This is a draft prepared for the international market. It should be reviewed by qualified legal counsel before publication, with particular attention to children's privacy law (COPPA, UK/EU GDPR).
1. Introduction
This Privacy Policy explains how the Mundo Encantado da Giramille app ("App") handles data. Our guiding principle is to collect as little as possible. The App is designed for children aged 3 to 7, and it is built so that it does not ask a child for any directly identifying information.
2. Who we are (Data Controller)
The controller is GIRAMILLE DANDICO PRODUCTIONS LIMITED, a company registered in England and Wales under company number 14163636, with its registered office at 66 Paul Street, London, United Kingdom, EC2A 4NA.
Contact for data matters: privacy@giramilleapp.com.
3. Who the App is for
The App's main audience is children, but its download, installation and any purchase of subscriptions or the lifetime plan are carried out by responsible adults (parents or legal guardians). The App does not request registration, login or any information that directly identifies a child.
Any processing related to children is carried out in their best interests, minimised, and — where applicable — with the consent of a parent or legal guardian (for example, when a purchase is made inside the App, authorised through the adult's Apple or Google store account).
4. What data is processed
Our philosophy is to collect the minimum possible. To deliver the App's essential features, we process the following:
4.1. Technical data sent to our servers
- Anonymous device identifier (deviceId): a UUID generated locally, unrelated to your identity, used to validate premium subscriptions and the lifetime plan activated by token.
- Store transaction identifier: when a purchase (subscription or lifetime plan) is made inside the App via the Apple App Store or Google Play, we receive the transaction identifier (originalTransactionId / purchaseToken) to validate and activate premium access. We do not receive card data, name, email or any other personal data.
- Activation token: if the user enters a token purchased on our website, that token is validated on our servers to unlock premium access.
- Plan type: we record whether premium access comes from a monthly, yearly or lifetime plan, solely to validate and enforce the three-device limit per purchase.
4.2. Data processed locally on the device (never leaves the device)
The App has an Augmented Reality (AR) feature that requires operating-system permissions. Data captured through these permissions is processed solely on the user's device and is not sent to our servers or to third parties:
- Camera: used to render characters in Augmented Reality over the scene viewed by the camera.
- Microphone: used only to capture audio during the optional recording of AR videos.
- Gallery / storage access: used only to let the user save the recorded AR video to the camera roll (the operating system's native gallery). If the user chooses not to save or share, the video is discarded automatically. The App has no internal gallery of its own and stores no copies of these videos.
If the user uses the operating system's native sharing feature to share the video (for example, with messaging apps or social networks), the content is then controlled by the app chosen by the user, not by us.
4.3. Data processed by third parties integrated into the App
Advertising (Google AdMob): the free version shows ads provided by Google AdMob, configured in child-directed mode (Tag for Child-Directed Treatment). In this mode, Google limits data collection and disables interest-based ads and remarketing. Technical data such as a limited advertising identifier, IP address and ad-impression information may be collected by Google. See Google's policy for details.
Payments (Apple App Store and Google Play): in-app purchases, including the lifetime plan bought as a non-consumable (Apple) or one-time product (Google), are processed by the stores themselves. Payment data (card, store account, billing address, etc.) is collected and processed solely by Apple Inc. or Google LLC under their own privacy policies. We neither receive nor store this data.
Analytics and stability tools (future use): we may, in the future, integrate tools such as Firebase Analytics and Firebase Crashlytics to understand App usage in aggregate and diagnose errors. When enabled, these tools will be configured in line with a children's audience and this policy will be updated.
4.4. Data we do NOT collect
For transparency, the App does not collect:
- Name, email, phone number, address or national ID.
- Geolocation (GPS).
- Contact list.
- Content from other folders on the device, beyond the optional saving of the AR video to the camera roll.
- Biometric data.
- Passwords, banking data or any financial credentials.
5. Purposes of processing
The data above is processed solely to:
- Enable the App and its games to work.
- Validate and activate premium subscriptions and the lifetime plan, purchased through the Apple and Google stores or by a token bought on our website.
- Enforce the three-device limit linked to the same purchase.
- Show ads appropriate for a children's audience in the free version.
- Enable the Augmented Reality feature, processing the content locally on the device.
- Diagnose and fix errors, keep the App stable and improve the experience.
6. Legal bases
Under the UK GDPR and the EU GDPR, we rely on:
- Performance of a contract: to validate subscriptions and the lifetime plan and to provide the premium features purchased.
- Legitimate interests: for error diagnosis, fraud prevention and App stability, balanced against the user's rights.
- Consent: for advertising and for the use of camera, microphone and gallery permissions, given through the operating system's own dialogs and authorised by the responsible adult.
7. Children's privacy (COPPA, UK/EU GDPR)
This App is classified as child-directed on the Apple App Store and Google Play, and is built accordingly:
- There is no registration, login or form requesting personal data from a child inside the App.
- The Google AdMob integration is configured in child-directed mode, without interest-based ads or remarketing.
- In-app purchases (including the lifetime plan) are protected by the stores' own mechanisms, which require authentication by the responsible adult.
Where United States law applies, we operate in accordance with the Children's Online Privacy Protection Act (COPPA): we do not knowingly collect personal information from children under 13, and verifiable parental consent for purchases is handled through the store account of the responsible adult.
Where United Kingdom or European law applies, we operate in accordance with the UK GDPR, the EU GDPR and the related protections for children, including the UK Age Appropriate Design Code (Children's Code).
If you are a parent or guardian and believe a child has provided personal data, contact privacy@giramilleapp.com and we will delete it.
8. Sharing data
We do not share personal data with third parties for marketing or for selling databases. Third-party involvement is limited to processors that make the App work:
- Google LLC (Firebase — hosting of the subscription and lifetime-plan validation services).
- Google LLC (AdMob — showing ads in child-directed mode).
- Apple Inc. and Google LLC (payment processing and management of in-app subscriptions and the lifetime plan).
When we enable analytics and stability tools, we will update this policy to list them.
9. International data transfers
The data controller is a company based in the United Kingdom. The servers used to run the App are located in Google data centres (United States and/or Europe regions). Where data is transferred outside the UK or the EEA, we rely on appropriate safeguards such as the UK International Data Transfer Agreement or the European Commission's Standard Contractual Clauses, alongside the performance of the contract with the user.
10. Data retention
Technical data related to subscription validation is kept while the subscription is active and for an additional period needed to meet legal, tax and fraud-prevention obligations. Anonymous device identifiers are automatically discarded when they are no longer linked to an active purchase.
For the lifetime plan, technical validation data is kept while the plan remains active (that is, until a refund or a deletion request), allowing the user to keep premium access for the useful life of the App. If a refund occurs, the record is marked as cancelled and premium access is revoked.
11. Your rights
Depending on where you live, the data subject (or the legal guardian, in the case of a child) may request: confirmation of processing; access; correction; deletion; restriction or objection; portability; and withdrawal of consent. Requests can be sent to privacy@giramilleapp.com.
If you are in the UK or the EEA, you may also lodge a complaint with your local supervisory authority (in the UK, the Information Commissioner's Office, ico.org.uk).
12. Security
We use technical and organisational measures to protect data against unauthorised access, loss, alteration or destruction. The Cloud Functions that process data use encrypted communication (HTTPS/TLS), and the databases are accessible only by our authenticated internal systems.
13. Changes to this Policy
This policy may be updated to reflect changes in the App, in providers or in the law. Significant changes will be shown by the "Effective date" at the top of this document. We recommend reviewing this page periodically.
14. Contact
Questions about this Privacy Policy or about data processing can be sent to:
- Email: privacy@giramilleapp.com
- Website: https://giramilleapp.com