CodeStripes LLC ("CodeStripes", "we", "our", or "us") is a mobile application development studio registered as a Limited Liability Company in the State of Wyoming, USA. We design, develop, and publish mobile applications for Apple iOS/iPadOS and Google Android platforms on behalf of our clients, and operate our own digital services.
This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you: (a) visit our website codestripes.net; (b) use any application developed or published by CodeStripes; or (c) engage with our services as a client or prospective client.
For apps we develop on behalf of clients, additional privacy policies specific to each application will be made available through the relevant App Store or Google Play listing.
We collect information in the following categories:
We do not collect sensitive categories of personal data (e.g. health, biometric, financial account, or government ID data) through our website or agency services.
| Purpose | Legal Basis (GDPR) |
|---|---|
| Respond to enquiries and provide quotes | Legitimate interest / Contract |
| Deliver contracted development services | Contract performance |
| Send service updates and invoices | Contract performance |
| Improve our website and apps (analytics) | Legitimate interest |
| Marketing communications (opt-in only) | Consent |
| Comply with legal obligations | Legal obligation |
| Process AI feature inputs/outputs | Consent / Legitimate interest |
App Tracking Transparency (ATT): All CodeStripes-developed iOS apps that perform cross-app or cross-site tracking request explicit user permission via Apple's ATT prompt before accessing the Advertising Identifier (IDFA). We do not track users who decline this permission.
Privacy Nutrition Labels: Every app published on the App Store includes an accurate Privacy Nutrition Label in the app's product page, disclosing all data types collected, their purpose, and whether they are linked to the user's identity.
App Privacy Report: Our apps are designed to be compatible with Apple's App Privacy Report feature. We disclose all third-party SDKs and their data practices.
Privacy Manifests: In accordance with Apple's requirements effective May 2024, all CodeStripes-developed apps include a PrivacyInfo.xcprivacy manifest file that declares:
Sign in with Apple: Where Sign in with Apple is offered, we comply with Apple's requirements: we do not request more information than necessary, we respect the option to hide email addresses, and we do not use Apple ID credentials for purposes beyond authentication.
HealthKit, HomeKit & Sensitive Frameworks: If an app integrates sensitive Apple frameworks (HealthKit, HomeKit, Location, Camera, Microphone, Contacts, etc.), users are shown a clear purpose string explaining exactly why access is requested. Data from these frameworks is never used for advertising or sold to third parties.
Data Safety Section: All apps published on Google Play include an accurate and complete Data Safety declaration, specifying: what data is collected, whether it is shared with third parties, whether it is encrypted in transit, and whether users can request deletion.
Permissions: Android apps request only the minimum permissions necessary for core functionality (principle of least privilege). Runtime permissions that are sensitive (location, camera, microphone, contacts, storage, phone) are requested contextually at the moment of need, with a clear explanation of purpose. We do not request permissions that are not used.
Advertising ID: Apps that use Google's Advertising ID (GAID) for advertising purposes comply with Google Play's Advertising ID policy. Users who reset or opt out of personalized advertising are respected. Apps targeting children under 13 do not access the Advertising ID.
Google APIs & OAuth: When apps access Google APIs (Gmail, Calendar, Drive, etc.) via OAuth 2.0, we request only the minimum necessary scopes, display a clear OAuth consent screen, and do not use Google user data for purposes other than those disclosed.
Families Policy: Apps in the Family category or directed at children comply with Google Play's Families Policy — no behavioural advertising, no data collection beyond what is permitted, and no links to external content not approved for children.
Target API Level: All published apps target the most recent stable Android API level as required by Google Play, ensuring users benefit from the latest privacy and security protections offered by the platform.
Disclosure of AI Use: Applications that use AI or generative AI features clearly disclose this to users before or at the point of use. AI-generated content is labelled where required by law or platform policy.
Data Used for AI: We differentiate between:
User Inputs & Prompts: Text, images, audio, or other content submitted to AI features ("prompts") may be processed by third-party AI providers. We instruct our AI providers not to use customer data to train their general models where opt-out mechanisms exist. Users are informed of this at the time of first use of AI features.
AI-Generated Content: CodeStripes-developed apps that produce AI-generated content (text, images, audio, video) comply with:
No Automated Decisions with Legal Effects: We do not use AI to make automated decisions that produce legal or similarly significant effects about users without human review, except where expressly disclosed and lawful.
AI & Children: Apps available to children under 13 do not use cloud-based AI features that transmit personal data, unless compliant with COPPA and the respective platform's Families/Child Safety policies.
Biometric & Sensitive Data via AI: AI features that process biometric data (face, voice, fingerprint) comply with applicable biometric privacy laws (e.g. BIPA in Illinois) and require explicit, informed consent prior to processing. Such data is not retained beyond the session unless the user explicitly opts in.
We do not sell personal data. We may share data with the following categories of third parties, only as necessary:
| Party | Purpose | Data Transferred |
|---|---|---|
| Analytics providers (e.g. Firebase, Mixpanel) | App performance & usage analytics | Device data, usage events (anonymised) |
| Crash reporting (e.g. Crashlytics, Sentry) | Bug detection & resolution | Stack traces, device state |
| Cloud AI providers (OpenAI, Google, Anthropic) | AI feature processing | User prompts / inputs (see §6) |
| Email & CRM tools (e.g. HubSpot, Mailchimp) | Client communication | Name, email, project notes |
| Hosting & CDN (e.g. AWS, Cloudflare) | Website & API delivery | Usage logs, IP addresses |
| Legal & accounting advisors | Compliance, tax, legal proceedings | Minimal necessary data |
All third-party processors are bound by Data Processing Agreements (DPAs) and process data only on our documented instructions.
We retain personal data only for as long as necessary to fulfil the purposes described in this policy, or as required by law:
Right to Deletion: Users may request deletion of their personal data at any time. For apps published on the App Store or Google Play, a deletion request can be submitted directly from the app or via the store listing page, as required by Apple and Google policies. We will honour deletion requests within 30 days.
Our agency website is not directed at children under 13. We do not knowingly collect personal data from children under 13 through our website.
For apps we develop that are directed at or may be used by children, we implement strict controls in compliance with:
Depending on your location, you may have the following rights regarding your personal data:
| Right | GDPR (EU/UK) | CCPA (California) |
|---|---|---|
| Access your data | ✓ | ✓ |
| Correct inaccurate data | ✓ | ✓ |
| Delete your data ("right to be forgotten") | ✓ | ✓ |
| Restrict processing | ✓ | Limited |
| Data portability | ✓ | ✗ |
| Object to processing | ✓ | ✓ (opt-out of sale) |
| Withdraw consent | ✓ | ✓ |
| Non-discrimination for exercising rights | ✓ | ✓ |
To exercise any right, contact us at . We will respond within 30 days (GDPR) or 45 days (CCPA). If you are in the EU, you also have the right to lodge a complaint with your national data protection authority.
We implement appropriate technical and organisational measures to protect personal data, including:
No method of transmission or storage is 100% secure. In the event of a data breach that affects your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR.
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where required, notify users via email or in-app notification. Your continued use of our services after the effective date of any change constitutes acceptance of the updated policy.
For privacy-related questions, requests, or concerns, please contact our Data Protection Officer: