent needed for ads, purchases, graphics, media or other app-specific functions.

2) Purposes of processing

• Providing the relevant app’s play, learning, interaction, creative or utility features.
• Saving progress, settings, values and locally created content.
• Displaying optional external content or graphical elements where the relevant app provides them.
• Serving ads where the relevant app is used in its ad-supported form.
• Processing and restoring a one-time ad removal purchase or comparable optional app function.
• Maintaining stability, abuse prevention and technically proper app operation.

3) Legal bases under the GDPR

• Art. 6(1)(b) GDPR for providing app functionality and saving app-related progress or settings.
• Art. 6(1)(f) GDPR for security, technical integrity, troubleshooting and abuse prevention.
• Art. 6(1)(a) GDPR where consent is required, in particular for optional permissions or consent-based ad/tracking scenarios.
• Art. 6(1)(c) GDPR where legal obligations apply.

4) Local on-device storage

Under the current technical setup, profile, settings, progress and app-specific usage data are stored mainly on the device itself, in particular through UserDefaults and files inside the app container. Where an app stores locally created content, that content is also stored within the app container. Reset or deletion functions inside the relevant app can remove this local data in whole or in part.

5) Photo library and local media export

Where one of the apps offers export of locally created content or media to the device photo library, the app requests the system permission needed for that export. Without that permission, the export is not performed. Content already exported to the photo library must be deleted there separately.

6) App-specific external content and graphics services

Depending on the app and release, external services may be used for graphics, avatars or similar media functions. In Kiddiquix, this may for example include the public DiceBear API for avatar graphics. Parameters such as seed, colors or style settings may be transmitted to the relevant service. If those parameters allow a personal reference, they may constitute personal data.

7) Ads, AdMob and SKAdNetwork

• If ads are enabled and the relevant ad SDK is present in a given build, ads may be loaded through Google AdMob.
• Based on the currently reviewed implementation, the apps aim to request non-personalized ads where technically configured to do so (npa=1).
• App configurations may include SKAdNetwork entries to support aggregated attribution within Apple’s ecosystem.
• Even with non-personalized ads, technical identifiers, device/network information and fraud-prevention related data may still be processed.

8) One-time purchases and optional in-app functions

Where offered in a relevant app, a one-time in-app purchase may be used to remove ads permanently or unlock specific functions. Purchase processing is handled through Apple StoreKit and the Apple App Store. Payment data is not processed directly by the app operator.

9) Recipients and third parties

• Apple, in particular for StoreKit, app distribution and system-level platform functions.
• Google, where AdMob is used for ad delivery and ad measurement.
• App-specific external providers where graphics, avatars or comparable media functions are provided through their services.

Processing by those third parties is also subject to their own privacy notices and terms.

10) International data transfers

Where international service providers are used, personal data may be processed outside the European Union or the European Economic Area. Where required, appropriate safeguards under Art. 44 et seq. GDPR should be used, such as adequacy decisions or standard contractual clauses.

11) Retention

• Local app data remains stored until reset within the app or app deletion.
• Content exported to the device photo library remains there until deleted by the user or guardian.
• Purchase and transaction data is subject to Apple’s retention and deletion rules.
• Ad-, graphics- or API-related third-party data is subject to the relevant third party’s policies.

12) Rights of data subjects in the EU / EEA

• Access under Art. 15 GDPR
• Rectification under Art. 16 GDPR
• Erasure under Art. 17 GDPR
• Restriction of processing under Art. 18 GDPR
• Data portability under Art. 20 GDPR
• Objection under Art. 21 GDPR
• Withdrawal of consent with future effect
• Complaint to a supervisory authority under Art. 77 GDPR

13) Additional child privacy notice for the United States

Where one of the apps is treated as a child-directed service, and where U.S. law applies, requirements under the Children’s Online Privacy Protection Act and the COPPA Rule may become relevant if personal information from children under 13 is collected, used or disclosed online.

• Where COPPA applies, verifiable parental consent may be required before certain categories of data are collected from children under 13.
• Parents or guardians should receive clear notice about what data is collected and how it is used.
• Only data that is necessary for the relevant purpose should be collected, and it should be protected with reasonable security procedures.
• Third-party SDKs or ad services in child-directed environments require separate COPPA-focused review.

14) Additional California notice / CCPA / CPRA

If the operator qualifies as a covered “business” under the California Consumer Privacy Act as amended by the California Privacy Rights Act, California residents may have additional statutory rights.

• Right to know categories of personal information collected.
• Right to deletion, subject to legal exceptions.
• Right to correct inaccurate personal information.
• Right to opt out of sale or sharing of personal information, where applicable.
• Right to non-discrimination for exercising privacy rights.

Whether the operator is covered by the CCPA/CPRA depends on the applicable legal requirements and thresholds in effect at the relevant time.

15) Children and parental responsibility

Where an app is intended for children or may be used by children, use should take place under parental or guardian supervision. Parents should in particular oversee name entries, external content features, ad-related features, photo exports and purchases.

16) Security

Appropriate technical and organizational measures are used to protect data against loss, unauthorized access and unintended disclosure. Absolute, risk-free security cannot be guaranteed in digital systems.

17) Changes to this Privacy Policy

This Policy may be updated when app functions, third-party services, legal bases or technical flows change. The current published version controls.

18) Contact

Privacy inquiries may be sent to kiddiquix@lukas-reiter.de.

Document ID: LR-APPS-DP-EN-2026-03-13 · Version 3.0