Privacy Policy

1. Overview & Introduction

BearCasual (referred to as "we," "us," "our," or "BearCasual") respects and protects user information. This Privacy Policy explains how we collect, use, store, and share your information. This policy applies to all users globally and complies with different national/regional laws, including but not limited to:

• European Union (EU): General Data Protection Regulation (GDPR)
• California, USA: California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA)
• Federal Trade Commission (FTC): Children's Online Privacy Protection Act (COPPA)
• European Union: Digital Markets Act (DMA)
• Brazil: Lei Geral de Proteção de Dados (LGPD)
• Canada: Personal Information Protection and Electronic Documents Act (PIPEDA)
• Apple & Google: Platform-specific privacy requirements and latest policies

2. Information We Collect

Depending on your device permissions and interaction methods, we may collect the following data:

2.1 Device Information

• Device ID (IDFA for iOS, GAID for Android)
• Operating system version and device model
• Language and locale settings
• IP address (collected for analytics and security)
• Device type and screen resolution
• Installed applications list (if permitted by system permissions)

2.2 Application Activity Data

• Click and interaction records
• Feature usage patterns
• Crash logs and error reports
• Performance metrics and app load times
• Session duration and frequency
• User flow and navigation patterns

2.3 In-App Purchase (IAP) Information

• Purchase history and order status
• Transaction timestamps
• Product IDs purchased
• Important: We do NOT directly handle credit card information. All payments are processed exclusively through Apple App Store and Google Play Store.

2.4 In-App Advertisement (IAA) Interaction Data

• Advertisement impression records
• Ad click-through rates (CTR)
• Video advertisement completion rates
• Conversion data from ad networks
• Attribution data for ad campaigns
• Note: Third-party advertising SDKs (like Google AdMob, AppLovin, Unity Ads, etc.) collect this data independently

2.5 User-Provided Information

• Information voluntarily entered in contact forms
• Feedback and support inquiries
• Email and communication data (if contacting us)

2.6 Local Data Storage

• User-generated application data (notes, habits, financial records, etc.)
• 100% stored locally on user's device in encrypted format
• Never transmitted to BearCasual servers except with explicit user consent

3. Legal Basis for Data Processing

We process your data under the following legal bases:

• Contract Fulfillment: To provide application features and in-app purchase services you've requested
• Legitimate Interest: To improve app performance, prevent fraud, monitor security, and display non-personalized content
• Explicit Consent: Before collecting precise location data, showing personalized advertisements, or sending marketing communications
• Legal Compliance: To meet regulatory requirements and legal obligations in your jurisdiction
• Vital Interests: To protect user safety and prevent harm

4. Monetization & Third-Party SDK Integration

To sustain our operations and provide quality applications, we use monetization strategies that may involve third-party integrations. Here's comprehensive information about each type:

4.1 Advertising Platforms (IAA - In-App Advertisements)

We integrate the following ad networks which may collect device identifiers and browsing data:

• Google AdMob: Banner ads, interstitial ads, rewarded videos. Collects GAID, IP address, ad interaction data
• AppLovin: Full-screen ads, rewarded videos. Uses device identifiers for ad targeting
• Unity Ads: Video advertisements and incentivized content. Collects playtime and engagement metrics
• Facebook Audience Network: Banner, interstitial, and native ads. May use device identifiers and audience data
• ironSource: Display ads and rewarded content. Tracks ad impressions and conversions
• MoPub (Twitter): Multiple ad formats. Collects device and behavioral data
• Vungle: Rewarded video ads. Tracks video completion and engagement
• Chartboost: Interstitial and rewarded video ads. Collects impression and conversion data

Ad Types Integrated:

• Banner Ads: Persistent ad display at screen edges
• Interstitial Ads: Full-screen ads between app activities
• Rewarded Video Ads: User-initiated videos offering in-app rewards
• Native Ads: Ads integrated into app content design
• Open Screen Ads: Full-screen ads displayed on app launch

4.2 Payment Processing (IAP - In-App Purchases)

• Apple App Store: All iOS in-app purchases processed exclusively through Apple
• Google Play Store: All Android in-app purchases processed exclusively by Google
• Payment Data: We never receive or store credit card information. Billing handled entirely by platform providers

4.3 Analytics & Performance Tracking

• Google Firebase Analytics: Session tracking, event logging, user demographics, crash reporting
• AppsFlyer: Attribution tracking, ad campaign performance, user acquisition metrics
• Amplitude: User behavior analytics, event tracking, retention analysis
• Mixpanel: User engagement tracking, funnel analysis, user retention metrics

4.4 Data Sharing with Ad Networks

Third-party ad networks may collect and use the following data for personalized advertising (only if user has not opted out):

• Device identifiers (IDFA, GAID, Android Advertising ID)
• Approximate location (not precise GPS)
• App usage patterns and interest categories
• Device model and OS version
• Internet connection type
• Ad interaction and conversion data

5. Children's Privacy Protection (COPPA Compliance)

We take special precautions to protect children's privacy in compliance with COPPA (Children's Online Privacy Protection Act) and GDPR-K (GDPR's children provisions).

5.1 Age Restrictions

• Users under 13 years old (or age of digital consent in their country) cannot create accounts in our applications
• We do not knowingly collect personally identifiable information from children under 13
• If we discover that we have collected information from a child under 13, we will immediately delete it

5.2 Automated Child-Directed Treatment

• In our app code, we implement:
• For Android: `setTagForChildDirectedTreatment()` API to disable interest-based targeting
• For iOS: Disable IDFA tracking and limit ad personalization
• For Google AdMob: Mark content as "child-directed" to comply with FTC requirements

5.3 Age Signal API (2026 Implementation)

• We support Apple's new Age Signal API and Google's age detection methods
• When system indicates user is in child age bracket, we automatically:
• Disable personalized advertising entirely
• Block third-party data sharing for ad targeting
• Apply strictest privacy protections

5.4 Parental Consent

• For users 13-17, we still limit data collection compared to adults
• Reduced frequency of personalized ads
• Limited targeting parameters

6. Data Security & Encryption

• Transport Security: All data in transit uses TLS/SSL 1.2+ encryption
• Storage Encryption: Local data encrypted using industry-standard algorithms (AES-256)
• End-to-End Encryption: Where applicable, data encrypted on device before any transmission
• Secure Authentication: OAuth 2.0 and similar secure protocols for user verification
• Access Control: Role-based access control (RBAC) for employee data access
• Regular Security Audits: Annual third-party security assessments

7. Cross-Border Data Transfers

Since BearCasual serves global users, your data may be transmitted to or processed in countries other than your country of residence. We ensure all transfers comply with applicable law:

• Standard Contractual Clauses (SCCs): For GDPR-compliant transfers
• Adequacy Decisions: Where recognized equivalence exists between regions
• Local Compliance: Adherence to LGPD (Brazil), PIPL (China), and other regional frameworks

8. Your Privacy Rights

Depending on your location and applicable law, you have the following rights:

8.1 Right to Access (GDPR, CCPA, LGPD)

• Request a copy of all personal data we hold about you
• Contact us at support@BearCasual.com to submit an access request
• Response time: Within 30 days

8.2 Right to Rectification (GDPR)

• Correct inaccurate or incomplete personal data
• Submit through our account settings or contact support

8.3 Right to Erasure ("Right to be Forgotten") (GDPR, CCPA)

• Request deletion of your personal data and account
• We will delete all data except where legally required to retain
• Data deletion completed within 60 days of verified request

8.4 Right to Restrict Processing (GDPR)

• Limit how we use your data while investigation is pending
• Request through account settings

8.5 Right to Data Portability (GDPR, CCPA)

• Receive your data in machine-readable format (JSON, CSV, XML)
• Export capability available in-app for user-generated data

8.6 Right to Object to Processing (GDPR)

• Opt-out of personalized advertising
• Disable marketing communications
• Toggle settings in app or account preferences

8.7 Right to Withdraw Consent (GDPR, CCPA)

• Revoke previously granted permissions for data collection
• Done through iOS/Android system settings or in-app preferences
• Applies to future processing only

8.8 Right to Non-Discrimination (CCPA)

• We will not discriminate against you for exercising privacy rights
• No denial of service or degraded service quality for opting out

8.9 Do Not Sell My Personal Information (CCPA, CPRA)

• You have the right to request we do not sell your information
• Click "Do Not Sell My Personal Information" link in our footer
• We respect this request within 45 days

9. Data Retention Policy

• User-Generated Data: Retained indefinitely until user deletion or account termination
• Analytics Data: Retained for 12 months, then aggregated or deleted
• Ad Interaction Data: Retained by ad networks per their policies (typically 90-180 days)
• Crash Reports: Retained for 30 days for debugging purposes
• Backup Data: May retain backups for 90 days after deletion for disaster recovery

10. Cookie Policy

• No Cookies in Mobile Apps: Our iOS and Android applications do not use cookies
• Web Properties: Our website may use analytics cookies for performance monitoring
• Consent Required: We obtain your consent before setting non-essential cookies
• Cookie Control: You can disable cookies through browser settings

11. Marketing Communications

• Opt-In Requirement: We require explicit consent before sending marketing emails
• Frequency: Maximum 1-2 emails per week about new features and updates
• Unsubscribe: Every email includes an unsubscribe link
• Preferences: Manage communication preferences in your account settings

12. Third-Party Links & Services

• Our website and applications may contain links to third-party websites
• We are not responsible for third-party privacy practices
• Review their privacy policies before sharing information
• Third-party services operate independently of BearCasual

13. California-Specific Rights (CCPA/CPRA)

If you are a California resident, you have additional rights:

• Right to Know: What personal information is collected, used, shared
• Right to Delete: Request erasure of collected personal information
• Right to Opt-Out: Prevent sale of personal information to third parties
• Right to Correct: Correct inaccurate personal information
• Right to Limit: Restrict use of sensitive personal information
• Rights for Authorized Agents: Designate authorized representative to exercise rights

To Exercise California Rights: Email support@BearCasual.com with your request. We verify identity within 45 days.

14. European GDPR Rights

If you are in the European Union, you have rights under GDPR:

• Data Protection Officer: You may contact our DPO with privacy concerns
• Regulatory Complaints: Right to lodge complaints with your national data protection authority
• Data Transfer Mechanisms: We use approved Standard Contractual Clauses (SCCs) for international transfers
• Right to Appeal: If we deny your request, we explain reasoning and your appeal options

15. App Store & Platform Compliance

Our applications comply with both Apple and Google's latest privacy requirements:

15.1 Apple App Store Compliance

• App Privacy Label: Complete and accurate disclosure of all data practices
• App Tracking Transparency (ATT): Request user permission before IDFA tracking
• SKAdNetwork: Attribution data is handled through Apple's privacy-preserving framework
• Minimum Tracking: Only essential device identifiers are used
• HTTPS Only: All network communications encrypted

15.2 Google Play Store Compliance

• Data Safety Section: Detailed disclosure of all data practices
• Google Advertising ID: Users can reset their GAID at any time
• Sensitive Permissions: Justified use of sensitive device permissions
• Child-Directed Treatment: Proper implementation of child-directed features

16. Contact Us & Data Subject Requests

For Privacy Concerns & Data Subject Requests:

• Email: support@BearCasual.com
• Business Inquiries: linqingyao@BearCasual.com
• Address: 111 Chuangye Road, Jingxiu District, Baoding, Hebei Province, China
• Response Time: Within 30 days for all requests

We will acknowledge receipt of your request within 10 days and provide full response within statutory timelines.

17. Policy Updates

• This policy may be updated periodically to reflect legal changes or new practices
• Material changes will be communicated through in-app notifications
• Continued use of BearCasual applications constitutes acceptance of updated policies
• Previous versions available upon request

Your Privacy Is Our Priority

BearCasual is fundamentally committed to protecting your privacy and personal data. We believe privacy is not a feature, but a right. All our applications are designed with privacy-first principles, ensuring your data remains under your control. We continuously monitor privacy regulations globally and adapt our practices to maintain the highest standards of data protection. If you have any questions or concerns about our privacy practices, please don't hesitate to contact us.