Privacy Policy & Global Compliance Declaration

We collect the minimum data necessary to operate, improve, and monetize our Services while respecting your privacy. The following categories describe the data we may collect and their purposes:

1.1.1 Device Identification Data

• IDFA (Identifier for Advertisers, iOS): Apple's advertising identifier, collected only after you have explicitly granted consent via Apple's App Tracking Transparency (ATT) prompt. Used for personalized advertising, ad fraud detection, and attribution measurement.
• GAID (Google Advertising ID, Android): Google's resettable advertising identifier, collected in accordance with Google Play policies. Used for ad targeting, frequency capping, and attribution. You may reset or delete this ID at any time in Android device settings.
• OAID (Open Anonymous Device Identifier): An anonymous, resettable identifier provided by device manufacturers in certain regions (including China) as a privacy-preserving alternative to GAID. Used for attribution and ad analytics in applicable markets.
• Device Hardware Attributes: Device model, OS version, screen resolution, locale, language, and time zone — used for app compatibility, UX personalization, and aggregate analytics. These are not used for fingerprinting in isolation but may be processed in combination by third-party attribution SDKs.

1.1.2 Network and Connection Data

• IP Address: Collected passively for security monitoring, geographic routing, compliance jurisdiction determination, and aggregate analytics. IP addresses are truncated or anonymized where required by applicable law (e.g., GDPR). We do not store full IP addresses in persistent user profiles.
• Mobile Carrier and Network Type: Carrier name (e.g., AT&T, Vodafone), connection type (WiFi/4G/5G), and MNC/MCC codes — used for ad performance analytics and to optimize content delivery.
• WiFi Network SSID (where permitted): Collected only if you have granted location/network permission and only for relevant functionality within the app. Not transmitted to advertising networks.

1.1.3 Behavioral and Usage Data

• In-App Ad Interaction Behavior (IAA): Whether you viewed, skipped, or completed an ad; ad impression and click timestamps; rewarded ad completion status; and ad format interactions (banner, interstitial, rewarded video, splash/app-open). This data is processed by our ad mediation partners (see Section 1.2) for targeting, fraud detection, and revenue optimization.
• App Logic and Feature Usage: Which features you access, session duration, in-app navigation patterns, crash logs and performance metrics. This data is processed in aggregate or pseudonymized form. We use it to improve product design and fix technical issues. Crash logs may be collected via Firebase Crashlytics or equivalent platform services.
• App Open/Close Events: Timestamps of app sessions for retention analytics and to optimize onboarding and re-engagement strategies.

1.1.4 In-App Purchase and Financial Transaction Data

• Scope: All in-app purchases (IAP), including one-time purchases and auto-renewable subscription transactions, are processed exclusively through Apple's App Store payment infrastructure (iOS) or Google Play Billing (Android). CatFunTool does not collect, store, process, or transmit your payment card numbers, bank account details, or full financial credentials.
• Transaction Records We Receive: We receive only the following from Apple/Google: a transaction receipt/token indicating purchase completion, the product identifier, the purchase timestamp, the transaction ID, and the subscription status (active/expired/refunded). These are used to unlock purchased features, verify entitlements, and detect subscription fraud.
• Refund Handling: Refund requests and payment disputes are managed directly by Apple Inc. or Google LLC under their respective refund policies. We may receive refund status notifications to revoke entitlements where applicable.

1.1.5 Data We Do NOT Collect

Unless explicitly stated in a specific app's privacy disclosure, we do NOT collect: real name, national ID, passport number, social security number, financial account credentials, health records, biometric raw data, precise real-time GPS location, contact lists, photos, or messages.

We engage the following categories of third-party service providers. Each receives only the data required for their specific function. All partners have executed Data Processing Agreements (DPAs) where required by applicable law.

1.2.1 Ad Mediation Platforms

The following platforms may serve advertisements within our apps. Each collects device-level data as described in their respective privacy policies:

• AppLovin MAX (AppLovin Corporation): Mediation platform, demand-side advertising, and anti-fraud analytics. Collects IDFA/GAID/OAID, device attributes, IP address, and behavioral signals. Privacy policy: https://www.applovin.com/privacy/
• Google AdMob (Google LLC): Ad mediation and direct demand. Subject to Google's advertising policies. Collects device identifiers, IP address, app usage signals, and location (city-level). Privacy policy: https://policies.google.com/privacy
• Unity LevelPlay / IronSource (Unity Technologies): Mediation, rewarded video, and interstitial. Collects device identifiers, behavioral data, and fraud signals. Privacy policy: https://unity.com/legal/privacy-policy
• Meta Audience Network (Meta Platforms, Inc.): Display and video ad delivery. Collects IDFA/GAID, behavioral signals, and hashed identifiers where applicable. Privacy policy: https://www.facebook.com/privacy/policy/
• Vungle / Liftoff (Liftoff Mobile, Inc.): Rewarded video and interstitial advertising. Privacy policy: https://liftoff.io/privacy-policy/
• Mintegral (Mobvista Inc.): Programmatic advertising network. Privacy policy: https://www.mintegral.com/en/privacy/
• InMobi (InMobi Pte. Ltd.): Ad network and demand. Privacy policy: https://www.inmobi.com/privacy-policy/
• Pangle (ByteDance / TikTok For Business): Ad network. Collects device identifiers and behavioral data consistent with TikTok for Business policies. Privacy policy: https://www.pangleglobal.com/privacy
• Digital Turbine (Digital Turbine, Inc.): Ad delivery and content distribution. Privacy policy: https://www.digitalturbine.com/privacy-policy/

1.2.2 Mobile Measurement Partners (MMP) / Attribution Platforms

We use the following platforms for install attribution, campaign analytics, and anti-fraud measurement:

• AppsFlyer (AppsFlyer Ltd.): Install attribution, in-app event tracking, fraud prevention (Protect360). Processes IDFA/GAID/OAID, IP address, click/impression data. Privacy policy: https://www.appsflyer.com/legal/privacy-policy/
• Adjust (Adjust GmbH, a subsidiary of AppLovin): Attribution, cohort analytics, and fraud detection. Processes device identifiers, IP address, and install signals. Privacy policy: https://www.adjust.com/terms/privacy-policy/
• Singular (Singular Labs, Inc.): Marketing analytics, attribution, and ROI measurement. Processes device identifiers, campaign data, and aggregate behavioral data. Privacy policy: https://www.singular.net/privacy-policy/

Attribution data is used solely for: (a) measuring which marketing campaigns result in app installs; (b) detecting and blocking fraudulent installs; (c) aggregate campaign performance analytics. Attribution data is never sold to third parties for unrelated purposes.

1.2.3 Payment Processors

• Apple Inc.: Processes all iOS App Store purchases. We receive only transaction receipts and entitlement signals.
• Google LLC: Processes all Google Play purchases. We receive only purchase tokens and subscription status.

CatFunTool is not a payment processor and does not maintain PCI-DSS scope for cardholder data.

1.2.4 Technical Infrastructure Partners

We may use Firebase (Google LLC) for crash reporting, performance monitoring, and anonymous analytics. Firebase Analytics events are logged in anonymized or pseudonymized form. Firebase's data practices are governed by Google's Privacy Policy.

Certain apps published by CatFunTool offer auto-renewable subscription services. The following terms apply to all such subscriptions in addition to any app-specific subscription terms presented at the point of purchase:

• Subscription Transparency: The subscription price, billing interval (e.g., weekly, monthly, annual), and included features are clearly disclosed on the app's product page and in the in-app purchase prompt before any transaction is initiated. No subscription will begin without your explicit confirmation.
• Free Trial Terms: Where a free trial is offered, the trial period, the price that will be charged upon trial expiration, and the billing date are disclosed clearly. Charges will not apply during a free trial period. If you cancel before the end of the free trial, you will not be charged. Only one free trial per subscription product per Apple ID or Google Account will be honored.
• Billing Reminder: Subscription renewals will be processed automatically unless you cancel at least 24 hours before the end of the current billing period. Apple will send a renewal receipt notification to your Apple ID email. You are responsible for monitoring your subscription status.
• Price Changes: If we change subscription pricing, we will provide advance notice through the App Store/Google Play prior to the change taking effect. Your continued subscription after the price change takes effect constitutes acceptance of the new price.
• How to Cancel:
  • iOS: Open iOS Settings → tap your Apple ID → Subscriptions → select the app → Cancel Subscription.
  • Android: Open Google Play Store → tap your profile → Payments and subscriptions → Subscriptions → select the app → Cancel subscription.
  Cancellation takes effect at the end of the current billing period. You will retain access to subscription features until the period expires.
• Refunds: Refund requests for subscriptions are handled by Apple Inc. or Google LLC respectively. CatFunTool does not process subscription refunds directly. Please use the appropriate platform refund request system. CatFunTool has no ability to override platform refund decisions.
• Subscription Fraud: Attempts to manipulate subscription billing, share subscription credentials, reverse-engineer entitlement validation, or misuse free trial offers constitute a material breach of our Terms of Service and may result in account suspension and permanent revocation of subscription access without refund.

Certain features within CatFunTool's apps may incorporate AI-generated or AI-assisted content, including but not limited to algorithmic suggestions, procedurally generated audio or visual content, and AI-powered analytical outputs.

• Labeling: Where AI-generated content is presented as information or recommendation, we will clearly label such content as AI-generated or algorithmically produced to the extent technically feasible and required by applicable law, including the EU AI Act (where applicable) and emerging domestic AI content labeling regulations.
• Data Use for AI: Unless you have provided explicit consent, we do not use your personal behavioral data to train external AI models. Aggregate, de-identified data may be used to improve on-device algorithm performance.
• Accuracy and Liability: AI-generated content may be inaccurate, incomplete, or inappropriate. We disclaim liability for reliance on AI-generated content to the maximum extent permitted by applicable law. You should independently verify important AI-generated outputs before acting on them.
• Prohibited AI Uses: You may not use AI-generated content from our Services to create synthetic media that deceives, defames, or harms other individuals, or in violation of any applicable law.
• Regulatory Compliance: We monitor regulatory developments regarding AI governance (including the EU AI Act, China's Generative AI Service regulations, and US federal/state AI bills) and will update our practices and disclosures as requirements take effect.

App Privacy Nutrition Labels

All CatFunTool apps on the App Store maintain accurate App Privacy labels in App Store Connect, disclosing all data categories collected under the "Data Linked to User" and "Data Used to Track You" sections. Labels are reviewed and updated with every major SDK update or feature change that affects data collection scope. We disclose at minimum: Device ID (advertising identifiers), Usage Data (app interactions), Diagnostics (crash data), and Purchase History.

App Tracking Transparency (ATT) Framework

• Mandatory Prompt: All apps that collect IDFA or link behavioral data across apps for advertising purposes present Apple's requestTrackingAuthorization() prompt before any advertising SDK initialization that requires user-level tracking.
• No ATT Bypass: We do not use any technical methods to circumvent ATT, including fingerprinting, IP-based probabilistic matching for advertising purposes, CAID, or any other ATT bypass technique prohibited by Apple's App Store Review Guidelines.
• iOS 18 Single-Prompt Compliance: In accordance with iOS 18 policies, apps present ATT prompt only once per install, without repeated re-prompting after user denial. ATT status is checked at app launch and respected persistently.
• SKAdNetwork: For attribution measurement without IDFA, we support Apple's SKAdNetwork framework for privacy-preserving install attribution in accordance with Apple's guidelines.
• Privacy Manifests: All app targets and third-party SDKs that access required reason APIs include privacy manifest files (PrivacyInfo.xcprivacy) specifying the reason codes for API usage, in compliance with Apple's requirements effective May 2024 onward.

Subscription and IAP Technical Compliance

We implement StoreKit 2 (or StoreKit 1 where compatibility requires) for all IAP and subscription transactions. Transaction verification uses App Store server-side receipt validation or signed transaction verification. We do not cache or store raw receipts on our servers beyond what is needed for entitlement verification. We implement Transaction.currentEntitlements to accurately reflect subscription status across devices.

Data Safety Form

All CatFunTool apps on Google Play maintain accurate and current Data Safety section declarations in the Google Play Console, disclosing all data types collected, whether data is shared with third parties, whether data is encrypted in transit, and whether users can request data deletion. Forms are reviewed and updated with each SDK update, new data collection, or policy change.

Encryption and Security Standards

• Storage Encryption: All locally stored user data is encrypted using AES-256. Sensitive data (transaction records, identifiers) stored in Android Keystore-backed secure storage.
• Transmission Encryption: All network communications use TLS 1.2 or higher with certificate pinning for sensitive endpoints. Cleartext traffic (HTTP) is disabled for all production domains in the Network Security Configuration.
• Third-Party SDK Transparency: All SDKs integrated into our Android apps must support Android 14+ Privacy Sandbox APIs. We do not integrate SDKs that bypass Android privacy controls or access data through undocumented methods.

Android 14 and Android 15 Compliance

• Privacy Sandbox on Android: We participate in the Privacy Sandbox on Android transition, adopting Topics API, Protected Audience API, and Attribution Reporting API as these become viable and as our SDK partners support them.
• Android 15 OTP and Screen Sharing: In compliance with Android 15 requirements, our apps do not request accessibility permissions or device admin privileges for purposes unrelated to accessibility. We implement the Android 15 screen-sharing content indicator in any feature involving screen recording or sharing.
• 64-bit Requirement: All CatFunTool Android apps are compiled as 64-bit binaries (ARM64-v8a) in compliance with Google Play's mandatory 64-bit requirement.

Google Play Billing

All in-app purchases use the Google Play Billing Library (latest stable version). We implement the PurchasesUpdatedListener for real-time purchase updates, verify all purchases server-side using the Google Play Developer API before granting entitlements, and handle all billing response codes correctly including ITEM_ALREADY_OWNED and USER_CANCELED.

The following table summarizes our data residency posture for major jurisdictions:

We implement the following UX standards across our app portfolio to ensure informed consent and transparent user experiences:

• Privacy Policy Placement: Our Privacy Policy is accessible in three locations for every app: (1) the App Store / Google Play product page; (2) the app's splash/onboarding screen (with a direct link before any data collection begins); and (3) the app's Settings or About menu for ongoing reference.
• IAP Confirmation: All in-app purchases are subject to a confirmation prompt. For purchases above USD $50.00 (or equivalent), an additional double-confirmation step is implemented to prevent accidental purchases.
• Permission Request Clarity: System permission dialogs (notifications, tracking, location) are preceded by a plain-language "pre-permission" screen explaining exactly why the permission is needed and what will happen if denied — before any system dialog is shown.
• Rewarded Ad Skip: Where technically permitted by the ad network, a skip or close option is made available for rewarded ad formats after 5 seconds of viewing. The reward is granted only upon completion of the full ad view as required by the advertiser.
• Complaint Channels: Every app provides a clearly accessible in-app feedback / report mechanism and links to support@CatFunTool.com for complaints, abuse reports, and content moderation requests.
• Android 15 Screen Share Indicator: In any feature utilizing screen capture or sharing, we implement the Android 15 required visual indicator notifying users that screen sharing is active.

• Pre-Launch Compliance Audit: Every app version undergoes a compliance review before submission to the App Store or Google Play, covering privacy labels accuracy, ATT implementation, Data Safety form completeness, IAP implementation, age-appropriateness checks, and legal document currency.
• Third-Party Partner Management: Before integrating any new SDK or service provider, we conduct a privacy impact assessment covering data types collected, legal bases, sub-processor relationships, and any data residency implications. New partners must execute DPAs where required.
• User Rights Request Handling: We maintain a designated inbox (support@CatFunTool.com) for data subject rights requests and privacy inquiries. All requests are logged, triaged within 3 business days, and responded to within the applicable statutory deadline. We maintain a record of all requests and responses for audit purposes.
• Security Protection: We implement technical and organizational security measures proportionate to the risk, including: end-to-end encryption for sensitive data; access controls limiting data access to personnel with a need-to-know; regular security reviews of SDK dependencies; secure coding practices aligned with OWASP Mobile Top 10; and a documented incident response plan for data breaches.
• Staff Training: All team members involved in product development, data handling, or user support receive annual training on applicable privacy laws, security best practices, and our internal policies.

We conduct a formal compliance review on a bi-annual (every 6 months) basis, covering the following checklist:

• ☑ Privacy Policy and Terms of Service currency — reflect any new features, SDKs, or regulatory changes
• ☑ App Store / Google Play compliance — Privacy Nutrition Labels, Data Safety Form, store metadata
• ☑ SDK inventory audit — verify all integrated SDKs, update to latest compliance-ready versions
• ☑ Data handling practices — confirm data minimization, retention schedules, and deletion procedures
• ☑ Anti-fraud rule effectiveness — review fraud detection system performance, update penalty thresholds
• ☑ User rights request log — review all requests received, ensure timely and accurate responses
• ☑ Third-party DPAs — confirm all required data processing agreements are current and executed
• ☑ Security vulnerability assessment — scan for known CVEs in dependencies, update as needed
• ☑ Regulatory change monitoring — assess impact of new or amended laws across all target jurisdictions
• ☑ Ad platform policy compliance — verify ongoing compliance with all ad network policies and guidelines

The results of each review are documented internally and trigger updates to this Policy and related documentation where required.

Our Services are not directed to children under the age of 13 (or 16 in EU/UK jurisdictions, or such higher age as required by applicable local law). We do not knowingly collect personal information from children. If you believe we have inadvertently collected personal information from a child, please contact support@CatFunTool.com immediately and we will delete such information promptly.

Certain apps may be designed for family use. In such cases, separate in-app privacy disclosures for child users and parental consent mechanisms will be implemented as required by COPPA (US), the UK Children's Code (AADC), and equivalent regulations.

We implement industry-standard technical and organizational security measures to protect personal information from unauthorized access, disclosure, alteration, or destruction. In the event of a personal data breach that poses a risk to the rights and freedoms of individuals, we will:

• Notify the relevant supervisory authority within 72 hours of becoming aware of the breach (GDPR/UK-GDPR standard), and within applicable timelines under other jurisdictions' breach notification laws.
• Notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms.
• Document the breach, its effects, and remedial measures taken.

We may update this Policy periodically to reflect changes in our practices, technology, legal requirements, or for other operational reasons. Material changes will be communicated through in-app notifications, prominently displayed notices at the top of this page, and/or email notification where required by applicable law. The "Last Updated" date at the top of this Policy reflects the most recent revision. Your continued use of the Services following the effective date of any changes constitutes your acceptance of the revised Policy.

This Policy is governed by the laws of the People's Republic of China, without prejudice to any mandatory provisions of consumer protection or privacy law in your jurisdiction of residence that cannot be excluded by contract. For EU/UK residents, nothing in this Policy limits your right to lodge a complaint with your national Data Protection Authority. For disputes arising from this Policy, the parties agree to first attempt good-faith resolution through direct communication before pursuing formal legal remedies.

For all privacy-related inquiries, data subject rights requests, breach notifications, or regulatory correspondence, please contact:

Please include "Privacy Request" and your jurisdiction in the subject line for faster routing. See also our Terms of Service for additional policies governing use of our Services.