Privacy Policy

Last updated:

1. Introduction

Pattern Consulting Ltd, registered in the Republic of Bulgaria under reg. no 205825026, operating as 02apps ("we", "our", or "us") respects your privacy and is committed to protecting your personal data. This privacy policy applies to:

• Our website at 02apps.com
• Our iOS mobile applications: Babykit, InvoiceKit, CashKit, Strength Log, and Sunglow

This policy will inform you about how we look after your personal data when you visit our website or use our apps, and tell you about your privacy rights and how the law protects you.

2. Data We Collect

2.1 Website Data

When you visit our website (02apps.com), we may collect:

• Technical Data: IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform
• Usage Data: Information about how you use our website, including pages visited, time spent, and links clicked
• Contact Data: Email address if you contact us through our website

2.2 iOS App Data

Our iOS apps (Babykit, InvoiceKit, CashKit, Strength Log, and Sunglow) are designed with privacy-first principles. The data we collect varies depending on which features you use:

A. Local Data Storage (Core App Features):

• Offline-First Design: Core app functionality (baby tracking records, invoices, budgets, workout logs, tanning sessions) is stored locally on your device using Apple's secure storage mechanisms
• No Account Required: You can use the core features of our apps without creating an account or providing personal information

B. Cloud Sync & Social Features (Optional):

Some of our apps offer optional cloud-based features that require data to be stored on our servers. If you choose to use these features, we collect and store:

• Account Information: Email address, username, and authentication credentials (managed through Firebase Authentication)
• Synced App Data: When you enable family sharing or multi-device sync, your app data (baby records, invoices, budgets, workouts, etc.) is stored in Firebase Cloud Firestore to enable syncing across devices and sharing with family members
• Social Feed Content: If you use community or social feed features, your posts, comments, likes, and profile information are stored using Stream (GetStream.io) activity feeds
• Shared Data: When you share data with family members or other users, that data is stored on our servers and accessible to the people you've explicitly granted access to

C. Analytics Data:

• We collect anonymized usage analytics through Mixpanel (see Section 5.2) to improve app functionality, including:
  • Device type and iOS version
  • App version and session duration
  • Feature usage patterns (which features are used, how often)
  • Crash reports and error logs

Important: You have full control over whether to use cloud-based features. If you choose not to create an account or enable syncing, your data remains entirely on your device. If you delete the app or lose your device, locally-stored data cannot be recovered unless you have backed it up using iCloud or iTunes backup. Cloud-synced data can be recovered by logging into your account on a new device.

3. How We Use Your Data

We will only use your personal data when the law allows us to. Most commonly, we will use your data in the following ways:

3.1 Website Data Usage

• To provide and maintain our website
• To analyze website traffic and improve user experience
• To run targeted advertising campaigns (see Section 5.1)
• To respond to customer support inquiries

3.2 iOS App Data Usage

We use the data collected from our iOS apps for the following purposes:

• Core App Functionality: To provide the features you use (tracking, invoicing, budgeting, workout logging, etc.) - processed locally on your device for offline features
• Cloud Sync & Sharing: To enable family sharing, multi-device sync, and social features when you opt in to these features
• Account Management: To authenticate your account, manage your profile, and provide customer support
• Analytics & Improvement: To analyze app usage patterns and improve features (through anonymized analytics)
• Bug Fixes: To identify and fix bugs and technical issues
• Product Development: To understand which features are most valuable to users and make data-driven decisions about future app updates
• Communication: To send you important updates about the app, respond to support requests, and (with your consent) send promotional communications

We do NOT:

• Sell your data to third parties
• Use your app data for advertising purposes (we do not show ads in our apps or use your app content for ad targeting)
• Share your personal information with anyone except as described in this policy (service providers, family members you've authorized, etc.)
• Access your data without your knowledge or consent
• Train AI models on your personal data

4. GDPR Rights

Under GDPR, you have the following rights:

• The right to access – You have the right to request copies of your personal data.
• The right to rectification – You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
• The right to erasure – You have the right to request that we erase your personal data, under certain conditions.
• The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
• The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.
• The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

5. Cookies and Tracking Technologies

Cookies are files with a small amount of data that are commonly used as anonymous unique identifiers. We use cookies and similar tracking technologies on our website to track activity and hold certain information. Our iOS apps do not use cookies or web-based tracking technologies.

5.1 Facebook Tracking and Targeted Advertising (Website Only)

We use Facebook tracking technologies, including the Facebook Pixel and cookies, on our website (02apps.com) for targeted advertising purposes. This allows us to:

• Show you relevant advertisements on Facebook and Instagram based on your interactions with our website and apps
• Measure the effectiveness of our advertising campaigns
• Build custom audiences for advertising purposes
• Track conversions and user behavior across devices

Facebook cookies may collect information such as your IP address, browser type, pages visited, time spent on pages, links clicked, and conversion information. This data is shared with Facebook and processed according to their privacy policy.

You can opt out of targeted advertising by adjusting your Facebook ad preferences or using browser settings to block cookies. For more information about how Facebook uses your data, please review Facebook's Privacy Policy.

5.2 Firebase (iOS Apps - Cloud Features)

Some of our apps use Google Firebase to provide cloud-based features such as account authentication, data syncing, and family sharing. Firebase is only used when you opt in to these features by creating an account.

Firebase Services We Use:

• Firebase Authentication: To securely manage user accounts and login (email/password, Apple Sign-In, Google Sign-In)
• Firebase Cloud Firestore: To store and sync your app data across devices and enable family sharing features
• Firebase Cloud Storage: To store photos, attachments, and other media you upload (if applicable)
• Firebase Cloud Messaging: To send push notifications about shared data updates, family activity, or important app announcements

What Firebase Collects:

• Account credentials (email, authentication tokens)
• App data you choose to sync (baby records, invoices, budgets, workouts, etc.)
• Device information and IP addresses
• Usage and diagnostic data

Firebase is a Google service and processes data according to Firebase's Privacy Policy and Google's Privacy Policy. Your data is stored on Google Cloud servers, which may be located in various regions worldwide.

Data Security: Firebase uses industry-standard encryption for data in transit (HTTPS/TLS) and at rest. We implement Firebase Security Rules to ensure only you and authorized family members can access your data.

5.3 Stream Activity Feeds (iOS Apps - Social Features)

Some of our apps include optional social and community features powered by Stream (GetStream.io). These features allow you to share updates, interact with other users, and participate in community feeds.

What Stream Collects:

• Your profile information (username, profile photo, bio)
• Posts, comments, and reactions you create in social feeds
• Follow/follower relationships
• Activity timestamps and engagement metrics
• Device and usage information

How Stream is Used:

• To power community feeds and social interactions
• To enable real-time updates and notifications
• To personalize your feed based on your interests and connections
• To moderate content and prevent abuse

Stream processes data according to Stream's Privacy Policy. Stream is GDPR-compliant and uses encryption to protect your data.

Privacy Controls: You can control your privacy settings within the app, including who can see your posts, whether your profile is public or private, and whether you want to participate in community features. You can delete your posts and account data at any time.

5.4 Mixpanel Analytics (iOS Apps)

We use Mixpanel, a third-party analytics service, in our iOS apps to understand how users interact with our apps. Mixpanel helps us:

• Analyze user behavior and app usage patterns (e.g., which features are used most often)
• Track feature adoption and user engagement
• Identify and fix technical issues and crashes
• Improve our products and user experience based on real usage data
• Make informed decisions about which features to develop next

What Mixpanel Collects from Our Apps:

• Device identifiers (anonymized unique ID for your device)
• Device type and iOS version
• App version and build number
• App interactions (which buttons/features you use, but NOT the content you create)
• Session duration and frequency
• Crash reports and error logs

What Mixpanel Does NOT Collect:

• Your name, email, or any personally identifiable information (unless you've created an account, in which case we may associate analytics with your user ID)
• The actual content you create in our apps (baby records, invoices, budgets, workout data, tanning sessions)
• Your location data
• Your contacts or photos

Analytics data is anonymized where possible. The data collected by Mixpanel is processed according to their privacy policy. You can learn more about Mixpanel's data practices and opt-out options at Mixpanel's Privacy Policy.

How to Opt Out: Currently, our apps do not have a built-in opt-out mechanism for analytics. If you wish to prevent analytics collection, you can enable "Limit Ad Tracking" in your iOS device settings, though this may not block all analytics. We are considering adding an in-app opt-out option in future updates.

6. Apple App Store and iCloud

Our iOS apps are distributed through the Apple App Store. When you download our apps, Apple may collect certain information as part of the App Store experience, including:

• Your Apple ID and account information
• Purchase history and download records
• Device information

This data collection is governed by Apple's Privacy Policy, not ours. We do not have access to your Apple ID or App Store purchase information.

If you choose to back up your device using iCloud, your app data may be included in your iCloud backup. This is controlled by your iOS device settings and is governed by Apple's Privacy Policy. We do not have access to your iCloud backups.

7. Data Retention

Website Data: We retain website analytics and tracking data for as long as necessary to fulfill the purposes outlined in this policy, typically up to 24 months.

iOS App Data:

• Local Data: Data stored locally on your device remains there until you delete the app or manually delete the data within the app
• Cloud-Synced Data: Data stored in Firebase (when you use cloud sync or family sharing features) is retained until you delete it through the app or request account deletion
• Social Feed Data: Posts and interactions in Stream-powered social feeds are retained until you delete them or request account deletion
• Analytics Data: Mixpanel analytics data is retained according to Mixpanel's data retention policies (typically 5 years for event data)

Account Deletion: You can request deletion of your account and all associated cloud data at any time by contacting us at [email protected]. We will delete your data within 30 days of your request, except where we are required to retain it for legal or regulatory purposes.

You can delete all locally-stored app data at any time by deleting the app from your device.

8. Service Providers and Third-Party Services

We employ third-party companies and individuals to facilitate our services ("Service Providers"). These service providers include:

Website Services:

• Facebook/Meta: For website advertising and analytics - Privacy Policy

iOS App Services:

• Apple: For app distribution and optional iCloud backups - Privacy Policy
• Google Firebase: For authentication, cloud storage, and data syncing - Firebase Privacy | Google Privacy
• Stream (GetStream.io): For social feeds and community features - Privacy Policy
• Mixpanel: For app analytics and usage tracking - Privacy Policy

These third parties have access to your data only to perform tasks on our behalf and are obligated not to disclose or use it for any other purpose. Each service provider has their own privacy policy governing how they handle data (linked above).

Data Processing Agreements: We have data processing agreements in place with our service providers to ensure they handle your data in compliance with GDPR and other applicable privacy laws.

9. Children's Privacy

Our services are not directed to children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected].

Note about Babykit: While Babykit is designed to help parents track their baby's activities, the app is intended for use by parents/guardians (adults), not by children. All data is stored locally on the parent's device.

10. Data Sharing and Family Features

Some of our apps include features that allow you to share data with family members or other users:

• Family Sharing: You can invite family members to access shared data (e.g., baby tracking records, budgets). When you share data, those family members can view and edit the shared information
• Social Features: If you use community or social feed features, your posts and profile information may be visible to other users according to your privacy settings
• Explicit Consent: You have full control over what you share and with whom. We will never share your data with other users without your explicit action (inviting family members, posting to social feeds, etc.)

Your Responsibility: When you share data with family members or post to social feeds, you are responsible for ensuring you have the right to share that information. Be mindful of what you share, especially when it involves other people (e.g., baby photos, family financial information).

11. International Data Transfers

Pattern Consulting Ltd is based in Bulgaria (European Union). If you are accessing our services from outside the EU, please be aware that your information may be transferred to, stored, and processed in:

• European Union: Our company is based in Bulgaria
• United States: Firebase (Google), Mixpanel, Stream, and Facebook have servers in the US
• Other Regions: Our service providers may use servers in various regions worldwide

We ensure that appropriate safeguards are in place for international data transfers, including:

• Relying on service providers that comply with GDPR
• Using Standard Contractual Clauses (SCCs) approved by the European Commission
• Ensuring our service providers have adequate data protection measures in place

12. Data Security

We take the security of your data seriously and implement appropriate technical and organizational measures to protect it:

• Encryption: Data transmitted between your device and our servers is encrypted using HTTPS/TLS. Data stored in Firebase is encrypted at rest
• Access Controls: We implement strict access controls and authentication mechanisms to ensure only authorized users can access data
• Firebase Security Rules: We configure Firebase Security Rules to ensure users can only access their own data and data explicitly shared with them
• Regular Updates: We regularly update our apps and server infrastructure to address security vulnerabilities
• Monitoring: We monitor our systems for suspicious activity and potential security breaches

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee its absolute security.

Your Responsibility: Please keep your account credentials secure and do not share your password with others. If you believe your account has been compromised, contact us immediately at [email protected].

13. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by:

• Posting the new Privacy Policy on this page with an updated "Last Updated" date
• For material changes, we may provide a more prominent notice (such as an in-app notification or email if we have your contact information)

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

14. Contact Us

If you have any questions about this Privacy Policy, our data practices, or wish to exercise your GDPR rights, please contact us:

• Email: [email protected]
• Company: Pattern Consulting Ltd
• Registration: Republic of Bulgaria, reg. no 205825026

We will respond to your inquiry within 30 days as required by GDPR.