BeepBop — Privacy Policy

This Privacy Policy describes how BeepBop (the “App”) and
Lingualite (“we”, “us”, or “our”) collect, use, and share
information when you use the App and visit beepbop.lingualite.eu
(the “Site”). If you do not agree with this Policy, please do not use the App or the Site.

1) Who we are & how to contact us

Controller: Lingualite
Contact email: privacy@lingualite.eu
Website: beepbop.lingualite.eu

2) What the app does (context)

BeepBop is a timer/interval-training utility. It runs timers (including in the background),
shows Live Activities on iOS, and can play audio cues and send local notifications.
The App may include banner/interstitial advertising, and offers in-app purchases / subscriptions.
The App also supports optional sign-in to link purchases and Premium status to a user account.

3) Data we collect

A) Data you provide directly

• Support emails. If you contact us, we receive your email address
  and whatever you include in the message.
• Account sign-in details (if you choose to create/sign in to an account).
  If you use email/password sign-in, Firebase Authentication processes your email address and password
  (passwords are handled by Firebase Authentication and are not accessible to us in plain text).
  If you use “Sign in with Google” or “Sign in with Apple”, the provider may share identifiers
  such as your email address and display name depending on your provider settings and what you consent to share.

B) Data processed on your device (not sent to us)

• Timer presets, settings, theme, and preferences. Stored locally on your device.
• Notification schedules and audio choices. Stored and executed locally.
• Digital Coach profile (local). If you create a “Digital Coach” profile
  (for example: age, height, weight, fitness level, preferred sports/equipment), it is stored locally
  on your device (client-side) and is currently not uploaded to our servers.

C) Data collected by third-party services (advertising & payments)

• Advertising (AdMob by Google). If ads are enabled, AdMob may collect device identifiers
  (e.g., IDFA/AAID), IP address, coarse location (derived from IP), app interactions with ads, and performance metrics
  to deliver, measure, and improve ads. In the EEA/UK, we request consent for personalized ads where required.
• In-App Purchases & Subscriptions (Apple / App Store). If you make a purchase,
  Apple processes payment information. We receive non-financial purchase signals (e.g., purchase success state,
  product identifier, and a receipt / token used for verification) to unlock features.
  We do not receive your full payment details.

D) Data stored in our backend (Firebase / Firestore) when you sign in

If you sign in, we store a limited set of data in a database (Google Firebase / Cloud Firestore)
associated with your Firebase user identifier (UID). This is used to link Premium access and usage limits
to your account and (where applicable) across devices.

• Account identifier: a Firebase user ID (UID). We may also store your email address
  in Firebase Authentication (managed by Google Firebase).
• Premium status: whether Premium is active, the platform (iOS/Android),
  the product identifier, and an expiry timestamp (if applicable).
• Usage counters: for example, a monthly usage count and the timestamp of the last usage reset
  (used to enforce monthly limits for certain features).
• Verification timestamps: e.g., when Premium status was last verified.

We aim to store only what is necessary for these purposes. We do not store your full payment details,
and we do not store your Apple ID.

E) AI / workout generation (if you use AI features)

• Workout requests. If you use AI workout generation, the text you enter (your prompt)
  is sent to our backend service to generate a workout. Depending on implementation, this request may be processed
  by third-party infrastructure (e.g., Google Cloud) and/or an AI provider.
• Coach profile usage. If the App uses your on-device coach profile to personalize requests,
  the App may include some of that information in the request. Currently, your coach profile is stored on-device,
  and only the information necessary to fulfill your request should be sent (if sent at all).

We do not intend to use your workout requests to identify you. We may retain limited technical logs for security,
debugging, and abuse prevention (see Section 6).

We do not knowingly collect precise location, contacts, photos, health data, or other sensitive categories
unless you explicitly provide them (for example, by including them in a support email or a free-text prompt).

4) Why we collect data (purposes) & legal bases (GDPR)

5) Sharing of information

• Advertising: Google AdMob may act as a controller for certain ad data.
  See Google’s documentation for how it uses information.
• Authentication & database: We use Google Firebase (Firebase Authentication and Cloud Firestore)
  to provide sign-in and store limited account/entitlement data (see Section 3D).
• Payments: Apple handles payment data; we receive limited purchase signals to unlock features.
• Service providers / legal: We may disclose information to authorities if legally required,
  or to protect our users, property, and rights.

We do not sell personal information.

6) Data retention

• On-device app data (presets, settings, coach profile) remains until you delete the App
  or reset data on your device.
• Account/entitlement records (Firebase/Firestore) are retained while your account is active.
  If you delete your account (in-app), we will delete or anonymize associated backend records where feasible
  (subject to technical constraints and legal obligations).
• Support correspondence is retained as long as reasonably necessary (typically up to 24 months
  unless required longer).
• Ad & payment records follow the retention practices of Google and Apple.
• Technical logs (if any) may be retained for a limited period for security, reliability,
  debugging, and abuse prevention.

7) International transfers

If ad, authentication, AI, or payment providers store/process data outside your home country (e.g., in the United States),
appropriate safeguards such as Standard Contractual Clauses may apply. See each provider’s documentation for details.

8) Your choices & controls

• Personalized ads (EEA/UK): You will be asked for consent. You can change your choice in the App’s consent dialog
  (if available) or via your device’s ad settings.
• Limit ad tracking / reset ID: On iOS, use Settings → Privacy & Security.
  On Android, manage Ads settings under Google settings.
• Remove ads / Premium: If offered, you may purchase options in-app. You can manage subscriptions in your Apple ID settings.
• Account controls: You can sign out in-app. You can also delete your account from within the App (if available),
  which removes your authentication account and clears local app data on your device (preferences).
• Notifications & background features: Toggle in device settings.
• Uninstall: You can stop most app data processing by uninstalling the App. Note that third-party services
  (e.g., Apple purchase history, ad networks) may retain records under their own policies.

9) Your rights (EEA/UK)

Subject to exceptions, you may have the right to request: access, correction,
deletion, restriction, portability, and objection
to certain processing. To exercise rights, contact us at
privacy@lingualite.eu.
You also have the right to lodge a complaint with your local supervisory authority.

10) California privacy rights (CPRA)

We may process the following categories: Identifiers (device IDs; account UID),
Internet/Network activity (app/ads interactions),
Approximate location (from IP, via ad services),
and Commercial information (purchase/subscription status).
We do not sell personal information in the traditional sense.
For cross-context behavioral advertising, you can manage consent/preferences as described above.

California residents can request access, correction, deletion,
and opt-out of certain sharing at
privacy@lingualite.eu.

11) Children’s privacy

The App is not directed to children under 13. We do not knowingly collect personal information from children.
If you believe a child provided personal information, contact us and we will take appropriate steps.

12) Security

We use reasonable technical and organizational measures appropriate to the nature of the data we process.
No method of transmission or storage is 100% secure.

13) Changes to this Policy

We may update this Policy from time to time. Changes will be posted on this page with a new “Last updated” date.
Material changes may be highlighted in-app or on the Site.

14) App permissions (iOS examples)

15) Third-party details & links

• Google AdMob – Advertising services and measurement: policies.google.com/technologies/ads
• How Google uses information: policies.google.com/technologies/partner-sites
• Google Privacy Policy: policies.google.com/privacy
• Firebase Privacy & Security: firebase.google.com/support/privacy
• Apple Media Services (IAP) / Apple Privacy: apple.com/legal/privacy/