Effective Date: December 1, 2022
Your privacy – it’s a big deal to us. Of course, we know, nobody loves reading long privacy policies though – even us! But, please know this policy is detailed and here simply because we care and put privacy first in our service. We refuse to compromise here. We value your rights and want you to be have full transparency and be aware of how we use data, protect your privacy, etc. Users’ privacy, safety, and security in our service are our top priorities – of course with fun too. 🙂 So please take a few moments to review here, and as always let us know if you ever have questions or concerns!
Widgetbaby.com (“Website”) and its related WidgetBaby! Application (“App”), services, and products specific to WidgetBaby (collectively “WidgetBaby” or the “Service”) are owned and operated by H’Appile Interactive, LLC (“H’Appile Interactive”, “Our”, “Us”, “We”).
(a) “Children’s Online Privacy Protection Act” (“COPPA”) means the United States law for online protection of Children’s privacy.
(b) “California Consumer Privacy Act” (“CCPA”) means the California statute intended to enhance privacy rights and consumer protection for residents of California, United States.
(c) “General Data Protection Regulation” (“GDPR”) means the European Union (“EU”) law on data protection and privacy applicable to individuals within the EU.
(d) “Lei Geral de Proteção de Dado”(“LGPD”) means Brazil’s law on data protection and privacy applicable to individuals within Brazil.
(e) “Information” includes the literal definition of “information” and means any data, content, parameters, identifiers, etc.
(f) “Personal Information” or “Personal Data” is a subset of Information, and means any Information “relating” to an identified or “identifiable natural person”. An identifiable natural person is one who can be reasonably identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, behavioral, or social identity of that natural person. Data that relates to a person would be data that has the ability to impact the person or be used to learn and make decisions specifically about them or targeted to them.
(g) “Persistent Identifier” also referred to as “device identifiers” are anonymous numeric or alpha-numeric character sequences that uniquely identify a specific device. Alone, and with limited usage, these identifiers can’t be reasonably linked back to a specific individual. In some cases, however, you may see in this policy we regard these as “Personal Information”. This is because in unique circumstances or over time, these identifiers can become personally identifiable and traceable back to you. Examples may be in cases where they’re used to track behavior across third parties services, depending on how they may be shared/stored, and if they’re used to build behavioral profiles for targeted advertising. (e.g. Consider an IP Address that identifies a computer (or a group of) on the internet. Alone, this doesn’t identify who that computer belongs to or is used by, etc. unless possibly combined with additional records from say an Internet Service Provider(i.e. “ISP”) that may link that identifier to some individual.)
(h) “Collection”, “Collected Data/Information” means the removal, transfer, copy, or submission of information from your device or by you to us or a third party, such that information can then be defined as in the possession, storage, or control of us or a third party.
(i) “Local Data/Information” means information or data only used or stored locally by the App on your device; this data isn’t collected.
(j) “Internet Protocol Address (“IP Address)” is a Persistent Identifier that identifies your device(s) or computer(s) on the internet.
(k) “Identifier for Advertiser (IDFA)” also referred to as “advertising identifier” or “advertising device identifier” is a Persistent Identifier, and may be used for the purposes or tracking and attributing users’ behaviors across their device and third parties to learn their preferences and interests so ads may be better targeted for them.
(l) “Identifier for Vendor (IDFV)” also referred to as “vendor device identifier” is a Persistent Identifier that identifies one or more installed application(s) by the same vendor on a given device, and can be used to understand first party analytics and contextual use of an application by that device.
(m) “Targeted Advertising” is advertising selected or curated based on known Information for the User and/or device, in an effort to be most relevant and appropriate for them. Targeted advertising has two forms, “Personalized” and “Contextual”.
(n) “Personalized Advertising” for the purposes of this policy and when referenced within the App, if authorized/allowed, means with respect to use of the IDFA to track and behaviorally target interest based ads for you in the Service. This may use a profile of data that details your interests and actions from use across your device and third party apps/services.
(o) “Contextual Advertising” for the purposes of this policy may also be called “Contextualized Advertising”, “Contextually Based Advertising”,”ads served contextually” etc. Contextual Advertising refers to advertising that doesn’t track user behavior or interests across third party apps (i.e. doesn’t use the IDFA). This advertising is limited to only using first party data obtained in the context of and/or from your use of the Service or those by H’Appile Interactive on your device.
(p) “Private Database” means a database that is only accessible by You and/or Your device, or any of those devices which share the same credentials (i.e. Apple ID) as You. (e.g. iCloud)
(q) “Public Database” means a database that is accessible at various levels to the general Service’s user base. Public Databases we maintain are zoned and secured using security rules to limit access based on need, function, and appropriate user privilege or relationship. Such databases may be hosted on our own servers and/or via a cloud provider such as Firebase.
(r) “Shared Database” means a database that may be available to a subset of the public (i.e. shared among friends or family, etc) and which you choose to share or control what records/data from your Private Database may be shared into such “Shared Database”.
(s) “User(s)” means individuals that download and/or use the Service.
(t) “You / Your / You’re” means Users and/or those reviewing this policy.
(u) “Data Subject” or “subject” when referred to in such context herein means a living individual whose Personal Data is being collected, processed, stored, or shared.
(x) “Internal Operations” is in reference to “Support for the internal operations of the Web site or online service” as mentioned in COPPA 16 C.F.R. § 312.2 Definitions. Also described more here in section J5.
(y) “Age Gate” is a screen presented during first launch after install or initial onboarding that asks for users’ Age so we can configure and “gate” features of the Service appropriately for a mixed user audience.
1) An “Age Gate” upon launch.
For users deemed as Children based on the user specified Age Gate (1) input:
2) We do not request, collect, or share personally identifiable “Advertising Device Persistent Identifiers” (e.g. the IDFA).
3) We never provide Personalized Advertising to Children, and all interest based advertising, surveys, and re-marketing ads are disabled.
4) We only display advertisements from Google Admob, which we provide flags to indicating that users are Children and to filter ads to a “G-Rated” audience.
5) We place extra parental/guardian gate(s) throughout the app to help prevent inadvertent purchases by accidental clicks from a user.
6) We may restrict or limit certain features of the Service, content sharing, etc. where applicable and to best protect privacy and safety.
While we’ve worked hard and carefully to design the above measures, we still always encourage parents and guardians to discuss safe internet and mobile device use with Child users and to monitor their Children’s safe mobile application use. We ask you to always facilitate any communications with us they need for support, feedback, etc. related to the Service to comply with our communication processes and this policy.
“Children/Child” for the purpose of this policy refers to individuals who are under the age of ability to consent to Personal Data processing in their jurisdiction (e.g. < 13 in the USA, Brazil; < 16 in California; < 16 in parts of the EEA, etc). Please refer to your state’s or jurisdiction’s specific privacy/data protection laws to learn more. Generally, we will always regard all users < 13 years of age to fall into this category. Age used for determination of Child/Children users in the Service is based upon Age Gate entry.
Q. Do you “track” my precise location?
A. No. We only use a “coarse” location (i.e. like your country or city) to help configure the Service appropriately, for our internal analytics, etc. Often this is just inferred from your IP address. We have no idea where you are at the actual street level, your address, etc. Your precise whereabouts is your private information and we don’t collect such or monitor. Learn more.
Q. Do you “sell” my data?
A. No, never in the sense of a literal sale. Only when you have opted in, may we share some Personal Data (e.g. an Advertising Identifier) for helping our advertisers serve Personalized Advertising based on your interests. This can help show ads that you might be interested in which help support and monetize the Service. This is always optional though and you can configure this off or choose not to opt in so you only receive general and/or contextualized ads. This is never provided or enabled for Children users. Learn more.
Q. My Child wants to play WidgetBaby?
A. We place a special emphasis on our commitment to Children’s Privacy and care about parents’ rights. We take special measures to protect Children users appropriately. You can learn more in the above block “Children’s Privacy” on how we specifically protect and configure the Service for known Children users. Learn more.
2 Information we may Collect. [contents]
When you use the Service and/or contact us, we may collect Personal Information. This information may include:
• Persistent Identifier(s):†
• Internet Protocol Address (“IP Address”).
†Please note based on your privacy choices, data sharing settings, Children users, etc. these may not always be linked or traceable back to your identity. For limitations on how we use these and protect your privacy, please see section 3 regarding Tracking Technologies.
• Email Address, Name:
• Through customer service or support requests initiated by you we may receive your email address and/or your name during these communications. Important: These are not used or asked for in the App or Website itself. We only include them here for completeness in the case of customer service requests or you contacting us via email.
• Sign-in account user name, authorization token:
• Through signing into your MyWidgetBaby™ account in the App, we may collect an authorization token or credential. This is NOT your password. We do not have access to any login account passwords. Your password is managed via third party OAuth providers like Apple, Facebook, etc. when creating an account. We only obtain a token certifying you as an authorized user etc. for linking to your shared play account and data.
• Social/Shared Play User Generated Content or Media:
• This includes any messages, photos, or media created or shared in social spaces or shared play environments. This data is encrypted end-end and at rest on any backend servers.
• Surveys or Interest Based Responses:
2.1.1 Children’s Personal Information
Collection is limited to Persistent Identifiers by default – The Service is intentionally designed such that if we collect a Persistent Identifier of a known Child user, it’s never used to communicate with (unless under one-time contact exception per COPPA 16 C.F.R. § 312.5(c)(3)), behaviorally track across third party services, or provide any Personalized Advertising. For Child users all Persistent Identifiers are limited in use and scope to solely Internal Operations (COPPA 16 C.F.R. § 312.5(c)(7)). Any generation of “Personal User Generated content” or “Sign-in” related features which is personal or sensitive in nature is disabled by default for Child users unless verifiable parental consent has been obtained.
• To protect Children’s Privacy rights and determine how to serve users appropriately.
• Country/State of Location and/or Residence, either as determined by your entry or from IP Address:
• To configure the App properly for your privacy protections and regional specific compliances.
• Data Sharing Preferences/Consent Acknowledgements:
• To save your settings and preferences.
• To maintain compliance with logs/traceability of consent captures.
When you access the Service, we may also collect certain information automatically about the “context” of, or device of, your use, including, but not limited to, the type of device you use, network carrier, do not disturb or silenced mode, airplane mode, bluetooth connection state, network signal strength, battery state of charge, keyboard language settings, UI mode (e.g. light/dark theme, etc), device orientation, the local timezone of your use, anonymous identifiers (e.g. IDFV), anonymized IP Address (e.g. last octet masked), disk space, the coarse city/regional geolocation of your use (i.e. not at street level, see 2.3.1), your device’s operating system version, the currently installed app version, the type of Internet browser you use, the timestamp/date of your use, and other diagnostic data. This information helps us understand the “context” of, and track analytics from, use of the Service so we can serve you best.
2.3.1 About Coarse Geo-Location
We never track users at the street level nor does our Service provide any ability to do so. We only infer a coarse or “regional” (i.e. country, state, city level) location based on IP Address or user selection. This is used for compliance purposes, privacy consent management, analytics, etc. as outlined and detailed by this policy.
To improve and diagnose crashes of the Service, we may also collect crash logs and information when/if the Service experiences a crash during your use. This information may include contextual data as defined in 2.2 and additional information including operating system state (e.g. memory use, CPU use, etc), device state (e.g. orientation, etc.) and specific “traces” or logs of activity (e.g. actions within the app such as screen transitions/sequences, taps, etc.) leading up to and at the time of crash.
We may collect software level App Data or parameters such as unique identifiers, session or authentication/security tokens, keys, settings, flags, etc. that are created based on your selections, use, or are auto generated in your App. We may also collect Service Usage data from your use. We may collect/track things such as the frequency of your use (e.g. session/launch instance dates and/or time stamps), the count or frequency of specific feature(s) use and/or action(s) you take or have taken within the Service, the timestamps or durations of such, screen views, screen gestures or inputs, settings/feature option selections, software and/or algorithm states, variables, metrics, run-time actions, database and cloud store usages etc. We may use these stats to learn about how the Service is used and to improve the Service through analytics, insights, etc.
We may collect game play data and user generated content from your use. This may include content such as your avatar or character details (e.g. their name, gender, customizations), your widget baby details and states, any game play stats, care buddy feed data, your MyWidgetBaby™ alias or profile, etc.
2.6.1 Photo and Augmented Reality Session Content (TrueDepth Camera API) [contents]
The App may allow use of the front facing TrueDepth camera and api in augmented reality play sessions. This enhances augmented reality tracking. We do NOT collect or share any biometric Face Data or tracking data from these Augmented Reality sessions. Additionally, any of your captured Memories by default are only stored locally on your device and/or in your iCloud. Stored Memories/photos do NOT contain any biometric or facial tracking information; they’re simply raster images or screenshots. If available, you may optionally enable photos or memories to be shared with care buddies in the game, etc. and such would then fall under the scope of 2.1 Social/Shared Play User Generated Content or Media.
We may collect advertising and user acquisition(UA) metrics through the duration of a session and use, including click through rates on advertising impressions, completion percentages on video based ads, impression volumes, domains of previously shown ads, install stats/attributions, media sources (e.g. Facebook, Google, etc) and/or campaign identifiers retained from the link the app was installed or opened from, etc. This Ad/UA Performance Data is not linked to your personal identify and cannot be used to behaviorally track you across third party apps or websites, unless you’ve granted permission for App Tracking Transparency and sharing of your device’s IDFA. Your privacy here is very important to us, and you’re always in control of this IDFA setting as detailed in section 3.2.
We may collect feedback or communications during the course of receiving messages from Users for support, troubleshooting, reviews, comments, etc. This may include simple text and/or device screenshots of App related, satisfaction ratings or opinions, etc.
We may collect purchase information and history for the App and Service via the locally stored “Receipt” file on your device and/or via communicating with Apple’s servers for your latest purchase history for the App. This information is used to update and sync features in the App for you based on entitlements for any In-App Purchases or Subscriptions you have active for WidgetBaby.
3 About Tracking Technologies. [contents]
Cookies are small pieces of data that are stored by your browser when a website is visited to track and store information associated with your activity to help improve your browsing experience, capture analytics, perform authentication, store cache records, etc.
The table below sets out how we may use different categories of cookies and similar technologies, as well as information on your options for managing the settings for the data collection by these technologies:
†Browser based configuration: You can also adjust your individual browser settings relating to cookies by visiting these pages:
For other browsers not listed, please consult the documentation that your browser manufacturer provides.
The Advertising Identifier (“IDFA”) on your device can be used to track your ad clicks and behavioral actions across your device’s use (e.g. third party app usage, etc). This can help understand and track your interests and preferences. If your device settings allow and you’ve provided opt-in permission, the IDFA may be shared with third-party advertisers to track and target Personalized Advertisements. You understand and consent that if you allow this tracking/targeting, this may also use automated decision making and algorithms to serve you behaviorally targeted ads. You can restrict this IDFA access, as detailed below, by either (1) choosing not to opt-in to ATT, or (2) if already opted into ATT for the App, then modifying in your device privacy settings:
(1) For enhanced privacy control, Apple’s App Tracking Transparency (ATT) framework provides explicit means for choosing to opt-in to sharing your device’s IDFA at the app level. If your device settings allow, you may be asked during the use of the App if you’d like to opt-in to “Allow Tracking” so we can personalize advertising for you using the IDFA described here. You can also learn more here . If you choose to opt-in, this can help our advertisers provide more meaningful and Personalized Ads during your use.
(2) If you’ve already opted into ATT for the App, you can always view your current tracking permission setting and change this preference to control sharing of your IDFA within the “Settings>Privacy>Tracking” on your device.
Note you can also find additional instructions for limiting Advertising here .
Note, disabling or preventing sharing of the IDFA on your device by not opting in for ATT are not means to stop all advertising in the Service. Our right to advertise in the Service is described in the End User License Agreement. Therefore, we may always still show general and/or Contextualized Advertising as these are in our legitimate interest and necessary to support use of the Service.
This identifier is specific to and only identifies the apps by us (i.e. the “Vendor”) that are specifically installed on your device. Fundamentally it can only track your activity within our services and apps. The IDFV only becomes considered “Personally Identifiable” when linked with other information that may reveal identity of the User (e.g. linked with the IDFA or through a user’s behavioral profile of actions/tracking across other third party apps and services not operated by H’Appile Interactive).
In cases of “Limited Ad Tracking”(LAT), Children users, or not opting-in to “App Tracking Transparency”(ATT) (see section 3.2 on IDFA for more details), we always respect privacy rights and our data processors limit the use of and data linked to the IDFV for the sole purpose of our Internal Operations (COPPA 16 C.F.R. § 312.5(c)(7)). The identifier can be reset by simply uninstalling all apps by us from your device. You can also learn more here https://developer.apple.com/app-store/user-privacy-and-data-use/.
4 When is Information Collected. [contents]
Data or Information
Automatically in the App at startup and/or during onboarding process.
Automatically in the App (ONLY if your consent has been provided, not applicable to Child users, see section 3.2)
Automatically on the Website (if required or consent is provided, see section 3.1)
IDFV, Contextual/Device Data, Crash Data/Logs, App Data/Service Usage Data, Purchase Data and History, Ad/UA Performance Data
Automatically in the App and Website where applicable
Consent & Compliance Parameters
Automatically and/or through your input in the App
Customer Communication/Feedback, Email Address, Name
You providing when communicating with us for support, feedback, reviews, etc.
Game Play/User Generated Content, Social/Shared Play User Generated Content or Media, Sign-in account user name, authorization token
From your inputs and/or actions of using the Service, creation of content or feature use within, associated game play and interactions, etc.
Surveys or Interest Based Responses
If presented by a third party advertisement or offer (not applicable to Child users) and your choosing to participate in.
The lawful bases for us processing your Information for the uses described below will typically be because you have provided your consent; it is necessary for our contractual relationship; the processing is required for us to comply with legal obligations; and/or the processing is in our legitimate interest of providing the Service and not overridden by yours.
By using the Website and/or the App, you authorize and acknowledge the following uses of your Information:
Your Information may be shared with third parties in the following cases:
7 Who we Share Information With, Third Parties. [contents]
We may use third-party service providers to store/or and process your Information.
Disclaimer: No Liability Third-Party Services and Third-Party Links.
All third-party service providers have their own independent privacy policies governing the use of your Information and we encourage you to read those privacy policies carefully. You understand that even if H’Appile Interactive deletes your Information that it may still be available in a third-party service provider’s database. H’Appile Interactive only integrates and uses reputable third party services that we feel align with our privacy standards. We take due diligence before onboarding and using any new partners. You understand however, that H’Appile Interactive ultimately cannot assume and has no responsibility or liability for the Information collection, use, or storage activities of the third-party services providers used by H’Appile Interactive to provide you with the services associated with the Service. Third party service providers operate independently and are not owned or directly under our control.
H’Appile Interactive may include or offer third-party products or services on the Website and/or App and provide third-party links to the same via advertisements provided by third parties. These third-party websites have separate and independent privacy policies. H’Appile Interactive has no responsibility or liability for the content and activities of such third parties or their websites. We encourage you to read carefully the privacy policies of all such third-party websites. We seek to protect the integrity of the Website and/or App and therefore always welcome any feedback about any such third-party websites, content, or ads.
We may market the app and perform User Acquisition efforts to grow the Service and/or use Analytics in the Service. To facilitate these efforts on our behalf, we may use industry leading third party data partners including:
Apple. The App is available on the Apple App Store. Apple may collect and/or we may share one or more of the following: IDFV, Contextual/Device Data, Service Usage Data, and Crash Logs with Apple for analytics purposes and/or product trend/sales reporting in our legitimate interests of providing and maintaining the Service effectively.
Facebook is a social media platform we may partner with for advertising and have integrated with the Service. Facebook may collect analytics and marketing optimization metrics from the use of the Service. Facebook may collect and/or we or AppsFlyer may share with Facebook one or more of the following: IDFA (if authorized/available), IDFV, Contextual Device Data, App Data/Service Usage Data, Ad/UA Performance Data. This data is used to help attribute installations from our advertising campaigns, appropriately target audiences for our marketing using contextualized parameters, and collect analytics from the service in our legitimate interests of growing, improving, sustaining the Service.
TikTok is a social media and content sharing platform we may run ads on to promote the Service. When You install or use the Service from an ad shown on TikTok, TikTok may collect and/or we or AppsFlyer may share with TikTok one or more of the following: IDFA (if authorized/available), IDFV, Contextual/Device Data, App Data/Service Usage Data, Ad/UA Performance Data. This data is used to help attribute installations from our advertising campaigns and appropriately target audiences for our marketing efforts.
JetFuel is a social media advertising via influencer platform we may run ads on or contract social media influencers to promote the Service. When You install or use the Service from an ad or post shown by JetFuel or an associated influencer, JetFuel may collect and/or we or AppsFlyer may share with JetFuel one or more of the following: IDFA (if authorized/available), IDFV, Contextual/Device Data, App Data/Service Usage Data, Ad/UA Performance Data. This data is used to help attribute installations from our advertising campaigns and appropriately target audiences for our marketing efforts.
AppLovin is a mobile marketing platform. We use AppLovin as an advertising mediation and user acquisition platform partner to help grow and sustain the Service in our legitimate interest. AppLovin may collect and/or we or AppsFlyer may share with AppLovin one or more of the following: IDFA (if authorized/available), IDFV, Contextual/Device Data, App Data/Service Usage Data, Ad/UA Performance Data, and Crash Data/Logs. This data is used in our legitimate interests of growing, improving, and sustaining the Service by providing insights and learning to us on the use and marketing/monetization performance of the Service.
AppsFlyer is a mobile marketing analytics and install/session attribution tracking platform. We use AppsFlyer to measure the performance/effectiveness of our advertising and user acquisition campaigns and to monitor/analyze our App’s audience, reach, user retention, and growth. AppsFlyer may collect and/or we may share with AppsFlyer one or more of the following: IDFA (if authorized/available), IDFV, Contextual/Device Data, Ad/UA Performance Data, and App Data/Service Usage Data with AppsFlyer. This data is used in our legitimate interests of growing, improving, and sustaining the Service in evaluating our user acquisition, analytics, and marketing efforts.
Lumos Apps is a mobile app publisher we may work with. Lumos Apps helps us with publishing services and related. Through the course of our business interactions and to facilitate Lumos Apps’ services in the legitimate interest of growing, improving, and sustaining our apps, Lumos Apps may have access to and/or we may share one or more of the following: IDFA (if authorized/available), IDFV, Contextual/Device Data, Ad/UA Performance Data, and App Data/Service Usage Data.
We may show advertisements on the Service to help support and maintain the Service and keep it available for free. We partner with industry leading third-party advertising services and companies, which may include the following:
You can also find additional contact details for the above data processors in section 25.
These advertising third party providers may have access to process your data as defined here for the legitimate interest of advertising in order to protect your privacy rights, serve you best, and to contextualize and personalize (if allowed) ads for you. Examples of User data that may be processed include the following:
– Consent & Compliance Parameters (i.e. aforementioned in section 2.2)
– Contextual/Device Data parameters (i.e. aforementioned in section 2.3)
– Ad/UA Performance Data parameters (i.e. aforementioned in section 2.7)
– Survey or Interest Based Responses (i.e. aforementioned in section 2.1)
– Service Usage Data (i.e. aforementioned in section 2.5), if available for a specific network’s integration (e.g. Google Analytics in the case of Google AdMob, etc.)
– The ID for Vendor (IDFV) for the App instance on your device (i.e. aforementioned in section 3.3)
– The Advertising Identifier (IDFA) of your device (if tracking is allowed for the App as discussed in 3.2)
Firebase by Google Inc. – We may use third-party service provider Firebase to store and maintain content and data for our Service, including IDFV, Game Play/User Generated Content, Social/Shared Play User Generated Content or Media, Sign-in account user name, authorization token, App Data/Service Usage Data, Contextual/Device Data, and Consent & Compliance Parameters. The Firebase database is a secured Public Database hosted by Google that we own and control.
We encourage you to review the Firebase privacy and security standards https://firebase.google.com/support/privacy.
iCloud by Apple Inc. – We may use the Apple iCloud to store and maintain content and data for our Service, including Game Play/User Generated Content, Social/Shared Play User Generated Content or Media, and App Data/Service Usage Data. This data may be stored associated with your Apple ID in a Private Database which is owned by you and linked with your Apple ID credentials. Under certain situations you may have the ability and choice to share data or records from your Private Database with other friends, family, etc in a Shared Database. When you engage in live or linked play with others, etc, we may also sync data to a secured Public Database in the iCloud, maintained by us, in order to enable and facilitate such shared game play interactions with others, etc.
Keychain by Apple Inc. – We may use the Keychain secure storage on your device to store and protect sensitive game data such as in-app purchases and in-app currency balances, etc. also possibly including Game Play/User Generated Content, Social/Shared Play User Generated Content or Media, Sign-in account user name, authorization token, App Data/Service Usage Data, and Consent & Compliance Parameters. If your device is configured to allow, Keychain data may be sync’d across your devices and linked to your iCloud account with your Apple ID.
We encourage you to review all the Apple privacy and security standards https://www.apple.com/legal/privacy/en-ww/.
We may utilize third party services including Apple, Facebook, Google to allow users to create profiles and save, manage user profiles and accounts, e.g. for MyWidgetBaby™ shared play and Account features. Use of these login services is completely optional and voluntary. We do not own or manage any OAuth protocol or encryption used in these services, and have no access to your password. We cannot be responsible for 3rd party loss of and/or invalidation/corruption of your login/credentials. We may shared with Apple, Facebook and Google (i.e. Firebase) sign-in account user name and authorization token/credential for these Authentication purposes.
If account based authentication is offered, you may delete your profile and associated authentication credentials anytime you choose while logged in within the settings menu of the application.
In cases where the Service doesn’t use account based authentication, we may simply use anonymous authentication methods to still allow secure access to backend databases and services, and in order to limit access to only those from validly authenticated App instances.
We may use third party services to host our Website, provide information on our Service, manage customer service and support Users, verify the authenticity and validity of communications or their details, etc. These services may include:
We may use third party services to aid in management of consent and compliance. These services may includes:
ConsentManager AB in the app which allows us to provide choices and opt-in/out granularity for users advertising network preferences. This enables us to follow best practices in the evolving mobile advertising space and respect your privacy choices with industry leading technology and consent frameworks. To enable this, we may share with and ConsentManager AB may use and collect your IP Address and Contextual/Device Data so they may communicate your preferences to the appropriate advertisers and networks to respect your privacy choices.https://www.consentmanager.net/datenschutz/.
8 Data Aggregation and Service Statistics. [contents]
Information or data points/statistics obtained from your use of the Service, along with that of other users, may be combined and processed into aggregated Service metrics. These metrics are always stripped of any personal identifiers, anonymized, and never include any Personal Information. Examples of such may include, but are not limited to, derived statistics such as organic vs. inorganic install breakdowns, most successful ad campaigns or product placements in the app, revenue channel splits, retention cohorts, DAU counts, country-wide/large geo regional breakdown of such metrics, etc. These “big picture” or “aggregated” statistics may be shared and used in any way we deem fit for the Service or in our interest.
9 Information Transfer and Storage. [contents]
Through your use of the Service, you consent to the processing and storage of your Information and Personal Data. You understand that your Information may be transferred to – and maintained on – computers located outside of your state, province, country, or other governmental jurisdiction. If you are located outside the United States and choose to provide Information to us, please note that we may transfer your Information to the United States and process it here, and that we may store portions of your Information in the United States.
Any data the service generates or stores on your device locally and/or in a Private Database (e.g. your iCloud) is always under your own control through your device’s settings and/or AppleID/iCloud account management.
9.1 Personal Information Lifecycle. [contents]
Content you create in the Service generally falls under our Terms section 6 “Rights to User Generated Content & Moderation – You as Licensor”, and therefore may persist indefinitely as it becomes integral to the Service or other users after creation. Personally relatable content though like messages, photos, etc. that falls under section 2.1 “Social/Shared Play User Generated Content or Media” we believe are yours and you should always have control over. Upon request or deletion of your MyWidgetBaby™ account, we will remove such personally relatable content under the same timelines specified in section 20 point 6.
If you would like to request other specific Personal Data (e.g. IDFA, advertising profiles, etc.) be deleted or removed, please contact us via details provided in Section 20. Note, even if H’Appile Interactive deletes your Information from our servers, it may still be available in a third-party service provider’s database. You should consult with those third-parties in the event you would like Information deleted therefrom. Also, as is the nature of the internet, any content you share and is then cached or stored locally by other users’ on their devices outside of our reach we cannot be responsible for.
9.2 Non-Personal Information Lifecycle. [contents]
By design, we limit the non-necessary linking of personal and non-Personal Data sets on our servers or in any Public Databases maintained by us. We do this intentionally because it helps keep your privacy robust, introduces anonymity, and is best practice. You understand and agree therefore that non-Personal and/or anonymized Information not linked to your identity may be stored indefinitely.
10 Information Security. [contents]
We use standard information technology and security measures to store and help prevent against the unauthorized disclosure of Information and Data in the Service. This includes, (1) Using standard network security protocols and layers of protection to secure our internal servers. (2) Regularly conducting internal network analysis, log audits, and firmware upgrades. (2) For personal and/or sensitive data transmission to/from the app and our servers or any third party apis, we use commercial and industry wide standard encryption protocols such as https calls (i.e. http using SSL or TLS) to protect data. (3) We always design and deploy cloud database schema and security rules with careful privacy considerations. (4) We employ administrative and internal/facility access controls, including password protections, multiple layers of authentication (e.g. 2FA), individually scoped access levels, physical entry barriers, alarm system, and motion activated video capture. (5) We take extra precautions for data structures or documents that are proprietary, personal, or sensitive in nature when stored at rest, e.g. applying standard encryption algorithms, storing in the iOS Keychain, and using keyed file storage for physical records.
Though we undertake commercially reasonable efforts and always strive to best protect Information, you should be aware no website, software, or online service is 100% completely safe. Accordingly, you always provide all Information, including any user generated data or content, in the Service at your own risk.
In the unforeseen event of breach or database integrity being compromised, and we become aware of such that Personal Information of Users is at risk or has been exposed, we will take appropriate steps to notify all impacted Users.
11 Payments. [contents]
We may provide paid products and/or services via the Website and App. We may use third-party payment processors for payment processing in the Service.
12 Your Choices & Rights. [contents]
You have choices about how we may use data you share and/or what information you choose to share. You can find data sharing settings in the app at anytime under the “foot print” logo page at the bottom via the “data sharing” button. You can also disable, opt-in, or opt-out accordingly to certain tracking technologies specifically as described earlier in section 3 of this policy.
The GDPR provides Users located in the EU under its protection certain rights with respect to their Personal Data collected by us on the Website and/or the App. Accordingly, H’Appile Interactive recognizes and will comply with the GDPR and those rights, except as limited by applicable law. The rights under the GDPR include but may not be limited to:
To exercise any of these rights under the GDPR or request more information, you may submit a request to our Data Protection Officer(DPO) or EU/UK based Privacy Representative (Prighter) per details in section 24.
The LGPD provides Users located in Brazil and under its protection certain rights with respect to their Personal Data collected by us on the Website and/or the App. Accordingly, H’Appile Interactive recognizes and will comply with the LGPD and those rights, except as limited by applicable law. The rights under the LGPD include but may not be limited to:
To exercise any of these rights under the LGPD or request more information, you may submit a request to our Data Protection Officer(DPO) per details in section 24.
Under the CCPA, California Users have, but may not be limited to, the following rights:
To exercise your rights under the CCPA, you may submit a request to H’Appile Interactive by contacting H’Appile Interactive at
Under California’s “Shine the Light Law”, California residents have the right to receive information that identifies any third-party companies or individuals that H’Appile Interactive has shared your Personal Information with in the previous calendar year, as well as a description of the categories of Personal Information disclosed to that third party. You may obtain this information once a year and free of charge by contacting H’Appile Interactive at and at the address below in section 24.
You can stop us from collecting Personal Information in the App by one or more of the following:
(1) Configuring your device settings to not allow App Tracking and/or the use of the IDFA in the App (section 3.2 of the policy).
(2) If you are a California Resident, by requesting “Do Not Sell My Personal Information” by tapping on the button described in section 15 and following any instructions therefrom.
(3) Stopping use of the Service and removing the App from your Device(s).
and/or on our Website by:
(1) Turning off and clearing non-necessary cookies in your browser settings (section 3.1 of this policy).
For more details or help on any of the above, please contact us.
You can request a summary and copy of your Personal Information from us as follow:
(1) In the app from your widget baby’s home page tap on the “foot print” logo in the upper right corner.
(2) Scroll to the bottom of the options and tap “my_device_identifiers“, then scroll to the bottom of the popup, and please take a screenshot of this popup which contains the identifier(s) we need to process your request.
(3) Please attach this screenshot, and any prior email address(es) you’ve used to correspond to us in an email to email@example.com with the subject “DSDR Copy – WidgetBaby”. Note: Please be sure to send the email from where you’d like us to send the response or indicate otherwise in your request.
(4) We will reply back within 15-30 days (or otherwise as required by law) with a human readable copy of all your Personal Data on file in our systems and servers for the identifier(s) or email you provided.
(5) For our third party partners, please refer to their privacy policies (section 7 of this Policy) to request similar and understand their processes for obtaining a copy of Personal Information.
Note, requesting we delete your Personal Information may impact functionality of the Service and cause loss of data previously associated with your use. All requests are performed on a single basis and do not automatically recur.
You can request we delete your Personal Information from our servers as follows:
(1) In the app from your widget baby’s home page tap on the “foot print” logo in the upper right corner.
(2) Scroll to the bottom of the options and tap “my_device_identifiers“, then scroll to the bottom of the popup, and please take a screenshot of this popup which contains the identifier(s) we need to process your request.
(3) Please attach this screenshot, and any prior email address(es) you’ve used to correspond with us or in the Service in an email to firstname.lastname@example.org with the subject “DSDR Delete – WidgetBaby”.
(4) We will reply asking for confirmation that you’d like all Personal Data deleted. Please reply “Yes – I agree” or “Cancel”. If we do not receive a timely response, please note we may still proceed with your request based on an obligation to respect your prior communication in step 3 above.
(5) If you don’t want any further Personal Information collected after this request, please stop use and remove the App from your device. Note any continued use of the Service may result in additional data collection.
(6) We will remove all your Personal data related to the supplied information (3) from our servers within 15-30 days (or otherwise as required by law) and we will send you a confirmation that we have done so. We will also make request(s) to all third party partners that they do the same for the information you supply to us in (3).
(7) For our third party partners, you may also refer to their privacy policies specifically (section 7 of this Policy) for a full understanding of their data retention practices.
Among other factors, we may rely upon information you provide to configure and make the Service available for you. When using the Website and/or App, you are obligated to inform H’Appile Interactive of any material changes to your Consent and Compliance Parameters (as detailed in section 2.2). You understand this is necessary for use of the Service and may be actively relied upon under this policy and/or our End User License Agreement/Terms of Service for you. For instance, the items such as your age and state/country of residence may be necessary and being relied upon to protect your privacy rights and configure or update the App properly for you. Unless otherwise updated from you in writing to us, or until we learn/gain knowledge otherwise of, we will reserve the right to rely on any previously provided or obtained information and your representations as true and accurate.
If you need correct personal details you’ve entered in the app (e.g. age, location), you may do so by tapping on the ‘foot print’ logo in the upper right hand corner of your baby’s home screen under the “Information Update” option. For Child Users, this option may be under “Parental/Guardian Settings”.
20 Our Policy on DNT Signals under the California Protection Act (CalOPPA). [contents]
We do not support Do Not Track (“DNT”) signals. Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked.
21 Purchase or sale of the App and/or Other Assets. [contents]
22 Children & Child Online Privacy Protection (e.g. COPPA, GDPR-K). [contents]
The Website and App are intended for a general audience, and are not primarily directed to Children. However, H’Appile Interactive also recognizes that in some cases the App may attract a mixed audience of users and age demographics. We therefore take additional steps to determine ages of users (via age gate) and configure the Service appropriately to protect Children’s privacy when we gain knowledge of a Child user (via age gate). For clarity and emphasis, these steps are detailed at the beginning of this document in the outlined block titled “Children’s Privacy”. Note for protection we do not allow the age gate to be bypassed and a user cannot go back and change their age once entered, unless being updated by a parent or guardian’s verified consent (e.g. section 22.1.1).
H’Appile Interactive does not knowingly or intentionally collect Personal Information from children under the age of 13 (or the legal age of able to consent to Personal Data processing in their jurisdiction if greater, e.g. 16 in parts of the EEA), unless one or more of the following is met:
- The subject falls under COPPA and Personal Information is limited to the use of a Persistent Identifier for purposes of supporting “Internal Operations” as limited to and defined here in section J5, and/or
- Guardian or parental consent has been given.
- The Subject falls under GDPR, LGPD, or similar and the collection/processing falls under the basis of Legitimate Interest.
If we ever gain knowledge Personal Information has been collected somehow otherwise or inadvertently from a Child, we will promptly remove all information immediately.
For any direct communications with us (i.e. support, feedback, etc.) we ask parents to please help with and facilitate. However, if we ever gain knowledge any communication is specifically from a Child we always promptly delete the communication and all associated contents after one-time contact with accordance to COPPA 16 C.F.R. § 312.5(c)(3).
22.1 Parents’ Rights & Choices. [contents]
As always, if you are a parent or guardian and you are concerned that your child has inappropriately provided us Personal Information, please contact us so we may remove it and address any concerns.
For any Personal Information we do collect, we always want parents to have choices and control over how information is shared or used. We provide data sharing settings that may be adjusted in the app under the settings “foot print” page at any time. Completing the verifiable consent option in 22.1.1 provides easy access to parent settings in the app that you can protect with a pin and configure whenever desired. You may also request we stop collection of, provide access to, correct, and/or delete data as described in sections 18-21.
22.1.1 Verifiable Consent Option [contents]
Some App versions may include additional features not normally active for Child Users. Where parents/guardians want the ability to enable additional features for a Child User, update a User’s age, etc. we have designed and provide a “verifiable” consent mechanism for such by completing and signing a consent form. (Learn More here.)
23 Policy Scope Disclaimer [contents]
This policy only covers information and data within the scope and intent of the Service. e.g. that of which is within our control and intention of receipt. Spam or unsolicited transmissions to us or third parties, via abuse of the service, harassment from malicious actors, etc. are not subject to this policy or any guarantees.
24 Contact and Notices. [contents]
Data Protection Officer
H’Appile Interactive, LLC
2711 Legion Rd
PO Box 8184
Erie, PA 16506
24.1 Representation for Data Subjects in the EU and the UK [contents]
We value your privacy and your rights as a Data Subject and have therefore appointed Prighter as our privacy representative and your point of contact.
Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative Prighter or make use of your Data Subject rights, please visit https://prighter.com/q/14912091663
UK Office 20 Mortlake Mortlake High Street
London, SW14 8JN
1600 Amphitheater Parkway
Mountain View, CA 94043
One Apple Park Way
Cupertino, CA 95014
1100 Page Mill Road
Palo Alto, CA 94304
1255 Battery Street Suite 500
San Francisco, CA 94111
Suite 420, 475 Brannan Street
San Francisco, CA 94107
90 New Montgomery Street, Suite 500
San Francisco, CA 94105
240 Page St
San Francisco, CA 94102
240 Stockton St, 9th Floor
San Francisco, CA 94108
41 Madison Ave 30th Floor
New York, NY 10010
1 Hacker Way
Menlo Park, CA
5800 Bristol Parkway, Suite 100
Culver City, CA 90230
1032 E BRANDON BLVD #3003
BRANDON, FL 33511 UNITED STATES
690 Pennsylvania Ave, Unit 115
San Francisco, CA 94017
44 Montgomery Street,
CA, USA 94104
100 1st Street, 25th floor
San Francisco, California 94105
by Automattic Inc.
60 29th Street #343
San Francisco, CA 94110
55 2nd Street, 4th Fl
San Francisco, CA 94105
3 Warren Yard Warren Park
Wolverton Mill, Milton Keynes, MK12 5NW
10 Paxton Crescent
Shenley Lodge, Milton Keynes, MK5 7PY
2035 Sunset Lake Road Suite B-2
San Antonio, TX 78205
112 E Pecan St #1135
Lumos Apps (Coty Apps)
Data Protection Officer
17 AV LOMBART
92260 FONTENAY-AUX-ROSES, France