Privacy Policy

Introduction

This Privacy Policy explains how BrewisApps ("we," "our," or "us") collects, uses, stores, and protects information when you use our mobile applications. This policy applies to all applications published by BrewisApps on the Apple App Store and Google Play Store, including but not limited to Advent Cal, Belly Boi, Dot Countdown, Eid Photo Cal, Haze, Hop-on, Photo Cal, PrEP Pills, Tablets App, and Teacher Marking AI. By using our applications, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our practices, please do not use our applications.

1. Scope of This Policy

This Privacy Policy applies to all apps listed above and any other apps published by us under our Apple App Store and Google Play Store accounts. While features and functionalities may vary across apps, this policy addresses common practices related to data collection, storage, usage, and user rights. This policy includes provisions for current features and potential future integrations and updates.

2. Information We Collect

2.1 Information You Provide Directly

Depending on which app you use and which features you access, we may collect various types of information directly from you. Account Information may include authentication identifiers such as Sign in with Apple tokens and anonymous authentication IDs. User-Generated Content includes photos you upload through Advent Photo Cal, Eid Photo Cal, or Photo Cal, medication information including names, doses, schedules, and personal notes in the Tablets App, favorite locations and saved preferences in Hop-on, and general app preferences and settings across all applications. Purchase Information, including subscription status and purchase history, is processed by Apple App Store, Google Play Store, and our subscription management provider RevenueCat.

2.2 Information Collected Automatically

We collect information about how you use our apps through Firebase Analytics and Firebase Performance Monitoring. Analytics and Performance Data includes app opens and feature usage, session duration and frequency, device type, operating system and app version, general location at the country or region level only (not precise location), in-app events and user flows, and premium feature usage including subscription events, churn, and lapse analytics. Crash and Diagnostic Data is collected through Firebase Crashlytics to identify and fix technical issues, including device information such as model and operating system version, app state at the time of crash, stack traces and error messages, though this crash data does not include personally identifiable information. Additional Device and Usage Information collected includes device identifiers such as advertising ID and device ID where applicable, IP addresses used for API requests and functionality, app configuration and settings, and the time and date of app usage.

2.3 Location Information

The Haze and Hop-on app may request access to your device location to provide location-based features. Location data is used to find nearby information and display your position on the map. This location data is processed locally on your device and used only to query APIs. We do not store your location data or location history on our servers. However, if you manually enter location information for events or appointments in PrEP Pills or Tablets App, that manually entered location data may be stored as part of your event details. Location access is optional and you can deny location access and manually select locations instead without losing core functionality.

2.4 Advertising Data

Some apps display advertisements through Google AdMob. AdMob may collect device advertising identifiers, device information and IP address, ad interaction data, and information about other apps on your device. Apps currently displaying advertisements include Photo Cal, Advent Photo Cal, Eid Photo Cal, and Haze.

3. How We Use Your Information

3.1 Legal Basis for Processing

We process your personal data under the following legal bases as required by data protection law. We rely on Consent for collection of health information in Tablets App, photo uploads and sharing in Photo Cal apps, location access in Hop-on, and marketing communications if you opt in. We rely on Legitimate Interests for analytics and app improvement, crash reporting and bug fixes, fraud prevention and security, and customer support. Contractual Necessity is the basis for providing app features you have requested, processing subscriptions and purchases, and delivering content you have created or saved. Legal Obligation provides the basis for complying with applicable laws and responding to legal requests.

3.2 Purposes of Data Use

We use collected information to provide and maintain app functionality, process subscriptions and in-app purchases, sync your data across your devices via iCloud and Firebase, display personalized content and features, analyze app usage to improve performance and user experience, identify and fix bugs, crashes, and technical issues, send important notifications about your app usage through locally generated notifications, respond to your support requests, comply with legal obligations, prevent fraud and abuse, and moderate content when reported in Photo Cal apps.

4. How We Share Your Information

4.1 Third-Party Service Providers

We share information with third-party services that help us operate our apps. Firebase (Google LLC) provides analytics, crash reporting, performance monitoring, cloud storage through Firestore for user-generated content, authentication services, Cloud Functions for app functionality in Tablets App, and remote configuration. Firebase's Privacy Policy is available at https://firebase.google.com/support/privacy. RevenueCat provides subscription management and validation, purchase history synchronization, with their Privacy Policy available at https://www.revenuecat.com/privacy. Apple iCloud is used for data synchronization across devices and preference storage, with their Privacy Policy available at https://www.apple.com/legal/privacy/. Google AdMob is used in select apps for ad serving and delivery and ad performance tracking, with their Privacy Policy available at https://policies.google.com/privacy and Terms at https://developers.google.com/admob/terms. Transport for London is used exclusively in Hop-on for real-time bus arrival data and bus stop and route information, and your device IP address may be visible to TfL servers during API requests. TfL's Privacy Policy is available at https://tfl.gov.uk/corporate/privacy-and-cookies/ and Terms at https://tfl.gov.uk/corporate/terms-and-conditions/.

4.2 User-to-User Sharing

When you share photos through Advent Photo Cal, Eid Photo Cal, or Photo Cal, we generate an encrypted link containing a database reference ID. Recipients must download the app and agree to our terms to view shared content. Shared content is stored in Firebase and automatically deleted after 12 months. You generate and control who receives your sharing links.

4.3 Legal Requirements

We may disclose your information if required to comply with applicable laws, regulations, or legal processes, respond to lawful requests from public authorities, enforce our Terms of Service, protect our rights, property, or safety or that of our users or the public, and investigate or prevent fraud, security issues, or technical problems.

4.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information is transferred and becomes subject to a different privacy policy.

4.5 What We Do NOT Do

We do not sell your personal information to third parties. We do not share your health information from Tablets App with anyone except as necessary to provide app functionality. We do not share your photos from Photo Cal apps except through your explicit sharing actions. We do not track you across other apps or websites beyond standard advertising practices in ad-supported apps.

5. International Data Transfers

5.1 Data Storage Locations

Our apps use Firebase services, which may store data on servers located in multiple regions. We configure European servers where available, however some services such as Cloud Functions may only be available in US regions, and data may be transferred to and processed in countries outside your country of residence.

5.2 Safeguards for International Transfers

When your data is transferred internationally, we ensure appropriate safeguards are in place. Firebase and Google comply with the EU-U.S. Data Privacy Framework and UK-US Data Bridge. Standard Contractual Clauses (SCCs) are in place with our service providers. Data is encrypted in transit using industry-standard protocols.

5.3 UK and EU Users

For users in the United Kingdom and European Economic Area, we are a UK-based data controller. Your data may be transferred outside the UK and EEA to countries that may not offer the same level of data protection. These transfers are made with appropriate safeguards as required by UK GDPR and EU GDPR.

6. Data Retention

We retain your information for as long as necessary to provide our services and fulfill the purposes described in this policy. Account Data is retained while your account is active and deleted within 30 days of account deletion. User-Generated Content is handled as follows: photos in Photo Cal apps are automatically deleted 12 months after upload, health data in Tablets App is retained until you delete it or delete your account, and favorites and preferences are retained until you delete them or uninstall the app. Analytics and Crash Data retention periods are: analytics data is retained by Firebase for up to 14 months, and crash reports are retained by Firebase Crashlytics for up to 90 days, in accordance with their data retention policies. Subscription Data is retained by RevenueCat for the duration of your subscription plus legally required retention periods, and purchase history is retained for tax and accounting compliance. Local Device Data stored locally on your device remains until you delete the app or clear app data.

6.1 Retention After Account Deletion

When you delete your account or request data deletion, we will delete or anonymize your personal data within 30 days. However, we may retain certain data for longer periods where required or permitted by law, including data necessary for legal compliance, tax and accounting purposes, dispute resolution, fraud prevention and security, backup and disaster recovery systems, and enforcing our Terms of Service. Such retained data may be kept for up to 7 years or as required by applicable law. Retained data will be stored securely and access will be restricted to authorized personnel only.

7. Data Security

7.1 Security Measures

We implement appropriate technical and organizational measures to protect your information, including data encryption in transit using HTTPS/TLS, secure authentication through Sign in with Apple, Firebase security rules to protect cloud-stored data, regular security updates and monitoring, and access controls limiting who can access user data.

7.2 Your Responsibility

You are responsible for keeping your device secure through passcode and biometric authentication, not sharing your account credentials, using secure networks when accessing our apps, and reporting any suspected security breaches to us immediately.

7.3 Important Limitations

No method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your information. We are not responsible for security of data handled by third-party service providers beyond our contractual requirements with them. You use our apps at your own risk regarding data security.

7.4 Data Breach Notification

In the event of a data breach that affects your personal information, we will notify affected users within 72 hours of discovering the breach as required by GDPR. Notification will be provided via in-app message or email where available. We will describe the nature of the breach, potential consequences, and remedial actions. We will notify relevant supervisory authorities as required by law.

8. Your Privacy Rights

8.1 Rights for All Users

You have the right to access your data by requesting a copy of the personal information we hold about you, noting that most data is accessible directly within the app. You have the right to delete your data using in-app options to delete your content, account, and associated data, or by requesting deletion by contacting support@brewisapps.com, though some data may be retained for legal compliance purposes. You have the right to correct your data by updating or correcting inaccurate information within the app settings. You may withdraw consent by disabling analytics, location access, or other permissions in device settings, or by deleting your account to withdraw consent for data processing. You can manage notifications by controlling notification preferences in device settings, noting that all notifications are generated locally on your device. You may export your data by requesting a copy of your data by contacting support@brewisapps.com, though most data such as favorites and preferences is stored locally and can be manually recorded.

8.2 Rights for UK and EU Users

In addition to the rights above, you have the right to restriction, meaning you may request we limit how we use your data. You have the right to object to processing based on legitimate interests and to object to direct marketing, though we do not engage in direct marketing. You have the right to data portability, meaning you may receive your data in a structured, commonly used format and request transfer of your data to another service where technically feasible. You have the right to lodge a complaint with your local data protection authority if you believe we have violated your rights. UK users may contact the Information Commissioner's Office (ICO) at https://ico.org.uk. EU users may contact their local supervisory authority.

8.3 Rights for California Users

California residents have specific rights under the California Consumer Privacy Act (CCPA). You have the right to know what personal information we collect, the categories of sources from which we collect it, the business purposes for collection, and the categories of third parties we share information with. You have the right to delete your personal information, subject to legal exceptions. You have the right to opt-out of the "sale" of personal information, though we do not sell your information. You have the right to opt-out of sharing personal information for targeted advertising, and we will add a toggle in app settings to disable analytics sharing for US users. You have the right to non-discrimination, meaning we will not discriminate against you for exercising your privacy rights, and access to app features will not be denied for opting out of data sharing except where data is essential for that specific feature. You may designate an authorized agent to make requests on your behalf. To exercise your rights, email support@brewisapps.com or use data management and deletion features in app Settings. We will respond within 30 days, or 45 days for complex requests.

8.4 How to Exercise Your Rights

Within the app, go to Settings and access Privacy or Data Management options, use "Clear All Data" or "Delete Account" options, and manage device permissions in iOS or Android Settings. To contact us, email support@brewisapps.com and include your app name, user ID, email if applicable, and your specific request. We will verify your identity before processing requests and will respond within 30 days.

9. Children's Privacy

9.1 Age Requirements

Our apps are rated by Apple App Store and Google Play Store as 4+ (or 17+ for PrEP Pills), however users must be at least 13 years old to use our apps, or have permission from a parent or legal guardian if under 13. We do not knowingly collect personal information from children under 13 without parental consent. Users must confirm they are 13 years or older, or have parental permission, during the onboarding process before accessing app features. PrEP Pills requires users to confirm they are 17 years or older.

9.2 Parental Consent

If we discover we have collected personal information from a child under 13 without verifiable parental consent, we will delete that information as soon as possible and prevent further access until proper consent is obtained. For parents and guardians, if you believe your child has provided information to us, contact support@brewisapps.com. You may request to review, delete, or stop further collection of your child's information. You may withdraw consent at any time. By allowing a child under 13 to use our apps, parents and guardians agree to these Terms and Privacy Policy on behalf of the child and accept responsibility for the child's use of the apps.

9.3 What We Collect from Users 13 and Older

Even for users over 13, we minimize data collection. No full names or personal identifiers are required for most features. Anonymous authentication is used where possible. Limited analytics are focused on app improvement. Parents should review this policy before allowing teens to use our apps.

10. App-Specific Privacy Information

10.1 Hop-on

Data Collection includes location data with your permission which is processed locally, favorite bus stops stored locally on device, recent searches stored locally on device, app usage analytics via Firebase, subscription status via RevenueCat, and no advertising or ad tracking. Third-Party Data usage includes the Transport for London Unified API, and TfL may see your device IP address during API requests. Bus arrival data is subject to TfL's privacy policy and terms. Required Attribution: Powered by TfL Open Data; Contains OS data © Crown copyright and database rights 2025. What We Don't Collect: travel history or patterns, location history, or personal identification beyond anonymous device IDs.

10.2 Photo Cal, Advent Photo Cal, Eid Photo Cal

Data Collection includes photos you upload which are stored in Firebase Storage, sharing preferences and recipients, anonymous authentication ID, app usage analytics via Firebase, and ad interaction data via AdMob. Photo Storage and Sharing operates as follows: photos are stored in Firebase Cloud Storage with your authentication, encrypted sharing links are generated when you choose to share, shared content is automatically deleted after 12 months, and only users with your sharing link can access your photos. Content Moderation allows us to access reported content to investigate abuse, remove prohibited content that violates Terms of Service without notice, terminate accounts that repeatedly violate content policies, and users should use the "Report Content" feature to report violations.

10.3 Tablets App

Sensitive Health Information is collected by this app including medication names, doses, schedules, and personal notes. How We Use Health Data: it is stored in Firebase Firestore if you use premium features and opt-in, used solely to provide medication reminder functionality, shared only if you explicitly share with another user, never used for advertising, marketing, or any other purpose, and all reminders are generated locally on your device. Important Health Disclaimers include; we are not a healthcare provider and do not provide medical advice, we are working to implement additional sharing encryption, this app is supplementary to professional healthcare guidance, and you should not rely solely on this app for critical medication reminders. Your Control includes the ability to delete all health data at any time in app settings, export your data by contacting support@brewisapps.com, and opt-out of cloud storage by not using premium features.

10.4 PrEP Pills

Health Information Partnership: this app displays informational content from iBASE PrEP Guide. We do not have access to or collect data from iBASE. All information is for educational purposes only and is not a substitute for professional medical advice. Data Collection includes medication reminder preferences stored locally and app usage analytics via Firebase, with no sharing of health data.

10.5 Advertising-Supported Apps

The following apps display advertisements via Google AdMob: Photo Cal, Advent Photo Cal, Eid Photo Cal, and Haze. What This Means: AdMob collects device identifiers and displays targeted ads, you may see ads based on your interests and app usage, third-party ad networks may track you across apps, and you should review Google's privacy policy for details on ad personalization. Ad Choices are available as follows: on iOS, go to Settings, Privacy, Apple Advertising, and enable Limit Ad Tracking; on Android, go to Settings, Google, Ads, and Opt out of Ads Personalization. These settings affect ads across all apps, not just ours.

11. Cookies and Tracking Technologies

11.1 Technologies We Use

Mobile SDKs include Firebase SDK for analytics, authentication, and cloud services, RevenueCat SDK for subscription management, and AdMob SDK in select apps for advertising. Local Storage utilizes iOS UserDefaults for app preferences, iCloud KeyValue storage for cross-device sync, and Core Data or local files for user-generated content. Identifiers used include device advertising ID (IDFA on iOS, AAID on Android), Firebase Installation IDs for analytics, and anonymous authentication tokens.

11.2 Do Not Track

Our apps do not respond to "Do Not Track" browser signals as they are mobile applications. However, you can limit ad tracking in device settings, disable analytics sharing (we will add this option for US users), and deny app permissions to limit data collection.

12. Third-Party Links and Services

12.1 External Links

Our apps may contain links to third-party websites or services. We are not responsible for privacy practices of external sites. This Privacy Policy does not apply to third-party services. We encourage you to review privacy policies of any site you visit.

12.2 Third-Party Integrations

Transport for London (TfL) integration in Hop-on uses TfL's open data API and is subject to TfL's terms and privacy policy. We do not control TfL's data practices. iBASE PrEP Guide content is displayed in PrEP Pills as educational content from iBASE. We do not share user data with iBASE. iBASE content is subject to their own terms. App Store Providers including Apple App Store and Google Play Store process purchases and are subject to their respective privacy policies. We receive limited transaction data such as subscription status, not payment details.

13. Changes to This Privacy Policy

13.1 Updates

We may update this Privacy Policy from time to time to reflect changes in our data practices, new app features or functionality, legal or regulatory requirements, and feedback from users or regulators.

13.2 Notification of Changes

When we make material changes to this policy, we will update the "Last Updated" date at the top, may notify you via in-app message or notification, and continued use of our apps after changes constitutes acceptance. We encourage you to review this policy periodically.

13.3 Where to Find Updates

The current version of this Privacy Policy is always available at our website at https://brewisapps.com/apps/privacy and in-app through Settings and Privacy Policy.

14. Data Protection Compliance

This policy complies with applicable data protection laws, including the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA) and the United Kingdom. By using our apps, you consent to the collection, storage, and processing of your data as outlined in this policy. By using this app, you acknowledge and agree that certain data collection is essential for its functionality. If you do not agree to this data collection, you will not be able to access or use the app. We also adhere to other applicable laws, such as the Children's Online Privacy Protection Act (COPPA) for apps targeting children under 13 and the California Consumer Privacy Act (CCPA) for residents of California. We collect data necessary for the operation of this app. You cannot opt-out of this collection if you wish to use the app. However, you may opt-out of the sharing of your data for advertising purposes. This will not affect your ability to use the app.

15. Contact Us

15.1 Data Controller

BrewisApps is a sole trader based in the United Kingdom.

15.2 Contact Information

For privacy questions or requests, email support@brewisapps.com or visit our website at https://brewisapps.com. For data subject requests, include in your email your name, app name(s) you use, user ID or email if applicable, and the specific nature of your request. We will respond within 30 days.

16. Accessibility

We strive to make our apps and this Privacy Policy accessible to all users. If you have difficulty accessing or understanding this policy, please contact support@brewisapps.com and we will provide assistance.