General Privacy Policy — All Mobile Applications (Apple App Store & Google Play)
Last Updated: May 5, 2026 · General Enquiries: hello@milaltechnologies.com · DPO Contact: dpo@milaltechnologies.com
Milal Technologies ("we," "our," or "us") is committed to protecting your privacy. This General Privacy Policy applies to all mobile applications ("Apps") published under the Milal Technologies developer account on the Apple App Store and Google Play Store, and to all related services.
By downloading, installing, or using an App, you acknowledge that you have read, understood, and agree to this Policy. If you do not agree, please do not use our Apps.
We prioritize user privacy and rely on your explicit consent for data collection and access to device features. You have the right to withdraw or modify your consent at any time. This can be done directly through the settings within the App or by contacting us at hello@milaltechnologies.com.
Depending on the features of the specific App you use, we may collect:
| Data Type | Source | Purpose |
|---|---|---|
| Device advertising identifiers (IDFA on iOS, AAID on Android) | Device OS | Attribution, personalised advertising (with consent), fraud prevention |
| Device model, OS version, app version, build number | Device OS | Crash reporting, compatibility, performance optimisation |
| IP address | Network | Security, approximate region for localisation |
| Usage events (screens viewed, features used, sessions) | In-app interaction | Analytics, product improvement |
| Crash logs and error stack traces | Firebase Crashlytics, Sentry | Debugging and stability monitoring |
| Attribution data (install source, campaign, ad interactions) | Adjust, AppsFlyer, Apple Search Ads, Facebook SDK/Pixel, RevenueCat, TikTok, Firebase, Play Store | Marketing attribution and campaign measurement |
| Subscription and purchase status | RevenueCat / App Stores | Entitlement verification |
| Push notification token (FCM token) | Firebase Cloud Messaging | Push notification delivery (with permission) |
| Consent status and preferences | Usercentrics CMP / ATT (iOS) | GDPR / CCPA / ATT compliance record-keeping |
| Ad interaction data (impressions, clicks) | Google AdMob | Serving in-app advertisements (contextual without consent; personalised with consent) |
| Aggregated behavioural and engagement data | Bi-Dash (data collection) | Product intelligence and user engagement analysis |
Unless user consent or app requirements:
Some Apps use third-party AI services to provide features such as voice-to-text, content generation, recitation feedback, or task classification. Where an App uses AI (features are intended for entertainment purposes only and may generate inaccurate or incorrect information; they should not be utilized for financial, medical, or other significant real-life decision-making):
| Processing Activity | Legal Basis |
|---|---|
| Account management and core App functionality | Performance of a contract — Art. 6(1)(b) GDPR |
| Crash reporting and security monitoring | Legitimate interests — Art. 6(1)(f) GDPR |
| Non-personalised analytics (where consent not required by law) | Legitimate interests — Art. 6(1)(f) GDPR |
| Personalised advertising and attribution tracking | Consent — Art. 6(1)(a) GDPR |
| Facebook SDK / Pixel data processing for ad measurement | Consent — Art. 6(1)(a) GDPR |
| Apple Search Ads attribution | Consent — Art. 6(1)(a) GDPR |
| AI feature inputs sent to third-party processors | Consent — Art. 6(1)(a) GDPR |
| Compliance with legal obligations | Legal obligation — Art. 6(1)(c) GDPR |
You may withdraw consent at any time via Settings → Privacy Settings in the App, or through your device settings. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
We use Usercentrics as our Consent Management Platform (CMP) to comply with GDPR, UK GDPR, ePrivacy, and CCPA/CPRA. Before any advertising, attribution, social, AI-processing, or personalised-analytics SDK is initialised:
We share data with carefully selected third-party providers strictly to operate our Apps. We do not sell your personal data. Each provider processes data under its own privacy policy and a Data Processing Agreement with us. The specific providers active in an individual App are disclosed in its iOS Privacy Label / Google Play Data Safety form.
6.1 Hosting, Backend & Core Firebase Suite
| Service | Type | Data Shared | Purpose |
|---|---|---|---|
| Firebase / React Native Firebase (Google LLC) | Essential | User ID, app data, in-app content | Core database storage and account management |
| Firebase Authentication (Google LLC) | Essential | Email address, UID, sign-in token | Secure account authentication |
| Firebase Remote Config (Google LLC) | Functional | Device info, app version | Remote feature flags and configuration |
| Firebase Cloud Messaging (FCM) (Google LLC) | Functional | FCM device token | Push notification delivery (with permission) |
6.2 Analytics & A/B Testing
| Service | Type | Data Shared | Purpose |
|---|---|---|---|
| Google Firebase Analytics (Google LLC) | Functional | Pseudonymous user ID, usage events, device info | Product analytics and user behaviour understanding |
| Google Analytics for Firebase (Google LLC) | Functional | Session data, screen views, conversion events | Unified analytics reporting |
| Firebase A/B Testing (Google LLC) | Functional | Experiment variant assignment, device info | Feature testing and optimisation |
| Bi-Dash (data collection) | Functional | Aggregated engagement and behavioural events | Product intelligence and engagement analysis |
6.3 Crash & Error Monitoring
| Service | Type | Data Shared | Purpose |
|---|---|---|---|
| Firebase Crashlytics (Google LLC) | Functional | Crash reports, error stack traces, device info | App stability monitoring and bug fixing |
| Sentry (Functional Software, Inc.) | Functional | Error logs, stack traces, breadcrumbs, device info | Real-time error tracking and performance monitoring |
6.4 Attribution & Marketing Measurement
| Service | Type | Data Shared | Purpose |
|---|---|---|---|
| Adjust (Adjust GmbH) | Essential | Advertising ID, install events, in-app events (with consent) | Mobile marketing attribution and campaign performance measurement |
| AppsFlyer (AppsFlyer Ltd.) | Essential | Advertising ID, install events, in-app events (with consent) | Mobile marketing attribution and campaign performance measurement |
| Apple Search Ads (Apple Inc.) | Marketing | Attribution token, campaign identifiers (iOS only, with consent) | Measuring installs driven by Apple Search Ads campaigns |
| Facebook SDK (Meta Platforms, Inc.) | Essential | Advertising ID, install events, in-app events, app usage data (with consent) | Facebook/Meta campaign attribution and ad measurement |
| Facebook Pixel (Meta Platforms, Inc.) | Essential | Event signals, conversion data (with consent) | Measuring ad campaign conversions across Meta platforms |
6.5 Advertising
| Service | Type | Data Shared | Purpose |
|---|---|---|---|
| Google AdMob (Google LLC) | Functional | Advertising ID, ad interaction data (contextual only without consent; personalised only with consent) | Serving in-app advertisements on the free tier |
We use Google AdMob exclusively for advertising across all Milal Technologies Apps. No other ad network or mediation platform is used. Ads served in children's Apps are strictly contextual with no behavioural targeting.
| Service | Data Shared | Purpose |
|---|---|---|
| Generative AI / Speech-to-Text (specific processor named in App Addendum) | Text prompts, audio recordings, image inputs (App-dependent, with consent) | AI-powered features as described in §2.4 |
6.7 Subscription & In-App Purchase
| Service | Type | Data Shared | Purpose |
|---|---|---|---|
| RevenueCat (RevenueCat, Inc.) | Essential | User ID, purchase events, subscription status, transaction identifiers | In-app purchase and subscription entitlement management |
| Apple App Store (Apple Inc.) | — | Purchase records (handled by Apple) | iOS in-app purchase processing |
| Google Play Store (Google LLC) | — | Purchase records (handled by Google) | Android in-app purchase processing |
6.8 Consent Management
| Service | Type | Data Shared | Purpose |
|---|---|---|---|
| Usercentrics CMP (Usercentrics GmbH) | Essential | Consent choices (no personal data sold) | GDPR / CCPA consent record-keeping |
Some Apps call read-only content APIs.
We may disclose information when required by law, court order, or government authority, or where necessary to protect our rights, user safety, or the integrity of our Apps. We will notify affected users where legally permitted.
A current list of all sub-processors used across the Milal Technologies Apps portfolio is maintained. We update this page when sub-processors are added, replaced, or removed.
Free-tier Apps may display advertisements served exclusively by Google AdMob.
| Data Type | Retention Period |
|---|---|
| Account data | Until account deletion or as required by law |
| User-generated content | Until deletion by user or account deletion |
| Firebase Analytics events | Up to 14 months (Firebase Analytics default) |
| Crash logs (Crashlytics) | Up to 90 days |
| Crash logs (Sentry) | Up to 90 days |
| Attribution data (Adjust) | Up to 13 months |
| Attribution data (AppsFlyer) | Up to 24 months |
| Facebook SDK / Pixel attribution data | As per Meta data retention policy |
| Apple Search Ads attribution data | As per Apple data retention policy |
| Bi-Dash engagement data | As per Bi-Dash data retention policy |
| Subscription and purchase records | As required by financial, tax, and legal obligations |
| Voice / audio recordings | Deleted by us after processing; AI processor retention up to 30 days (§2.4) |
| AI prompts (text) | Deleted by us after processing; AI processor retention up to 30 days (§2.4) |
| Consent records | Up to 3 years (GDPR accountability obligation) |
Where an App requires different retention, the App-Specific addendum states it.
We implement industry-standard security measures including:
No method of transmission or storage is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security. If you believe your account or data has been compromised, contact us immediately at hello@milaltechnologies.com.
Unless an individual App is specifically designed and rated as a children's app:
You can request deletion in-app (via Settings) or by email to dpo@milaltechnologies.com (reply within 30 days).
| Data Category | Timeline |
|---|---|
| User-facing data | Removed within 7 days |
| Backend production data | Removed within 30 days |
| Encrypted backups | Purged within 90 days |
Anonymised, aggregated analytics data may be retained indefinitely. To exercise any other privacy right, contact us at dpo@milaltechnologies.com. We respond within statutory deadlines:
Our Apps operate globally. Your data may be transferred to and processed in countries outside your country of residence, including the United States, where our service providers (Google, Meta, RevenueCat, Adjust, AppsFlyer, Sentry, Usercentrics, Bi-Dash) maintain infrastructure. Where data is transferred outside the EEA, UK, or Switzerland, we rely on appropriate safeguards including:
Where an App offers push notifications, we may send reminders, learning streaks, subscription updates, or feature announcements via Firebase Cloud Messaging (FCM). Notification permission is requested in context (when first relevant), not at launch. You may enable or disable notifications at any time via your device settings or the App's settings. Disabling notifications does not affect your ability to use core features.
Some App data — preferences, progress, offline content, cached settings — is stored locally on your device using platform-appropriate storage mechanisms (e.g., MMKV, Redux Persist, AsyncStorage on Android; equivalent storage on iOS). Local data is not transmitted to our servers and is removed when you uninstall the App or reset App data in your device settings.
Sensitive credentials are stored in the device secure keystore (iOS Keychain / Android Keystore).
Our Apps do not use browser cookies. Mobile equivalents we may use include:
Our iOS Apps include the PrivacyInfo.xcprivacy Privacy Manifest required by Apple, declaring required-reason API usage and the data practices of all bundled third-party SDKs — including Firebase, Facebook SDK, Sentry, RevenueCat, Adjust, AppsFlyer, and Usercentrics. We update Privacy Manifests with each SDK upgrade and verify that App Privacy Labels in App Store Connect match the manifest declarations and actual app behaviour, in line with App Store Review Guidelines §5.1.1.
Our Android Apps include a fully completed Data Safety declaration in Google Play Console reflecting the actual data collection and sharing behaviour of the App and all integrated SDKs — including Firebase, Facebook SDK, Sentry, Adjust, AppsFlyer, RevenueCat, Google AdMob, and Usercentrics. We review and update Data Safety declarations whenever we update SDK integrations or data practices, in line with Google Play's Developer Program Policy.
If an App offers biometric features (e.g., Face ID, Touch ID, fingerprint authentication for app lock or premium content):
Where an App generates content using AI (text, audio feedback, suggestions, classifications):
Where an App allows user-generated content or displays AI-generated output, an in-app reporting mechanism is provided — typically Settings → Report Content, or a long-press / "Report" option on the content itself. Reports are reviewed within 48 hours during business days. Content that violates our Community Guidelines or applicable law is removed, and accounts that repeatedly violate guidelines may be suspended or terminated.
This mechanism is also available for reporting:
In the event of a personal data breach that affects your information, we will:
We maintain an incident response process, including documentation of all breaches, regardless of whether notification is legally required.
For users in the EEA, UK, and Switzerland, our Data Protection point of contact is reachable at dpo@milaltechnologies.com. Where Article 27 GDPR requires the appointment of an EU Representative, the current Representative's name and contact details are provided on request.
We may update this Policy periodically to reflect changes in our practices, technology, or legal requirements. For material changes, we will notify you through:
The "Last Updated" date at the top reflects the most recent revision. Continued use of our Apps after changes become effective constitutes acceptance of the updated Policy.
For questions, concerns, or privacy requests:
Milal Technologies
We respond within statutory deadlines (§11.3) or, where no deadline applies, within 30 days.