Privacy Policy

PER-APP NOTES

A single Privacy Policy covers all our products. The summaries below highlight what applies to each one — full details continue in the sections that follow. Use these direct links in store listings or to jump straight to the relevant part:

• CrewSync
• Watch faces (Wear OS / watchOS)
• Themes (Android)
• Website (appcomin.com)

WHO WE ARE (CONTROLLER)

App Comin - Nova Prata/RS, Brazil
Privacy contact: contact@appcomin.com

DATA WE COLLECT

• Device and app data: app version, OS/version, device model, language, country/region, time zone, basic events (opens, crashes).
• Identifiers: Android Advertising ID or App Set ID (ads/anti-fraud), Firebase Instance IDs, consent status tokens (Google UMP / Osano).
• Location (only if you grant permission): approximate or precise location for features such as weather or geo-features.
• Usage and diagnostics: crash reports and performance metrics (e.g., Firebase Crashlytics/Analytics).
• Support/contact: the email and message content you voluntarily send to us.
• Payments (if applicable): purchases via Google Play. We receive non-financial confirmations (product IDs, purchase tokens). We do not receive card data.
• Google Calendar Data (CrewSync): When you enable Google Calendar sync in CrewSync, we access your Google Calendar to create, update, and delete events in a dedicated "CrewSync - Escala de Voo" calendar. We do not read or modify events in any other calendar. This data is processed locally on your device and is not stored on our servers.
• Alexa Integration (CrewSync): When you link your CrewSync account to the "CrewSync" Alexa skill, we store the following on our servers: your CrewSync account identifier, a short-lived 6-digit pairing PIN (valid for 10 minutes, single-use), and OAuth refresh/access tokens issued by our own authorization server. When you speak to the skill, Amazon forwards the request to our API, which reads your current schedule (flights and duties) already stored for your CrewSync account to generate the spoken answer. We do not receive or store audio recordings or transcripts; Amazon processes the voice input on its side.
• iOS/iPadOS/watchOS identifiers: IDFV (Identifier for Vendor) and, only if you grant permission via App Tracking Transparency (ATT), IDFA. CrewSync currently does not use cross-app tracking; future versions with advertising may request permission.
• Airline portal credentials (CrewSync — GOL CrewLink only): For automatic schedule import, you provide CrewLink login and password. These credentials are stored exclusively in your device's Keychain (OS-managed encryption) and used solely to authenticate directly with GOL's portal. They are never sent to, copied to, or stored on our servers. You can remove them at any time by logging out of CrewLink in the app.
• PDF schedule import (CrewSync — LATAM via iFlight Crew, Azul via CAE): The app processes the user-provided schedule PDF to extract flights and duties. Processing occurs locally on the device (LATAM) or via our extraction server (Azul); in no case is the PDF shared with third parties and the raw file is not retained after processing.
• Apple Calendar sync (CrewSync — EventKit): When you enable sync with the iOS Calendar app, CrewSync requests EventKit permission to create, update, and delete events in a dedicated "CrewSync" calendar. We do not read or modify events in other calendars. Data is processed on the device and is not sent to our servers.
• iCloud (CrewSync — iOS/watchOS): When you are signed into iCloud on the device, CrewSync uses Apple's iCloud Key-Value Store to sync preferences (theme, meal plan, authentication token) between your iPhone, Apple Watch, and widgets. This storage is private to your iCloud account, managed by Apple, and we have no access to its content.

We do not knowingly collect sensitive categories of personal data.

HOW WE OBTAIN DATA

• Directly from you: when you contact support, send feedback, or change settings.
• Automatically: via SDKs and cookies in our apps and website.
• From platforms: Google Play billing status and technical or aggregated information.

PURPOSES AND LEGAL BASES

• Provide core features (e.g., app and watch-face functionality, location features). Legal basis: contract and/or legitimate interest.
• Measure and improve (diagnostics, performance, anti-abuse). Legal basis: legitimate interest.
• Advertising (personalized or non-personalized ads, frequency capping, fraud prevention). Legal basis: consent in EEA/UK/CH; legitimate interest/contract where permitted elsewhere.
• Compliance (legal requests, terms enforcement, misuse prevention). Legal basis: legal obligation and/or legitimate interest.
• Support (reply and troubleshooting). Legal basis: contract and/or legitimate interest.

You can withdraw consent at any time as described below.

SHARING AND DISCLOSURES

We do not sell personal data. We share limited data with:

• Service providers/processors: Google AdMob/Ad Services, Firebase (Analytics, Crashlytics, Cloud Messaging), hosting/CDN, and email/helpdesk tools, strictly to operate the Services.
• Legal and safety: to comply with law, protect rights, and prevent fraud or abuse.
• Business transfers: in case of merger, acquisition, or asset sale (we will notify when required).
• Google Calendar API (CrewSync): CrewSync uses the Google Calendar API to sync your flight schedule. CrewSync's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

INTERNATIONAL TRANSFERS

We operate globally. When data is transferred outside your country (including to Brazil or the United States), we rely on appropriate safeguards such as standard contractual clauses or equivalent. You can contact us for details.

YOUR CHOICES AND CONTROLS

• In the apps (EEA/UK/Switzerland): we use Google's User Messaging Platform (AdMob UMP) to request and store your ad choices. You may change or withdraw consent in the app's privacy/ads settings, or by resetting the device's advertising ID and consent settings. Without consent, ads are non-personalized and processing is limited.
• On the website: we use Osano CMP to collect, store, and honor cookie and processing preferences. Use the cookie banner or the "Cookie Settings" link in the footer to adjust choices.
• Device settings: you can disable location permission at any time (some features may stop working) and manage ad personalization in your Google settings.
• Email/support: request access, deletion, or other actions via contact@appcomin.com
• Google Calendar sync (CrewSync): You can disable Google Calendar sync at any time via Settings. Disabling sync will remove all CrewSync-created events from your Google Calendar. You can also revoke access at https://myaccount.google.com/permissions.
• Alexa skill (CrewSync): You can unlink the skill at any time from the Alexa App (Skills > Your Skills > CrewSync > Disable Skill) or by deleting your CrewSync account in the CrewSync app. Unlinking immediately revokes the tokens stored on our servers.
• Apple Calendar sync (CrewSync): You can disable sync at any time in CrewSync Settings. Disabling will remove CrewSync-created events from the Calendar app. You can also revoke permission in iOS Settings > Privacy & Security > Calendars > CrewSync.
• CrewLink credentials (GOL): You can remove the stored credentials at any time by tapping "Sign out" in the CrewLink section of CrewSync Settings.

YOUR PRIVACY RIGHTS

Depending on your location, you may have the rights to access, rectify, erase, restrict, object, port, and withdraw consent.

How to exercise: email contact@appcomin.com with the subject "Privacy Request". We may ask you to confirm your identity.

You may also complain to your local data protection authority (EEA/UK/CH; in Brazil, ANPD).

Brazil (LGPD) notice: we honor LGPD rights. Our legal bases include consent, contract, and legitimate interest.

RETENTION

We retain data only as long as necessary for the purposes described above, then delete or anonymize it. Typical examples: crash logs for about 90-180 days; consent records as required by law; support emails for as long as needed to resolve the case.

SECURITY

We apply reasonable administrative, technical, and organizational measures (encryption in transit, access controls, least-privilege). No method of transmission or storage is 100% secure.

CHILDREN

Our Services are not directed to children under 13 (or the applicable age in your region). We do not knowingly collect personal data from children. If you believe a child provided data, contact us so we can delete it.

CHANGES TO THIS POLICY

We may update this Policy from time to time. We will update the "Last updated" date and, where required, notify you in the app or on the website. Continued use of the Services means you accept the updated Policy.

CONTACT

App Comin - Privacy
Email: contact@appcomin.com