Team Name: techforgeteam.comBusiness Support: support@techforgeteam.com | Contact: contact@techforgeteam.com
Techfor e Team logoTECHFOR E TEAM

Privacy Policy (2026 Global Deep-Compliance Enhanced Version)

This version is comprehensively upgraded to include the latest EU Digital Services Act transparency requirements, differentiated U.S. state privacy clauses (including California, Texas, and Virginia), AI-generated content disclosures (where applicable), and detailed anti-fraud penalty rules for in-app purchase and advertising monetization. It also integrates 2026 updates on global data sovereignty and app store policy changes for multi-region operations.

1. Data Collection Granularity and Purposes

We strictly follow the minimum-necessary principle. We collect only information needed to support IAA (in-app advertising monetization), IAP (in-app purchases), user experience optimization, and anti-fraud security controls. We do not collect personal data unrelated to service operation.

  • Device fingerprint and identifiers: includes but is not limited to IDFA (iOS), GAID (Android), OAID (China Android market where applicable), device brand, model, display resolution, OS version, language settings, battery status, and system clock offset (used for time-zone cheating detection and cross-region pricing fraud prevention). Device unique identifiers are encrypted and not linked to real-world identity.
  • Network environment data: IP address is used only for geo-compliance filtering and local regulation adaptation, not precise geolocation profiling. We may process mobile carrier name, Wi-Fi status, and network type (4G/5G/Wi-Fi) to maintain service stability and regional compliance controls.
  • Behavioral trajectory (IAA and UX):
    • Advertising behavior: ad impression ID, click timestamp, conversion path, rewarded video watch duration, early-exit status, and ad dwell time. Used for delivery optimization and fraud prevention; shared only as required with monetization partners after data minimization and de-identification.
    • App logic telemetry: core loop trigger count, paywall click-through rate, onboarding drop-off points, feature usage frequency. Used to improve interaction quality and feature layout. We do not collect user private content through these events.
  • Financial transaction data (IAP):
    • We only receive official transaction receipts via App Store / Google Play APIs and do not store raw card numbers, CVV, card expiration data, payment passwords, or other sensitive payment credentials.
    • Recorded fields include: order ID, purchased item name and quantity, currency, amount, country code, transaction timestamp, sandbox/production flag, and order state (success/failure/refund). Used for order validation, refund handling, financial reconciliation, and payment fraud prevention.

Supplement: all collected data is encrypted in transit and at rest where applicable, stored in compliant infrastructure, and accessed only by authorized personnel under auditable access logging.

2. Deep Third-Party Sharing Architecture (Data Mapping)

To support lawful monetization, service optimization, and anti-fraud controls, we share only necessary and minimized data with compliant ecosystem partners under encrypted transport and controllable governance.

  • Mediation layer: AppLovin (MAX), Google AdMob, Unity LevelPlay, ironSource, TopOn, Mintegral Mediation, and other compliant mediation partners depending on regional business needs. Purpose: real-time bidding (RTB), fill-rate optimization, and monetization efficiency. Shared data: de-identified device-level signals and ad event data.
  • Attribution and anti-fraud (MMP): AppsFlyer, Adjust, Singular, and where required other compliant measurement providers. Purpose: install attribution, fake-install detection, ad theft prevention, and campaign integrity checks.
  • Payment processors: Apple Inc. and Google LLC. Purpose: process in-app purchase transactions and verify receipt validity. Shared data: order-level metadata only, excluding sensitive payment credentials.
  • Potential ad demand partners under mediation: Google demand, Meta Audience Network, Unity Ads, AppLovin demand, Chartboost, Vungle/Liftoff, InMobi, Mintegral, Pangle, Smaato, and other policy-compliant demand sources depending on regional rollout and app category.

Supplement: we sign confidentiality and data processing agreements with all partners; we define processing scope, retention boundaries, and security duties; we conduct periodic compliance checks. If partner misconduct is identified, we terminate cooperation and pursue accountability. Users can review data-sharing categories in app settings and may withdraw relevant authorization (withdrawal can impact personalized ads and some services).

3. Global Region-Specific Legal Statements

We adapt our processing model to global and regional privacy/legal requirements and continuously update legal clauses according to 2026 policy developments.

EU (GDPR) and UK (UK-GDPR)

  • Legal basis: contract performance, explicit consent, and legitimate interests (including anti-fraud and service optimization) according to GDPR/UK-GDPR Article 6.
  • Representative contact placeholder: [EU/UK legal representative contact and registered address to be published]. We respond to access, correction, deletion, and consent-withdrawal requests within no more than 7 business days where operationally feasible.
  • DSA transparency: we publish ad delivery rules, recommendation logic summaries, content governance standards, and periodic transparency reporting. For UGC-enabled products, we disclose moderation workflows, complaint handling channels, and enforcement criteria.
  • User rights: access, correction, deletion, consent withdrawal, data portability, and complaint rights with competent authorities such as EDPB-associated regulators and the UK ICO.

United States (CCPA/CPRA/VCDPA and state-specific clauses)

  • No sale of personal information: we do not sell personal information to advertisers, brokers, or unrelated third parties.
  • Data sharing notices: under definitions in CPRA/VCDPA and similar statutes, certain ad-targeting related identifier sharing may be considered "sharing". We provide clear notices and opt-out controls.
  • Do Not Track: we honor system-level Do Not Track signals and limit behavioral tracking where such settings are active, retaining only essential service-operational data.
  • California (CPRA): users can request 12-month disclosures of collection/use/sharing, request deletion, and opt out of targeted advertising sharing; response target up to 45 business days.
  • Texas (as applicable by state privacy requirements): strengthened access rights, no unreasonable barriers to data request handling, and no sensitive data sharing without proper legal basis and authorization.
  • Virginia (VCDPA): users can request correction, deletion, and stop-sharing actions with response targets aligned to statutory timelines, including approximately 30 business days where applicable.
  • Other states: we continuously adapt to Colorado, Washington, and other U.S. state privacy updates.

Brazil (LGPD)

  • Explicit authorization before collection where required.
  • Clear disclosure of purpose, scope, and processing methods.
  • Rights to access, correction, deletion, and consent withdrawal.
  • Dedicated compliance contact handling Brazil data requests.
  • Cross-border transfer only under legal mechanisms and regulator expectations where applicable.

Other Focus Regions

  • China: adaptation to PIPL, Data Security Law, and cross-border transfer regulations, with explicit consent standards and localization requirements where applicable.
  • India: adaptation to DPDP Act obligations including consent, deletion rights, and transfer controls under ministry guidance.
  • Saudi Arabia: adaptation to Personal Data Protection Law and localization/cross-border rules where required.
  • Canada and Japan: adaptation to PIPEDA and APPI, including rights governance and regulator audit support.

4. Subscription Transparency (Automatic Renewal)

If an app includes auto-renewable subscriptions, we comply with Apple/Google store policies and regional legal requirements.

  • Data processed for subscription management includes billing cycle, trial remainder, status (active/expired/paused), and renewal schedule.
  • Pre-subscription transparency: price, billing period (weekly/monthly/yearly), trial length, renewal rules, and cancellation path are shown clearly without hidden terms.
  • Renewal reminders: where applicable and technically available, notices are provided about upcoming charges within a practical timeframe (typically around 24 hours before renewal according to store behavior and app notification capabilities).
  • User controls: cancellation is available through in-app entry points and official App Store / Google Play subscription management screens.
  • Trial policy: if trial is offered, conversion to paid renewal after trial expiration is disclosed before activation; users may cancel during trial to avoid charge under store rules.

5. AI-Generated Content Disclosure (If Applicable)

  • Clear labeling: AI-generated outputs (text/audio/image/interaction scenes) are explicitly marked as AI-generated to avoid misleading users.
  • Compliance controls: prohibited output categories include violence promotion, sexual exploitation, explicit obscenity, disinformation, political extremism, and discriminatory content; dual-layer controls may include model constraints plus human moderation.
  • Liability boundary: AI output serves as assistive content and does not constitute guarantees or professional advice. We promptly remove confirmed infringing content and handle rights complaints according to law.
  • Data safety: model training and tuning workflows avoid unauthorized use of private user data and follow lawful collection or licensed-source policies.

6. Data Retention, Archiving, and Deletion Standards

We apply retention-by-necessity and legal-purpose limitation standards. Data is not stored indefinitely.

  • Advertising and anti-fraud event logs: generally retained for 180 to 730 days depending on fraud-risk windows, attribution verification cycles, and jurisdictional obligations.
  • IAP order verification records: retained for tax, reconciliation, and dispute resolution periods required by platform rules and applicable finance laws.
  • Security and access audit logs: retained for incident tracing, legal defense, and regulator cooperation needs with strict role-based controls.
  • UGC moderation records (if applicable): retained for appeals, abuse pattern analysis, and legal obligations under DSA-like frameworks.
  • Upon retention expiry, data is deleted, irreversibly anonymized, or isolated under legal hold rules where mandatory retention applies.

7. User Rights and Data Request Workflow

Users may exercise privacy rights subject to applicable law and identity verification safeguards.

  • Request channels: contact@techforgeteam.com and designated in-app privacy request entry points where available.
  • Supported rights (region-dependent): access, correction, deletion, portability, consent withdrawal, processing restriction, and targeted-ad sharing opt-out.
  • Identity verification: we may require account/device/order evidence to prevent unauthorized disclosure or malicious deletion requests.
  • Service-level targets: standard acknowledgment within 3 business days; substantive response within 7 to 45 business days depending on regional law and request complexity.
  • Appeal path: if a request is denied in whole or in part, users may request secondary review and submit regulator complaints in their jurisdiction.

8. Children, Teenagers, and Age-Gated Protection

  • Our services are not intentionally designed to profile children for behavioral advertising.
  • Where local law requires guardian consent for minors below digital-consent age, consent workflows and purchase restrictions are applied.
  • If we discover unauthorized minor data collection, we initiate prompt review, restrict further processing, and delete or de-identify data where legally permissible.
  • Guardians may contact us to request access, correction, deletion, and transaction review related to minor-associated accounts.

9. Security Controls, Breach Response, and Independent Reviews

  • Technical safeguards: encrypted transport (HTTPS/TLS), encrypted local/remote storage where applicable, key isolation practices, and strict least-privilege access.
  • Operational safeguards: access approval workflows, environment segregation, periodic privilege review, staff confidentiality duties, and monitored audit trails.
  • Breach handling: when a verified incident creates material risk, we execute containment, forensic review, impact assessment, regulator notification, and user communication in line with legal timelines.
  • Fraud risk controls: anomaly detection for app open, rewarded video, interstitial, and banner ad traffic patterns, plus IAP receipt validation and replay-attack detection.
  • Testing and assurance: periodic security assessments, dependency vulnerability review, SDK compliance checks, and remediation tracking.

10. International Data Transfer and Localization Mechanisms

  • Cross-border transfers are performed only when a legal mechanism exists, such as adequacy decisions, standard contractual clauses, or regulator-approved pathways.
  • For jurisdictions with mandatory localization expectations, we support local/region-specific storage operations and transfer restrictions.
  • Third-party processors must contractually commit to confidentiality, purpose limitation, technical safeguards, and onward-transfer restrictions.
  • Transfer impact assessments are conducted where required, and controls are updated as regulations evolve.

11. Cookie/SDK Controls, Policy Updates, Contact, Complaints, and Reporting

We may use SDK-based identifiers and similar technologies in mobile environments for service integrity, analytics, advertising delivery, and fraud prevention. Configuration is aligned with platform permissions, ATT preferences, and regional consent rules.

  • Ad and mediation technology categories may include AdMob, AppLovin MAX, Unity LevelPlay, ironSource, TopOn, Mintegral, Chartboost, Pangle, InMobi, Liftoff/Vungle, Smaato, and policy-compliant alternatives by region.
  • Attribution and anti-fraud categories may include AppsFlyer, Adjust, Singular, Kochava, and equivalent lawful providers.
  • Users may disable personalized tracking where supported by system and app settings; some monetization or recommendation features may degrade.
  • Policy versioning: this privacy policy is reviewed at least every 6 months or earlier upon major legal/platform changes. Material updates are posted in-app and/or on this website.

Current version date: April 24, 2026

For any question, feedback, complaint, or legal report: