SaxApp Privacy Policy

Revised: 19 February 2025

1. INTRODUCTION
SaxApp (“the App”) is owned and operated by SaxApp Pty Ltd (“Company,” “we,” “us,” or “our”). This Privacy Policy (“Policy”) explains how and why we might access, collect, store, use, and/or share (“process”) your personal information when you use our services (“Services”), including when you:

• Download and use our mobile application (SaxApp)
  
• Visit our website at saxapp.com, or any other website operated by us that links to this Privacy Policy
  
• Use any other application or platform owned or operated by us that links to this Privacy Policy
  
• Engage with us in other related ways, including any sales, marketing, or events

By installing or using our services, you acknowledge that you have read and understood this Policy and agree to be bound by its terms. If you do not agree, you must discontinue using the Services.

2. WHO WE ARE
We provide music practice and performance features, including but not limited to digital instruments, a metronome, goal-setting, streak tracking, and analytics, to users worldwide. If you have questions about this Policy, please contact our DPO.

• Company Name: SaxApp Pty Ltd
  
• ABN: 50 671 855 333
  
• Headquarters: 125 Grays Point Road, Grays Point, NSW, Australia
  
• Website: https://saxapp.com
  
• Data Protection Officer (DPO) Email: [email protected]

3. INFORMATION WE COLLECT

3.1 INFORMATION YOU DISCLOSE

In Short: You do not need to create an account, but we may collect any information you choose to share (e.g., if you contact us) and certain in-app data that you manually enter (such as your weekly practice goal).

The App does not require user account creation, so we do not process personal details like your name or email for registration purposes. However, if you communicate with us (e.g., via email) or otherwise provide information voluntarily, we may collect any personal details you include in that communication for purposes such as responding to inquiries.

If you have provided consent for analytics tracking, usage information may be sent to our analytics service (Google Analytics for Firebase) so we can better understand how features are used and continue improving our Services. While we do not collect your name or email, this information is associated with a pseudonymous device or user identifier in Google Analytics, which may be considered personal data under certain data protection laws.

3.2 INFORMATION AUTOMATICALLY COLLECTED
In Short: When you use the App, we automatically collect certain data (including but not limited to practice session duration and date, weekly practice goals, streak updates, breakages, creations, and subscription status). This information is processed by third-party services such as Google Analytics for Firebase (only if you have opted in to analytics tracking), RevenueCat, and iCloud to improve our Services. Although we do not collect your name or email address, these datasets (including IP address, unique device identifiers, and approximate location) may be considered personal data under certain privacy laws, as they can be used to single out a user's session.

We collect certain information when you visit, use, or navigate the Services. We do not require account creation. Google Analytics for Firebase will only process your data if you have consented to analytics tracking. RevenueCat and iCloud process subscription or sync data as needed. Each service may assign unique identifiers to measure usage and link certain data to the same user or device. As a result, data can be tied to the full series of in-app events performed by that same user or device. This information does not reveal your specific identity (like your name or contact information) but may include:

1. Usage and Analytics Data (Google Analytics for Firebase)
   

• Practice Session Data: When you use the Metronome or Studio features, the App locally stores the date and duration of practice sessions. If you have consented to analytics tracking, the data is also sent to Google Analytics for Firebase to measure feature adoption and may be linked to your unique device or instance ID.
  
• Weekly Practice Goal: If you set or adjust a weekly practice goal in the App, that data is stored locally to provide the “Weekly Stats” feature. If you have enabled analytics, the data is also sent to Google Analytics for Firebase to measure feature adoption.
  
• Streak Updates: The App calculates and stores streak data (e.g., last open date, streak start date) locally and shares this data with Google Analytics for Firebase to measure retention only if you have consented to analytics.
  
• Log and Usage Data: Log and usage data – including service-related, diagnostic, usage, and performance information – are automatically collected using Google Analytics for Firebase when you access or use our Services and have provided consent. This log data may include, but is not limited to:
  • IP Address: Collected by Google Analytics for Firebase for analytics and diagnostic purposes.
    
  • Device Information: Information about your device, including device model (e.g., iPhone 16, Samsung Galaxy S24), operating system and version (e.g., iOS 15.3, Android 12), unique device identifiers, device manufacturer, hardware model, Internet service provider/mobile carrier, and system configuration details.
    
  • Browser Information: Browser type and version (e.g., Chrome 90, Safari 14), user agent string, language settings, and other browser-specific details.
    
  • Application and System Settings: Configuration details including language preferences, time zone, screen resolution, app version, and notification or connectivity settings.
    
  • Activity Data: Information about your interactions within the Services, such as date/time stamps of usage, pages or sections visited, files viewed, searches performed, and features used.
    
  • Device Event Information: System activity and performance data, including error reports or crash logs, memory usage, and CPU load.
    
  • Location Data: We automatically collect approximate location information (e.g., IP-based geolocation) through Google Analytics for Firebase only if you have consented to analytics tracking. This location data is considered personal data in some jurisdictions. We do not maintain user accounts, and we do not combine your approximate location with a real-name profile; however, the data remains linked to the same pseudonymous device/session ID.
    
• Derived Data: We may derive or infer insights from the usage data collected. While we do not attempt to identify you by name, the data is not purely anonymous; it is linked to the same pseudonymous identifiers in order to enhance the functionality and performance of our Services.
  

2. Cloud Sync (Apple's iCloud)
   

• If you enable Apple's iCloud sync for the App through your device settings, your practice information (e.g., weekly goal, practice sessions, streak data) may be stored in iCloud to allow access across devices. We do not see or manage your iCloud account details.
  

3. Payment & Subscription Data (RevenueCat, Apple In-App Purchases)
   

• We process subscriptions and in-app purchases through RevenueCat and Apple. We receive subscription statuses (e.g., active, trial, canceled) and aggregated paywall analytics (e.g., how many users view or dismiss the paywall, how many convert from trial to paid) to help us evaluate subscription performance. We do not receive or store your full payment details (e.g., credit card numbers).
  
• Full payment details (e.g., credit card numbers) are not collected or stored by us. Apple processes payment transactions; you can review Apple's Privacy Policy here.
  
• RevenueCat may collect additional data related to subscription management and analytics. We do not control every piece of data they collect; for more details on RevenueCat's data practices, please review their Privacy Policy here.
  

4. Location Data
   

• We collect approximate location data based on IP addresses using Google Analytics for Firebase. This helps us understand usage patterns and improve feature support. This data is pseudonymously linked to a user or device identifier rather than to a real name or email address.

3.3 GOOGLE API
Our use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

4. HOW DO WE PROCESS YOUR INFORMATION?
In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent.

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

• Security and Fraud Prevention: To protect our Services by analyzing usage patterns and device/session data to monitor security incidents and prevent fraud. While some reports may be aggregated, the underlying data is tied to pseudonymous user/device identifiers.
  
• Service Improvement: To improve our Services by identifying and analyzing usage trends both in aggregated reports and at the individual session level using pseudonymous (device- or instance-linked) data (where you have consented to analytics).
  
• Marketing Evaluation: To evaluate how marketing and promotional campaigns influence user engagement in specific regions or on a global scale using consented analytics data.
  
• Vital Interest Intervention: To intervene when necessary to save or protect an individual's vital interest (e.g., preventing harm or ensuring service integrity).
  
• Subscription & Billing Management: Integrating with RevenueCat and Apple to manage subscriptions and in-app purchases. We receive non-sensitive information about subscription status.
  
• Legal Compliance: To comply with applicable laws, legal processes, and lawful requests from public authorities (including meeting national security or law enforcement requirements), and to fulfill our legal or regulatory obligations.

5. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?

In Short: We process your personal information only when we have a valid legal reason (i.e., legal basis) to do so under applicable laws. These reasons include your consent, compliance with legal obligations, the necessity to provide our services, and to protect your vital interests (where applicable).

If you are located in the EU or UK, this section applies to you.

The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases to process your personal information:

• Consent. We may process your information if you have given us permission (i.e., consent) to use your personal information described in INFORMATION WE COLLECT and HOW DO WE PROCESS YOUR INFORMATION? You can withdraw your consent at any time. You can withdraw your consent within the App's settings.
  
• Legal Obligations. We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.
  
• Vital Interests. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.
  
• Necessity to Provide Our Services. In some cases, we process personal data that is essential for the performance of the services you request (for example, collecting minimal device data to deliver app functionality). When such processing is strictly necessary, we do not require separate consent.

If you are located in Canada, this section applies to you.

We may process your information if you have given us specific permission (i.e., express consent) to use your personal information for a specific purpose, or in situations where your permission can be inferred (i.e., implied consent). You can withdraw your consent at any time via the App's settings.
In some exceptional cases, we may be legally permitted under applicable law to process your information without your consent, including, for example:

• If collection is clearly in the interests of an individual and consent cannot be obtained in a timely way
  
• For investigations and fraud detection and prevention
  
• For business transactions provided certain conditions are met
  
• If it is contained in a witness statement and the collection is necessary to assess, process, or settle an insurance claim
  
• For identifying injured, ill, or deceased persons and communicating with next of kin
  
• If we have reasonable grounds to believe an individual has been, is, or may be victim of financial abuse
  
• If it is reasonable to expect collection and use with consent would compromise the availability or the accuracy of the information and the collection is reasonable for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province
  
• If disclosure is required to comply with a subpoena, warrant, court order, or rules of the court relating to the production of records
  
• If it was produced by an individual in the course of their employment, business, or profession and the collection is consistent with the purposes for which the information was produced
  
• If the collection is solely for journalistic, artistic, or literary purposes
  
• If the information is publicly available and is specified by the regulations

6. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

In Short: We share your personal information with select third-party service providers that assist us in operating, providing, and improving our Services. These providers process data under their own terms and privacy policies, which may differ from ours. If you have concerns about a specific provider's practices, we encourage you to review their individual privacy documents.

6.1 VENDORS, CONSULTANTS, AND OTHER THIRD-PARTY SERVICE PROVIDERS
We may share your data with third-party vendors, service providers, contractors, or agents (“third parties”) who perform services for us or on our behalf and require access to such information to do that work. While we evaluate each third party's privacy practices, their data handling is ultimately governed by their respective privacy policies and terms. Third parties are required to maintain the same level of protection as mandated by the Swiss-US Data Privacy Framework Principles.

The third parties we may share personal information with are as follows:

1. Google Analytics for Firebase
We use Google Analytics for Firebase to collect analytics and usage information (only if you have consented to analytics tracking) that helps us improve our Services by identifying and analyzing usage trends.

• Provider: Google
  
• Privacy Policy: https://policies.google.com/privacy

2. RevenueCat
We use RevenueCat to manage subscriptions, paywalls, and certain analytics related to in-app purchases. RevenueCat provides us with subscription statuses (e.g., active, trial, canceled) and aggregated paywall conversion metrics (e.g., views vs. conversions) to help us optimize subscription offerings. We do not receive your complete payment details (e.g., credit card numbers).

• Provider: RevenueCat
  
• Privacy Policy: https://www.revenuecat.com/privacy/

3. Apple CloudKit / iCloud
If you enable iCloud on your Apple device, certain in-app data (e.g., practice sessions, streaks, weekly goals) can be stored in iCloud for cross-device syncing. We do not access or store any of your iCloud login credentials or other Apple account details.

• Provider: Apple
  
• Privacy Policy: https://www.apple.com/legal/privacy/

4. Apple In-App Purchases
For iOS in-app purchases, Apple handles payment transactions directly, including any credit card or other payment details.

• Provider: Apple
  
• Privacy Policy: https://www.apple.com/legal/privacy

6.2 ADDITIONAL SHARING CIRCUMSTANCES

Business Transfers
We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company

Legal Obligations and Safety
We may disclose your information if we believe doing so is necessary to comply with applicable laws, respond to lawful requests or legal processes (e.g., subpoenas), or protect the rights, property, or safety of our users, staff, or the public.

Vital Interests
We may share or disclose information when we believe it is necessary to detect, prevent, or address fraud, potential threats to personal safety, or other harmful or unlawful activity.

Consent
We may share your personal information for any other purpose with your explicit consent.

7. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

In Short: Our website may use cookies and similar tracking technologies, while our mobile app does not use browser cookies but may process data through other tracking methods. Our website only uses essential cookies.

Website Usage of Cookies and Tracking Technologies:

• Essential Cookies Only:
  • When you visit our website, we use only essential cookies necessary for security, session management, and core site functionality.
    
• No Third-Party Analytics or Advertising Cookies:
  • Our website does not employ third-party tracking services or advertising cookies at this time.

Mobile App Tracking Practices:

• If you have opted into analytics, the App uses Google Analytics for Firebase. This service gathers pseudonymous (device-level) usage and performance data. Although we do not collect names or emails, the data is tied to unique identifiers (e.g., device IDs, IP addresses), which may be considered personal data under applicable laws.
  
• This data collection, if consented to:
  • Helps us understand how the app is used.
    
  • Assists in diagnosing issues and improving app performance.
    
  • Does not rely on browser cookies.

To the extent these online tracking technologies are deemed to be a “sale”/“sharing” under applicable US state laws, you can opt out of these online tracking technologies—such as disabling mobile analytics in the App's settings—or by submitting a request as described below under section “DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?”

8. INTERNATIONAL DATA TRANSFERS

In Short: We may transfer, store, and process your information in countries other than your own.

Your data may be transferred to and processed in countries different from your own (including the United States). We rely on third-party service providers (see “When and With Whom Do We Share Your Personal Information?”) — such as Apple iCloud, Google Analytics for Firebase, and RevenueCat—who may use recognized legal mechanisms for cross-border data transfers. These mechanisms can include Standard Contractual Clauses (SCCs) or (where applicable) the EU-U.S. and Swiss-U.S. Data Privacy Framework. For more information, please refer to the privacy policies of these providers:

• Apple: https://www.apple.com/legal/privacy/
  
• Google: https://policies.google.com/privacy
  
• RevenueCat: https://www.revenuecat.com/privacy/

If you are a resident in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, then these countries to which your data may be transferred might not necessarily have data protection laws as comprehensive as those in your country.

European Commission's Standard Contractual Clauses:
We rely on third-party providers such as Google Analytics for Firebase, Apple, and RevenueCat to process data. We do not independently implement SCCs with these providers but rely on their compliance frameworks and Data Processing Agreements (DPAs) that incorporate the necessary contractual protections. If you would like more details or a copy of relevant DPAs (where we are able to provide them), you may contact us at [email protected].

Swiss-US Data Privacy Framework:

Our third-party service providers, including Apple, Google, and RevenueCat may rely on the Swiss-U.S. Data Privacy Framework to lawfully transfer personal data from Switzerland to the United States. For more information, please see their privacy policies:

• Apple: https://www.apple.com/legal/privacy/
  
• Google: https://policies.google.com/privacy
  
• RevenueCat: https://www.revenuecat.com/privacy/

If you wish to limit how we share or use your personal information for purposes beyond what is necessary to provide our Services, you can contact us at [email protected], or disable mobile analytics in the App's settings. We will consider and respond to your request in accordance with applicable laws.

Swiss individuals may have certain rights under applicable law, including the right to request access to, correction of, or deletion of the personal information that we (or our third-party service providers) process about you. If you have questions or would like to exercise any of these rights, please contact us at [email protected]. We will respond within a reasonable timeframe in accordance with applicable law.

Swiss individuals with inquiries or complaints regarding their personal data should contact us by email at [email protected]. If you are not satisfied with our response, you may contact the Swiss Federal Data Protection and Information Commissioner (FDPIC) for further assistance.

In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

9. DATA RETENTION

In Short: We keep your personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy unless a longer retention period is required or permitted by law. If you wish to stop future analytics collection or request earlier deletion of your analytics data, you can disable analytics in the App's settings and/or contact us at [email protected].

9.1 Retention Periods

1. Firebase Analytics (User and Event Data)
   

• We currently set Event Data Retention in Google Analytics for Firebase to 2 months. Each time you re-engage with the App, this 2-month retention period is reset, meaning that new event-level data (e.g., logs of in-app actions) is retained for an additional 2 months from the date of your latest interaction. If there is no further engagement for 2 months, event data associated with your device / user ID is automatically deleted or anonymized.
  
• We currently set User Data Retention (eg. user-level identifiers and user properties) in Google Analytics for Firebase to 14 months. Each time you re-engage with the App, the 14-month retention period is renewed, extending the retention of your user data for another 14 months from that activity date. If there is no further engagement for 14 months, this user data is automatically deleted or anonymized.
  
• Aggregated reports (which do not contain personal data and cannot be linked back to an individual) may be retained indefinitely for statistical purposes.
  

2. Local Device Data
   

• Certain data (e.g., practice sessions, weekly practice goal, streak details) may be stored locally on your device for as long as you keep the App installed. If you uninstall or clear the App's data, this local information is removed from your device
  

3. iCloud Data
   

• If you enable iCloud sync for cross-device access, the associated practice information (e.g., practice sessions, weekly goals, streaks) remains in your iCloud account until you delete it from iCloud or disable iCloud sync for our App. Apple's data retention policies may also apply and are outlined in their privacy policy: https://www.apple.com/legal/privacy/
  

4. Subscription & Payment Data (RevenueCat, Apple)
   

• We receive non-sensitive information about your subscription status (e.g., active, trial, canceled) as well as aggregated paywall performance or conversion data from RevenueCat. RevenueCat stores this data to manage your subscription lifecycle. Apple processes your payment information but does not share your full payment details with us.
  
• We do not retain or store payment methods (e.g., credit card numbers) on servers of our own; Apple manages all iOS in-app purchase details in accordance with their own privacy policies, available at: https://www.apple.com/legal/privacy/
  
• Because RevenueCat may collect additional metrics as part of managing subscriptions, we encourage you to review their privacy policy at: https://www.revenuecat.com/privacy/
  

5. Legal or Regulatory Obligations
   

• In some cases, we may need to retain your data for a longer period if required by applicable laws, legal processes (e.g., subpoenas, investigations), or regulatory requirements. In those situations, we will securely store the data and isolate it from any further processing until retention is no longer needed.

9.2 Disabling Analytics and Requesting Data Deletion
Disable analytics in the App's settings at any time, which will prevent new analytics events from being sent to Google Analytics for Firebase.

To request deletion of analytics data, contact us at [email protected] and provide your device ID found in the App's settings. Where technically feasible and still within our retention window, we will make reasonable efforts to locate and remove (or anonymize) user-level event data from Firebase's logs.

9.3 How We Handle Deletion Requests

• Future Data: If you disable analytics in the App's settings, we will cease collecting future analytics events for your device.
  
• Manual Requests: To delete analytics data previously collected, email [email protected]. We may require additional information (e.g., your device ID) to locate your records in our analytics system.
  
• iCloud: If you wish to remove data stored in iCloud, you can disable iCloud sync for our App or delete the data directly through your device's iCloud settings.

9.4 Compliance with International Laws
We endeavor to meet the data retention and deletion requirements of relevant data protection laws, including (but not limited to):

• GDPR/UK GDPR: Data must not be kept longer than necessary for the purposes for which it was collected; users have the right to request erasure.
  
• US State Privacy Laws (e.g., CCPA/CPRA): Users may request deletion of personal information, and we must honor it unless an exception applies.
  
• Canada (PIPEDA): Retention must be for only as long as necessary, and data must be destroyed or anonymized when no longer needed.
  
• Other Regions: Where local laws impose specific retention limits or deletion requirements, we comply accordingly.

9.5 Backup and Residual Copies
While we do not directly manage backup systems, please note that residual copies of data may exist in backups maintained by our service providers. These copies are stored securely and purged according to the providers' retention schedules unless required by law.

9.6 Questions About Our Retention Policy
If you have any questions regarding how long we keep your data or wish to make a specific request about data retention or deletion, please contact us as described in Section 17, “HOW CAN YOU CONTACT US ABOUT THIS NOTICE?”.

10. HOW DO WE KEEP YOUR INFORMATION SAFE?
Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.

In Short: The security of your information is primarily managed by our trusted third-party service providers, who use a range of technical and organizational measures to protect your data. However, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure. As such, we cannot guarantee absolute security.

10.1 Our General Security Practices

1. No On-Premise Data Storage
We do not maintain our own servers for storing user accounts or personal information. Instead, all in-app data, analytics, and communications are managed by third-party service providers. For more details, please refer to the privacy policies of these providers:

• Apple: https://www.apple.com/legal/privacy/
  
• Google: https://policies.google.com/privacy
  
• RevenueCat: https://www.revenuecat.com/privacy/

2. Encryption in Transit
All data exchanged between the App and our third-party services is encrypted using Transport Layer Security (TLS). This helps ensure that any information you transmit remains confidential and protected from unauthorized access. For payment transactions, RevenueCat uses Secure Socket Layer (SSL) encryption.

3. Minimizing Data Collection
We collect and process only the information necessary to fulfill the purposes described in the WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION? section. We do not collect more information than is required to fulfill these legal bases in compliance with applicable laws.

4. Limited Access
Access to user data is restricted to individuals who require it to fulfill the purposes outlined in the WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION? section. We ensure that only authorized individuals who require access can handle personal data.

5. User Responsibility
While we take measures to protect your information, you also play a role in safeguarding your data. We encourage you to keep your device's operating system and applications, including SaxApp, up to date, use secure network connections, and enable security features like passcodes or biometrics.

10.2 Third-Party Security Measures
Because we rely on third-party providers for certain functionalities, we want you to be aware of their security practices:

1. Google Analytics for Firebase
Google Analytics for Firebase collects analytics data to help improve our services. For details about Google's security practices, please review Google's Privacy Policy: https://policies.google.com/privacy

2. Apple's iCloud
If you enable iCloud sync on your Apple device, certain app data is stored in your iCloud account. We do not access or store your Apple login credentials or other personal account details. For more information about Apple's data practices and security, please visit Apple's Privacy Policy: https://www.apple.com/legal/privacy/

3. RevenueCat (Subscription & Payment Management)
We use RevenueCat to manage subscriptions, paywalls, and certain analytics (e.g., paywall conversion stats) related to in-app purchases. We receive aggregated data on paywall views, conversions, and subscription statuses from RevenueCat but do not receive your full payment details (e.g., credit card numbers).
For more information on RevenueCat's data collection and security practices, please visit:
https://www.revenuecat.com/privacy/

4. Apple In-App Purchases
Apple directly processes all payments for in-app purchases on iOS devices, including any credit card or other payment details. We do not store or have access to your payment information. For more information about how Apple handles payment data, please review Apple's Privacy Policy: https://www.apple.com/legal/privacy/

10.3 No Guarantee of Absolute Security

Despite our efforts—and the efforts of our third-party providers—no online transmission or digital storage system can be guaranteed to be completely secure. Although we strive to protect your information with industry-standard safeguards, we cannot warrant the absolute security of any information transmitted through the App. Any transmission is at your own risk.

10.4 Data Breach Procedures

If we become aware of a data breach that could potentially expose your personal information, we will:
1. Investigate the nature and scope of the breach.
2. Notify affected users promptly if there is a risk to your rights or freedoms, consistent with applicable legal obligations.
3. Coordinate with relevant supervisory authorities as required by law.

10.5 Contact Us
If you have any questions or concerns regarding the security of your information, please refer to the information provided in Section 17, “HOW CAN YOU CONTACT US ABOUT THIS NOTICE?”.

11. DO WE COLLECT INFORMATION FROM MINORS?

In Short: We do not knowingly collect or market to children's personal information, and we take steps to promptly remove any such data if discovered.

We operate the Services for a general audience and do not direct or target them to individuals under the age limits defined by applicable law (for example, under 13 in the United States, under 16 in certain EU Member States, or under 18 in other jurisdictions). We also do not knowingly “sell” or “share” personal information (as defined by applicable laws) of minors.

Parental or Guardian Consent

If you are under the age of 18 (or under the age of majority in your jurisdiction), you may only use our Services with the permission and under the supervision of a parent or guardian who agrees to this Privacy Policy on your behalf.

No User Accounts, But Some Data Collection

While we do not maintain user accounts or collect information such as names or emails, we do gather certain device and usage data (e.g., approximate location via IP address, device type, usage logs, subscription status). These data points may be considered personal information under various privacy laws. We do not knowingly associate or use this data to identify or track minors specifically.

No Intentional Marketing to Children

We do not knowingly market our Services to minors or tailor any content specifically for children under any applicable minimum age threshold.

Discovery and Deletion

If we learn that we have inadvertently collected personal information from a minor without appropriate parental or guardian consent (depending on the jurisdiction), we will take reasonable steps to delete such information from our records. If you believe we may be processing information from or about a child inappropriately, please contact us immediately at [email protected], and we will address the issue in accordance with applicable laws.

Compliance with Children's Privacy Laws

COPPA (U.S.): We do not knowingly collect personal information from children under 13 without verified parental consent.

GDPR/UK GDPR: We do not knowingly collect personal data from anyone under 16 without an appropriate legal basis or verifiable parental/guardian consent.

Other Regions: We strive to comply with all relevant local data protection requirements regarding minors.

By using the Services, you represent that you are at least 18 (or the age of majority in your jurisdiction) or you are the parent/guardian of a minor and consent to that minor's use of the Services.

12. WHAT ARE YOUR PRIVACY RIGHTS

In Short: Depending on your state of residence in the US or in some regions, such as the European Economic Area (EEA), United Kingdom (UK), Switzerland, and Canada, you have rights that allow you greater access to and control over your personal information. To exercise certain rights, refer to Section 18, “HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?”, on how to review, update, or delete your data.

In some regions (like the EEA, UK, Switzerland, and Canada), you have certain rights under applicable data protection laws. These may include the right:

1. to request access and obtain a copy of any personal information we might have about you;
   
2. to request rectification or erasure of your personal information;
   
3. to restrict the processing of your personal information;
   
4. to data portability, where applicable;
   
5. not to be subject to automated decision-making.

You can make such a request by contacting us using the details in “HOW CAN YOU CONTACT US ABOUT THIS NOTICE?” and “HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?”.

If you are located in the EEA or UK and you believe we are unlawfully processing your personal information, you also have the right to complain to your Member State data protection authority or UK data protection authority.

If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner.

Withdrawing Your Consent: Since we rely on your consent for data processing, you have the right to withdraw consent at any time, in line with applicable laws. You can withdraw consent by disabling tracking via the App's settings.

Please note that withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal, nor will it affect processing based on other lawful grounds. Once consent is withdrawn, we will cease processing your personal information for future activities based on that consent, subject to legal limitations.

If you have further questions or comments about your privacy rights, please email us at [email protected]. We will do our best to address your concerns within the limits of the data we can access.

13. DO-NOT-TRACK (DNT)

California law requires us to let you know how we respond to web browser DNT signals. Our mobile application does not currently support or respond to Do-Not-Track (DNT) signals. While many web browsers and some operating systems provide DNT settings to signal a user's preference not to be tracked, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online.

If and when a recognized standard for DNT is established and becomes applicable to our Services, we will update our practices and this Privacy Policy accordingly to reflect how we handle such signals and inform you of any changes.

14. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
In Short: If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, or Virginia, you may have the right to request access to and receive details about the personal information we maintain about you and how we have processed it, correct inaccuracies, get a copy of, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. These rights may be limited in some circumstances by applicable law. More information is provided below.

Categories of Personal Information We Collect

We have collected the following categories of personal information in the past twelve (12) months:

Category	Examples	Collected
Identifiers	Contact details, such as real name, alias, postal address, telephone or mobile contact number, unique personal identifier, online identifier, Internet Protocol address, email address, and account name	NO
Personal information as defined in the California Customer Records statute	Name, contact information, education, employment, employment history, and financial information	NO
Protected classification characteristics under state or federal law	Gender, age, date of birth, race and ethnicity, national origin, marital status, and other demographic data	NO
Commercial Information	Transaction information, purchase history, financial details, and payment information	YES
Biometric Information	Fingerprints and voiceprints	NO
Internet or other similar network activity	Browsing history, search history, online behavior, interest data, and interactions with our and other websites, applications, systems, and advertisements	YES
Geolocation data	Device location	YES
Audio, electronic, sensory, or similar information	Images and audio, video or call recordings created in connection with our business activities	NO
Professional or employment-related information	Business contact details in order to provide you our Services at a business level or job title, work history, and professional qualifications if you apply for a job with us	NO
Education Information	Student records and directory information	NO
Inferences drawn from collected personal information	Inferences drawn from any of the collected personal information listed above to create a profile or summary about, for example, an individual's preferences and characteristics	NO
Sensitive personal information	Government identifiers (Social Security number, driver's license), health data, biometric data (fingerprints, facial scans), or precise geolocation	NO

We may also collect other personal information outside of these categories through instances where you interact with us in person, online, or by phone or mail in the context of:

• Receiving help through our customer support channels;
  
• Participation in customer surveys or contests; and
  
• Facilitation in the delivery of our Services and to respond to your inquiries.

We will use and retain the collected personal information in accordance with Section 9 of this policy, “DATA RETENTION”.

Sources of Personal Information
Learn more about the sources of personal information we collect in “INFORMATION WE COLLECT”.

How We Use and Share Personal Information

Learn more about how we use your personal information in the section, “HOW DO WE PROCESS YOUR INFORMATION?”.

Will your information be shared with anyone else?
Learn more about how, and with whom, we disclose personal information in the section, “WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?”

We may use your personal information for our own business purposes, such as for undertaking internal research for technological development and demonstration. This is not considered to be “selling” of your personal information.

We have disclosed the following categories of personal information to third parties for a business or commercial purpose in the preceding twelve (12) months:
• Category D. Commercial information (eg. subscription status)
• Category F: Internet or Other Similar Network Activity (e.g., usage metrics and analytics)
• Category G. Geolocation data (approximate location based on IP address)

The categories of third parties to whom we disclosed personal information can be found under “WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?”.

We do not sell personal information (as defined under applicable laws), nor do we share personal information for cross-context behavioral advertising. Therefore, we have not sold or shared any categories of personal information in the preceding twelve (12) months.

The categories of third parties to whom we shared personal information with are:

• Mobile Analytics
  • Google Analytics for Firebase
    
• Subscription Management
  • RevenueCat
    
• Cloud Sync
  • Apple (iCloud)

Your Rights
You have rights under certain US state data protection laws. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law. These rights include:

• Right to know whether or not we are processing your personal data
  
• Right to access your personal data
  
• Right to correct inaccuracies in your personal data
  
• Right to request the deletion of your personal data
  
• Right to obtain a copy of the personal data you previously shared with us
  
• Right to non-discrimination for exercising your rights
  
• Right to opt out of the processing of your personal data if it is used for targeted advertising (or sharing as defined under California's privacy law), the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects (“profiling”)

Depending upon the state where you live, you may also have the following rights:

• Right to access the categories of personal data being processed (as permitted by applicable law, including Minnesota's privacy law)
  
• Right to obtain a list of the categories of third parties to which we have disclosed personal data (as permitted by applicable law, including California's and Delaware's privacy law)
  
• Right to obtain a list of specific third parties to which we have disclosed personal data (as permitted by applicable law, including Minnesota's and Oregon's privacy law)
  
• Right to review, understand, question, and correct how personal data has been profiled (as permitted by applicable law, including Minnesota's privacy law)
  
• Right to limit use and disclosure of sensitive personal data (as permitted by applicable law, including California's privacy law). Note: We currently do not process sensitive personal data as defined by applicable laws.
  
• Right to opt out of the collection of sensitive data and personal data collected through the operation of a voice or facial recognition feature (as permitted by applicable law, including Florida's privacy law). Note: We currently do not collect sensitive data or use voice/facial recognition features. However, if this changes or you have concerns, you have the right to opt out under applicable law.

How to Exercise Your Rights
To exercise these rights, you can contact us as outlined in Section 17 of this Policy, “HOW CAN YOU CONTACT US ABOUT THIS NOTICE?”.

We do not sell personal information, profile, or engage in targeted advertising. If you have concerns about analytics data collection, you can opt out by disabling analytics in the App's settings or contact us for more information, as described in “HOW CAN YOU CONTACT US ABOUT THIS NOTICE?”.

Under certain US state data protection laws, you can designate an authorized agent to make a request on your behalf. We may deny a request from an authorized agent that does not submit proof that they have been validly authorized to act on your behalf in accordance with applicable laws.

Request Verification
Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. We will only use personal information provided in your request to verify your identity or authority to make the request. However, if we cannot verify your identity from the information already maintained by us, we may request that you provide additional information for the purposes of verifying your identity and for security or fraud-prevention purposes.

If you submit the request through an authorized agent, we may need to collect additional information to verify your identity before processing your request and the agent will need to provide a written and signed permission from you to submit such request on your behalf.

Appeals
Under certain US state data protection laws, if we decline to take action regarding your request, you may appeal our decision by emailing us at [email protected]. We will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If your appeal is denied, you may submit a complaint to your state attorney general.

California “Shine The Light” Law
California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us by using the contact details provided in the section “HOW CAN YOU CONTACT US ABOUT THIS NOTICE?”

15. DO OTHER REGIONS HAVE SPECIFIC PRIVACY RIGHTS?
In Short: You may have additional rights based on the country you reside in.

Australia and New Zealand
We collect and process your personal information under the obligations and conditions set by Australia's Privacy Act 1988 and New Zealand's Privacy Act 2020 (Privacy Act).

This Privacy Notice satisfies the notice requirements defined in both Privacy Acts, in particular: what personal information we collect from you, from which sources, for which purposes, and other recipients of your personal information.

If you do not wish to provide the personal information necessary to fulfill their applicable purpose, it may affect our ability to provide our services, in particular:

• offer you the products or services that you want
  
• respond to or help with your requests

At any time, you have the right to request access to or correction of your personal information, as outlined in “HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?”. You can make such a request by contacting us by using the contact details provided in the section “HOW CAN YOU CONTACT US ABOUT THIS NOTICE?”.

If you believe we are unlawfully processing your personal information, you have the right to submit a complaint about a breach of the Australian Privacy Principles to the Office of the Australian Information Commissioner and a breach of New Zealand's Privacy Principles to the Office of New Zealand Privacy Commissioner.

Republic of South Africa
At any time, you have the right to request access to or correction of your personal information, as outlined in “HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?”. You can make such a request by contacting us by using the contact details provided in the section “HOW CAN YOU CONTACT US ABOUT THIS NOTICE?”.

If you are unsatisfied with the manner in which we address any complaint with regard to our processing of personal information, you can contact the office of the regulator, the details of which are:

The Information Regulator (South Africa)
General enquiries: [email protected]
Complaints (complete POPIA/PAIA form
5): [email protected] & [email protected]

16. DO WE MAKE UPDATES TO THIS POLICY?
In Short: Yes, we may update this Policy to reflect changes in our practices or legal requirements.

We may modify this Policy from time to time. The updated version will be indicated by an updated “Revised” date at the top of this Policy. If we make material changes, we may provide notice to you in any of the following ways:

• By prominently posting a notice on our website or in the App
  
• By sending you a direct notification

If changes are non-material, we may update this Policy without additional notice; simply continuing to use our services after we publish an updated version constitutes your acceptance of the revised terms. We encourage you to review this Policy frequently to stay informed about how we protect your information.

17. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
For any questions, concerns, or to exercise your rights, please reach out to our Data Protection Officer:

SaxApp Pty Ltd
Attn: Data Protection Officer (DPO)
Email: [email protected]
Website: https://saxapp.com

When submitting a data request or inquiry, please provide your User ID, which can be found in the App's settings.

18. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?
Based on the laws of your country or US state of residence, you may have rights to:

• Request access to the personal information we collect about you
  
• Request details about how we have processed this information
  
• Request correction of inaccuracies
  
• Request deletion of your personal information
  
• Limit or withdraw consent for certain uses

You have the right to review, update, or delete the data we collect from you based on the applicable laws of your country or state of residence in the US. To exercise these rights, you can:

• Remove the App or disable iCloud: Deleting the App (or disabling iCloud sync) removes local and iCloud-stored data.
  
• Opt Out of Analytics: In the App's settings, you can disable the collection of analytics data.
  
• Contact us to delete or review analytics data: If you wish to delete or review analytics data (in Google Analytics for Firebase), email us at [email protected]. Providing your User ID (available in the settings of the App) will help us locate and remove your data.

We will process your request according to applicable laws. If we cannot fulfill a specific request (e.g., because we cannot find your data), we will inform you and suggest alternative steps.

By continuing to use the Services, you agree to the terms in this Policy. If you have any questions, please contact us at [email protected].