Privacy Policy

1) Who we are

COMPANY_NAME (“we”, “us”, or “our”) is the provider of SOULMUTE (the “App”). This Privacy Policy explains how we handle information when you use the App.

2) Scope

This Policy applies to the App and in‑app experiences (anonymous stories, 1‑on‑1 “Duduk Bareng” sessions, and global emotion). It does not cover third‑party websites or services we do not control.

3) Information we collect

A. Information you provide

• Anonymous stories (up to 500 characters) and ephemeral reactions (e.g., resonance, virtual hug, or optional anonymous replies).
• 1‑on‑1 chat messages during time‑limited sessions.
• Feedback/support when you contact us.

B. Information collected automatically

• Device & app data (e.g., device model, OS version, app version, language, and an app‑scoped identifier such as Firebase Installation ID).
• Usage & diagnostics (e.g., feature usage, performance metrics, crash logs).
• Approximate location derived from IP for abuse prevention and high‑level statistics (we do not collect precise GPS unless you explicitly choose to share it for a specific feature).

C. Information from service providers

• Firebase by Google for hosting, databases (Cloud Firestore/Realtime Database), authentication (including anonymous sign‑in), messaging (FCM), analytics, and crash reporting.
• Google AdMob (if ads are enabled) which may receive device advertising identifiers and other ad‑related signals to serve and measure ads and prevent fraud.

4) How we use information

• Provide and improve core features: anonymous stories, time‑boxed 1‑on‑1 chat, and private reflections.
• Enable random matching for “Duduk Bareng” sessions with safety mechanisms.
• Generate aggregated, de‑identified emotion statistics to help users feel less alone.
• Maintain security, prevent spam/abuse, and moderate harmful content (including automated keyword filters).
• Diagnose crashes, measure performance, and enhance stability.
• Where applicable, show ads and limit ad fraud.
• Comply with legal obligations and enforce our Terms.

Legal bases (EEA/UK): performance of a contract; our legitimate interests (e.g., to secure and improve the App); your consent (e.g., for personalized ads/notifications where required); and compliance with legal obligations.

5) Advertising & analytics

If enabled, we use Google AdMob to display ads. AdMob and its partners may collect or receive device identifiers and ad signals to deliver and measure ads and prevent fraud. See:

• Google Advertising Policies
• About AdMob & user data

We may also use Firebase Analytics to understand app usage in an aggregated, pseudonymous manner. You can reset your device’s Advertising ID and/or limit ad personalization in your device settings.

6) How we share information

• Service providers that help us operate the App (e.g., Firebase, analytics/ads partners) under appropriate contracts.
• Other users only when you intentionally share content (e.g., stories or messages visible to their intended recipients during a session).
• Legal & safety if reasonably necessary to comply with law, enforce our terms, or protect rights, property, or safety.
• Business transfers in connection with a merger, acquisition, or similar transaction.

We do not sell personal information. Some jurisdictions define targeted advertising as a “sale” or “share”; where applicable, we provide choices described below.

7) Data retention

• Anonymous stories: auto‑deleted after 24 hours.
• 1‑on‑1 chats: retained only for the duration of the live session (time‑boxed) and then deleted.
• Logs/diagnostics: retained for a limited period to secure, debug, and improve the App, consistent with provider policies.
• Aggregated statistics: kept without identifiers.

8) Security

We use reasonable technical and organizational measures (e.g., HTTPS, access controls, automated moderation). Where supported, we discourage or block screenshots in sensitive areas. No method is 100% secure, and we cannot guarantee absolute security.

9) Children’s privacy

The App is not directed to children under 13 (or the minimum age required in your region). We do not knowingly collect personal information from children. If you believe a child has provided personal data, please contact us and we will take appropriate action.

10) Your rights & choices

• Control your content: stories auto‑expire; chats end and are deleted at session close; journals remain on your device.
• Device settings: reset Advertising ID and/or limit ad personalization; manage notifications and permissions.
• Data requests: you may request access, correction, or deletion of information (subject to verification and legal requirements) by contacting us at CONTACT_EMAIL.
• EEA/UK users: you may object to processing based on legitimate interests, request restriction or portability, and lodge a complaint with your supervisory authority.
• California (CCPA/CPRA): we do not sell personal information. You may request access, correction, or deletion, and exercise the right to limit use of sensitive information where applicable.

Account & data deletion: End a chat at any time using the in‑app controls. For other deletion requests (including server‑side residual data, if any), contact us at CONTACT_EMAIL.

11) International transfers

We may process and store information in countries other than yours (e.g., via our providers’ data centers). Where required, we rely on appropriate safeguards for such transfers.

12) Changes to this policy

We may update this Policy to reflect changes in our practices or the law. When we do, we will revise the “Last updated” date above. Please review this Policy periodically.

13) Contact us

If you have questions or requests regarding this Policy or our data practices, contact:

• Developer/Company: Kelar.In
• Email: [email protected]
• Address (optional): INDONESIA