Privacy Policy

Effective date: May 13, 2026

This Privacy Policy applies to DolphinPlayer.com and related applications (collectively, "DolphinPlayer", "we", "us", or "our"). We respect your privacy and are committed to protecting user information under applicable international laws and platform requirements, including GDPR, UK GDPR, CCPA/CPRA, COPPA, DMA, LGPD, and current Apple App Store and Google Play rules.

Quick Compliance Snapshot

• Primary model: privacy-first local applications with strong on-device storage principles.
• Global alignment: GDPR, UK GDPR, CCPA/CPRA, COPPA, DMA, LGPD, and app store policy obligations.
• Ad-supported editions: support for splash/open app, rewarded video, interstitial, banner, and native ad formats with legal notice coverage.
• User controls: consent management, rights request support, and age-aware privacy restrictions.

1. Overview

DolphinPlayer develops local-first utility applications for personal life management. Many app features are designed to operate without a forced account and with data stored locally on the user device. Depending on product edition (for example, paid edition, ad-supported edition, or analytics-enabled edition), certain limited data processing may occur for app operation, monetization, anti-abuse, diagnostics, policy compliance, and store obligations.

2. Information We Collect

Depending on your permissions, app configuration, and platform settings, we may collect and process the following categories:

2.1 Device and Technical Information

• Device identifiers (such as IDFA, GAID, App Set ID, vendor/device identifiers where allowed).
• Device model, operating system, app version, language, region, timezone, and network metadata.
• IP address and coarse geolocation derived from IP for security, fraud prevention, and localization.

2.2 Application Activity and Performance Data

• Feature usage events, button clicks, session timing, and interaction flow metrics.
• Crash logs, ANR reports, startup latency, memory pressure, rendering/performance diagnostics.
• Security and integrity events, error traces, abuse prevention signals.

2.3 In-App Purchase (IAP) and Transaction Data

• Purchase status, product SKU, transaction token/receipt, and entitlement state.
• Order validation and anti-fraud metadata.
• We do not directly process your credit card data; payments are processed by Apple App Store or Google Play.

2.4 Advertising and Monetization Data (for ad-supported app editions)

• Ad request and response metadata, ad impressions, clicks, viewability, conversion events.
• Device identifiers and consent signals used by ad SDKs where legally and technically permitted.
• Anti-fraud and invalid traffic detection data required by ad networks and mediation providers.

2.5 User-Provided Data

• Support emails and communications sent to support@DolphinPlayer.com or chenyuan@DolphinPlayer.com.
• Optional feedback, bug reports, and attachments you choose to send.

2.6 Local-First Content Data

• For core local tool functions (notes, records, habit entries, finance logs, mood logs, encrypted files), content is primarily stored in local encrypted databases on your device.
• If cloud export or sharing features are added in a specific product version, those flows are separately disclosed and opt-in where required.

3. Legal Bases for Processing

Where required by law, we rely on one or more legal bases:

• Contract necessity: delivering app functions, license entitlement checks, and purchase fulfillment.
• Legitimate interests: app stability, security, fraud prevention, service improvement, and non-personalized monetization.
• Consent: personalized ads, tracking, precise geolocation, or marketing communications where consent is legally required.
• Legal obligation: meeting legal, tax, accounting, consumer protection, and platform compliance duties.

4. How We Use Information

• Provide, secure, and improve application services.
• Enable in-app purchases and entitlement management.
• Deliver and measure ads in ad-supported app versions.
• Detect crashes, diagnose bugs, and optimize performance.
• Prevent abuse, fraud, and policy violations.
• Comply with legal obligations and store policy requirements.

5. Third-Party SDKs, Partners, and Data Sharing

We may integrate selected third-party services by product requirements and regional compliance:

5.1 Advertising, Mediation, and Monetization Providers

Examples include AdMob (Google), AppLovin MAX, Unity Ads, Meta Audience Network, ironSource, Mintegral, Pangle, Vungle/Liftoff Monetize, Chartboost, InMobi, Start.io, Fyber, Smaato, AdColony, and equivalent compliant providers.

Supported ad formats may include splash/open app ads, rewarded video ads, interstitial ads, banner ads, and native ads.

5.2 Analytics and Attribution

We may use analytics and attribution tools such as Firebase Analytics, Google Analytics for Firebase, AppsFlyer, and similar services for performance monitoring, campaign attribution, and anti-fraud validation.

5.3 Payment and Store Platforms

Apple App Store and Google Play process payment data and may share transaction status metadata with us.

5.4 Service Providers

We may share limited data with infrastructure, security, customer support, legal, and auditing providers under contractual confidentiality obligations.

6. Children and Age-Appropriate Protections

• We do not knowingly collect personal information from children under 13, or under 16 where local law requires a higher threshold.
• Where child-directed rules apply (COPPA, GDPR-K, or equivalent), personalized advertising and tracking features are disabled.
• We support platform age signal mechanisms (including Apple/Google age signal APIs where available) to apply stricter privacy controls automatically.
• If we learn we collected a child's personal information without lawful basis, we will delete it promptly.

7. Data Retention

• We keep data only for as long as necessary for the purposes described in this policy, unless longer retention is required by law.
• Retention periods vary by data category, product edition, legal obligations, and security needs.
• Locally stored user content remains under user control on the device unless removed by the user or app uninstallation behavior.

8. Data Security

We implement technical and organizational safeguards including encryption in transit (TLS/SSL), local encryption design in supported products, access control, logging, code review, and security hardening. No system can be guaranteed 100% secure, but we continuously improve defensive controls.

9. International Data Transfers

Because our services are offered globally, relevant data may be processed outside your country/region. For regulated transfers, we use recognized legal mechanisms, such as Standard Contractual Clauses (SCCs), plus supplementary safeguards where needed.

10. Your Rights and Choices

Depending on your location and applicable law, you may have rights to:

• Access, correct, and request a copy of your personal information.
• Request deletion of your personal information, subject to legal exceptions.
• Object to or restrict certain processing.
• Withdraw consent where processing is consent-based.
• Opt out of sale/sharing/cross-context behavioral advertising where applicable (for example, CCPA/CPRA rights).
• Appeal decisions where local law provides appeal mechanisms.

To exercise rights, contact support@DolphinPlayer.com. For US users, we provide a "Do Not Sell or Share My Personal Information" option where legally required.

11. Region-Specific Notices

11.1 EEA/UK (GDPR/UK GDPR)

• Controller: DolphinPlayer.com.
• Legal bases are listed in Section 3.
• You may lodge complaints with your local supervisory authority.

11.2 California (CCPA/CPRA)

• Categories of personal information and purposes are listed in Sections 2 and 4.
• You may request access, deletion, correction, and opt-out rights where applicable.
• We do not discriminate against users for exercising privacy rights.

11.3 Brazil (LGPD) and Other Regions

• Processing is performed under legally valid bases and data-subject rights are respected.
• Local legal rights can be exercised through our contact channels.

12. Store and Platform Compliance Notice (Apple App Store & Google Play)

12.1 Data Safety and Privacy Nutrition Labels

• We maintain disclosures for SDK-collected data categories, including device identifiers used by ad/analytics SDKs where applicable.
• Where required, account deletion or data deletion request methods are provided through in-app entry or contact channels.

12.2 Age Rating and Child-Directed Handling

• Age rating forms are completed according to app content and monetization behavior.
• If child audiences are included, child-directed treatment flags and restricted ad behaviors are configured accordingly.

12.3 ATT and Tracking Transparency (iOS)

• When tracking permission is required, ATT prompts are presented in compliance with Apple requirements.
• Tracking-disabled users are provided non-tracking alternatives where applicable.

13. Policy Updates

We may update this policy to reflect product updates, legal changes, or platform policy changes. Material updates may be announced through in-app notices, website updates, or other reasonable methods.

13.1 Advertising Partner Disclosure and User Controls

For ad-supported editions, partner lists may change over time due to mediation optimization, region policy updates, and platform requirements. We maintain consent-aware configuration and disable or limit tracking functions when users decline consent or when child-directed or restricted processing rules apply.

14. Data Deletion and Account Deletion Requests

Where an app edition includes account-based features, users may request account deletion and associated personal data deletion through available in-app settings, official support channels, or store-linked request workflows when required.

• Identity verification may be required before processing deletion requests to prevent unauthorized deletion.
• Certain records may be retained for legal compliance, fraud prevention, security investigations, tax/accounting rules, and dispute resolution.
• For local-only editions without server accounts, uninstalling the app and deleting local data may remove user content from the device.

15. Cookies, Local Storage, and SDK Identifiers

Our website and app components may use technically necessary cookies, local storage objects, and SDK-generated identifiers to support basic functionality, session continuity, consent status persistence, diagnostics, and abuse prevention.

• Essential technologies are used for security, load balancing, language/region settings, and legal compliance records.
• Analytics and advertising identifiers are processed only according to applicable legal basis and consent requirements.
• Users can adjust browser/app settings and platform privacy controls to limit or disable certain identifier usage.

16. Automated Decision-Making and Profiling

We do not use fully automated decision-making systems that produce legal or similarly significant effects about users in our core local-tool model. Limited automated processing may be used for fraud detection, service security, crash triage, and ad delivery optimization in supported editions.

• Automated risk signals are designed to reduce abuse and protect service stability.
• Where required by law, users can request human review of significant decisions and obtain additional information.

17. Security Incident and Breach Response

We maintain incident response procedures that include detection, containment, remediation, and post-incident review. If a reportable personal data breach occurs, we will notify affected users and regulators as required by applicable law.

• Response actions may include temporary access controls, credential resets, and targeted infrastructure hardening.
• Notification timing and scope will follow applicable legal requirements and regulatory guidance.

18. Government, Regulatory, and Law Enforcement Requests

We may disclose limited data where required by valid legal process, court order, or regulatory obligation. We evaluate requests for legality, scope, and proportionality before disclosure where permitted.

• We may reject or narrow requests that are unlawful, overly broad, or inconsistent with applicable rights protections.
• Where legally allowed, we may notify users before disclosure.

19. Privacy Governance, DPIA, and Vendor Management

We apply privacy-by-design and security-by-design principles through internal governance controls, periodic compliance reviews, and contract-based vendor management obligations.

• Data Protection Impact Assessments (DPIA) or equivalent risk assessments may be conducted for high-risk processing scenarios.
• Third-party partners are subject to contractual safeguards, confidentiality duties, and data processing limitations.
• Policy and control updates are applied as laws, platform requirements, and product architecture evolve.

20. Contact Information

Team Name: DolphinPlayer.com

Business Support: support@DolphinPlayer.com

Contact Email: chenyuan@DolphinPlayer.com

Office Address: Northeast Corner of the Intersection of Liantong Road and East 4th Road, Zibo Zhangdian Electronic Information Innovation Park, Zhangdian District, Zibo, Shandong Province, China.