Sumá Privacy Policy

1. Information We Collect

To improve and provide our services, we collect the following information:

a) Information You Create in the App

• Game Statistics: Scores, combo records, longest paths, accumulated play time and game count are saved automatically. Important: This data is stored exclusively locally on your device and is not transmitted or stored on our servers.
• Lives System: The app manages a lives system with automatic time-based regeneration. The number of available lives and the timestamps needed for regeneration are stored locally.
• Personal Settings: Your app preferences (language, color theme, visual game theme, dark/light mode, preferred game mode, difficulty level, sound, music) are saved locally on your device.

b) Information Automatically Collected

When you use our App, we automatically collect certain information to display ads and ensure the proper functioning of premium features.

• Advertising and Device Identifiers:
  • For Advertising: We collect the Advertising Identifier (IDFA on iOS and AAID on Android) to display personalized ads through Google AdMob.
  • For Functionality: The app stores (Google Play, App Store, Samsung Galaxy Store, Huawei AppGallery, Aptoide) use their own session identifiers and purchase tokens to securely manage and sync your in-app purchases (for example, to restore premium purchases on a new device).
• Application Information: We collect technical metadata from the application such as the app name, version, build number and package name. This information is used solely for internal app functionalities such as displaying version information in settings.
• Purchase Information: If you make an in-app purchase (such as "Remove Ads", "Infinite Lives" or "Sumá Premium"), we access the status of that purchase through the corresponding store services (Google Play, App Store, Samsung Galaxy Store, Huawei AppGallery or Aptoide) to verify it and provide you with the corresponding service. We do not store sensitive payment information such as credit card numbers.
• Location Information: The App does NOT collect or access your geographical location. All game data is completely local.
• Analytics and Telemetry: The App does NOT use additional analytics services such as Firebase Analytics, Crashlytics or other telemetry tools. We do not collect detailed usage data or automatic error reports.

2. How We Use Your Information

We use the collected information for the following purposes:

• To Provide and Maintain the App: To offer the math puzzle game functionalities, save your statistics and records locally, and manage the lives system.
• To Display Advertising: We use Google AdMob to display ads in the free version of the App. These ads include banners, interstitials and rewarded ads (which allow you to earn extra lives). These ads help keep the App free.
• To Manage In-App Purchases: To verify and restore your premium purchases ("Remove Ads", "Infinite Lives" or "Sumá Premium").
• To Facilitate Communication: The App may open external links in your browser (for example, to view this privacy policy) or open your email client to contact support. We do not track this activity.

3. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal bases:

• Legitimate Interest: To display advertising and keep the App free (Advertising Identifiers).
• Contract Performance: To provide App functionalities and manage in-app purchases.
• Consent: For advertising data processing when required by local jurisdiction.
• Legal Compliance: To comply with legal obligations related to in-app transactions.

4. Third-Party Services and Tracking Technologies

Third-Party Services

The App uses third-party services that may collect information used to identify you:

• Google AdMob: Our main advertising partner. Google may use the collected information to personalize the ads you see. The app displays banner, interstitial and rewarded ads.
  Google Privacy Policy and Terms
• Payment Services: All in-app purchases are securely processed by the store from which you downloaded the app. We do not have access to your payment information.
  • Google Play Billing: Google Privacy Policy
  • Apple In-App Purchase: Apple Privacy Policy
  • Samsung Galaxy Store: Samsung Privacy Policy
  • Huawei AppGallery: Huawei Privacy Policy
  • Aptoide: Aptoide Privacy Policy

Tracking Technologies in Mobile Applications

Identifiers and Technologies Used

Third-Party Cookies (Web Ads Only)

When AdMob displays ads containing web content, temporary cookies may be set:

• Google Ads Cookies: For ad frequency and personalization (30 days)
• Measurement Cookies: For advertising performance metrics (90 days)
• Advertising Partner Cookies: According to each advertising network's policies

Advertising Tracking Control

On iOS:

1. Go to Settings > Privacy & Security > Tracking
2. Turn off "Allow Apps to Request to Track"
3. Or turn off specifically for Sumá

On Android:

1. Go to Settings > Google > Ads
2. Turn on "Opt out of Ads Personalization"
3. You can also "Reset advertising ID"

Apple iOS 14.5+ Limitations:

• Apps must request explicit permission for tracking
• Sumá respects your choice if you deny ATT permission
• Ads will continue to show but will be less personalized

SKAdNetwork (iOS 14.5+):

The app integrates Apple's SKAdNetwork, a privacy-preserving ad attribution framework. This system allows ad networks to measure the effectiveness of their campaigns without accessing personally identifiable data. The data sent is anonymous and aggregated, complying with Apple's privacy standards.

5. Data Retention

• Local Data: The data you create in the App (such as game statistics, records, lives and settings) is stored on your device until you:
  • Completely uninstall the application
  • Restore your device to factory settings
  • This data has no automatic expiration date and remains under your direct control
• Advertising Identifiers: Google AdMob retains this data according to its own retention policy, typically up to 24 months from the last recorded advertising activity.
• Purchase Information: In-app purchase status is verified in real time with the corresponding app store (Google Play, App Store, Samsung Galaxy Store, Huawei AppGallery or Aptoide) each time you open the application. We do not store purchase histories on our servers.
• Technical Metadata: Application technical information (version, device model) is processed only during the active session and is not retained beyond application closure.

Automatic Data Deletion

In compliance with data protection regulations, if you do not use the application for more than 36 consecutive months, any associated advertising identifier will be automatically purged from Google AdMob systems according to their retention policies.

6. International Data Transfers

• Google AdMob: Collected data may be transferred and processed in countries outside your jurisdiction, including the United States, where Google has its main servers.
• Protections: Google implements adequate security measures in accordance with international data protection regulations (GDPR, CCPA).
• Legal Basis: Transfers are carried out under legally recognized mechanisms such as the EU Standard Contractual Clauses.

7. Your Privacy Rights and Options

You have control over your information and can make the following decisions:

• Disable Personalized Ads: You can opt out of personalized ads by adjusting your mobile device settings.
  • On iOS: Go to Settings > Privacy & Security > Tracking, and turn off "Allow Apps to Request to Track".
  • On Android: Go to Settings > Google > Ads, and turn on "Opt out of Ads Personalization".
• Delete Local Data: You can delete locally stored data (such as game statistics, records and settings) by uninstalling the application.

Additional Rights by Jurisdiction

For EU/EEA Users (GDPR):

If you reside in the European Union or European Economic Area, you have the following rights under the GDPR:

• Right of Access (Art. 15 GDPR):
  • Obtain confirmation of whether we process your personal data
  • Receive a copy of your personal data and information about how we process it
  • Know the purposes, data categories, recipients and retention periods
• Right of Rectification (Art. 16 GDPR):
  • Correct inaccurate or incomplete personal data
  • Complete data that is incomplete through an additional statement
• Right to Erasure/"Right to be Forgotten" (Art. 17 GDPR):
  • Request deletion of your data when it is no longer necessary
  • Withdraw consent if processing is based on consent
  • Object to processing based on legitimate interest without overriding reasons
• Right to Restriction of Processing (Art. 18 GDPR):
  • Restrict processing while data accuracy is being verified
  • Limit use when processing is unlawful but you do not want deletion
• Right to Data Portability (Art. 20 GDPR):
  • Receive your data in structured, common and machine-readable JSON format
  • Transmit that data to another controller when technically possible
  • Applies only to: locally saved game statistics and records data (does not apply to advertising identifiers)
• Right to Object (Art. 21 GDPR):
  • Object to processing based on legitimate interest (includes personalized advertising)
  • Absolute right to object to direct marketing at any time

For California, USA Users (CCPA/CPRA):

If you reside in California, you have the right to:

• Know: What personal information we collect and how we use it
• Delete: Request deletion of your personal information
• Not Sell: Opt out of selling your personal information (Not applicable - we do not sell data)
• Non-Discrimination: Not be discriminated against for exercising your privacy rights

For Brazil Users (LGPD):

If you reside in Brazil, you have rights similar to GDPR, including access, rectification, deletion and data portability.

For Canada Users (PIPEDA):

If you reside in Canada, you have the right to access and correct your personal information, as well as file complaints with the Privacy Commissioner of Canada.

For Mexico Users (LFPDPPP):

If you reside in Mexico, you have ARCO rights over your personal data:

• Access: Know what personal data we have and what we use it for
• Rectification: Correct personal data when it is inaccurate or outdated
• Cancellation: Request deletion of your personal data when you consider it unnecessary
• Opposition: Object to the use of your personal data for specific purposes

You also have the right to revoke your consent for data processing and to portability of your personal data.

For Australia Users (Privacy Act):

If you reside in Australia, you have rights under the Australian Privacy Principles, including access and correction of your personal information.

Procedure to Exercise Your Rights

Complaints Procedure

If you are not satisfied with how we handle your personal information or have a privacy complaint:

1. Contact Us First: support@garcia3apps.com - We will respond within 30 days.
2. Data Protection Authorities by Country:
   • Spain: Spanish Data Protection Agency (AEPD) - www.aepd.es
   • Mexico: National Institute of Transparency, Access to Information and Personal Data Protection (INAI) - www.inai.org.mx
   • United States/California: California Attorney General - oag.ca.gov
   • Brazil: National Data Protection Authority (ANPD) - www.gov.br/anpd
   • Canada: Office of the Privacy Commissioner - www.priv.gc.ca
   • Australia: Office of the Australian Information Commissioner - www.oaic.gov.au
   • EU/EEA: Your local data protection authority

8. Children's Privacy

Our App is not directed to children under 13 years of age (or the equivalent minimum age in the corresponding jurisdiction). We do not intentionally collect personally identifiable information from children.

Protection Measures for Minors

If we discover that a minor has provided us with personal information without parental consent verification, we take the following measures:

• Immediate Deletion: We delete all information about the minor from our systems within 24 hours after discovery
• Notification: We contact parents/guardians if possible to identify them to inform about the deletion
• Preventive Blocking: We implement technical measures to prevent future accidental collections from the same device
• Process Review: We review our age verification procedures to strengthen safeguards

9. Legal Jurisdiction and Applicable Laws

This Privacy Policy is governed by the following laws, depending on your location:

• Mexico: Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP)
• European Union: General Data Protection Regulation (GDPR)
• Spain: Organic Law on Protection of Personal Data and guarantee of digital rights (LOPDGDD)
• California, USA: California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
• Brazil: General Personal Data Protection Law (LGPD)
• Canada: Personal Information Protection and Electronic Documents Act (PIPEDA)
• Australia: Privacy Act 1988

In case of conflict between applicable laws, the strictest laws in favor of protecting your privacy rights will prevail.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

Technical Measures

• Secure Local Storage: Data is stored using SQLite in the application sandbox, protected by operating system encryption (FileVault on iOS, Full Disk Encryption on Android 6+)
• Encryption in Transit: All communications with third-party services (AdMob, App Stores) use HTTPS/TLS protocols
• Data Minimization Principle: We only collect information strictly necessary for app functionality
• No Own Servers: We do not store personal data on our own servers, eliminating centralized breach risks
• Regular Updates: We keep security dependencies updated following Flutter best practices

Organizational Measures

• Limited Access: Only authorized personnel have access to app-related information
• Privacy Training: Our team receives regular training on data protection and privacy
• Code Review: All data handling code goes through security review
• Incident Response Policy: Established procedures to respond to potential data breaches
• Regulatory Compliance: Periodic reviews to ensure compliance with GDPR, LGPD and other applicable regulations

Data Breach Notification

In the unlikely event of a security breach affecting your personal data:

• Detection and Assessment: We will investigate the incident within 24 hours of its discovery
• Authority Notification: If the breach presents a high risk to your rights, we will notify competent data protection authorities within 72 hours
• User Notification: We will inform you without undue delay if the breach presents a high risk to your rights and freedoms, including:
  • Nature of the personal data breach
  • Categories and approximate number of affected data subjects
  • Measures adopted or proposed to remedy the breach
  • Measures to mitigate possible adverse effects
• Communication: Notifications will be made through an application update and/or email if we have your address

11. Changes to This Privacy Policy

We may update our Privacy Policy from time to time to reflect changes in our practices or for legal reasons. We will notify you of any significant changes:

• Publishing the new policy on this page
• Updating the effective date at the top
• Notification within the app for material changes affecting your rights

We recommend reviewing this policy periodically to stay informed about how we protect your information.