Privacy
Policy

Evolvia Studios LLC is the data controller for purposes of the General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), and any other applicable privacy legislation that recognizes the concept of a data controller or equivalent.

This Privacy Policy applies to all users of the Application globally, regardless of the platform through which the Application is accessed (Google Play Store or Apple App Store), and supplements the Company's Terms and Conditions, which are incorporated herein by reference.

This Policy should be read together with our Terms and Conditions and End User License Agreement, all available at www.evolvia-app.com.

We believe your personal data belongs to you. Evolvia is engineered on a local-first, privacy-by-design architecture. This means:

• We do not operate user data servers. Your usage data, browsing history, and behavioral data are stored exclusively on your device.
• We do not sell your data. We have never sold and will never sell personal information to data brokers, advertisers, or any third party for monetary or other consideration.
• We do not profile you for advertising. While we display ads through Google AdMob (free tier only), we do not build or sell behavioral advertising profiles from your personal usage data.
• We collect only what is necessary. All data collection is limited to what is strictly required to provide the App's functionality or maintain service quality.

This Section is a plain-language summary. The full details of our practices are set forth in the sections below, which govern in the event of any conflict.

We collect the following categories of information, depending on your use of the Application:

We do not use your Accessibility Service permission or Usage Access permission to collect any data beyond what is explicitly described in Section 3 and Section 7 of this Policy.

For users located in the European Economic Area (EEA) or the United Kingdom, we process personal data only where we have a lawful legal basis to do so. The legal bases we rely upon are:

Where we rely on legitimate interests, we have conducted a balancing assessment and determined that our legitimate interests are not overridden by your rights and freedoms, given the limited and non-intrusive nature of the data collected.

Where we rely on consent (e.g., for personalized advertising via AdMob), you have the right to withdraw that consent at any time without affecting the lawfulness of processing prior to withdrawal. See Section 14 for how to exercise this right.

We use the information we collect for the following purposes only:

• (a) To provide and maintain the Application and its features, including account management, subscription management, blocking functionality, and usage reporting — all processed locally on your device.
• (b) To communicate with you, including responding to support inquiries, sending account-related notifications (e.g., subscription renewal reminders, policy updates), and providing technical assistance.
• (c) To improve Application quality and stability, using anonymized crash reports (Firebase Crashlytics) and aggregated analytics (Firebase Analytics) to identify bugs, optimize performance, and prioritize feature development.
• (d) To serve advertisements on the free tier of the Application via Google AdMob, subject to applicable consent requirements.
• (e) To enforce our Terms and Conditions, detect fraud or abuse, and protect the rights, property, and safety of the Company and its users.
• (f) To comply with applicable law, including responding to lawful legal process, regulatory obligations, and court orders.

We do not use your information for automated decision-making that produces legal or similarly significant effects on you without human review.

The Application requires certain elevated Android system permissions to deliver its core functionality. This section provides a detailed, transparent account of how each permission is used in relation to your data:

You may revoke any of the above permissions at any time through your device's system settings (Settings → Accessibility / Usage Access / Device Administrators). Revocation will disable corresponding Application features.

Company Servers: The Company does not operate personal data servers for user behavioral or usage data. The only data that may reach Company-affiliated infrastructure is:

• Crash logs processed by Firebase Crashlytics (Google infrastructure)
• Anonymized analytics processed by Firebase Analytics (Google infrastructure)
• Subscription status information communicated by the Google Play Store or Apple App Store

Retention Periods:

Upon your uninstallation of the Application, all locally stored data is deleted from your device. The Company has no ability to recover locally stored data following uninstallation.

We may disclose information only in the following limited circumstances:

• (a) Third-Party Service Providers (Processors): We use Google LLC (Firebase Crashlytics, Firebase Analytics, Google AdMob) as a data processor under contractual data processing agreements. Google processes data strictly for the purposes described in this Policy and is prohibited from using that data for its own purposes.
• (b) App Store Platforms: Google Play Store and Apple App Store process subscription and payment data under their own privacy policies, as independent data controllers.
• (c) Legal Compliance: We may disclose information to law enforcement, courts, regulators, or other governmental authorities where required by applicable law, valid legal process (such as a subpoena or court order), or to protect the rights, property, or safety of the Company, its users, or the public. We will notify you of any such request to the extent permitted by law.
• (d) Business Transfers: In the event of a merger, acquisition, asset sale, or other business transfer involving the Company, user information may be transferred as part of that transaction. We will provide notice and, where required, obtain consent prior to any transfer that would materially change how your information is used.
• (e) With Your Consent: We may share your information in any other circumstance with your prior, explicit, and informed consent.

The free tier of the Application displays advertisements served by Google AdMob. AdMob may use your device's advertising identifier and related signals to serve personalized advertisements.

Opt-Out of Personalized Advertising:

Opting out of personalized advertising does not remove ads from the Application; it results in the display of non-personalized (contextual) advertising instead.

For users in the EEA or UK, AdMob will only serve personalized ads where you have provided valid GDPR consent via our in-app consent management mechanism, in accordance with Google's EU User Consent Policy.

Users between 13 and 17 may use the Application only with verifiable parental or guardian consent. Parents or guardians of minor users assume responsibility for reviewing this Privacy Policy and consenting to the data practices herein on behalf of the minor.

If you are a parent or guardian and believe that your child under the age of 13 has provided personal information to us without your consent, please contact us immediately at privacy@evolvia-app.com. We will promptly investigate and, where confirmed, delete such information from our records.

We comply with the Children's Online Privacy Protection Act (COPPA) and, for European minor users, the GDPR's enhanced protections for children's personal data, including the requirement for parental consent for users under the applicable national age threshold (which may be higher than 13 in some EU member states).

We implement commercially reasonable administrative, technical, and physical security measures designed to protect the information we process against unauthorized access, disclosure, alteration, or destruction. These measures include:

• Encryption of account passwords (hashing with salt; plaintext passwords are never stored)
• Encrypted local storage for Application data on supported devices
• Secure HTTPS connections for all communications between the Application and third-party service APIs
• Contractual data security requirements imposed on third-party service providers (Google LLC)
• Regular review of our data handling practices and security architecture

No method of data transmission or storage is 100% secure. While we strive to protect your information using industry-standard practices, we cannot guarantee absolute security. In the event of a data breach affecting your rights and freedoms, we will notify you and applicable regulators as required by law.

The Company is based in the United States. If you are accessing the Application from outside the United States, your information (to the limited extent it leaves your device) may be transferred to, processed in, and stored in the United States or other countries where Google LLC (Firebase, AdMob) maintains infrastructure.

For transfers of personal data from the EEA or UK to the United States, we rely on the following transfer mechanisms where applicable:

• Standard Contractual Clauses (SCCs) as adopted by the European Commission, incorporated into our agreements with Google LLC;
• UK International Data Transfer Agreements (IDTAs) for UK data transfers.

For California residents, transfers of personal data are subject to the CCPA and are not considered a "sale" of personal information.

We take steps to ensure that any international transfer of your data is handled securely and in accordance with applicable data protection law.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

We may need to verify your identity before processing a rights request. We will not fulfill requests if we cannot reasonably verify the requestor's identity.

The Application itself (as a native mobile app) does not use browser cookies. However, the Application may use the following analogous tracking technologies:

• Mobile advertising identifiers (Google Advertising ID / GAID on Android; IDFA on iOS) — used by Google AdMob for advertising purposes as described in Section 10.
• Firebase SDK instance identifiers — anonymized identifiers used by Firebase Analytics and Firebase Crashlytics to associate crash reports and analytics events with a single installation instance (not a real person).

You may reset your mobile advertising identifier at any time through your device settings:

• Android: Settings → Google → Ads → Reset advertising ID
• iOS: Settings → Privacy → Tracking

If the Company operates a website at evolvia-app.com, that website may use cookies and similar technologies separately governed by a website-specific cookie policy, which will be made available on the website.

Notifications will be delivered via email to the address associated with your account and/or via in-app notice. We will describe the nature of the breach, the categories of data affected, likely consequences, and the measures taken or proposed to address the breach.

Given that primary user data is stored locally on your device, the most significant breach risk relates to Firebase and account credential infrastructure. Device-level breaches (e.g., device theft or unauthorized device access) are beyond the Company's control and responsibility.

Our Application integrates with third-party services whose data practices are governed by their own privacy policies. We encourage you to review these policies:

• Google Privacy Policy: https://policies.google.com/privacy — applies to Firebase Analytics, Firebase Crashlytics, and Google AdMob
• Google Play Store: https://play.google.com/about/play-terms
• Apple App Store: https://www.apple.com/legal/privacy

The Company is not responsible for the privacy practices of any third-party service provider. We encourage you to review the applicable third-party policies, particularly with respect to AdMob's data use for advertising purposes.

Third-party links or services accessible through the Application are not covered by this Privacy Policy. Navigating to third-party sites or services from the Application is at your own discretion.

This Section supplements the general rights described in Section 14 and provides disclosures required specifically under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), for California residents.

Categories of Personal Information Collected in the Past 12 Months:

Shine the Light (California Civil Code § 1798.83): We do not disclose personal information to third parties for their own direct marketing purposes. California residents may request confirmation of this practice at privacy@evolvia-app.com.

To submit a verifiable consumer request under the CCPA, contact us at privacy@evolvia-app.com. We will respond within 45 days, with a possible 45-day extension upon notice.

We reserve the right to update or modify this Privacy Policy at any time. When we make material changes, we will:

• (a) Post the revised Privacy Policy at www.evolvia-app.com/privacy with an updated "Effective Date";
• (b) Notify active users via email and/or in-app notification at least 14 days before the revised Policy takes effect for material changes;
• (c) Where required by applicable law (e.g., GDPR for consent-based processing), obtain renewed consent before implementing changes that affect how we use your data.

Your continued use of the Application after the effective date of any revised Privacy Policy constitutes your acknowledgment of and agreement to the updated terms.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

For all privacy-related inquiries, requests, or complaints, contact us at:

EU/UK Representative and DPO: At this stage of the Company's operations, Evolvia Studios LLC has not appointed a formal EU/UK Data Protection Officer (DPO). As the Application grows its EEA and UK user base to a threshold requiring a DPO appointment under GDPR Article 37, the Company will designate a DPO and publish their contact details at www.evolvia-app.com/privacy. EEA and UK users may direct privacy concerns to privacy@evolvia-app.com in the interim.

If you believe we have not adequately addressed your privacy concern, you have the right to lodge a complaint with:

• Your national Data Protection Authority (for EEA users)
• The UK Information Commissioner's Office (ICO) at ico.org.uk (for UK users)
• The California Attorney General (for California residents)

This Privacy Policy was last updated on March 4, 2026.