Privacy Policy

1 Introduction

This Privacy Policy describes how Dao Van Thuong ("we," "us," "our") collects, uses, stores, shares, and protects your personal data when you use Pocket English (the "App").

When we refer to "personal data," we mean any information relating to you as an identified or identifiable natural person — including device identifiers, IP addresses, and usage patterns.

This Privacy Policy applies to all users of the App, including free and premium subscribers.

2 Who We Are

"We," "our," and "us" refer to Dao Van Thuong, located at Trieu Dong, Thuong Phuc, Thuong Tin, Ha Noi, Viet Nam.

We act as the Data Controller for the personal data we process through the App. We are committed to protecting user privacy in compliance with:

• The EU General Data Protection Regulation (GDPR)
• The California Consumer Privacy Act and California Privacy Rights Act (CCPA/CPRA)
• The Virginia Consumer Data Protection Act (VCDPA)
• The Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), and other applicable US state privacy laws
• The Children's Online Privacy Protection Act (COPPA)
• Apple's App Store Review Guidelines and App Tracking Transparency (ATT) framework
• Google Play Developer Program Policies, including the Data Safety Section requirements

We are guided by the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality.

3 Data We Collect

3.1 Data You Provide Directly

• Account registration data: email address, username, password (stored in hashed form)
• Profile information: display name, language preference, learning level
• Communications: messages, feedback, or support requests you send us
• Subscription and purchase data: records of in-app purchases and subscription status (payment processing is handled by Apple's App Store or Google Play — we do not store your credit card or bank details)

3.2 Data Collected Automatically

• Device information: type, model, operating system, screen resolution, language and region settings
• Device identifiers: IDFA on iOS (subject to ATT consent), Advertising ID on Android
• Network information: IP address, connection type (Wi-Fi/cellular), carrier name
• App usage data: articles viewed, features used, reading/listening time, session duration, navigation patterns
• Log data: crash logs, error reports, performance and diagnostic information
• Location data: coarse location derived from IP address (we do not collect precise GPS location)

3.3 Data Collected by Third-Party SDKs

Our App integrates third-party SDKs for advertising, analytics, and functionality. These SDKs may independently collect data including IP address, device identifiers, user interactions, and diagnostic data.

4 Legal Bases for Processing

• Consent — For personalized advertising, cross-app tracking (ATT), and marketing communications.
• Performance of a Contract — To provide the App's services including content delivery, account management, and subscription fulfillment.
• Legitimate Interest — To improve the App, analyze usage trends, ensure security, prevent fraud, and provide non-personalized contextual advertising.
• Legal Obligation — To comply with applicable laws, regulations, court orders, or legal processes.

5 How We Use Your Data

• Service Delivery — To provide, maintain, and improve the App's features including English learning content, personalized recommendations, and progress tracking.
• Subscription Management — To manage your premium subscription, verify purchase status, and provide access to premium features.
• Advertising — To display advertisements. Depending on your consent, ads may be personalized or non-personalized (contextual).
• Analytics and Improvement — To understand user behavior, detect technical issues, and improve user experience.
• Communications — To send service-related notifications and, with your consent, marketing communications.
• Security and Fraud Prevention — To detect, prevent, and investigate fraud or security breaches.
• Legal Compliance — To comply with applicable laws and respond to lawful government requests.

6 In-App Purchases & Subscriptions

• Payment Processing — All payments are processed through Apple's App Store or Google Play. We do not collect, process, or store your payment card information or bank details.
• Subscription Data We Receive — Purchase confirmation, subscription type and status, transaction ID, and purchase date from the platform provider.
• Auto-Renewal — Subscriptions automatically renew unless cancelled at least 24 hours before the end of the current billing period. Manage subscriptions through your device's App Store or Google Play settings.
• Free Trial — Any unused portion of a free trial is forfeited when you purchase a subscription.
• Refunds — Handled by Apple or Google in accordance with their respective refund policies.

7 Sharing Your Data

We may share your data with:

• Advertising Partners — Ad networks that serve ads in the App (e.g., Google AdMob). Data shared may include device identifiers, IP address, and usage data.
• Analytics Providers — Services such as Firebase Analytics for App performance and usage insights.
• Cloud Hosting and Infrastructure — Hosting providers that store App data on our behalf.
• Attribution and Measurement Partners — Services that measure the effectiveness of advertising campaigns.
• Legal and Regulatory Authorities — When required by law, court order, or government request.
• Business Transfers — In connection with a merger or acquisition; we will notify you in advance.

All third parties are contractually required to provide equivalent data protection.

8 Advertising

8.1 Types of Ads

• Personalized Ads — Tailored to your interests based on usage patterns and data from advertising partners. Only shown with your consent.
• Non-Personalized (Contextual) Ads — Based on the content you are viewing, not your personal profile. Shown if you decline personalized advertising.

8.2 How to Opt Out

• On iOS — When prompted by the ATT dialog, select "Ask App Not to Track." Or go to Settings → Privacy & Security → Tracking.
• On Android — Go to Settings → Google → Ads → "Delete advertising ID" or toggle "Opt out of Ads Personalization."
• Premium Subscription — Premium subscribers may enjoy an ad-free experience depending on the subscription tier.

9 App Tracking Transparency (iOS)

On iOS, we comply with Apple's ATT framework. Before tracking your activity across other companies' apps and websites, we display a system permission prompt requesting your consent.

• If you allow tracking, we and our advertising partners may use your IDFA to provide personalized ads and measure ad effectiveness.
• If you choose "Ask App Not to Track," your IDFA will not be available, and we will only serve non-personalized, contextual ads. Your ability to use the App is not affected.

We do not use fingerprinting or any other means to track users who have opted out of tracking.

10 International Data Transfers

We operate internationally and may transfer your personal data to countries outside your country of residence, including the United States.

When transferring personal data from the EEA, UK, or Switzerland, we rely on:

• The EU-U.S. Data Privacy Framework and applicable extensions
• Standard Contractual Clauses (SCCs) approved by the European Commission
• Other legally recognized transfer mechanisms as appropriate

11 Data Retention

• Account Data — Retained while your account is active, and up to 90 days after account deletion for account recovery or dispute resolution.
• Usage and Analytics Data — Retained in identifiable form for up to 24 months, then aggregated or anonymized.
• Subscription and Purchase Records — Retained as required by applicable tax and accounting laws (typically 5–7 years).
• Advertising Data — Retained by our advertising partners in accordance with their respective retention policies.
• Security and Fraud Prevention Data — Retained for up to 24 months or as required for legal proceedings.

After the applicable retention period, personal data is securely deleted or anonymized.

12 Your Privacy Rights

12.1 Rights Under GDPR (EEA/UK Users)

12.2 Rights Under CCPA/CPRA (California Residents)

• Right to Know — Request the categories and specific pieces of personal information we have collected in the preceding 12 months.
• Right to Delete — Request deletion of your personal information.
• Right to Correct — Request correction of inaccurate personal information.
• Right to Opt Out of Sale/Sharing — Direct us to stop selling or sharing your personal information for cross-context behavioral advertising.
• Right to Non-Discrimination — We will not discriminate against you for exercising any CCPA/CPRA rights.

12.3 Rights Under Other US State Laws

If you are a resident of Virginia, Colorado, Connecticut, Texas, Oregon, Montana, or other states with comprehensive privacy laws, you have similar rights including access, correction, deletion, data portability, and the right to opt out of targeted advertising. Contact us to exercise these rights.

13 Account Deletion

You may delete your account at any time:

• In the App — Go to Settings → Account → Delete Account and follow the on-screen prompts.
• By email — Send a request to thuongdaovan@gmail.com with the subject "Account Deletion Request."

Upon deletion: your account and personal data are permanently deleted within 30 days. Certain data may be retained as required by law (e.g., transaction records for tax purposes). Anonymized or aggregated data that cannot identify you may be retained.

14 Children's Privacy

Our App is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13.

If you are a parent or guardian and believe your child has provided personal data without your consent, please contact us immediately at thuongdaovan@gmail.com. We will take steps to delete such information as promptly as possible.

Our App does not serve personalized advertisements to users identified as minors.

15 Data Security

We implement appropriate technical and organizational security measures including:

• Encryption of personal data in transit using TLS/HTTPS
• Encryption of sensitive data at rest
• Hashing of passwords using industry-standard algorithms
• Access controls limiting data access to authorized personnel only
• Regular security assessments and vulnerability testing
• Incident response procedures for data breaches

16 Push Notifications

We may send push notifications about new content, daily learning reminders, subscription updates, or promotional offers.

You can manage or disable push notifications at any time through your device's notification settings:

• iOS — Settings → Notifications → Pocket English
• Android — Settings → Notifications → Pocket English

17 Data Safety & Privacy Nutrition Labels

In compliance with Google Play's Data Safety Section and Apple's App Privacy Details (Privacy Nutrition Labels), we disclose our data collection and sharing practices directly on our store listings.

If you notice any discrepancy between this Privacy Policy and the information on our store listing, please contact us so we can resolve it promptly.

18 Automated Decision-Making & Profiling

The App may use automated processing of your data, including profiling, to recommend content based on your reading level and interests, and to serve relevant advertisements.

You have the right to object to automated processing where it produces significant effects concerning you. To exercise this right, contact us using the details in Section 20.

19 Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes:

• We will post the updated policy within the App and on our website
• We will update the "Last Updated" date at the top of this policy
• For significant changes, we will provide at least 30 days' advance notice via in-app notification or email
• Where required by law, we will obtain your renewed consent

Your continued use of the App after the effective date constitutes acceptance of the changes. If you do not agree, stop using the App and delete your account.