Privacy Policy Informativa sulla privacy

Shake to Enable Torch — Android (com.luxebyte.shaketoenabletorch)

Publisher / Editore: Luxebyte Labs · luxebytecomp@gmail.com

Effective / In vigore dal: · Last updated / Ultimo aggiornamento: · Version / Versione 2.0

1. Who is responsible for your data (Data Controller)

The app “Shake to Enable Torch” (Android package com.luxebyte.shaketoenabletorch, the “App”) is published by Luxebyte Labs (the “Developer”, “we”, “us”). For the limited processing described in this policy, the data controller is:

We are a small independent publisher. We deliberately do not publish further identity details here; the brand name above together with the contact email is the controller identity for the purposes of this policy. For any privacy question or to exercise your rights, write to luxebytecomp@gmail.com.

Important to understand up front: the Developer operates no servers and runs no backend of its own. We do not receive, store, or have access to the advertising data described in Section 3(b). That data is collected and processed by Google (our advertising provider) and its partners. We are the controller only in the sense that we chose to integrate advertising into the App and we decide where and how an ad may appear. Google determines the means and purposes of its own processing of advertising data and acts as an independent (and, where applicable, joint) controller for it.

2. Scope of this policy

This policy applies only to the “Shake to Enable Torch” Android App distributed through the Google Play Store. It does not cover any other product, website, or third-party service except as expressly described here (in particular Google’s advertising services).

The App is distributed globally and its interface is localized into 17 languages. This English text is the primary version; a faithful Italian translation of equal completeness is provided on this same page (“Informativa sulla privacy”).

Changes and versioning

We may update this policy, for example if the App changes or if legal requirements change. When we make a material change we will update the “Last updated” date above and publish the new version at the same web address where you found this policy, before or at the time the change takes effect. Where the change concerns advertising consent, you may be asked again through the in-app consent mechanism (see Section 7). Your continued use of the App after an update takes effect means the updated policy applies to you; if you do not agree, you can stop using the App and uninstall it.

3. What data is processed

The App processes two clearly separate categories of data. We keep them separate on purpose, because they behave very differently.

3(a) — Data kept ONLY on your device, never transmitted to us or anyone

To make the App work and to power its features, the App stores a small amount of information locally on your device only, using Android’s standard SharedPreferences storage. This includes:

  • your shake counts (how many times the App has detected a shake);
  • your daily streak (consecutive-day usage counter);
  • your achievements (in-app milestones you have unlocked);
  • your settings and preferences, such as shake sensitivity and the theme (light/dark) you have chosen.

This on-device data never leaves your device, is never transmitted to the Developer (who has no servers to receive it), and is never sold or shared with anyone. It is fully under your control: uninstalling the App, or clearing the App’s storage/data in Settings → Apps → Shake to Enable Torch → Storage, deletes it.

The App also reads your device’s accelerometer (motion sensor) through a foreground service in order to detect shaking. Accelerometer readings are processed transiently on the device to decide whether to toggle the flashlight; they are not recorded, stored, profiled, or transmitted.

3(b) — Advertising data, collected and shared by Google (AdMob)

The App offers one optional, opt-in advertisement: a rewarded video ad. It appears in a single place — when you tap to view your achievements, you may choose to watch a short rewarded video. The ad is opt-in (you decide whether to watch it), never auto-played, shown nowhere else in the App, and fully declinable — you can always say no and keep using the App.

To serve this ad we use the Google Mobile Ads SDK (Google AdMob). When an ad is requested and shown, Google and its advertising partners collect and process the following categories of data for the purposes of serving ads, measuring ad performance, and preventing fraud and abuse:

  • the Android Advertising ID (AAID) — a resettable advertising identifier;
  • the app-set ID — an identifier scoped to apps from the same developer;
  • your IP address;
  • device and diagnostic information (e.g. device model, OS version, language/region, and similar technical data);
  • your interactions with ads (e.g. whether an ad was shown, viewed, or clicked).

This advertising data is collected by and shared with Google and Google’s advertising partners. The Developer does not receive it. Because Google’s advertising infrastructure is global, this data may be processed on servers located outside the EU/EEA, including in the United States (see Section 6).

If you do not consent (where consent is required — see Section 7) or you opt out, the App still works fully; you simply will not be served personalized ads, and in regions where consent is required no ad identifiers are used without your consent.

The App does not collect or use location data, contacts, photos, microphone, camera content (the torch uses the flash hardware, not camera imagery), account information, or any special-category (sensitive) personal data.

4. Why we process data, and the legal basis for each purpose (GDPR)

Under the EU GDPR, the UK GDPR, and the Italian Codice Privacy (D.lgs. 196/2003 as amended by D.lgs. 101/2018), every processing purpose needs a legal basis.

PurposeData involvedLegal basis
Provide the core flashlight function (detect a shake and toggle the torch) Transient accelerometer readings (on-device only) Performance of the service you requested and our legitimate interest (Art. 6(1)(b)/(f) GDPR) in making the App work. No data leaves your device.
Remember your settings, counts, streak, achievements On-device SharedPreferences data (3(a)) Legitimate interest (Art. 6(1)(f) GDPR) in providing the features you use; processing occurs only on your device and is not accessible to us.
Serve and measure the opt-in rewarded ad (incl. fraud/abuse prevention) Advertising data via Google (3(b)) In the EEA, UK, and Switzerland: your consent (Art. 6(1)(a) GDPR; and ePrivacy consent to storing/reading identifiers on your device), collected via the Google UMP consent form before any ad is requested. Outside those regions, Google processes this data under the legal bases set out in Google’s own policies.

We rely on legitimate interest only for the first two purposes, which are confined to your device and involve no transmission, sharing, sale, or profiling; you can object (see Section 9) and exercise full control through Android’s app-storage controls and by uninstalling. For advertising in the EEA/UK/Switzerland we rely on consent, not legitimate interest: no ad identifiers are accessed and no ad is requested until you have made your choice, and you can withdraw consent at any time (Section 7), as easily as you gave it and without affecting the lawfulness of processing already carried out. The Developer receives none of the advertising data.

5. Who receives data (third parties / recipients)

Because we run no servers, the only third party that receives data through the App is our advertising provider and its ecosystem:

  • Google — specifically Google Ireland Limited (for users in the EEA/UK/Switzerland) and Google LLC (United States), operating Google Mobile Ads / AdMob; and
  • Google’s advertising partners (third-party ad networks, demand partners, and measurement providers involved in serving and measuring the rewarded ad).

References describing how Google processes this data and who its partners are:

We do not share the on-device data in Section 3(a) with anyone, because it never leaves your device and we never receive it.

6. International data transfers

The on-device data in Section 3(a) is not transferred anywhere — it stays on your device.

The advertising data in Section 3(b) is handled by Google’s global infrastructure and may be transferred to and processed in countries outside the EU/EEA, the UK, and Switzerland, including the United States. Where such transfers occur, they are protected by the safeguards Google relies upon, which include:

  • the European Commission’s adequacy decision for the United States and Google’s certification under the EU–U.S. Data Privacy Framework (and the UK Extension and the Swiss–U.S. framework), where applicable; and/or
  • the Standard Contractual Clauses (SCCs) approved by the European Commission (and the UK International Data Transfer Addendum) under Art. 46 GDPR, with supplementary measures where required.

Details of Google’s transfer mechanisms are in the Google Privacy Policy and its data-transfer / Data Processing Terms at https://policies.google.com/privacy. As the Developer receives none of this data, the transfer safeguards for it are those operated by Google.

7. Consent and how to change or withdraw it

In the EEA, the UK, and Switzerland

Before the App requests any ad, we show you a consent form provided by Google’s User Messaging Platform (UMP) consent SDK. Through it you can agree to or decline the use of advertising identifiers and personalized advertising. No ad is requested and no advertising identifier is read until you have made your choice.

You can change or withdraw your choice at any time, from inside the App, via the “Ad & privacy settings” option. Withdrawing consent is as easy as giving it.

Everywhere — controlling your Advertising ID at the Android level

Independently of the in-app controls, you can manage the advertising identifier on your device via Settings → Privacy → Ads (the exact path varies by device/Android version), where you can Reset advertising ID or Delete advertising ID and turn off ad personalization. Deleting the advertising ID causes apps to receive a string of zeros instead of an identifier, which limits ad personalization.

8. Data retention — how long data is kept

  • On-device data (3(a)): kept on your device until you delete it by clearing the App’s storage/data or uninstalling. We never receive it, hold no copy, and apply no server-side retention to it.
  • Advertising data (3(b)): retained by Google per Google’s own data-retention policies, not by us. We store none of it. See the Google Privacy Policy (https://policies.google.com/privacy) and use the Android Advertising ID controls (Section 7) to reset or delete the identifier.

9. Your privacy rights

EEA, UK, Switzerland (GDPR / UK GDPR / Italian Codice Privacy)

Subject to the conditions in the law, you have the right to access, rectification, erasure, restriction, objection to legitimate-interest processing, data portability, to withdraw consent at any time (for advertising — Section 7), and to lodge a complaint with a supervisory authority. In Italy this is the Garante per la protezione dei dati personali (www.garante.it); you may also complain to the authority in your country of residence or workplace. In the UK this is the Information Commissioner’s Office (ICO) (ico.org.uk).

Because the Developer holds no personal data on any server, in practice: for the on-device data you exercise these rights directly by viewing/changing it in the App and by clearing the App’s storage or uninstalling; for the advertising data, the most effective route is to withdraw consent / change your choice (Section 7), use the Android Advertising ID controls (Section 7), and exercise your rights with Google as the party that holds the data, via the Google Privacy Policy. You may still contact us at luxebytecomp@gmail.com for any request; we respond without undue delay and, under the GDPR, normally within one month.

California (CCPA/CPRA) and other US state privacy laws

You have the right to know/access, delete, correct, opt out of the “sale” or “sharing” of personal information (including “sharing” for cross-context behavioral advertising), limit certain uses, and non-discrimination for exercising your rights. The personal information involved is limited to the advertising identifiers, device/diagnostic information, IP address, and ad-interaction data (Section 3(b)) processed by Google and its partners. Depending on your settings and region, the use of advertising identifiers for personalized advertising may be a “sale” or “sharing” under California law. Exercise an opt-out by declining consent / changing your choice in the in-app “Ad & privacy settings” and via the Android Advertising ID controls (Section 7). You may also contact us at luxebytecomp@gmail.com. Because we operate no servers and receive none of this data, opt-out and deletion for advertising data are fulfilled through these controls and directly with Google.

10. Children’s privacy

The App is a general-audience utility. On Google Play it is declared as not targeted to, and not primarily appealing to, children, and it is not part of the Google Play “Designed for Families” / Teacher Approved programme. The App is intended for users aged 13 and over.

We do not knowingly collect personal data from children under 13 (or under the higher age of digital consent that may apply in your country — e.g. under 16 in some EU Member States; Italy sets this age at 14). The App contains no features directed at children and serves only the single opt-in rewarded ad described above.

If you believe a child has used the App and that advertising data was collected without appropriate consent, contact us at luxebytecomp@gmail.com. Because such data is held by Google rather than by us, we will help direct a deletion request to Google and provide the Android Advertising ID controls (Section 7) that immediately limit and reset the identifier. This approach is intended to be consistent with COPPA and the Google Play Families Policy.

11. Security

We take a proportionate approach matching the App’s minimal data footprint. The App keeps its data on your device, protected by Android’s standard application sandbox and the device’s own protections (lock screen, encryption, OS permissions); we hold no central database to breach. We transmit no personal data to our own infrastructure, because we operate none. The advertising data is transmitted and protected in transit by Google’s security measures as part of the Google Mobile Ads SDK. No method of electronic processing is ever completely secure; however, by keeping data on-device and operating no servers, we structurally minimize the risk to your information.

12. Changes to this policy and how you are notified

We may revise this policy from time to time. When we do, we will update the “Last updated” date at the top, publish the revised policy at the same web address where you found it, and — where the change affects advertising or your consent — ask you again through the in-app consent mechanism (UMP) where required. Material changes take effect when the updated policy is published (or, where the law requires renewed consent, once that consent is collected).

13. How to contact us about privacy

For any question about this policy or to exercise any of your rights, contact Luxebyte Labs at luxebytecomp@gmail.com. This email address is the single point of contact for all privacy requests relating to the App.

→ Leggi questa informativa in italiano