Dappy Dino – Privacy Policy

Dappy Dino ("App", "we", "us") is a wellness companion where your dino grows as you complete daily activities. This Privacy Policy explains what data we collect, how we use it, and your choices. By using Dappy Dino, you agree to this Policy.

1) What we collect

We only collect information needed to run the App, improve features, and keep accounts secure.

A. Account & Profile

• Email, display name, avatar (if you sign in)
• Authentication IDs and tokens

Source: You; sign-in provider (e.g., Google/Apple)
Used for: Account creation, sync across devices, support

B. App Activity & Progress

• Dino stats, coins, levels, streaks, in-app purchases
• Tutorial completion, button taps, screen flows (analytics)

Source: App events
Used for: Gameplay, saving progress, analytics, fraud prevention

C. Device & App Diagnostics

• Device model, OS version, app version, language
• Crash logs and performance (ANR/crash traces)

Source: Your device; [Firebase Crashlytics/Analytics]
Used for: Stability, debugging

D. Fitness/Activity Data (if you enable it)

• Step count / activity minutes from device sensors or platform APIs

Source: [Google Fit / Apple Health / on-device pedometer / StepCounter plugin]
Used for: Converting real-world activity into in-app progress

Note: We do not read heart rate, GPS routes, or sensitive medical data unless you explicitly grant access. You can turn this access off at any time in system settings or inside the App.

E. Photos & AI-Derived Labels (optional, Feed scene)

• Photos/images you choose to analyze in the Feed scene
• AI-generated tags/labels describing the image content (e.g., food recognition)
• Basic file metadata (e.g., file type, size, dimensions)

Source: You (photo upload or capture); Imagga (labels/tags returned to us)
Used for: Powering the food-recognition feature in the Feed scene and related gameplay (e.g., restoring stats based on identified food)

You can use the App without this feature. When disabled, photos are not sent for analysis.

F. Optional Content You Provide

• Feedback, support tickets, screenshots

We do not knowingly collect precise location, contacts, or microphone/camera data unless a feature explicitly needs it and you opt in.

2) How we use your data

• Run core features (care, feed, walk, play, streaks, level-ups)
• Save and sync your progress across devices
• Provide push notifications you opt into (streak reminders, rewards)
• Improve performance, prevent abuse, and fix bugs
• Operate the optional food-recognition in the Feed scene (see "AI Image Recognition (Imagga)" below)
• Comply with law and enforce our Terms

We do not sell your personal data.

3) Legal bases (EEA/UK only)

When applicable, we process data under: Contract (to provide the App), Legitimate Interests (fraud prevention, analytics, app security), and Consent (fitness data access, notifications, and the optional image analysis). You can withdraw consent anytime in settings or by contacting us.

4) Sharing & third parties

We share data only with service providers who help us operate the App, under contracts that protect your information.

• Hosting & Database: Google Firebase (Auth, Firestore, Cloud Functions, Crashlytics, Analytics)
• Image Recognition (optional Feed scene): Imagga – processes your selected images on our behalf to return tags/labels
• Payments: [Google Play Billing / Apple IAP]
• Notifications: [Firebase Cloud Messaging]
• Analytics (optional): [Firebase Analytics] (no ad personalization)

We may disclose data for legal reasons (court order, to protect rights and safety) or during a merger/acquisition (with notice where required). We do not allow third-party ad networks to track you across apps for advertising unless you explicitly opt in (and only where legally permitted).

4a) AI Image Recognition (Imagga)

If you choose to analyze a photo in the Feed scene, we send the image to our service provider Imagga to generate tags/labels (e.g., food recognition) that enable gameplay features. We transmit only what's needed for analysis (the image and basic file metadata). Imagga processes the image on our behalf and returns tags/labels; we store the tags with your game data and may store the original image only as needed to provide the feature.

• Purpose: provide food-recognition gameplay, prevent abuse, and improve accuracy
• Legal basis (EEA/UK): Consent (you can disable image analysis in Settings) [or: Legitimate Interests]
• Sharing: with Imagga as a processor/service provider under a data-processing agreement; no sale of personal data
• Retention: images are retained [transiently/for up to X days] for processing and troubleshooting; derived tags may be stored with your gameplay record [until account deletion/for Y months]
• Location & transfers: processing may occur on Imagga's servers [insert region if known] and may involve cross-border transfers with appropriate safeguards (e.g., SCCs)
• Your choices: you can turn this feature off at any time; when off, images are not sent for analysis. We do not use facial recognition or infer sensitive attributes. If such features are added in the future, we will request explicit consent.

5) Data retention

• Account + progress: kept while your account is active
• Crashes/diagnostics: typically up to 24 months
• Support emails: up to 24 months
• Photos used for Imagga analysis: retained as described above (see Retention in section 4a)

You can request deletion at any time (see Your Rights). We may retain limited records to comply with law or resolve disputes.

6) Security

We use industry-standard measures (encryption in transit, access controls, least-privilege policies). No system is 100% secure; please keep your account credentials safe and contact us if you suspect unauthorised access.

7) Children's privacy

Dappy Dino is not directed to children under 13 (or the age required in your country). We do not knowingly collect personal data from children below that age. If you believe a child has provided data, contact us and we will delete it.

8) Your choices & rights

In-App / Device Controls

• Toggle access to step/activity data in system settings
• Turn notifications on/off
• Enable/disable Image Analysis (Imagga) in Settings
• Use light/dark mode and privacy toggles in Settings (if available)

Data Subject Rights (where applicable: EEA/UK/California etc.)

• Access, correct, delete your data
• Port your data (export)
• Object to or restrict certain processing
• Opt out of marketing

Submit requests to privacy@dappydino.com. We will verify and respond within required timelines.

Delete account/data: Email privacy@dappydino.com or use the in-app "Delete Account" (if available). Deletion may take up to 30 days and may be irreversible.

9) International transfers

We may process data in the United States and other countries where our providers operate. When transferring from the EEA/UK, we rely on approved safeguards (e.g., Standard Contractual Clauses).

10) Third-party links & content

The App or our site may link to third-party content (e.g., support pages, creator communities). Their privacy practices are not ours—please review their policies.

11) Changes to this Policy

We may update this Policy as our features or laws change. If changes are material, we'll notify you in-app or by email. The "Last updated" date shows the latest version.

12) Contact us

Appendix: Google Play "Data safety" helper (updated)

• Collected: Personal info (email, user IDs), App activity (in-app actions, achievements), Device/Diagnostics (crashes, performance), Health & fitness (steps/activity if enabled), Photos/Images (user-provided; optional) and AI-derived labels/tags
• Shared: Yes — with service providers for processing only (e.g., Imagga for image recognition; Firebase for hosting/analytics/crash reports)
• Data is encrypted in transit: Yes
• You can request deletion: Yes
• Collection required or optional: Account (required if sign-in), Steps (optional), Photos/AI labels (optional, Feed scene only)
• Purposes: App functionality (gameplay, food recognition), analytics, developer communications, fraud prevention/security, compliance