Privacy Policy — CoreLabz Technologies

This Privacy Policy applies to all mobile applications and services developed and operated by us. We are committed to protecting your privacy and ensuring the security of your personal information across all our applications.

By using any of our applications, you agree to the collection and use of information in accordance with this policy. This policy covers all our current and future applications unless a specific app provides its own privacy policy.

Information We Collect

Personal Information

Depending on the application you use, we may collect the following personal information:

Email address
Name and profile information
Password (encrypted and securely stored)
Profile picture or avatar
Phone number (when required for specific features)
Payment information (processed securely through third-party providers)

Usage and Activity Data

We automatically collect information about how you use our applications:

App interactions and feature usage
Search queries and preferences
Content you create, view, or interact with
Time and date of app usage
Session duration and frequency

Device and Technical Information

Device model, manufacturer, and operating system
App version and installation details
IP address and approximate location
Device identifiers (such as advertising ID)
Network information and connection type
Performance data and crash logs

Location Data

We may collect approximate location data based on your IP address. Some applications may request precise GPS location with your explicit permission for location-based features. You can control location permissions through your device settings.

Content and Communications

If our applications include social features, messaging, or user-generated content, we collect the content you create, post, or share within the application.

How We Use Your Information

We use the collected information for the following purposes:

To provide, maintain, and improve our applications and services
To authenticate users and secure accounts
To personalise your experience and provide customised features
To process transactions and manage subscriptions
To provide AI-powered features, recommendations, and assistance
To send important notifications, updates, and security alerts
To communicate with you about our services and respond to inquiries
To analyse usage patterns and improve functionality
To detect, prevent, and address technical issues
To prevent fraud, abuse, and security threats
To comply with legal obligations and enforce our terms
To conduct research and development for new features

Third-Party Services and Integrations

Our applications may integrate with various third-party services. These services have their own privacy policies that govern how they handle your data. Common third-party services we use include:

Authentication Services

We use secure authentication providers (such as Clerk, Firebase Auth, or similar) to manage user accounts and sign-in processes, including email/password and social sign-in options.

Cloud Services and APIs

We may use cloud platforms and APIs from providers like Google, Amazon Web Services, Microsoft Azure, or others for hosting, data storage, and various app functionalities.

AI and Machine Learning

Some applications use AI services (such as OpenAI, Google AI, or Anthropic) to provide intelligent features, recommendations, and assistance. Your interactions with these features are processed by these AI providers.

Analytics and Performance

We use analytics tools (such as Google Analytics, Firebase Analytics, or similar) to understand app usage, improve performance, and fix issues.

Payment Processing

For applications with in-app purchases or subscriptions, we use secure payment processors (such as Stripe, Google Play Billing, Apple In-App Purchase, or M-Pesa) that handle payment information. We do not store your complete payment card details.

Advertising Networks

Some free applications may display advertisements through ad networks (such as Google AdMob, Meta Audience Network). These networks may collect device information for ad targeting purposes.

We encourage you to review the privacy policies of these third-party services to understand their data practices.

Data Sharing and Disclosure

We do not sell your personal information to third parties. We may share your information only in the following circumstances:

Service Providers: With trusted third-party companies that help us operate our applications, such as hosting providers, analytics services, and customer support tools. These providers are contractually bound to protect your data.
Legal Requirements: When required by law, legal process, or government request, or when necessary to protect our rights, property, or safety, or that of our users.
Business Transfers: In connection with a merger, acquisition, reorganisation, sale of assets, or bankruptcy, your information may be transferred as part of that transaction.
With Your Consent: When you explicitly authorise us to share specific information with third parties.
Aggregated Data: We may share anonymised, aggregated data that cannot identify you personally for research, marketing, or analytical purposes.

Data Storage and Security

We implement comprehensive security measures to protect your information:

Encrypted data transmission using HTTPS/TLS protocols
Secure password storage using industry-standard encryption algorithms
Regular security audits and vulnerability assessments
Access controls and authentication for internal systems
Secure cloud infrastructure with reputable providers
Automated backups and disaster recovery procedures
Security monitoring and incident response protocols

Despite our security measures, no system is completely secure. While we strive to protect your personal information using industry best practices, we cannot guarantee absolute security. We continuously monitor and improve our security practices to address emerging threats.

Your Rights and Choices

You have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you.
Correction: Update or correct inaccurate or incomplete information.
Deletion: Request deletion of your account and associated data (subject to legal retention requirements).
Portability: Receive your data in a structured, commonly used, machine-readable format.
Restriction: Request limitation of how we process your data.
Objection: Object to certain types of data processing, including direct marketing.
Opt-out: Unsubscribe from promotional emails and push notifications at any time.
Withdrawal of Consent: Withdraw consent for data processing where we rely on consent as the legal basis.

To exercise any of these rights, please contact us using the information provided at the end of this policy. We will respond to your request within 30 days. Note that some rights may be limited by applicable laws or necessary for legitimate business purposes.

Managing Permissions

You can control app permissions (location, camera, notifications, etc.) through your device settings. Disabling certain permissions may limit app functionality.

Data Retention

We retain your personal information for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Retention periods vary based on:

The nature of the data and how it is used
Legal, regulatory, or contractual obligations
Whether you have an active account with us
Legitimate business needs

When you request account deletion, we will delete or anonymise your personal data within 30 days, except where we are legally required to retain certain information (such as transaction records for tax purposes).

Children's Privacy

Our applications are not intended for children under the age of 13 (or the applicable age of consent in your jurisdiction, which may be higher). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately. Upon verification, we will promptly delete such information from our systems.

If we discover that we have inadvertently collected information from a child under the applicable age, we will take immediate steps to delete that information.

International Data Transfers

Your information may be transferred to, stored, and processed in countries other than your country of residence, including countries that may have different data protection laws. When we transfer data internationally, we ensure appropriate safeguards are in place, such as:

Standard contractual clauses approved by relevant authorities
Data processing agreements with service providers
Compliance with applicable data protection frameworks
Technical and organisational security measures

By using our applications, you consent to the transfer of your information to these countries.

Cookies and Tracking Technologies

We and our partners use cookies, web beacons, mobile analytics, and similar tracking technologies to collect information about your use of our applications. These technologies help us:

Remember your preferences and settings
Authenticate your account and maintain security
Analyse usage patterns and app performance
Personalise content and recommendations
Measure the effectiveness of features and campaigns
Provide relevant advertisements (in free applications)

You can manage tracking preferences through your device settings or opt-out options provided within the application. Note that disabling certain tracking may affect app functionality.

California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to know what personal information is collected, used, and shared
Right to delete personal information we hold about you
Right to opt-out of the sale or sharing of personal information (we do not sell personal information)
Right to correct inaccurate personal information
Right to limit use of sensitive personal information
Right to non-discrimination for exercising your privacy rights

To exercise these rights, please contact us using the information below. We will verify your identity before processing your request.

European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR), including those described in the "Your Rights and Choices" section above. Our legal bases for processing your data include:

Contract: Processing necessary to provide services you have requested.
Consent: Where you have given explicit consent for specific processing.
Legitimate Interests: For purposes like fraud prevention, security, and service improvement.
Legal Obligation: When required by law.

You also have the right to lodge a complaint with your local data protection authority.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. We will notify you of material changes by:

Posting the updated policy within our applications
Updating the "Last updated" date at the top of this policy
Sending a notification through the app or via email for significant changes

We encourage you to review this Privacy Policy periodically. Your continued use of our applications after changes are posted constitutes acceptance of the updated policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Company: CoreLabz Technologies
Email: privacy@corelabz.com
Phone: +254 700 568 206
Address: Nairobi, Kenya

We will respond to your inquiry within 30 days. For urgent privacy concerns, please mark your message as urgent.