3D-PaiLiTi Privacy Policy (Strict Compliance Edition)

Version: v1.0 | Effective date: 2025-10-20 | Last updated: 2025-10-20 | Platforms: Android / iOS

This Privacy Policy (“Policy”) explains how we collect, use, store, share, and protect your information when you use 3D-PaiLiTi (the “App”) and related services, as well as the rights and choices you have. We comply with Google Play’s User Data and Data Safety disclosure requirements, including transparent disclosures for sensitive permissions such as camera, microphone, and media.

1. Information We Collect

Depending on the features you use, we may collect the following categories of information:

Account & identity: nickname, avatar, email address, third-party sign-in identifiers (e.g., Google / Facebook).
Device & logs: device model, OS version, app version, language, network type, crash / performance diagnostics.
Transactions & purchases: Google Play purchase tokens and order IDs for IAP verification (we do not process full payment card details).
Camera / Photos (with consent): images or videos you capture or select for 3D generation / avatar creation; treated as personal and sensitive data and processed only for the intended feature.
Third-party SDK data: necessary telemetry collected by integrated SDKs (e.g., Firebase, AdMob) for analytics, crash reporting, ads delivery, or push notifications.

2. How We Use Information

Provide, maintain, and improve core features (3D generation, upload, rendering, downloads).
Account login and sync; verify purchases and entitlement.
Troubleshooting and diagnostics (crash analytics, performance monitoring).
Security protection and abuse detection.
Provide relevant ads or recommendations (if enabled and where permitted).
Comply with applicable laws and regulatory requirements.

3. Permissions and Purposes

We request system permissions only when necessary for specific features and only access them after you grant consent. You may revoke permissions anytime in your device settings.

Permission	Purpose	Optional
Camera	Capture / scanning / preview for 3D generation or avatar creation	Yes
Read Media (Images/Videos) / System Photo Picker	Select and upload media from gallery; we prefer scoped or system pickers to minimize access	Yes
Microphone	Optional voice input / audio features	Yes
Network	Cloud processing, authentication, updates, purchase verification	Required

4. Storage, Retention, and Security

Storage: hosted on Firebase infrastructure in asia-southeast1 and backups where applicable.
Retention: retained for the minimum period necessary to provide the service or meet legal obligations; diagnostic logs are typically kept for up to 90 days unless required longer for security or compliance.
Security: transport encryption (HTTPS), access control, and auditing are implemented. No system can guarantee 100% security.

5. Data Deletion & User Requests

You may request deletion of your account or data at any time by contacting us at admin@encoflow.studio. Verified requests are processed within 30 days, unless retention is required for legal, billing, fraud prevention, or dispute purposes.

6. How We Share Information

We do not sell personal data. We may share data only:

With service providers / SDKs strictly as needed to deliver features (e.g., analytics, crash reporting, ads, push, IAP verification).
For legal compliance when responding to lawful requests.
In business transfers (e.g., mergers / reorganizations) under the same policy or subject to new consent.

7. Third-Party SDKs and Purposes

SDK	Purpose
Firebase Analytics / Crashlytics	Performance, usage analytics, and crash diagnostics
Google AdMob	Ads delivery and measurement (subject to Google Publisher Policies)
Google Play Billing	In-app purchase processing and verification
Facebook SDK / Expo (if enabled)	Social login, analytics, or platform integrations

8. Advertising and Analytics (if applicable)

If ads or analytics are enabled, partners may collect device identifiers, advertising IDs (AAID/IDFA), and impression/click events in accordance with Google Publisher Policies. You can reset or limit ads personalization in your device settings.

9. Biometric Data

We do not collect or process biometric identifiers (such as facial templates or voiceprints). Uploaded photos are used only for 3D model generation and are not used for biometric recognition.

10. Cookies / Local Storage (Web / PWA)

For the web version (if any), we may use cookies or local storage for session management and analytics. You may clear or block them in your browser settings.

11. Children’s Privacy

We comply with laws protecting minors. For child-directed content, stricter collection limits apply and parental consent is obtained where required.

12. Legal Basis (GDPR)

For EU/EEA users, processing may rely on: consent, contract performance, legitimate interests (e.g., to maintain and improve services), and legal obligations. You may withdraw consent at any time without affecting prior lawful processing.

13. Your Rights and Choices

Access / Correction / Deletion: via in-app options (where available) or by contacting admin@encoflow.studio.
Permission Management: revoke camera / microphone / media access in device settings at any time.
Personalized Ads: disable or reset advertising ID in device settings.
CCPA/CPRA (California): we do not “sell” or “share” personal information as defined by law. You may exercise applicable rights by contacting us.

14. Cross-Border Data Transfers

Where data is transferred internationally, we implement appropriate safeguards and comply with applicable laws.

15. Updates to This Policy

We may update this Policy periodically. Material changes will be notified in-app or on this page. Continued use after updates means you accept the revised version.

16. Contact Us

Data Controller: Encoflow Studio
Email: admin@encoflow.studio
Privacy Contact: admin@encoflow.studio
Website: https://encoflow.studio

Compliance note: Keep this Policy consistent with your Google Play Data Safety form; provide an in-app entry (e.g., Settings → Privacy) linking to this page; request only necessary permissions and prefer scoped/system pickers for media access.