logo-andres-saumet

Cerrar X

buscar

Iniciar Sesión

Registrarse

logo-andres-saumet

buscar

Privacy Policy

phishpop

Effective Date: October 4, 2025

Privacy Policy

Effective Date: October 4, 2025

Last Updated: October 4, 2025

1. Introduction

Welcome to PhishPop ("we," "our," or "us"), operated by Alquimia Studio. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our mobile application ("App"). This policy applies to users in the United States and Canada and complies with applicable privacy laws including the California Consumer Privacy Act (CCPA), Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), and other relevant regulations.

By using PhishPop, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this policy, please do not use the App.

2. Information We Collect

2.1 Personal Information You Provide

We collect information that you voluntarily provide when using the App:

  • Account Information: Email address, name, and password (if you create an account with email/password)
  • Authentication Data: Information from third-party authentication providers (Google Sign-In, Apple Sign-In, GitHub OAuth) including your name, email address, and profile information
  • Trusted Contacts: Names and phone numbers of up to 3 trusted contacts if you use the Safe Parent Mode feature
  • Content for Analysis: URLs, text messages, QR code content, and WiFi network information that you submit for threat analysis
  • Support Communications: Information you provide when contacting customer support

2.2 Automatically Collected Information

  • Device Information: Device type, operating system, unique device identifiers, and mobile network information
  • Usage Data: Scan history, analysis results, app features used, time and duration of app usage, and interaction patterns
  • Log Data: IP address, browser type, access times, and crash reports
  • Analytics Data: Aggregate usage statistics collected through Firebase Analytics

2.3 Information We Do NOT Collect

  • We do NOT collect precise geolocation data
  • We do NOT access your contacts list (except trusted contacts you manually add)
  • We do NOT access your photo library without your explicit permission
  • We do NOT collect biometric information
  • We do NOT collect financial information (payment processing is handled by app stores)

2.4 Children's Privacy

COPPA Compliance: PhishPop is NOT intended for children under 13 years of age (or under 16 in certain jurisdictions). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at andres@andressaumet.com, and we will delete such information from our systems within 30 days.

3. How We Use Your Information

We use collected information for the following purposes:

3.1 Service Provision

  • Provide phishing detection and threat analysis services
  • Maintain your account and authenticate your identity
  • Store and display your scan history
  • Enable Safe Parent Mode features including emergency contact messaging
  • Process and manage subscriptions

3.2 Service Improvement

  • Analyze usage patterns to improve app functionality
  • Develop new features and enhance existing ones
  • Conduct research and analytics to improve threat detection algorithms
  • Debug technical issues and optimize performance

3.3 Communication

  • Send important service updates and security alerts
  • Respond to your support requests and inquiries
  • Send notifications about your account and subscription status
  • Provide educational content about phishing and security (with your consent)

3.4 Legal Compliance and Safety

  • Comply with applicable laws and regulations
  • Enforce our Terms of Service
  • Protect against fraud, abuse, and security threats
  • Respond to legal requests and prevent harm

4. How We Share Your Information

We do NOT sell, rent, or trade your personal information. We may share your information only in the following circumstances:

4.1 Third-Party Service Providers

We share information with trusted service providers who assist us in operating the App:

  • Firebase (Google): Authentication, cloud storage, and analytics
  • RevenueCat: Subscription management and payment processing
  • Backend API Services: Threat analysis and URL/text scanning (hosted on Vercel)
  • Cloud Infrastructure: Secure data storage and processing

These providers are contractually obligated to protect your data and use it only for specified purposes.

4.2 Legal Requirements

We may disclose your information if required by law or in response to:

  • Valid legal process (subpoenas, court orders, warrants)
  • Government or regulatory requests
  • Protection of our rights, property, or safety
  • Investigation of fraud or security issues
  • Enforcement of our Terms of Service

4.3 Business Transfers

If Alquimia Studio is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

4.4 With Your Consent

We may share your information for purposes not described in this policy with your explicit consent.

5. Data Storage and Security

5.1 Data Storage

  • Local Storage: Scan history is stored locally on your device using encrypted SQLite databases
  • Cloud Storage: Account information and authentication data are stored securely using Firebase services with servers located in the United States
  • Retention Period: Scan history is automatically limited to your last 50 scans. Account data is retained until you delete your account.

5.2 Security Measures

We implement industry-standard security measures to protect your information:

  • Encryption in transit using TLS/SSL protocols
  • Encryption at rest for sensitive data
  • SHA-256 hashing for sensitive operations
  • Secure authentication using Firebase Auth
  • Regular security audits and vulnerability assessments
  • Access controls and authentication requirements

Important: While we strive to protect your information, no method of transmission or storage is 100% secure. You acknowledge and accept the inherent security risks of using internet-based services.

6. Your Privacy Rights

6.1 Rights for U.S. Users (Including California Residents - CCPA/CPRA)

If you are a California resident, you have the following rights:

  • Right to Know: Request disclosure of personal information we collect, use, and share
  • Right to Delete: Request deletion of your personal information (subject to exceptions)
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out: Opt-out of the sale or sharing of personal information (Note: We do NOT sell personal information)
  • Right to Non-Discrimination: Exercise privacy rights without discriminatory treatment
  • Right to Limit: Limit the use of sensitive personal information

6.2 Rights for Canadian Users (PIPEDA)

If you are a Canadian resident, you have the following rights:

  • Right of Access: Request access to your personal information
  • Right to Correction: Request correction of inaccurate information
  • Right to Withdraw Consent: Withdraw consent for data processing (may limit service functionality)
  • Right to Complain: File a complaint with the Office of the Privacy Commissioner of Canada

6.3 How to Exercise Your Rights

To exercise any of these rights:

  • Delete Account: Use the "Delete Account" feature in App Settings
  • Email Request: Contact us at andres@andressaumet.com with your request
  • Verification: We may request verification of your identity before processing requests
  • Response Time: We will respond within 45 days (U.S.) or 30 days (Canada)

7. Third-Party Services and Links

7.1 Third-Party Authentication

When you use third-party sign-in services (Google, Apple, GitHub), those providers collect and process your information according to their own privacy policies:

  • Google: https://policies.google.com/privacy
  • Apple: https://www.apple.com/privacy/
  • GitHub: https://docs.github.com/en/site-policy/privacy-policies

7.2 Third-Party Links

The App may contain links to external websites or services. We are not responsible for the privacy practices of third-party sites. We encourage you to review their privacy policies.

7.3 Analytics Services

  • Firebase Analytics: Collects aggregate usage data. See Google's privacy policy for details.
  • RevenueCat: Processes subscription data. See RevenueCat's privacy policy at https://www.revenuecat.com/privacy

8. Data Retention

  • Scan History: Automatically deleted after 50 scans (local storage only)
  • Account Data: Retained until you request account deletion
  • Subscription Data: Retained as required for tax and legal compliance (typically 7 years)
  • Support Communications: Retained for 3 years for quality assurance
  • Log Data: Retained for 90 days for security and debugging purposes

9. International Data Transfers

Your information may be transferred to and processed in the United States, where our servers and service providers are located. The U.S. may have different data protection laws than your jurisdiction. By using the App, you consent to the transfer of your information to the U.S. and other countries where we operate.

10. Do Not Track Signals

PhishPop does not respond to "Do Not Track" (DNT) signals because there is no industry standard for how to interpret them. However, you can control analytics and tracking through your device settings.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:

  • Updating the "Last Updated" date at the top of this policy
  • Posting a prominent notice in the App
  • Sending an email notification (if you have an account)

Your continued use of the App after changes take effect constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

  • Email: andres@andressaumet.com
  • Developer: Alquimia Studio
  • App Name: PhishPop
  • Response Time: We will respond to inquiries within 10 business days

For California Residents:

You may contact us to exercise your CCPA rights or submit a complaint. We do not discriminate against users who exercise their privacy rights.

For Canadian Residents:

If you are not satisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada:

  • Website: https://www.priv.gc.ca
  • Toll-Free: 1-800-282-1376

13. Summary of Key Points

  • ✓ We collect only necessary information to provide our services
  • ✓ We do NOT sell your personal information
  • ✓ We do NOT knowingly collect data from children under 13
  • ✓ You can delete your account and data at any time
  • ✓ We use industry-standard security measures
  • ✓ You have rights to access, correct, and delete your information
  • ✓ We comply with CCPA, PIPEDA, and other applicable privacy laws

© 2025 Alquimia Studio. All rights reserved.

Volver al ProyectoVer Todos los Proyectos

Paginas

Herramientas

Políticas

Sigueme en Redes

Todos los derechos reservados Andres Saumet 2025 ©