Privacy Policy for Unscroll

Last Updated: December 27, 2025

Effective Date: December 27, 2025

Version: 1.0

1. Information We Collect

Unscroll integrates Google AdMob for ads and optional Firebase services. Data collection is limited and compliant with Google policies:

• Advertising data (via Google AdMob): Advertising ID, approximate location inferred from IP, device information (model, OS version, screen size), ad interaction data (views, clicks) — used to serve and measure ads.
• Crash diagnostics (via Firebase Crashlytics): Stack traces and device state at time of crash — disabled by default; only collected if you opt in in settings.
• Basic analytics (via Firebase Analytics): Event telemetry about feature usage — disabled by default; only collected if you opt in in settings.
• Firebase Cloud Messaging (FCM): Device registration token for push notifications, device information, message delivery data — transmitted to Firebase to enable notifications.
• Firebase Remote Config: App instance identifier and device configuration data — transmitted to Firebase to receive app configuration updates.

Personal Information Collected and Transmitted:

📱 Device or Other IDs (collected and shared with third parties):

• ✓ Advertising ID (Google Ad ID) - A unique, user-resettable identifier for advertising purposes, collected and transmitted to Google AdMob. This is the primary identifier used for personalized ads. You can reset or delete this ID in Settings → Google → Ads.
• ✓ Privacy Sandbox Ad ID - The new Android Privacy Sandbox advertising identifier (Android 13+), collected and transmitted to Google AdMob as a privacy-preserving replacement for traditional Ad ID.
• ✓ App Instance ID (Firebase Installation ID) - A unique identifier for your app installation, generated **automatically when you first launch the app** (before any opt-in) and transmitted to Firebase services (Cloud Messaging, Remote Config, Crashlytics if opted in, Analytics if opted in). This ID is required for Firebase SDK initialization and is used to identify your specific app instance across Firebase services. **This happens even if you do not opt-in to analytics or crashlytics.**
• ✓ FCM Registration Token - A unique token for push notifications, generated **automatically** by Firebase Cloud Messaging when the app first launches and transmitted to Firebase servers. This happens regardless of analytics/crashlytics opt-in status. This token identifies your device for notification delivery. You can control whether notifications are shown via Android's POST_NOTIFICATIONS permission.
• ✓ Android ID - A 64-bit number randomly generated when the device is first set up, may be collected by Google Play Services for device verification and fraud prevention. We do not directly access this ID, but it may be collected by integrated Google SDKs.

📊 Other Personal Information Collected:

• ✓ Advertising ID - A unique identifier assigned to your device by Google, collected and transmitted to Google AdMob for advertising purposes
• ✓ Device Information - Device model, manufacturer, operating system version, screen size, screen density, available memory, storage space, battery level, language settings, network type (WiFi/cellular), carrier name - collected and transmitted to Google AdMob and Firebase
• ✓ Approximate Location - Country/city/region level location inferred from your IP address by Google AdMob (we do not directly collect or access your IP address or precise location)
• ✓ IP Address - Collected temporarily by Google AdMob and Firebase for geolocation inference, fraud prevention, and service delivery (not stored by Unscroll)
• ✓ App Instance ID - A unique identifier for your app installation, generated by Firebase and transmitted to Firebase services
• ✓ FCM Registration Token - A unique token for push notifications, generated and transmitted to Firebase Cloud Messaging
• ✓ Ad Interaction Data - Information about ads you view, click, or interact with, including timestamp and ad type - collected and transmitted to Google AdMob
• ✓ App Performance Data - App version, app launch time, foreground/background state, session duration - transmitted to Firebase automatically
• ✓ App Usage Data - Which features you use within Unscroll, screen views, button clicks, user flows - collected and transmitted to Firebase Analytics ONLY if you opt in
• ✓ Crash Data - Stack traces, crash timestamps, device state, memory usage, thread information - collected and transmitted to Firebase Crashlytics ONLY if you opt in
• ✓ Purchase Information - Transaction IDs, purchase timestamps, product IDs, purchase tokens - transmitted to Google Play Billing for payment processing and subscription management
• ✓ App Configuration Data - App version, user preferences (stored locally but version transmitted to Firebase Remote Config)

When Personal Information is Transmitted:

• AdMob data - Transmitted automatically when ads are loaded, displayed, or interacted with (required for free app functionality)
• Firebase Installation ID - Generated and transmitted **automatically on first app launch** to Firebase servers. This happens before any user interaction and is required for Firebase SDK to function. Cannot be disabled while using the app.
• Firebase Cloud Messaging - FCM token transmitted **automatically on first app launch** and periodically thereafter to maintain notification capability. This is required for push notification infrastructure, even if you deny POST_NOTIFICATIONS permission.
• Firebase Remote Config - App instance ID and configuration transmitted **automatically on every app launch** to receive updated settings and feature flags. This enables the app to receive updates without requiring Play Store updates.
• Firebase Analytics - User engagement and feature usage data transmitted **ONLY if you explicitly enable analytics in Settings** (DISABLED by default)
• Firebase Crashlytics - Crash reports and diagnostic data transmitted **ONLY if you explicitly enable crash reports in Settings** (DISABLED by default)
• Purchase data - Transmitted only when you initiate or complete an in-app purchase

We do NOT collect:

• ❌ Precise location data (GPS coordinates, exact address) - only approximate country/city/region is inferred by AdMob from IP
• ❌ Device identifiers beyond Advertising ID and App Instance ID (no IMEI, hardware serial number, MAC address)
• ❌ Personal identifiable information (name, email, phone number, physical address, government IDs)
• ❌ Browsing history or web activity outside the Unscroll app
• ❌ Activity in other apps (beyond what AdMob collects for advertising)
• ❌ Contact information or address book
• ❌ Camera, microphone access, or recorded audio/video
• ❌ Photos, media files, or documents from device storage
• ❌ Passwords, credentials, or authentication tokens
• ❌ Messages, SMS, call logs, or communication content
• ❌ Calendar, notes, or personal documents
• ❌ Biometric data (fingerprint, face recognition)
• ❌ Health or fitness data
• ❌ Financial information directly (payment details are handled securely by Google Play — we never see your credit card or payment method)
• ❌ Social media profiles or account information
• ❌ Search history (except within Unscroll's own settings)

⚠️ Sensitive Personal Information Disclosure (CCPA/CPRA)

Unscroll does NOT collect any categories of sensitive personal information as defined by CCPA/CPRA.

Specifically, we confirm that we do NOT collect:

• ❌ Social Security numbers, driver's license numbers, or government IDs
• ❌ Account log-in credentials (usernames, passwords, security questions)
• ❌ Financial account numbers, credit/debit card numbers
• ❌ Precise geolocation (we only receive approximate country/region from IP)
• ❌ Racial or ethnic origin
• ❌ Religious or philosophical beliefs
• ❌ Union membership
• ❌ Contents of mail, email, or text messages
• ❌ Genetic data
• ❌ Biometric information (fingerprints, face scans, voice prints)
• ❌ Health information
• ❌ Information about sex life or sexual orientation

Therefore: Because we do not collect sensitive personal information, the CCPA/CPRA rights specifically related to limiting the use or disclosure of sensitive personal information do not apply to our data processing. However, you still have all other privacy rights described in this policy (access, deletion, opt-out, etc.).

📅 How Long We Retain Your Data

Retention Periods by Data Type:

Data Type	Retention Period	Reason
Local App Data (blocking statistics, preferences, settings)	Until you uninstall the app	Deleted immediately upon app uninstall. You control this data.
Advertising ID & Ad Data (Google AdMob)	Up to 26 months	Retained by Google AdMob per their policies. You can reset/delete Ad ID anytime in device settings.
Firebase Installation ID (App Instance ID)	Up to 180 days after uninstall	Marked for deletion immediately upon uninstall; fully removed from Firebase servers within 180 days.
FCM Token (Push notifications)	Invalidated within 24 hours of uninstall	Token becomes inactive within 24 hours; notifications stop immediately.
Crash Reports (Firebase Crashlytics - opt-in only)	90 days	Automatically deleted after 90 days. Only collected if you opt-in.
Analytics Data (Firebase Analytics - opt-in only)	14 months	Automatically deleted after 14 months. Only collected if you opt-in.
Purchase Records (Google Play Billing)	7 years	Required by tax laws and financial regulations. Cannot be deleted early.

Why We Retain Data:

• App functionality - To provide core features (local data, device IDs for ads and notifications)
• Service improvement - To fix bugs and enhance features (crash reports and analytics - opt-in only)
• Legal compliance - To meet tax and financial reporting obligations (purchase records - 7 years)
• User convenience - To maintain your preferences and settings across app restarts (local data)
• Security and fraud prevention - To detect and prevent abuse (device IDs and transaction data)

Your Control Over Data Retention:

• ✅ Delete local data: Uninstall the app (immediate deletion)
• ✅ Delete Advertising ID: Settings → Privacy → Ads → Delete advertising ID (Android 12+)
• ✅ Request early deletion: Email un0scroll@gmail.com to request deletion of data held by Google services (see Section 8 for complete instructions)
• ✅ Opt out of personalized ads: Settings → Google → Ads → Opt out of Ads Personalization

For complete details on data retention, deletion timelines, and your rights, see Section 8.1: Data Retention Policy.

Important Disclosure: While Unscroll itself does not directly collect some categories of data, the integrated Google SDKs (AdMob, Firebase) automatically collect certain information as described above. We have configured these services to minimize data collection and respect user privacy, but Google's services operate under their own privacy policies. For complete details on Google's data collection practices, please review:

• Google Privacy Policy
• Firebase Privacy & Security
• AdMob Data Collection

📊 YOUR RIGHT TO KNOW (Required by CCPA)

✅ YES, Your Data IS Shared with Third Parties

Data Category	Specific Data	Third Party	Purpose	When Shared
Device IDs	Advertising ID (AAID)	Google AdMob	Targeted advertising (cross-context behavioral ads)	Automatically (always, unless you opt-out)
Device IDs	Firebase Installation ID (FID)	Firebase (Google)	App instance identification for Remote Config, A/B testing	Automatically (on app launch)
Device IDs	Firebase Cloud Messaging Token (FCM Token)	Firebase (Google)	Push notifications (updates, reminders)	Automatically (on app launch)
App Activity	App opens, screen views, button clicks, feature usage	Firebase Analytics (Google)	Usage analytics, feature improvement	Only if you opt-in (Settings → Privacy & Data → Analytics)
App Performance	Crash logs, stack traces, device model, OS version	Firebase Crashlytics (Google)	Crash reporting, stability improvement	Only if you opt-in (Settings → Privacy & Data → Crash Reports)
Approximate Location	IP-derived country/region (NOT collected by app, inferred by Google)	Google AdMob	Location-based ad targeting, GDPR/CCPA compliance detection	Automatically (by Google's servers when serving ads)
Purchase History	In-app purchase transaction IDs, product IDs, purchase timestamps	Google Play Billing	Transaction processing, subscription management, refunds	Only when you make a purchase

🏢 Complete List of Third Parties We Share Data With

📩 How to Exercise Your Right to Know

📄 What You'll Receive in Your "Right to Know" Report

Your disclosure report will include:

1. Categories of personal data collected (Device IDs, app activity, etc.)
2. Specific pieces of personal data collected (your exact Ad ID, FID, FCM Token if available)
3. Categories of sources (directly from your device)
4. Business/commercial purposes (advertising, analytics, functionality)
5. Categories of third parties we shared data with (Google AdMob, Firebase, etc.)
6. Specific third parties (Google LLC and AdMob partner networks)
7. Categories of data shared/sold (Advertising ID for targeted ads)
8. Retention periods (how long each type of data is kept)

🔄 How Often Can You Request This Information?

Under CCPA and similar laws:

• ✅ Up to twice per 12-month period for free (no charge)
• ✅ Additional requests: We may charge a reasonable fee to cover administrative costs, or decline excessive/repetitive requests
• ✅ No penalty: Requesting this information does not affect your ability to use Unscroll

🔒 How We Verify Your Identity

To protect your privacy, we verify your identity before providing personal data disclosure:

• Email verification: We respond to the email you provide, confirming you control that address
• Device verification: Match your provided Advertising ID with our records
• Two-step confirmation: For sensitive requests, we may ask you to reply to a confirmation email

Note: We do NOT collect names, emails, or phone numbers by default, so we cannot verify identity using traditional methods. Your Advertising ID is the primary identifier.

🚫 HOW TO OPT-OUT (Required by VCDPA, CCPA, and Other Privacy Laws)

📱 How to Opt-Out (Multiple Easy Methods):

✅ METHOD 1: Device Settings (Recommended - Takes Effect Immediately)

✅ METHOD 2: Delete Advertising ID (Android 12+ Only - Most Comprehensive)

✅ METHOD 3: Reset Advertising ID (Fresh Start)

✅ METHOD 4: Email Request (Formal Opt-Out)

✅ METHOD 5: In-App UMP Dialog (Review Privacy Choices)

❓ What Happens When You Opt-Out:

• ✅ You will still see ads - Ads are required to support the free version of Unscroll
• ✅ Ads become generic/contextual - Based on app content, not your personal interests
• ✅ Your Ad ID won't be used for targeting - No cross-app tracking for ad personalization
• ✅ All app features work normally - Content blocking, statistics, settings unchanged
• ✅ You can change your mind anytime - Re-enable personalized ads in device settings

📊 What About "Sale" of Data?

🤖 What About Profiling?

🌐 Global Privacy Control (GPC)

We recognize and respect Global Privacy Control (GPC) signals. If your browser or device sends a GPC signal (supported by some privacy-focused browsers on Android), we will treat it as a valid opt-out request for the sale/sharing of your personal information for targeted advertising purposes.

📞 Questions About Opt-Out?

If you have questions about opting out or need assistance:

• Email: un0scroll@gmail.com
• Subject: "Opt-Out Help" or "Privacy Question"
• Response time: 48 hours for general questions, 15 business days for formal opt-out requests

See Section 8 for complete details on all your privacy rights including access, correction, deletion, data portability, and jurisdiction-specific rights (GDPR, CCPA, VCDPA, DPDP Act).

Understanding Device or Other IDs

What are Device or Other IDs? Device or Other IDs are unique identifiers assigned to your device or app installation. These identifiers are used to:

• Deliver personalized advertisements based on your interests (Advertising ID)
• Track ad performance and measure advertising effectiveness
• Deliver push notifications to your specific device (FCM Token)
• Maintain app configuration and settings across app restarts (App Instance ID)
• Prevent fraud and verify legitimate devices (Android ID via Google Play Services)

Your control over Device IDs:

• Advertising ID: Reset or delete anytime in Settings → Google → Ads → Delete advertising ID (Android 12+) or Reset advertising ID
• App Instance ID: Automatically deleted when you uninstall the app
• FCM Token: Deleted when you uninstall the app; notifications stop immediately
• Opt-out of ad personalization: Settings → Google → Ads → Opt out of Ads Personalization (you'll still see ads, but they won't be personalized)

Important: These Device IDs are not permanent and do not directly identify you personally (like your name or email). However, under privacy laws (GDPR, CCPA, VCDPA), they are considered "personal information" because they can be used to track your device's behavior over time.

2. Data Stored Locally on Your Device

The following data is stored only on your device and is never transmitted to our servers:

• Blocking statistics - Count of how many times short-form content was blocked per app
• App preferences - Which apps you want to block (YouTube, Instagram, TikTok, Facebook, Snapchat, Twitter)
• Settings - Schedule preferences, theme selection, temporary pause state

Note: We have no backend servers; your data remains on-device and is automatically deleted when you uninstall the app.

3. How We Use Information

Information collected is used for:

• Ad personalization - Google AdMob uses data to show relevant ads (subject to UMP consent and device ad settings)
• App functionality - To remember your settings and track your progress
• App improvement - Crash reports and analytics are opt-in and help fix bugs and improve UX

3.1. Firebase Services: Automatic vs Opt-In

How to Enable/Disable (Your Choice):

• Go to Unscroll → Settings → Privacy & Data
• Toggle "Help improve Unscroll with crash reports" (Firebase Crashlytics)
• Toggle "Help improve Unscroll with anonymous usage analytics" (Firebase Analytics)
• You can enable/disable these at any time
• No data is collected unless you turn these ON

What happens if you opt in:

• Firebase Crashlytics (if enabled): Collects crash stack traces, device model, OS version, and app state at crash time to help us fix bugs. No personal information is collected.
• Firebase Analytics (if enabled): Collects anonymous event telemetry (e.g., "user opened settings", "user paused blocking") to understand which features are used. No personal information is collected.
• Your data remains anonymous: Firebase does not link crash/analytics data to your identity

What happens if you opt out (default):

• ✅ No crash reports sent to our servers
• ✅ No analytics data collected
• ✅ All app functionality works normally
• ✅ You can still use all features (free and premium)

3.2. Consent Management and User Control

📋 Permissions Consent (Android System):

When consent is requested: When you first launch Unscroll and enable the accessibility service, Android prompts you to grant permissions. Each permission is requested only when needed for specific functionality.

Permissions you explicitly grant:

• Accessibility Service - You must manually enable this in Settings → Accessibility → Unscroll. You see a warning dialog explaining the permission's capabilities.
• Post Notifications (Android 13+) - Runtime permission requested when app first attempts to show a notification. You can Allow or Deny.

How to revoke permissions:

• Go to Device Settings → Apps → Unscroll → Permissions
• Toggle OFF any permission (Internet, Network State, etc.)
• For Accessibility: Settings → Accessibility → Unscroll → Toggle OFF
• Note: Revoking Internet or Accessibility permissions will limit app functionality

🎯 Advertising Consent (Google UMP - GDPR/CCPA):

When consent is requested: On first app launch, if you're in the EU/EEA, UK, or California, you see a Google User Messaging Platform (UMP) consent dialog asking for permission to use your data for personalized ads.

Your choices:

• "Accept" / "Consent" - Allows Google AdMob to collect your Advertising ID and device info for personalized ads
• "Reject" / "Do Not Consent" - You'll still see ads, but they'll be non-personalized (contextual ads only)
• "Manage Options" - Granular control over Google ad partners and purposes

How to change your advertising consent:

• Method 1 (In-App): Go to Unscroll → Settings → Privacy & Data → Review Privacy Choices (shows UMP dialog again)
• Method 2 (Device Settings): Settings → Google → Ads → Opt out of Ads Personalization
• Method 3 (Delete Ad ID): Settings → Privacy → Ads → Delete advertising ID (Android 12+)

📊 Analytics & Crash Reports Consent (Opt-In):

When consent is requested: Firebase Analytics and Crashlytics are disabled by default. You're asked to opt in via an in-app prompt or can enable them anytime in Settings.

How to opt in:

1. Open Unscroll → Settings → Privacy & Data
2. Toggle ON "Help improve Unscroll with crash reports" (Crashlytics)
3. Toggle ON "Help improve Unscroll with anonymous usage analytics" (Analytics)

How to opt out (withdraw consent):

1. Open Unscroll → Settings → Privacy & Data
2. Toggle OFF both options
3. Data collection stops immediately
4. No retroactive data is collected after opt-out

🔐 Notification Consent:

When consent is requested: Android 13+ requests runtime permission when app first attempts to send a notification.

How to manage notifications:

• Allow all: Device Settings → Apps → Unscroll → Notifications → Toggle ON
• Block all: Toggle OFF in same location
• Customize: Enable/disable specific notification categories (reminders, milestones, updates)

⚖️ Legal Basis Summary:

Data Processing Activity	Legal Basis	User Control
Personalized Advertising (AdMob)	Consent (GDPR Art. 6(1)(a))	UMP dialog, Device settings
Crash Reports (Crashlytics)	Consent (Opt-in)	App Settings toggle
Analytics (Firebase Analytics)	Consent (Opt-in)	App Settings toggle
Push Notifications (FCM)	Contractual Necessity (GDPR Art. 6(1)(b))	Android permission, App notification settings
In-App Purchases (Google Play)	Contractual Necessity (GDPR Art. 6(1)(b))	You initiate purchases voluntarily
App Configuration (Remote Config)	Legitimate Interest (GDPR Art. 6(1)(f))	Required for app functionality
Content Blocking (Accessibility Service)	Consent (Android system permission)	Settings → Accessibility → Unscroll

Important: You can withdraw consent or change your privacy choices at any time without affecting the lawfulness of processing before withdrawal. Withdrawing consent may limit some app features but will not affect core functionality (content blocking).

4. Third-Party Services

Unscroll integrates the following third-party services that collect, process, or transmit personal information:

• Google AdMob - Advertising, ad measurement, and monetization
  Privacy Policy: https://policies.google.com/privacy
  Data collected: Advertising ID, device info, approximate location, ad interactions
• Google User Messaging Platform (UMP) - Consent management for GDPR/CCPA compliance
  Privacy Policy: https://policies.google.com/privacy
  Data collected: Consent choices, device info
• Firebase Cloud Messaging (FCM) - Push notifications delivery
  Privacy Policy: Firebase Privacy & Security
  Data collected: FCM token, device info, message delivery metrics
• Firebase Remote Config - Dynamic app configuration and feature flags
  Privacy Policy: Firebase Privacy & Security
  Data collected: App instance ID, app version, device info
• Firebase Crashlytics (opt-in) - Crash diagnostics to improve stability
  Privacy Policy: Firebase Privacy & Security
  Data collected: Crash logs, stack traces, device state (only if you enable in Settings)
• Firebase Analytics (opt-in) - User engagement and feature usage analytics
  Privacy Policy: Firebase Privacy & Security
  Data collected: Screen views, user actions, session data (only if you enable in Settings)
• Google Play Billing - In-app purchases and subscription management
  Privacy Policy: Google Payments Privacy
  Data collected: Purchase history, transaction IDs, purchase tokens

Important: Each of these services operates under Google's privacy policies and may collect additional data as described in their respective privacy policies. We have configured these services to minimize data collection, but we recommend reviewing Google's privacy policies for complete details.

4.1. Cookies and Tracking Technologies

What We Do Use:

• Device identifiers - Advertising ID, App Instance ID, and FCM Token as described in Section 1
• Local storage - SharedPreferences for app settings and blocking statistics (stored only on your device)
• SDK tracking - Google AdMob and Firebase SDKs use their own tracking mechanisms as described in their privacy policies

Third-Party Tracking:

• Google AdMob: May use device identifiers and IP-derived location for advertising purposes. You can opt-out in device Settings → Google → Ads
• Firebase: Uses App Instance ID for service delivery. This is not cross-app tracking
• Privacy Sandbox (Android 13+): Uses on-device processing for interest-based ads with enhanced privacy protections

Do Not Track (DNT): Since we are a native app and not a website, browser DNT signals do not apply. However, we respect Android's advertising opt-out settings (Settings → Google → Ads → Opt out of Ads Personalization) and Global Privacy Control (GPC) signals where applicable.

4.2. Financial Incentives (CCPA Disclosure)

Current Financial Incentive Programs:

• Free Ad-Supported Version: Users can use Unscroll for free by allowing ads. In exchange for viewing advertisements (which requires sharing your Advertising ID with Google AdMob), you receive free access to the app's core features. This is a value exchange where:
  • You receive: Free access to content blocking features
  • You provide: Your Advertising ID and device info for ad targeting
  • How to opt-out: Purchase Unscroll Pro to remove ads, or opt-out of personalized ads in device settings
• No Other Incentives: We do not currently offer loyalty programs, referral bonuses, or discounts in exchange for additional personal information beyond what's described above

Value Calculation: The value of the free app access equals the revenue we receive from ads shown to you, which varies based on ad market conditions but is typically less than $0.01 USD per ad view. This value is reasonably related to the personal information you provide (Advertising ID for ad targeting).

Your Right to Equal Service: We will not discriminate against you for exercising your privacy rights. If you opt-out of personalized advertising, you will still have full access to all app features—you'll simply see non-personalized (contextual) ads instead.

5. Data Sharing

We do not sell your personal data to third parties for monetary consideration.

Important: For a complete list of network endpoints and domains that receive your data, see Section 5.1 below.

Data is automatically shared with the following service providers:

• Google AdMob - Advertising ID, device information, approximate location, ad interaction data — shared automatically for advertising, ad measurement, and monetization
• Firebase Cloud Messaging - FCM token, device information, message delivery metrics — shared automatically to enable push notifications
• Firebase Remote Config - App instance ID, app version, device information — shared automatically to receive app configuration updates
• Google Play Billing - Purchase information, transaction data — shared automatically when you make in-app purchases

Data is shared with the following services ONLY if you opt in:

• Firebase Crashlytics - Crash logs, stack traces, device state — shared only if you enable crash reporting in Settings → Privacy & Data
• Firebase Analytics - Screen views, user actions, session data — shared only if you enable analytics in Settings → Privacy & Data

Note on "Sharing" vs "Selling": Under some privacy laws (CCPA, VCDPA, etc.), sharing data with advertising networks like AdMob for targeted advertising may be considered "sharing" or "selling" even though we receive no monetary payment for your data. You can opt-out of this sharing as described in Section 8.

5.1. Network Endpoints and Data Transmission

Google Advertising Services (AdMob):

• googlesyndication.com - Ad serving and ad content delivery
• googleadservices.com - Ad measurement, conversion tracking, and attribution
• doubleclick.net - Ad serving and real-time bidding
• admob.com - AdMob SDK communication and ad requests
• adservice.google.com - Privacy Sandbox ad services (Android 13+)
• Data transmitted: Advertising ID, Privacy Sandbox Ad ID, device information, approximate location, ad interaction data, app context

Firebase Services (Google):

• firebaseinstallations.googleapis.com - Firebase Installations API for managing app instance identifiers and authentication tokens. This endpoint is used to generate, retrieve, and manage your app's Firebase Installation ID (App Instance ID).
• fcmtoken.googleapis.com / fcm.googleapis.com - Firebase Cloud Messaging for push notification delivery and FCM token management
• firebaseremoteconfig.googleapis.com - Firebase Remote Config for retrieving app configuration and feature flags
• firebaselogging.googleapis.com / app-measurement.com - Firebase Analytics event logging (only if you opt in to analytics)
• firebasecrashlytics.googleapis.com / crashlyticsreports-pa.googleapis.com - Firebase Crashlytics crash report upload (only if you opt in to crash reporting)
• firebasestorage.googleapis.com - Firebase Storage (used internally by Firebase SDKs for configuration caching)
• Data transmitted: App Instance ID (Firebase Installation ID), FCM registration token, device information, app version, crash reports (if opted in), analytics events (if opted in)

Google Play Services:

• play.googleapis.com - Google Play Services APIs for device verification and service communication
• android.clients.google.com - Google Play Services device check-in and configuration
• Data transmitted: Android ID (via Google Play Services), device configuration, app package information

Google Play Billing:

• play.google.com - In-app purchase processing and subscription management
• payments.google.com - Payment processing (handled securely by Google Play - we never see payment details)
• Data transmitted: Purchase tokens, transaction IDs, product IDs, subscription status

Google User Messaging Platform (UMP):

• fundingchoicesmessages.google.com - Consent dialog delivery for GDPR/CCPA compliance
• Data transmitted: Consent choices, device information for consent management

Important Disclosures:

• ✅ All data transmission uses encrypted HTTPS/TLS connections to protect data in transit
• ✅ We do not operate our own backend servers - all data is transmitted directly to Google's services
• ✅ Google services may use additional subdomains or regional endpoints (e.g., europe-west1.firebaseinstallations.googleapis.com) based on your location
• ✅ Crash reports and analytics are transmitted ONLY if you explicitly enable them in Settings → Privacy & Data
• ✅ You can block these endpoints using firewall apps, but this will break app functionality (ads won't load, notifications won't work, purchases will fail)

Why firebaseinstallations.googleapis.com is accessed: This endpoint is contacted automatically when you first launch the app and periodically thereafter to:

• Generate a unique Firebase Installation ID (App Instance ID) for your app installation
• Authenticate your app with Firebase services
• Enable Firebase Cloud Messaging for push notifications
• Retrieve app configuration from Firebase Remote Config
• Coordinate between different Firebase services (Analytics, Crashlytics, Messaging)

This is a standard Firebase SDK endpoint and is required for Firebase services to function. The Installation ID generated is unique to your app installation and is deleted when you uninstall the app.

6. Children's Privacy (COPPA Compliance)

COPPA Compliance Measures:

• Child-directed treatment: Our app is configured with Google AdMob's COPPA child-directed treatment enabled, ensuring only non-personalized, age-appropriate ads are shown
• TFUA flag: We use the "Tag For Users under the Age of Consent" (TFUA) flag in AdMob to ensure no interest-based advertising is served to children
• No behavioral tracking: We do not track, profile, or build interest profiles for children under 13
• Limited data collection: We collect only the minimum data necessary for the app to function
• No third-party behavioral advertising: Children's data is not shared with third parties for behavioral advertising purposes

Parental Consent:

• Verifiable parental consent: For users under 13, we rely on parents/guardians to provide consent by downloading the app on the child's device
• Optional features: Analytics and crash reporting are disabled by default. Parents can choose to enable these features in Settings → Privacy & Data
• Parental supervision: We recommend parents supervise their children's use of the app and review this privacy policy

Parental/Guardian Rights:

• Parents or guardians can contact us at un0scroll@gmail.com to:
  • Request information about what data has been collected from their child
  • Request deletion of their child's personal information
  • Request that we stop any further collection from their child
  • Refuse to permit further collection or use of their child's information
  • Revoke any consent previously given
• We will respond to parental requests within 48 hours and complete deletion within 30 days
• No verification is required for deletion requests related to children's data - we will err on the side of caution and prioritize children's privacy

Parental Controls Recommendation: We strongly recommend parents use Android's parental control features (Google Family Link) to monitor app usage, set screen time limits, and supervise their children's digital activities.

7. Data Security

We take data security seriously:

• All data transmitted to AdMob and Firebase is encrypted in transit using HTTPS/TLS
• Local data on your device is protected by Android's app sandboxing
• We recommend using device encryption and screen lock for additional security
• Google's services employ industry-standard security measures including encryption at rest and access controls

7.7. Data Breach Notification

Our Breach Response Process:

• Immediate investigation: Upon discovering a breach, we will immediately investigate the scope, nature, and impact
• Containment: We will take steps to contain the breach and prevent further unauthorized access
• Assessment: We will assess what personal data was affected and the potential risk to users
• Notification: We will notify affected users and relevant authorities as required by applicable laws

Notification Timelines:

• GDPR (EU/EEA/UK): We will notify the relevant supervisory authority within 72 hours of becoming aware of the breach (if it poses a risk to users' rights and freedoms)
• CCPA (California): We will notify affected users without unreasonable delay as required by California law
• DPDP Act (India): We will notify the Data Protection Board of India and affected users as required by the DPDP Act
• Other jurisdictions: We will comply with local breach notification laws

What We Will Tell You:

• Nature of the breach (what happened)
• What personal data was affected
• Potential consequences and risks
• Measures taken to address the breach
• Steps you can take to protect yourself
• Contact information for questions

How We Will Notify You:

• Email: If we have your email on file (from support requests)
• In-app notification: Push notification or prominent alert when you open the app
• Public notice: For widespread breaches, we may post a notice on our website or GitHub repository

Important Limitation: Because we do not operate our own backend servers and most data is stored by Google's services, many potential breaches would occur on Google's infrastructure. In such cases:

• Google would be responsible for breach notification to authorities and users
• We would coordinate with Google and notify our users as appropriate
• We recommend reviewing Google's Security Practices and signing up for Google Security Alerts

Contact Us About Security: If you discover a security vulnerability in our app, please report it immediately to un0scroll@gmail.com with the subject line "SECURITY VULNERABILITY". We appreciate responsible disclosure.

7.8. Right to Lodge Complaints

Before Filing a Complaint: We encourage you to contact us first at un0scroll@gmail.com so we can try to resolve your concern directly. However, you have the right to file a complaint with a supervisory authority at any time without contacting us first.

Complaint Authorities by Jurisdiction:

Jurisdiction	Authority	Contact
European Union (GDPR)	Your local Data Protection Authority (DPA)	Find your DPA
United Kingdom	Information Commissioner's Office (ICO)	ico.org.uk
California (CCPA)	California Attorney General / California Privacy Protection Agency	oag.ca.gov
Virginia (VCDPA)	Virginia Attorney General	oag.state.va.us
Colorado (CPA)	Colorado Attorney General	coag.gov
Connecticut (CTDPA)	Connecticut Attorney General	portal.ct.gov/AG
India (DPDP Act)	Data Protection Board of India	Website pending - check MeitY website
Canada (PIPEDA)	Office of the Privacy Commissioner of Canada	priv.gc.ca
Australia	Office of the Australian Information Commissioner (OAIC)	oaic.gov.au
Brazil (LGPD)	National Data Protection Authority (ANPD)	gov.br/anpd
South Korea (PIPA)	Personal Information Protection Commission (PIPC)	pipc.go.kr
South Africa (PoPIA)	Information Regulator	inforegulator.org.za
Other Jurisdictions	Your local consumer protection or data protection authority	Search for "[your country] data protection authority"

Information to Include in Your Complaint:

• Your contact information
• Description of your privacy concern
• Steps you took to try to resolve the issue with us (if any)
• Copies of any correspondence with us
• What outcome you are seeking

Our Commitment: We take all complaints seriously and will cooperate fully with any investigation by a data protection authority. If you file a complaint, please also send a copy to un0scroll@gmail.com so we can address your concerns directly.

7.1. International Data Transfers

How we protect your data during international transfers:

• Encryption: All data is encrypted in transit using HTTPS/TLS and at rest on Google's servers
• Standard Contractual Clauses (SCCs): Google uses EU-approved Standard Contractual Clauses for transfers from the EEA/UK to countries without adequacy decisions
• Google's Certifications: Google complies with ISO 27001, ISO 27018, SOC 2/3, and other international security standards
• Data Processing Agreements: Google acts as a data processor under GDPR with appropriate safeguards

For EU/EEA and UK residents: Google has implemented appropriate safeguards for data transfers, including Standard Contractual Clauses approved by the European Commission. For more details, see Google's EU Data Transfer Framework.

Data locations: Your data may be stored and processed in any country where Google operates data centers, including but not limited to: United States, Belgium, Finland, Netherlands, Taiwan, Chile, and other regions. Google automatically routes data to the nearest data center for optimal performance.

7.2. GDPR Rights for EU/EEA and UK Residents

Legal Basis for Processing Your Personal Data:

• Consent (GDPR Art. 6(1)(a)): For advertising personalization (via UMP consent dialog), optional crash reports, and optional analytics. You can withdraw consent anytime in device settings or app settings.
• Contractual Necessity (GDPR Art. 6(1)(b)): To provide the app's core functionality, process in-app purchases, and deliver notifications you've requested.
• Legitimate Interests (GDPR Art. 6(1)(f)): To maintain app security, prevent fraud, and improve app performance. We balance our interests with your privacy rights.

Your GDPR Rights:

• Right to Access (Art. 15): Obtain confirmation of whether we process your personal data and receive a copy (see Section 8)
• Right to Rectification (Art. 16): Request correction of inaccurate or incomplete personal data (see Section 8)
• Right to Erasure / "Right to be Forgotten" (Art. 17): Request deletion of your personal data in certain circumstances (see Section 8)
• Right to Restriction of Processing (Art. 18): Request limitation of processing in certain circumstances (contact us at un0scroll@gmail.com)
• Right to Data Portability (Art. 20): Receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller
• Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing purposes (opt-out of personalized ads in device settings)
• Right to Withdraw Consent (Art. 7(3)): Withdraw consent for advertising personalization, crash reports, or analytics at any time without affecting the lawfulness of processing before withdrawal
• Right Not to be Subject to Automated Decision-Making (Art. 22): See Section 7.3 below

How to Exercise Your GDPR Rights:

• Email: un0scroll@gmail.com with subject "GDPR Request"
• Specify which right you're exercising and provide necessary identity verification information
• We will respond within 1 month (extendable by 2 months for complex requests)

Supervisory Authority: You have the right to lodge a complaint with your local data protection authority if you believe we have violated your GDPR rights:

• EU/EEA: Find your local Data Protection Authority at EDPB Member List
• UK: Information Commissioner's Office (ICO) - https://ico.org.uk/make-a-complaint/

7.3. Automated Decision-Making and Profiling

Our practices:

• ✅ No automated decisions: We do not make automated decisions about you that have legal or similarly significant effects (e.g., automatic denial of service, credit decisions, employment decisions)
• ✅ No profiling for legal effects: While Google AdMob may create interest profiles for advertising purposes, this does not produce legal effects or similarly significantly affect you
• Ad personalization: Google AdMob uses automated processing to show personalized ads based on your interests, but you can opt-out anytime (Settings → Google → Ads → Opt out of Ads Personalization)
• Privacy Sandbox: The Privacy Sandbox Topics API categorizes your interests on-device using automated processing, but these categories are broad (e.g., "Sports", "Technology") and do not produce legal effects

Important: If in the future we implement any automated decision-making that produces legal or similarly significant effects, we will notify you and provide you with the right to obtain human intervention, express your point of view, and contest the decision.

7.4. Do Not Track (DNT) Signals

Browser "Do Not Track" Signals: Unscroll is a native Android app and does not use web browsers or cookies within the app. Therefore, browser-based Do Not Track (DNT) signals do not apply.

Global Privacy Control (GPC): We recognize and respect Global Privacy Control (GPC) signals. If your browser or device sends a GPC signal (supported by some privacy-focused browsers on Android), we will treat it as a valid opt-out request for the sale/sharing of your personal information for targeted advertising purposes.

Device-level privacy controls: Android provides device-level privacy controls that are more relevant for mobile apps:

• Opt out of Ads Personalization - Settings → Google → Ads → Opt out of Ads Personalization
• Delete Advertising ID - Settings → Privacy → Ads → Delete advertising ID (Android 12+)
• Privacy Dashboard - Settings → Privacy → Privacy Dashboard (Android 12+) shows which apps access your data

7.5. Business Transitions (Merger, Acquisition, or Sale)

Our commitments:

• ✅ Prior notice: We will notify you via email (if we have it) or prominent in-app notification before your personal information is transferred and becomes subject to a different privacy policy
• ✅ Same protections: We will require the acquiring entity to honor the commitments made in this Privacy Policy for data collected before the transition
• ✅ Your rights remain: You will retain all privacy rights described in this policy, including the right to deletion, access, and opt-out
• ✅ Opt-out option: If you do not agree with the new privacy practices, you can delete your account and uninstall the app before the transition takes effect

What data would be transferred: Local app data (blocking statistics, preferences) remains on your device and is not transferred. Only data held by our service providers (Google AdMob, Firebase) would be affected, and Google's own privacy policies continue to apply to that data.

7.6. Government and Legal Requests

Circumstances where we may disclose data:

• Legal obligations: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests
• Court orders and subpoenas: In response to valid court orders, warrants, or subpoenas
• Law enforcement requests: To respond to lawful requests from law enforcement agencies
• Protection of rights: To enforce our Terms of Service, investigate potential violations, or protect the rights, property, or safety of Unscroll, our users, or the public
• Fraud prevention: To detect, prevent, or address fraud, security, or technical issues
• National security: To comply with national security or law enforcement requirements to the extent permitted by law

Our practices:

• ✅ We will review each request for legal sufficiency and may challenge or narrow overly broad requests
• ✅ We will disclose only the minimum amount of information necessary to comply with the request
• ✅ We will notify you of legal requests for your data unless legally prohibited (e.g., by gag order)
• ✅ We will publish transparency reports if we receive a significant number of government requests (currently we have received zero requests)

Important limitation: Because we do not operate our own backend servers and most data is stored locally on your device or managed by Google's services, we have very limited access to your personal data. Most government requests would need to be directed to Google for data held by AdMob, Firebase, or Google Play services.

Transparency: As of the last update of this policy (December 27, 2025), we have received zero government requests, court orders, or law enforcement requests for user data.

8. Your Rights & Choices

You have comprehensive privacy rights under various laws (GDPR, CCPA, VCDPA, UCPA, CPA, CTDPA, LGPD, PIPA, PIPEDA, and others). This section explains each right and how to exercise it.

8.4. How to Exercise Your Rights - Complete Guide

📧 Email Request Method (All Rights):

When to use: For formal requests requiring documentation (access, deletion, correction, opt-out verification, GDPR/CCPA/VCDPA requests).

Step-by-step process:

1. Compose email to: un0scroll@gmail.com
2. Subject line format: "[REQUEST TYPE] - Privacy Request"
   Examples: "Data Access Request", "Data Deletion Request", "CCPA Request", "GDPR Request", "Opt-Out Request"
3. Required information in email body:
   • ✓ Your Advertising ID (find it: Settings → Google → Ads on your device)
   • ✓ Device information: Model name and Android version
   • ✓ Specific request details (what data, what action, what right you're exercising)
   • ✓ Preferred response format (if requesting data: PDF, JSON, or plain text)
   • ✓ Your jurisdiction (if applicable): California, Virginia, EU/EEA, UK, etc.
4. Identity verification: We may ask for additional verification to protect your privacy (e.g., confirming device details, answering security questions)
5. Response timeline:
   • ✓ General inquiries: 48 hours
   • ✓ GDPR requests: 30 days (extendable to 60 days for complex requests)
   • ✓ CCPA requests: 45 days (extendable to 90 days for complex requests)
   • ✓ VCDPA requests: 45 days (extendable to 90 days with notification)
   • ✓ Deletion requests: 30 days confirmation, actual deletion may take up to 90 days across all services
6. Confirmation: You'll receive an email confirming receipt within 2 business days, followed by a substantive response within the applicable timeframe

🔧 Self-Service Methods (Immediate Action):

When to use: For immediate changes without waiting for email responses.

Option 1: Opt Out of Personalized Ads (Device Settings)

1. Open your device Settings
2. Navigate to Google → Ads
3. Toggle ON "Opt out of Ads Personalization"
4. Effect: You'll still see ads (required for free app), but they won't be personalized to your interests
5. Applies to: Right to opt-out of sale/sharing (CCPA, VCDPA), right to object to processing (GDPR)

Option 2: Reset Advertising ID (Device Settings)

1. Open your device Settings
2. Navigate to Google → Ads
3. Tap "Reset advertising ID"
4. Effect: Breaks past ad targeting; you get a fresh start with a new ID
5. Applies to: Right to opt-out, partial "fresh start" for advertising data

Option 3: Delete Advertising ID (Android 12+ Only)

1. Open your device Settings
2. Navigate to Privacy → Ads
3. Tap "Delete advertising ID"
4. Effect: Removes your advertising ID entirely; ads become non-personalized automatically
5. Applies to: Right to deletion (for advertising identifier), right to opt-out

Option 4: Delete All Local Data (Uninstall App)

1. Open your device Settings
2. Navigate to Apps → Unscroll
3. Tap "Uninstall"
4. Effect: Immediately deletes all local data (blocking statistics, preferences, settings). Firebase Installation ID and FCM token are also deleted from Google's servers within 180 days.
5. Applies to: Right to deletion (for all locally stored data)
6. Note: For data held by AdMob/Firebase, email us separately to request deletion from third-party services

Option 5: Withdraw Analytics/Crashlytics Consent (In-App)

1. Open Unscroll app
2. Go to Settings → Privacy & Data
3. Toggle OFF "Help improve Unscroll with crash reports"
4. Toggle OFF "Help improve Unscroll with anonymous usage analytics"
5. Effect: Data collection stops immediately; no more crash/analytics data sent
6. Applies to: Right to withdraw consent (GDPR Art. 7(3))

Option 6: Review/Change Advertising Consent (In-App UMP)

1. Open Unscroll app
2. Go to Settings → Privacy & Data → Review Privacy Choices
3. The Google User Messaging Platform (UMP) consent dialog appears
4. Choose "Manage Options" to see granular controls
5. Effect: Update your consent for personalized ads and ad partners
6. Applies to: Right to withdraw/modify consent for advertising (GDPR, CCPA)

Option 7: Correct Local Data (In-App)

1. Open Unscroll app
2. Go to Settings and update your preferences (which apps to block, schedule, etc.)
3. To reset statistics: Settings → Statistics → Reset Stats
4. Effect: Immediate correction of locally stored preferences and data
5. Applies to: Right to rectification/correction (for local data only)

🌍 Jurisdiction-Specific Request Templates:

GDPR Request (EU/EEA/UK Residents):

CCPA Request (California Residents):

VCDPA Request (Virginia Residents):

⏱️ Response Timelines Summary:

Request Type	Initial Response	Full Resolution
General Privacy Questions	48 hours	48 hours
GDPR Requests (EU/EEA/UK)	2 business days (acknowledgment)	30 days (extendable to 60 days)
CCPA Requests (California)	2 business days (acknowledgment)	45 days (extendable to 90 days)
VCDPA Requests (Virginia)	2 business days (acknowledgment)	45 days (extendable to 90 days)
Data Deletion Requests	2 business days (acknowledgment)	30 days confirmation + up to 90 days for complete deletion
Opt-Out Requests	Immediate (if using device settings)	15 business days (if via email)
Appeals (VCDPA)	2 business days (acknowledgment)	60 days

💰 Fees and Charges:

• ✅ First request in 12 months: FREE (no charge)
• ✅ Subsequent requests: FREE unless manifestly unfounded or excessive
• ✅ Excessive requests: We may charge a reasonable administrative fee (you'll be notified in advance)
• ✅ Opt-out requests: Always FREE, unlimited

🔍 Identity Verification Process:

To protect your privacy and prevent unauthorized access to your data, we verify your identity for all formal requests:

1. Initial verification: We match your Advertising ID and device details with records in our third-party services (if any)
2. Additional verification (if needed): We may ask security questions such as:
   • When did you first install Unscroll? (approximate date)
   • Which apps do you currently have blocked in the app?
   • Do you have a premium subscription? (Yes/No)
3. High-risk requests (deletion, correction): We may require additional verification via email confirmation link or device-based authentication
4. Verification failure: If we cannot verify your identity, we'll notify you and suggest alternative verification methods. We cannot fulfill requests without proper verification.

❌ Request Denial and Appeals:

We may deny your request if:

• We cannot verify your identity despite reasonable efforts
• The request is manifestly unfounded or excessive (e.g., repetitive requests every day)
• We are required by law to retain the data (e.g., transaction records for tax purposes)
• The data is necessary to complete a transaction you requested (e.g., active subscription)
• The request conflicts with our legal obligations or legitimate interests

If we deny your request:

1. We'll send you a detailed explanation within the applicable timeframe
2. VCDPA (Virginia) residents: You can appeal by emailing un0scroll@gmail.com with subject "VCDPA Appeal" within 60 days
3. GDPR (EU/EEA/UK) residents: You can lodge a complaint with your local supervisory authority (see Section 7.2)
4. CCPA (California) residents: You can contact the California Attorney General at oag.ca.gov

Your Right to Request Access to Personal Data

What you can request access to:

• Categories of personal data collected - Types of information we collect (as described in Section 1)
• Specific pieces of personal data - The actual data we have about you (if any)
• Sources of data collection - How we obtained your information (directly from app usage, from third-party services like AdMob)
• Purpose of data collection - Why we collect each type of data (advertising, app functionality, crash diagnostics if opted in)
• Third parties with whom data is shared - Who we share your data with (Google AdMob, Firebase if opted in)
• Data retention period - How long we keep your data

How to request access to your data:

• Email Request: Send an email to un0scroll@gmail.com with the subject line "Data Access Request" and include:
  • Your Advertising ID (found in Settings → Google → Ads on your device)
  • Device information (model, Android version) to help us locate your data
  • Specific information you want to access (or "all available data")
  • Preferred format for receiving data (PDF, JSON, or text)

Our commitment to data access requests:

• ✅ We will respond to your access request within 30 days (or 45 days for complex requests, with notification)
• ✅ We will provide the data in a portable, commonly used format (e.g., PDF or JSON)
• ✅ No charge for the first request in a 12-month period
• ✅ We will verify your identity before providing data to protect your privacy
• ✅ If we cannot fulfill your request, we will explain why

Important note: Because Unscroll stores most data locally on your device (not on remote servers), you already have direct access to your data. Local data includes blocking statistics, app preferences, and settings. For data collected by third-party services (AdMob, Firebase if opted in), we will coordinate with those providers to fulfill your access request.

Your Right to Request Correction of Personal Data

What you can request to correct:

• Inaccurate personal data - Any information we have that is factually incorrect
• Incomplete personal data - Information that is missing key details or context
• Out-of-date information - Data that is no longer current or relevant

How to request correction of your data:

• For local data (self-service): You can directly update most data yourself:
  • Go to Unscroll → Settings to modify your app preferences and blocking settings
  • Reset blocking statistics in Settings → Statistics → Reset Stats
  • Toggle app monitoring on/off to update your preferences
• For data held by third parties (email request): Send an email to un0scroll@gmail.com with the subject line "Data Correction Request" and include:
  • Your Advertising ID (found in Settings → Google → Ads on your device)
  • Description of the inaccurate or incomplete data
  • What the correct information should be
  • Any supporting documentation (if applicable)

Our commitment to data correction requests:

• ✅ We will respond to your correction request within 30 days
• ✅ We will verify your identity before making corrections to protect your privacy
• ✅ We will notify you once the correction has been made
• ✅ We will instruct our third-party service providers (Google AdMob, Firebase if opted in) to correct your data where applicable
• ✅ No charge for submitting a data correction request
• ✅ If we cannot fulfill your request, we will explain why and provide information about your right to appeal

Important note: Because most of your data in Unscroll is stored locally on your device and under your direct control, you can update most information yourself through the app's settings. For data managed by third-party services (AdMob, Firebase), we will work with those providers to ensure corrections are made.

Your Right to Know (Whether Data is Shared with Third Parties)

To request a full data disclosure report: Email un0scroll@gmail.com with subject "Right to Know" and include your Advertising ID (Settings → Google → Ads). We will respond within 15 business days with a comprehensive report of all data collected about you and all third parties it was shared with.

Quick summary of our data sharing practices:

• We DO NOT sell your personal data for money - Unscroll does not and will not sell your personal information to third parties for monetary consideration
• Data shared with service providers:
  • Google AdMob - We share your Advertising ID and device information with AdMob to serve personalized advertisements. This may be considered "sharing" under certain state privacy laws.
  • Google Play Billing - Transaction information is shared to process in-app purchases
  • Firebase (opt-in only) - If you opt in, crash reports and analytics are shared with Firebase to improve app stability and features

Categories of third parties we share data with:

• Advertising networks: Google AdMob (data controller for advertising data)
• Payment processors: Google Play Billing (data controller for purchase data)
• Analytics providers: Firebase Analytics (opt-in only) (data controller for analytics data)
• Cloud infrastructure providers: Firebase Cloud Messaging, Firebase Remote Config, Firebase Crashlytics (opt-in) (data controller for Firebase services)

Important: Data Controller Relationship:

Purpose of data sharing:

• Advertising - To display relevant ads and measure ad performance (Google AdMob)
• Payment processing - To complete premium feature purchases (Google Play)
• App improvement - To fix bugs and enhance features (Firebase - opt-in only)
• Push notifications - To deliver app notifications (Firebase Cloud Messaging)
• App configuration - To receive updated app settings (Firebase Remote Config)

How to request information about data sharing: Email un0scroll@gmail.com with the subject line "Data Sharing Information Request" to receive:

• A detailed list of Google services we've integrated
• What categories of data are shared with each service
• Direct links to Google's privacy policies and data management tools
• Instructions for contacting Google directly about your data

For comprehensive data access or deletion requests: We recommend contacting Google directly in addition to contacting us, as Google is the data controller and has direct access to your data. Visit Google Account - Data & Privacy to manage your Google data.

Your Right to Request Data Deletion

What data can be deleted and how:

• ✅ Local app data (YOU control - immediate deletion):
  • Blocking statistics, preferences, and settings stored on your device
  • How to delete: Uninstall the app - all local data is automatically and immediately deleted
  • Timeline: Immediate (0-24 hours)
• ⚠️ Advertising data (GOOGLE controls - requested deletion):
  • Advertising ID, ad interactions, device info, approximate location collected by Google AdMob
  • How to delete: We can submit a deletion request to Google on your behalf, OR you can contact Google directly (faster)
  • Timeline: 30-180 days (Google's policy)
  • Direct link: Delete Google advertising data
• ⚠️ Firebase data (GOOGLE controls - requested deletion):
  • Firebase Installation ID, FCM token, crash reports (if opted in), analytics (if opted in)
  • How to delete: We can submit a deletion request to Google on your behalf
  • Timeline: 30-180 days (Google Firebase policy)
  • Crash reports: Auto-deleted after 90 days even without request
  • Analytics: Auto-deleted after 14 months even without request
• ❌ Purchase records (GOOGLE/LAW controls - cannot be deleted):
  • Transaction IDs, purchase timestamps managed by Google Play Billing
  • Cannot be deleted: Required by tax law and financial regulations for 7 years
  • What's retained: Transaction IDs and product IDs only (no payment details)

How to request data deletion - 3 Options:

✅ Option 1 - Self-Service (Fastest - Immediate to 24 hours):

1. Delete local data: Uninstall Unscroll from your device
   • Go to Settings → Apps → Unscroll → Uninstall
   • All local data (statistics, preferences, settings) deleted immediately
2. Stop ad tracking: Delete your Advertising ID (Android 12+)
   • Go to Settings → Privacy → Ads → Delete advertising ID
   • Breaks the link between you and past ad data immediately
3. Opt out of ad personalization:
   • Go to Settings → Google → Ads → Opt out of Ads Personalization
   • Stops future ad data collection (past data subject to Google retention)

⚠️ Option 2 - Contact Google Directly (Recommended for Google-held data - 30-90 days):

1. Delete Google advertising data:
   • Visit Google Account - Data & Privacy
   • Go to "Data from apps and services you use" → "Google Ads Data"
   • Click "Delete" to remove advertising data associated with your Google Account
2. Submit a data deletion request to Google:
   • Visit Google Data Deletion Request Form
   • Select the Google services (AdMob, Firebase) and request deletion
   • Google processes requests within 30-90 days

📧 Option 3 - Email Unscroll (We coordinate with Google on your behalf - 30-180 days):

1. Send an email to un0scroll@gmail.com
2. Subject line: "Data Deletion Request"
3. Include in email body:
   • Your Advertising ID (Settings → Google → Ads on your device) - if available
   • Device information (model, Android version)
   • Description of what data you want deleted (e.g., "all data" or specific categories)
   • Any other identifying information (e.g., approximate app install date)
4. What we'll do:
   • ✅ Acknowledge your request within 2 business days
   • ✅ Submit deletion requests to Google AdMob and Firebase on your behalf within 5 business days
   • ✅ Provide you with Google's deletion request confirmation numbers
   • ✅ Send you follow-up confirmation once Google confirms deletion (30-180 days)
   • ⚠️ Important: We cannot force or expedite Google's deletion timeline - Google controls when actual deletion occurs

Our commitment to your deletion request:

• ✅ Acknowledge your request: Within 2 business days
• ✅ Submit deletion requests to Google: Within 5 business days of your request
• ✅ Provide you with:
  • Confirmation that we've submitted requests to Google
  • Google's deletion request reference numbers (if provided)
  • Direct links to Google's own deletion tools for faster results
  • Expected timeline based on Google's policies
• ✅ Follow up: We'll notify you once we receive deletion confirmation from Google (typically 30-180 days)
• ✅ No charge: Free to submit a data deletion request
• ✅ Transparency: We'll be honest about what we can and cannot delete

⚠️ Important limitations and disclaimers:

• We are a data processor, not a data controller for Google services: Under GDPR terminology, Google is the "data controller" for AdMob and Firebase data, meaning Google decides how long to retain data and when to delete it. We are merely a "data processor" who requests actions on your behalf.
• Deletion timelines are controlled by Google: We cannot guarantee or expedite deletion timelines. Google's policies state:
  • AdMob data: 30-180 days for deletion
  • Firebase data: 30-180 days for deletion
  • Some data may be retained longer for legal compliance or fraud prevention (Google's decision)
• We may not receive deletion confirmation from Google: Google does not always notify third-party developers when deletion is complete. If we don't receive confirmation within 180 days, we'll advise you to contact Google directly for status updates.
• Legal retention exceptions: We (and Google) may retain certain data if:
  • Required by law (e.g., transaction records for tax purposes - 7 years)
  • Necessary for fraud prevention or security investigations
  • Needed to complete a transaction you requested (e.g., active subscription, pending refund)
  • Subject to legal hold or government request
• De-identified data may be retained: Google may retain de-identified or aggregated data indefinitely for statistical purposes. This data cannot be linked back to you personally.

Your Right to Opt-Out of Data Sale and Targeted Advertising (See Prominent Section Above)

What you can opt-out of:

• Targeted/Personalized Advertising - Ads based on your behavior across apps and websites
• Data sharing with advertising partners - Sharing your Advertising ID with Google AdMob for ad personalization
• Cross-context behavioral advertising - Ads based on your activity across different contexts

How to opt-out (multiple methods available):

• Method 1 - Device Settings (Recommended):
  • Go to Settings → Google → Ads
  • Toggle ON "Opt out of Ads Personalization"
  • This stops all personalized ads across all apps on your device
• Method 2 - Reset Advertising ID:
  • Go to Settings → Google → Ads
  • Tap "Reset advertising ID"
  • This gives you a fresh advertising ID, breaking past ad targeting
• Method 3 - Delete Advertising ID (Android 12+):
  • Go to Settings → Privacy → Ads
  • Tap "Delete advertising ID"
  • This removes your advertising ID entirely (you'll still see ads, but they won't be personalized)
• Method 4 - Email Request:
  • Send an email to un0scroll@gmail.com
  • Subject line: "Do Not Sell or Share My Personal Information"
  • Include your Advertising ID and device information
  • We will process your request within 15 business days

Effect of opting out:

• ✅ You will still see ads (required to support the free app), but they will be generic/contextual instead of personalized
• ✅ Your Advertising ID will not be used for targeted advertising
• ✅ Your data will not be shared with advertising partners for personalization
• ✅ All app features continue to work normally

Global Privacy Control (GPC): Unscroll recognizes and respects Global Privacy Control signals. If your browser or device sends a GPC signal, we will treat it as a valid opt-out request for the sale/sharing of your personal information.

8.1. Data Retention Policy (How Long We Keep Your Data)

Data retention periods:

• Local app data (on your device):
  • Blocking statistics - Retained until you reset stats or uninstall the app
  • App preferences and settings - Retained until you change them or uninstall the app
  • All local data is automatically deleted when you uninstall Unscroll
• Advertising data (Google AdMob):
  • Advertising ID and interaction data - Retained by Google AdMob according to their retention policies (typically 26 months for inactive users)
  • You can reset or delete your Advertising ID anytime in device settings
• Crash reports (Firebase Crashlytics - opt-in only):
  • Crash data - Retained for 90 days, then automatically deleted
  • You can request immediate deletion by emailing us
• Analytics data (Firebase Analytics - opt-in only):
  • Event data - Retained for 14 months, then automatically deleted
  • You can request immediate deletion by emailing us
• Purchase records (Google Play Billing):
  • Transaction data - Retained by Google according to their policies and tax/legal requirements (typically 7 years for financial records)
  • Required for refunds, fraud prevention, and legal compliance

Criteria for determining retention periods:

• Length of time needed to provide our services
• Legal obligations to retain data (e.g., tax records, transaction history)
• Statute of limitations for legal claims
• Industry best practices for data retention
• User requests for deletion (we will delete data upon verified request, subject to legal exceptions)

What happens when retention periods expire:

• Data is automatically deleted from our systems and third-party services
• Backups containing expired data are purged according to our backup retention schedule
• De-identified or aggregated data may be retained indefinitely for statistical purposes (cannot be linked back to you)

🗑️ Detailed Data Deletion Process:

When you request data deletion or uninstall the app, here's exactly what happens:

Step 1: Immediate Deletion (0-24 hours)

• Local app data: Automatically deleted the moment you uninstall Unscroll from your device (blocking statistics, preferences, settings)
• Accessibility service permissions: Automatically revoked by Android upon uninstall
• In-app consent flags: Deleted with app data

Step 2: Service-Specific Deletion (1-7 days)

• Firebase Installation ID: Marked for deletion within 1 day; fully removed from Firebase servers within 180 days (per Firebase policy)
• FCM Token: Invalidated within 24 hours; push notifications stop immediately
• Firebase Remote Config: Configuration cache expires within 12 hours; no further data associated with your installation ID

Step 3: Analytics & Crash Data Deletion (7-90 days)

• Firebase Crashlytics: If you opted in, crash reports are retained for 90 days, then automatically deleted. You can request immediate deletion by emailing us.
• Firebase Analytics: If you opted in, event data is retained for 14 months. Upon deletion request, we instruct Firebase to delete your data within 30 days (actual deletion may take up to 90 days per Firebase data deletion policy).

Step 4: Advertising Data Deletion (30-180 days)

• Google AdMob: Your Advertising ID and associated ad interaction data are retained by Google AdMob according to their policies (typically 26 months for inactive users). Upon deletion request:
  • We submit a deletion request to Google within 2 business days
  • Google processes deletion within 30-60 days (per Google's data deletion policies)
  • Some data may be retained longer for legal/fraud prevention purposes (Google's decision)
• Faster alternative: Delete your Advertising ID in device settings (Settings → Privacy → Ads → Delete advertising ID on Android 12+). This immediately breaks the link between you and past ad data.

Step 5: Purchase Records Retention (7 years)

• Google Play Billing: Transaction records are retained by Google for 7 years to comply with tax laws and financial regulations. We cannot delete this data, as it's required by law.
• What's retained: Transaction IDs, purchase timestamps, product IDs (e.g., "premium_subscription_monthly"), purchase tokens
• What's NOT retained: Your payment details (credit card, billing address) are never shared with us and remain only with Google

Step 6: Deletion Confirmation

• If you submitted an email deletion request, we'll send you a confirmation email within 30 days listing:
  • ✓ What data was deleted
  • ✓ What data remains (if any) and why (e.g., legal retention requirements)
  • ✓ Expected timeline for third-party deletions
  • ✓ Confirmation numbers for requests submitted to Google

Contact us at un0scroll@gmail.com if you have questions about the deletion process or need deletion confirmation documentation.

8.2. Rights for California Residents (CCPA/CPRA)

Your California Privacy Rights:

• Right to Know - Request disclosure of personal information collected, sources, purposes, and third parties with whom it's shared (see Section 8)
• Right to Delete - Request deletion of personal information (see Section 8)
• Right to Correct - Request correction of inaccurate personal information (see Section 8)
• Right to Opt-Out - Opt-out of the "sale" or "sharing" of personal information for targeted advertising (see Section 8)
• Right to Limit Use of Sensitive Personal Information - We do not collect or use sensitive personal information as defined by the CCPA
• Right to Non-Discrimination - We will not discriminate against you for exercising your CCPA rights (no denial of service, different prices, or different quality of service)

Categories of Personal Information We Collect (CCPA disclosure):

• Identifiers (including Device or Other IDs) - Advertising ID (traditional and Privacy Sandbox), App Instance ID, FCM Registration Token, Android ID (collected by Google Play Services), installation referrer
• Commercial Information - In-app purchase history, transaction IDs, subscription status (collected by Google Play Billing)
• Internet/Network Activity - Ad interaction data (views, clicks, impressions), app usage events, screen views, feature usage, session duration (collected by AdMob; full analytics opt-in only)
• Device Information - Device model, manufacturer, OS version, screen size/density, available memory, storage space, battery level, language, network type, carrier name
• Geolocation Data (Approximate) - Country, region, city inferred from IP address by AdMob (we do not collect precise GPS location)
• Inference Data - User preferences and interests inferred from app behavior and ad interactions (stored locally on device; interest topics may be shared via Privacy Sandbox)

Business/Commercial Purposes for Collection:

• Providing and maintaining app functionality
• Displaying advertisements to support free app
• Processing in-app purchases
• Improving app quality and fixing bugs (opt-in only)
• Detecting and preventing fraud

How to Exercise Your CCPA Rights:

• Email: un0scroll@gmail.com
• Include "CCPA Request" in the subject line
• Specify which right you're exercising (access, deletion, correction, opt-out)
• Provide your Advertising ID and device information to verify your identity
• We will respond within 45 days (or 90 days for complex requests, with notification)

Authorized Agents: You may designate an authorized agent to submit requests on your behalf. The agent must provide proof of authorization, and we may require you to verify your identity directly with us.

California "Shine the Light" Law: California residents may request information about disclosure of personal information to third parties for their direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

8.3. Rights for Users in India (DPDP Act, 2023)

Your Rights Under DPDP Act:

• Right to Access - Obtain information about personal data we hold about you
• Right to Correction - Request correction of inaccurate or misleading personal data
• Right to Erasure - Request deletion of personal data (subject to legal retention requirements)
• Right to Grievance Redressal - File a complaint if you believe your rights have been violated
• Right to Nominate - Nominate another person to exercise your rights in case of death or incapacity (contact us to set this up)

How to Exercise Your DPDP Rights:

• Email: un0scroll@gmail.com
• Include "DPDP Request" or "India Privacy Request" in the subject line
• Specify which right you're exercising
• Provide your device information to verify your identity
• We will respond within the timeframes specified by the DPDP Act

Grievance Officer:

As required by the DPDP Act, we have designated a grievance officer for Indian users:

• Name: Ashish Ranjan
• Email: un0scroll@gmail.com
• Response Time: Within 30 days of receiving your complaint

Data Protection Board of India: If you are not satisfied with our response to your privacy complaint, you have the right to lodge a complaint with the Data Protection Board of India once it is constituted.

8.4. Rights for Virginia Residents (VCDPA)

Your Virginia Privacy Rights:

• Right to Access - Confirm whether we're processing your personal data and access such data (see Section 8)
• Right to Correct - Correct inaccuracies in your personal data (see Section 8)
• Right to Delete - Delete personal data provided by or obtained about you (see Section 8)
• Right to Data Portability - Obtain a copy of your personal data in a portable, commonly used format
• Right to Opt-Out - Opt-out of:
  • Targeted advertising (see Section 8)
  • Sale of personal data (we do not sell personal data)
  • Profiling in furtherance of decisions that produce legal/similarly significant effects (we do not engage in such profiling)
• Right to Non-Discrimination - We will not discriminate against you for exercising your VCDPA rights

How to Exercise Your VCDPA Rights:

• Email: un0scroll@gmail.com
• Include "VCDPA Request" in the subject line
• Specify which right you're exercising
• Provide your Advertising ID and device information to verify your identity
• We will respond within 45 days (extendable by 45 days with notification)

Right to Appeal: If we decline to take action on your request, you have the right to appeal our decision. To appeal:

• Email un0scroll@gmail.com with subject line "VCDPA Appeal"
• Include the original request details and reason for appeal
• We will respond to your appeal within 60 days
• If we deny your appeal, you may contact the Virginia Attorney General at https://www.oag.state.va.us/consumer-protection/index.php/file-a-complaint

8.5. Rights for Users in Brazil (LGPD)

Your LGPD Rights:

• Confirmation and Access (Art. 18, I-II) - Right to confirm the existence of data processing and access your data
• Correction (Art. 18, III) - Right to correct incomplete, inaccurate, or outdated data
• Anonymization, Blocking, or Deletion (Art. 18, IV) - Right to anonymize, block, or delete unnecessary or excessive data
• Data Portability (Art. 18, V) - Right to transfer your data to another service provider
• Deletion (Art. 18, VI) - Right to delete personal data processed with your consent
• Information about Sharing (Art. 18, VII) - Right to know with whom your data has been shared
• Revocation of Consent (Art. 18, IX) - Right to revoke your consent at any time
• Opposition (Art. 18, §2) - Right to oppose processing if you believe it violates LGPD

Legal Basis for Processing (LGPD Art. 7):

• Consent: For personalized advertising (via UMP consent dialog) and optional analytics/crashlytics
• Legitimate Interest: For app functionality, security, and fraud prevention
• Contract Performance: For processing in-app purchases and subscriptions

How to Exercise Your LGPD Rights:

• Email: un0scroll@gmail.com
• Include "LGPD Request" or "Solicitação LGPD" in the subject line
• Specify which right you're exercising
• We will respond within 15 days as required by LGPD

Supervisory Authority: You may file a complaint with Brazil's National Data Protection Authority (ANPD) at www.gov.br/anpd

8.6. Rights for Users in South Africa (POPIA)

Your POPIA Rights (Section 23-25):

• Right to Access (Section 23) - Right to request confirmation of whether we hold your personal information and access to that information
• Right to Correction (Section 24) - Right to request correction or deletion of inaccurate, irrelevant, excessive, out of date, incomplete, misleading, or unlawfully obtained personal information
• Right to Object (Section 11(3)) - Right to object to processing of your personal information for direct marketing purposes
• Right to Submit Complaint (Section 74) - Right to submit a complaint to the Information Regulator if you believe your rights have been violated

Processing Justification (Section 11):

• Consent: For personalized advertising and optional analytics
• Legitimate Interest: For app functionality, security, and service improvement
• Contract: For processing purchases and providing the app service

How to Exercise Your POPIA Rights:

• Email: un0scroll@gmail.com
• Include "POPIA Request" in the subject line
• We will respond within a reasonable time as required by POPIA

Information Regulator: You may file a complaint with South Africa's Information Regulator at inforegulator.org.za

8.7. Rights for Users in China (PIPL)

Your PIPL Rights (Articles 44-50):

• Right to Know (Art. 44) - Right to know how your personal information is processed
• Right to Decide (Art. 44) - Right to decide on processing of your personal information
• Right to Access and Copy (Art. 45) - Right to access and obtain a copy of your personal information
• Right to Correction (Art. 46) - Right to request correction of inaccurate or incomplete personal information
• Right to Deletion (Art. 47) - Right to request deletion when processing purpose is achieved, service is terminated, or consent is withdrawn
• Right to Portability (Art. 45) - Right to request transfer of personal information to another processor
• Right to Withdraw Consent (Art. 15) - Right to withdraw consent at any time without affecting lawfulness of prior processing
• Right to Explanation (Art. 48) - Right to request explanation of processing rules
• Right to Object to Automated Decision-Making (Art. 24) - Right to refuse automated decision-making

Cross-Border Transfer (PIPL Art. 38-43):

• Your personal information may be transferred to servers outside China (Google's servers in the United States and other countries)
• By using this app, you consent to such cross-border transfer
• Google has implemented security measures to protect your data during transfer
• You may request information about cross-border transfers by contacting us

How to Exercise Your PIPL Rights:

• Email: un0scroll@gmail.com
• Include "PIPL Request" or "个人信息保护法请求" in the subject line
• We will respond within 15 days as recommended by PIPL

Supervisory Authority: Cyberspace Administration of China (CAC) - www.cac.gov.cn

9. Terms of Service

Terms of Service covers:

• Acceptable use of the app and accessibility service
• Premium subscription terms, billing, and refunds
• Intellectual property rights and licenses
• Limitation of liability and disclaimers
• Termination and suspension of service
• Dispute resolution and governing law

Terms of Service URL: https://sonugp2003.github.io/stop-scroll-terms/

Note: If there is any conflict between this Privacy Policy and the Terms of Service, the Terms of Service shall prevail for non-privacy matters, and this Privacy Policy shall prevail for data protection matters.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We encourage you to review this policy periodically.

How We Notify You of Changes:

• Material changes: For significant changes that affect your rights or how your data is used, we will provide prominent notice via:
  • In-app notification or popup when you open the app
  • Push notification (if enabled)
  • Email notification (if we have your email from support requests)
  • Updated "Last Updated" and "Effective Date" at the top of this policy
• Minor changes: For non-material updates (typos, formatting, clarifications), we will update the "Last Updated" date at the top of this policy
• Advance notice: For material changes, we will provide at least 30 days notice before the changes take effect, allowing you to review and decide whether to continue using the app

What Constitutes a "Material Change":

• New categories of personal data collected
• New third parties with whom data is shared
• New purposes for using your data
• Changes to your privacy rights
• Changes to data retention periods
• Changes affecting children's data

Your Choices After Changes:

• ✅ Accept: Continue using the app after the effective date indicates acceptance
• ✅ Reject: Uninstall the app before the effective date to avoid the new policy
• ✅ Request deletion: Email us before the effective date to delete your data under the old policy terms

Access to Previous Versions: You can request previous versions of this Privacy Policy by emailing un0scroll@gmail.com with subject "Request Previous Privacy Policy Version".

Continued use of the app after the effective date of any changes indicates your acceptance of the updated policy.

11. Permissions Explained

Unscroll requests the following Android permissions. Each permission is used for specific functionality as explained below:

Core Functionality Permissions:

• Accessibility Service (android.permission.BIND_ACCESSIBILITY_SERVICE) - Required to detect short-form video content in 6 specific apps (YouTube, Instagram, TikTok, Facebook, Snapchat, Twitter/X) by reading UI labels and button text for pattern matching, then automatically navigating away. All data is analyzed locally in real-time and immediately discarded. This permission monitors ONLY these 6 apps and does NOT record screen content, read passwords/messages, or track activity outside targeted apps.
• Internet (android.permission.INTERNET) - Required to load advertisements from Google AdMob, download app configuration updates from Firebase Remote Config, send crash reports (if opted in), and sync premium purchase status. Without this permission, the app cannot display ads or verify purchases.
• Access Network State (android.permission.ACCESS_NETWORK_STATE) - Allows the app to check if you have an active internet connection before attempting to load ads or sync data. This prevents unnecessary battery drain and improves user experience by handling offline states gracefully.

Advertising & Monetization Permissions:

• AD_ID (com.google.android.gms.permission.AD_ID) - Allows Google AdMob to access your Advertising ID for personalized ads. This permission is automatically added by the AdMob SDK when the app is built (not explicitly declared in our AndroidManifest.xml, but present in the final APK). This is the traditional advertising identifier used by Google Play Services. You can opt out of personalized ads or reset this ID in your device settings (Settings → Google → Ads). Note: This permission is deprecated on Android 13+ and replaced by ACCESS_ADSERVICES_AD_ID.
• Access AdServices Ad ID (android.permission.ACCESS_ADSERVICES_AD_ID) - Allows access to the Privacy Sandbox Ad ID, which is Google's new privacy-preserving advertising framework (Android 13+). This replaces the traditional Advertising ID with more privacy-friendly alternatives. Data stays on-device longer and is shared with fewer details.
• Access AdServices Attribution (android.permission.ACCESS_ADSERVICES_ATTRIBUTION) - Enables Privacy Sandbox attribution reporting to measure ad effectiveness without cross-app tracking. This allows advertisers to know if their ads led to app usage, but without sharing your identity or detailed behavior.
• Access AdServices Topics (android.permission.ACCESS_ADSERVICES_TOPICS) - Allows access to the Privacy Sandbox Topics API for interest-based advertising. Instead of tracking you across apps, this API categorizes your interests on-device (e.g., "Sports", "Technology") and shares only broad topics with advertisers, providing more privacy than traditional tracking.
• Bind Get Install Referrer Service (com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE) - Allows the app to determine where you installed it from (e.g., Google Play Store, web link, ad campaign). This helps us understand which marketing channels are effective. Only the referral source is collected, not your personal information.

Notifications & Background Service Permissions:

• Post Notifications (android.permission.POST_NOTIFICATIONS) - Allows the app to send you notifications and reminders (Android 13+). This permission is requested at runtime, and you can deny it if you don't want notifications. Used for blocking reminders, milestone celebrations, and feature announcements. You can disable notifications anytime in Settings → Notifications.
• Receive (com.google.android.c2dm.permission.RECEIVE) - Allows the app to receive push notifications via Firebase Cloud Messaging (FCM). This is required for the app to receive remote notifications from Firebase servers (e.g., feature announcements, important updates). No personal messages are sent.
• Receive Boot Completed (android.permission.RECEIVE_BOOT_COMPLETED) - Allows the app to restart the accessibility service automatically after device reboot (only if you had it enabled before reboot). This ensures continuous protection without manual re-enabling. If you don't want this, you can disable the accessibility service entirely.
• Foreground Service (android.permission.FOREGROUND_SERVICE) - Allows the app to run a foreground service for continuous content blocking. This ensures the accessibility service remains active and isn't killed by Android's battery optimization. A persistent notification is shown when the service is active (required by Android for transparency).
• Wake Lock (android.permission.WAKE_LOCK) - Allows the app to keep the device awake temporarily when processing certain tasks (e.g., syncing premium status, updating configuration). This prevents the device from sleeping mid-sync, which could cause incomplete operations. Wake locks are released immediately after the task completes.
• Vibrate (android.permission.VIBRATE) - Allows notifications to vibrate your device for alerts. This enhances notification visibility. You can disable vibration in your device's notification settings.

Purchase & Billing Permissions:

• Billing (com.android.vending.BILLING) - Required for in-app purchases and premium subscription management through Google Play Billing. This permission allows the app to communicate with Google Play to process purchases, verify subscriptions, and restore purchases across devices. All payment processing is handled securely by Google Play—we never see your credit card or payment information.

Internal/System Permissions:

• Dynamic Receiver Not Exported Permission (com.stopscroll.app.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION) - An internal permission declared by the app to secure broadcast receivers (Android 13+ requirement). This prevents other apps from sending fake broadcasts to Unscroll, improving security. This is a security best practice and does not collect or share any data.

Permissions We Do NOT Request:

• ❌ Location (ACCESS_FINE_LOCATION, ACCESS_COARSE_LOCATION, ACCESS_BACKGROUND_LOCATION) - We do not request or use any location permissions. Approximate location is inferred by AdMob from IP address, but we never directly access GPS or location services.
• ❌ Camera (CAMERA) - No camera access requested or needed
• ❌ Microphone (RECORD_AUDIO) - No audio recording requested or needed
• ❌ Contacts (READ_CONTACTS, WRITE_CONTACTS) - No contact access requested or needed
• ❌ Phone (CALL_PHONE, READ_PHONE_STATE, READ_CALL_LOG) - No phone-related permissions requested
• ❌ SMS (SEND_SMS, READ_SMS, RECEIVE_SMS) - No SMS permissions requested
• ❌ Storage (READ_EXTERNAL_STORAGE, WRITE_EXTERNAL_STORAGE) - No access to photos, videos, or files
• ❌ Calendar (READ_CALENDAR, WRITE_CALENDAR) - No calendar access requested
• ❌ Biometric (USE_BIOMETRIC, USE_FINGERPRINT) - No biometric authentication used

Managing Permissions: You can review and manage app permissions anytime by going to your device Settings → Apps → Unscroll → Permissions. You can revoke any permission (except Accessibility Service, which must be disabled in Settings → Accessibility), though some features may stop working without required permissions.

12. Accessibility Service Transparency (Formerly Section 11)

Unscroll uses Android's AccessibilityService API solely for content blocking. Here's exactly what it does:

What It Monitors:

• Only these 6 apps: YouTube, Instagram, TikTok, Facebook, Snapchat, Twitter/X
• Reads UI labels and button text to detect short-form video screens (Shorts, Reels, etc.)
• Analyzes data locally in real-time for pattern matching, then immediately discards it
• No monitoring outside these 6 apps

What It Does:

• When short-form content is detected, automatically presses the back button or navigates to home screen
• Updates local blocking statistics (stored only on your device)
• Nothing else - no recording, no data collection, no transmission

What It Does NOT Do:

• ❌ Does NOT record or capture screen content
• ❌ Does NOT read passwords, messages, or user-entered personal content
• ❌ Does NOT store or transmit any data to external servers
• ❌ Does NOT track your activity outside the 6 targeted apps
• ❌ Does NOT access clipboard, keyboard input, or other apps

You are in control: You can disable the accessibility service anytime in Android Settings → Accessibility → Unscroll → Toggle OFF.

12. Privacy Policy Version History

Version	Date	Changes
v1.0	December 27, 2025	Initial Release Comprehensive privacy policy for Unscroll v3.2.0 GDPR, CCPA, VCDPA, DPDP Act (India) compliance Detailed Firebase and AdMob data disclosure Accessibility service transparency Opt-in analytics and crashlytics policy Data controller clarification Security breach notification procedures Terms of Service reference added
Future updates will be listed here with dates and change descriptions

How We Notify You of Changes:

• Material changes: In-app notification + email (if we have your email from support)
• Minor updates: Updated "Last Updated" date at top of policy
• Previous versions: Available upon request at un0scroll@gmail.com

---

Unscroll - Stay Focused. No Shorts. No Reels.
Designed to help you reclaim your time and focus on what matters.