Table of Contents
Elemental Ridge Ltd. (“Elemental Ridge,” “we,” “us,” or “our”) has a mailing address at 6D - 7398 Yonge St Unit 2300, Thornhill, ON L4J 8J2, Canada. This Privacy Policy applies to all of our mobile applications (individually an “App” and collectively “our Apps”) available on the Apple App Store and Google Play Store, regardless of the device, operating system, or platform you use. For the purposes of applicable data protection law, including the EU General Data Protection Regulation (GDPR), Elemental Ridge Ltd. is the data controller responsible for your personal data.
1.Legal Bases for Processing
Where applicable under the GDPR or equivalent legislation, we process your personal data on the following legal bases:
Contractual Necessity
Processing necessary to perform our contract with you, including providing and maintaining our Apps, managing your account, and processing transactions.
Legitimate Interests
Processing that serves our legitimate business interests, such as improving our Apps, diagnosing technical issues, detecting fraud, and ensuring security.
Consent
Processing that relies on your freely given, specific, informed consent, such as optional analytics or accessing device features like your camera, which you may withdraw at any time.
Legal Obligation
Processing necessary to comply with applicable laws, regulations, court orders, or governmental requests.
2.Information We Collect
2.1 Device and Technical Information
We automatically collect device identifiers (a pseudonymous installation ID generated at first launch), device model, operating system type and version, platform (iOS or Android), App version number, language and locale settings, time zone, and network connection type. We do not collect hardware serial numbers or permanent device identifiers such as IMEI or UDID.
2.2 Usage and Interaction Data
We collect information about how you interact with our Apps, including features accessed, actions taken, session frequency, session duration, timestamps, and navigation paths. This data is collected in aggregate or pseudonymous form where possible.
2.3 Photos and Camera Access
Certain Apps may request access to your device camera or photo library. Images you provide may be processed locally on your device or securely transmitted to our servers or third-party AI/ML processing services. We will clearly indicate within the App when an image will leave your device. Images transmitted for processing are used solely for delivering the requested feature and are deleted from processing servers within 24 hours of processing completion.
2.4 Locally Stored Data
Our Apps may store data locally on your device, including user-generated content, cached images, App preferences and settings, and feature history. This data remains on your device under your control and is not transmitted to our servers unless a specific feature requires it.
2.5 Diagnostics and Crash Data
We collect crash reports, performance diagnostics, error logs, and stability metrics to identify and resolve technical issues. This data may include device state at the time of a crash and stack traces, but does not include your personal content.
2.6 Analytics Data
We collect aggregated and pseudonymous analytics data, including screen views, interaction events, session statistics, and feature adoption metrics, to understand how our Apps are used and to improve them.
2.7 Information You Provide Voluntarily
When you contact us for support or provide feedback, we may collect your name, email address, the content of your message, and any attachments you send. We collect this information solely to respond to your inquiry and improve our services.
2.8 Information We Do Not Collect
We do not collect precise geolocation data, contact lists, health data, financial or payment information (all payments are processed by Apple or Google), or advertising identifiers for the purpose of ad targeting. We do not serve advertisements in our Apps.
3.How We Use Your Information
We use the information we collect for the following purposes:
- To provide, operate, and maintain our Apps and deliver the features you request
- To process and complete transactions, including managing subscriptions and verifying entitlements
- To improve, optimize, and develop our Apps, including analyzing usage patterns and diagnosing technical issues
- To enforce our Terms of Service, including usage limits, rate limits, and abuse prevention
- To respond to your customer support requests, inquiries, and feedback
- To send you service-related communications, such as update notifications, security alerts, and policy changes
- To comply with legal obligations, enforce our legal rights, and respond to lawful requests from public authorities
- To detect, prevent, and address fraud, security breaches, and other harmful or unauthorized activity
We do not sell your personal information. We do not use your personal information for automated decision-making or profiling that produces legal or similarly significant effects concerning you.
4.Third-Party Services & Data Processors
We use the following categories of third-party services to operate our Apps. These services act as data processors on our behalf and are contractually obligated to handle your data in accordance with this Privacy Policy and applicable data protection law.
4.1 Firebase (Google LLC)
We use Firebase Authentication for account management; Cloud Firestore for cloud data storage; Cloud Functions for server-side processing; and Firebase Crashlytics for crash reporting and stability monitoring. Firebase processes data in accordance with Google's data processing terms.
4.2 Analytics Providers
We use analytics services to collect aggregated and pseudonymous usage data. Analytics data is used solely for improving our Apps and is not shared with third parties for their own purposes.
4.3 AI and Machine Learning Processing
Certain App features may use third-party AI/ML services to process user-provided content. When your content is sent to such services: (i) it is transmitted using TLS 1.3 or equivalent encryption; (ii) it is used solely to deliver the specific feature you requested; (iii) it is not used by the provider to train or improve their general-purpose models without your separate consent; and (iv) it is deleted from the provider's systems within 24 hours of processing.
4.4 Apple App Store & Google Play Store
Subscription management, payment processing, and app distribution are handled by Apple Inc. and Google LLC respectively. We do not receive or store your payment card details.
4.5 Cloud Infrastructure
Our server-side infrastructure is hosted on Google Cloud Platform, with data centers subject to SOC 2, ISO 27001, and other industry-standard security certifications.
We do not sell, rent, or trade your personal information to third parties. We may disclose your information if required by law, in response to valid legal process, to protect our rights, or in connection with a merger, acquisition, or sale of assets.
5.Data Storage & Security
5.1 On-Device Storage
Data stored locally on your device is protected by the security measures built into your operating system, including hardware encryption where available.
5.2 Server-Side Storage
Data transmitted to our servers is encrypted in transit using TLS 1.2 or higher. Data at rest is encrypted using AES-256 or equivalent encryption standards. Our infrastructure is hosted on Google Cloud Platform, which maintains SOC 2, ISO 27001, and other certifications.
5.3 Security Measures
We implement appropriate technical and organizational measures including access controls, audit logging, regular security assessments, and employee training. However, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.
5.4 Data Breach Notification
In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and, where the breach poses a high risk, notify you directly without undue delay.
6.Data Retention
We retain your personal data only for as long as is necessary to fulfill the purposes for which it was collected, or as required by applicable law:
- Locally stored data remains on your device until you delete it or uninstall the App
- Server-side processing logs are retained for a maximum of 7 days
- Analytics data is retained in aggregated or pseudonymous form for a maximum of 24 months
- Customer support correspondence is retained for 12 months following resolution
- Account data is deleted within 30 days of account deletion or your erasure request
- Images transmitted for AI/ML processing are deleted within 24 hours of processing
- Crash and diagnostics data is retained for up to 90 days
When retention periods expire, data is securely deleted or irreversibly anonymized. You may request earlier deletion at any time, subject to our legal retention obligations.
7.Children's Privacy
Our Apps are not directed to children under the age of 13 (or under 16 in the European Economic Area, United Kingdom, and Switzerland). We do not knowingly collect, use, or disclose personal information from children under these ages. If we become aware that we have inadvertently collected such information, we will take prompt steps to delete it. If you are a parent or guardian and believe your child has provided personal information to us, please contact us immediately via our contact page.
8.International Data Transfers
Elemental Ridge operates infrastructure hosted in the United States and other jurisdictions. Where we transfer personal data from the EEA, United Kingdom, or Switzerland to countries without an adequacy decision, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Data Processing Agreements (DPAs) with all third-party processors
- Other lawful transfer mechanisms recognized under applicable law
New Zealand has received an adequacy decision from the European Commission. You may request a copy of the safeguards we use for international transfers by contacting us.
9.Your Privacy Rights
9.1 General Rights
- Right of Access — request a copy of the personal data we hold about you
- Right to Rectification — request correction of inaccurate or incomplete data
- Right to Erasure — request deletion of your personal data
- Right to Restriction — request we restrict processing in certain circumstances
- Right to Data Portability — receive your data in a structured, machine-readable format
- Right to Object — object to processing based on legitimate interests
- Right to Withdraw Consent — withdraw consent at any time without affecting prior processing
9.2 GDPR Rights (EEA, UK, Switzerland)
If you are located in the EEA, United Kingdom, or Switzerland, you have all of the rights listed above under the GDPR. You also have the right to lodge a complaint with your local data protection supervisory authority. We will respond to verified requests within 30 days, extendable by 60 days for complex requests.
9.3 CCPA/CPRA Rights (California)
If you are a California resident, you have additional rights including the right to know what personal information we collect, the right to delete, the right to correct, and the right to non-discrimination. We do not sell or share your personal information as defined under the CCPA/CPRA. We will respond to verified requests within 45 days.
9.4 New Zealand Privacy Act 2020
If you are located in New Zealand, you have rights under the Privacy Act 2020, including the right to access and correct your personal information and to complain to the Office of the Privacy Commissioner.
CCPA Disclosure Table
| Category | Collected | Sold or Shared |
|---|---|---|
| Identifiers (device ID) | Yes | No |
| Commercial information | No | No |
| Internet / network activity | Yes | No |
| Geolocation data | No | No |
| Biometric data | No | No |
| Photos / images (user-submitted) | Yes (transiently) | No |
| Inferences drawn from personal information | No | No |
To exercise any of your privacy rights, please contact us via our contact page. We will verify your identity before fulfilling your request and will not discriminate against you for exercising your rights.
11.Links to Third-Party Services
Our Apps may contain links to third-party websites, services, or applications not operated by us. This Privacy Policy does not apply to third-party services. We encourage you to review their privacy policies before providing any personal information. The inclusion of a link does not imply our endorsement.
12.Do Not Track Signals
Our Apps are not web-based and do not respond to browser “Do Not Track” (DNT) signals. We do not engage in cross-app or cross-site tracking, and we do not serve targeted advertising. We respect operating system-level privacy controls, including App Tracking Transparency prompts on iOS.
13.Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in our practices, technologies, or legal requirements. When we make material changes, we will post the updated policy with a revised “Last Updated” date and, where practicable, provide additional notice such as an in-app notification. Your continued use of our Apps after changes constitutes your acceptance of the updated policy.
14.Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Elemental Ridge Ltd.
Mailing Address: 6D - 7398 Yonge St Unit 2300, Thornhill, ON L4J 8J2, Canada
Contact: Visit our contact page
If you are located in the EEA, UK, or Switzerland, you also have the right to lodge a complaint with your local data protection supervisory authority. If you are a California resident, you may contact the California Attorney General's office regarding your CCPA/CPRA rights.