Privacy Policy — MightyS

MightyS ("we", "us", "our") is a small mobile app studio. We build utility apps, AI-powered tools, and creative apps for iOS and Android.

This Privacy Policy applies to all mobile applications published under the MightyS developer account on the Apple App Store and Google Play Store. It describes what data each category of app may collect, how we use it, who we share it with, and the rights you have under applicable law — including the EU General Data Protection Regulation (GDPR), the UK GDPR, and the California Consumer Privacy Act (CCPA).

Some apps have additional, app-specific privacy policies due to the nature of their features. Where a separate policy exists, it takes precedence over this general policy for that app. See Section 9 for details.

01

Overview

Our guiding principle is collect nothing you don't need. The majority of our apps are pure on-device utilities — they process your data locally, store it locally, and never transmit it anywhere. A small number of apps use cloud services for specific features (leaderboards, AI processing); these are described in detail below.

Our absolute commitments, across every MightyS app:

✔ We never sell your personal data to any third party.
✔ We never use your data for advertising or ad targeting.
✔ We never display third-party advertisements in any app.
✔ We collect only what is strictly necessary for app functionality.

02

What We Collect

Different apps collect different amounts of data depending on their feature set. The table below shows the data categories that apply across our portfolio, organised by app type. For any given app, only the relevant row applies.

Category	Description	Level
Pure utility apps	Nothing. All processing happens on your device. No data leaves the app.	None
Apps with on-device AI	Your documents or images are analysed entirely on your device using on-device AI models. No content is sent to any server.	None
Apps with in-app purchases	Purchase transactions are handled entirely by Apple (App Store) or Google (Play Store). We receive only a non-personal confirmation of the purchase (product ID + transaction status). We never see your credit card, billing address, or payment details.	None (via Apple/Google)
Apps with leaderboards or cloud features	A randomly generated anonymous identifier and your submitted scores or data. No name, email, or device identifiers are stored. Cloud storage uses anonymous authentication only.	Minimal
Apps with cloud AI features	Text or images you submit for AI-assisted processing are sent to a third-party AI API. The content is not linked to your identity, account, or any persistent identifier. See Section 4 for details.	Minimal

Apple App Store "Data Not Collected" declaration: For apps in the pure utility and on-device AI categories above, we select "Data Not Collected" on the App Store product page, as defined by Apple's App Privacy labels. This is accurate and verifiable.

03

How We Use Data

Where any data is collected, it is used only for the following purposes:

App functionality — delivering the specific feature that requires the data (e.g., displaying a leaderboard, returning an AI-generated answer).
Purchase verification — confirming that an in-app purchase was completed so we can unlock the relevant features. This is handled by Apple/Google; we store only the confirmation.
Bug diagnosis — if an app crashes, anonymised crash reports (stack traces, device model, OS version — no personal data) may be captured via Apple's built-in crash reporting, which you can opt out of in iOS Settings.

We do not use data for: advertising, profiling, cross-app tracking, model training, or any purpose beyond what is listed above. We do not enrich collected data with third-party data sources.

Legal basis (GDPR): Where processing occurs, our legal basis is contract performance (Art. 6(1)(b) GDPR) for delivering features you explicitly request, and legitimate interests (Art. 6(1)(f) GDPR) for crash reporting and purchase verification — interests that are proportionate and do not override your fundamental rights.

04

Third-Party Services

We use a minimal set of third-party services. Each receives only the data strictly necessary for its function. We do not use advertising networks, cross-app tracking SDKs, or data brokers. Services listed below are used only in apps where the relevant feature applies ("where applicable").

Service	Purpose	Data Shared	Privacy Policy
Apple (App Store / StoreKit)	In-app purchases on iOS, where applicable	Apple handles all payment data. We receive a non-personal purchase receipt. Apple's privacy practices govern the transaction.	apple.com/legal/privacy
Google (Play Store / Billing)	In-app purchases on Android, where applicable	Google handles all payment data. We receive a non-personal purchase token. Google's privacy practices govern the transaction.	policies.google.com/privacy
RevenueCat	Cross-platform in-app purchase management and entitlement tracking, in apps with cross-platform purchase restore	Purchase receipts and a randomly-generated subscriber ID. RevenueCat does not receive your name, email, or payment details.	revenuecat.com/privacy
Firebase (Google)	Anonymous authentication and cloud data storage, in apps with leaderboard or cloud features	A randomly-generated anonymous UID and submitted scores or data. No name, email, or device identifiers are stored. Firebase Authentication is used in anonymous mode only.	firebase.google.com/support/privacy
AI API provider	AI-assisted processing, in apps with cloud AI features	The text or image content you submit is sent to the API for processing. It is not linked to your name, account, or any persistent identifier. The specific provider may change; this policy will be updated accordingly. The current provider is linked within the relevant app.	Refer to the provider's current privacy policy, linked within the app.
ipapi.co	Approximate visitor location (country, city) for the mightys.dev website only — used to understand where site traffic comes from. Not used inside any app.	Your IP address is sent to ipapi.co, which returns the country and city. We store only the country, country name, and city — not the IP itself. Result is cached in your browser for 24 hours.	ipapi.co/privacy

No other third-party SDKs are integrated for analytics, advertising, or data collection purposes. For apps with additional third-party integrations, refer to the app-specific policy listed in Section 9.

Website analytics (mightys.dev only). The mightys.dev website logs basic page views, scroll depth, and clicks on app cards or store buttons to help us understand which apps people are interested in. Each event includes your browser's user agent, the referring URL, your browser language and timezone, and (via ipapi.co — see above) your approximate country and city. Events are stored in our own Firestore database. We do not set cookies, run ads, share this data with third parties, or attempt to identify individual visitors. These analytics are only on the website — none of our apps log this kind of data.

05

Data Storage & Security

On-device apps: All data remains on your device and is stored using the platform's standard secure storage mechanisms (iOS Keychain for sensitive values, app-sandboxed local storage for preferences and content). No data is transmitted over the network.

Apps using cloud storage (leaderboards and cloud features): Cloud data is stored in Google Firebase Firestore with the following protections:

Encryption in transit (TLS 1.3)
Encryption at rest (AES-256, managed by Google)
Firebase Security Rules restrict read/write access to the authenticated anonymous session only — no other user or party can access your record directly

Apps using cloud AI processing: Submitted content is sent over an encrypted connection (TLS) to the AI API provider. We do not store your queries on our own servers. The provider's retention and security practices are governed by their privacy policy (linked within the relevant app).

We do not operate our own backend servers for any app beyond what is described above. There is no MightyS central database of user records.

We cannot access, read, or export your on-device data. If your device is the only place your data exists, only you control it. Deleting the app deletes all associated local data permanently.

06

Your Rights (GDPR & CCPA)

European Economic Area & UK users (GDPR / UK GDPR) — you have the following rights with respect to any personal data we process:

Access

Request a copy of the personal data we hold about you.

Rectification

Ask us to correct inaccurate or incomplete data.

Erasure

Request deletion of your data. We will action this within 30 days.

Portability

Receive your data in a structured, machine-readable format.

Restriction

Ask us to pause processing your data in certain circumstances.

Objection

Object to processing based on legitimate interests.

Withdraw Consent

Where consent is the legal basis, withdraw it at any time without penalty.

Complaint

Lodge a complaint with your national data protection authority (see edpb.europa.eu).

California residents (CCPA) — you have the right to:

Know what personal information is collected, used, shared, or sold.
Delete personal information we have collected (subject to certain exceptions).
Opt out of sale — we do not sell personal information. There is nothing to opt out of.
Non-discrimination — we will not discriminate against you for exercising any CCPA right.

For apps that collect no personal data, these rights are trivially satisfied — there is nothing to access, correct, export, or delete. For apps that do process data, contact us at contact@mightys.dev and we will respond within 30 days.

07

Children's Privacy

Our apps are not directed at children under the age of 13 (or 16 in EEA jurisdictions), and we do not knowingly collect personal data from children.

Some of our apps are educational tools used by students of all ages. These apps do not require account creation, do not collect names or contact details, and do not retain submitted content beyond what is required to generate a response. Parents or guardians with concerns may contact us at contact@mightys.dev.

If we become aware that a child under 13 has provided personal data to any of our apps without verifiable parental consent, we will delete it promptly. If you believe this has occurred, please contact us immediately.

08

Data Retention

On-device data — retained on your device for as long as the app is installed. Deleted immediately and permanently when you uninstall the app or use the app's built-in data deletion option.
Cloud-stored data (apps with leaderboard or cloud features) — retained while the relevant cloud feature is active. Deleted within 30 days upon a verified deletion request to contact@mightys.dev.
Purchase records — retained for as long as required to honour your entitlements and comply with applicable tax law. This record contains no personal data beyond the product ID and transaction status.
AI queries (apps with cloud AI features) — not retained by us. We pass the query to the AI provider and return the response; we do not log queries on our own infrastructure. The AI provider's own retention policy applies to data received by their API — refer to the policy linked within the relevant app.
Crash reports (all apps) — if you have not opted out of sharing diagnostics with developers (iOS Settings › Privacy & Security › Analytics & Improvements), Apple may share anonymised crash reports with us. These contain no personal data and are retained for 90 days.

09

App-Specific Policies

Some apps may have their own dedicated privacy policies that provide additional detail about data practices specific to that app's features. Where an app-specific policy exists, it is linked within the app and on the app's landing page on our website. App-specific policies supersede this general policy for that app.

Where no app-specific policy is linked, this general policy applies in full to that app.

If you have a question about data practices for a specific app, contact us at contact@mightys.dev.

10

Changes to This Policy

We may update this Privacy Policy when we release new apps, add features that involve new data practices, or as required by changes in applicable law. When we update the policy, we will revise the "Last updated" date at the top of this page.

For material changes — particularly changes that affect data collection in apps that previously collected nothing, or that introduce new third-party services — we will provide notice within the relevant app (e.g., an in-app notification on next launch) prior to the change taking effect.

Your continued use of any MightyS app after a policy change constitutes acceptance of the updated terms. If you do not agree with a change, you may stop using the affected app and request deletion of any stored data by contacting us.

11

Contact Us

For any questions, data requests, or concerns related to this Privacy Policy or your personal data:

MightyS
Operator: MightyS
Email: contact@mightys.dev
Website: mightys.dev

We aim to respond to all privacy-related requests within 30 days. For requests involving data deletion under GDPR or CCPA, we will confirm completion within 30 days of verifying your identity.

EU/EEA users also have the right to lodge a complaint with their national supervisory authority. A directory of EU data protection authorities is available at edpb.europa.eu. UK users may contact the Information Commissioner's Office at ico.org.uk.