Norg – Privacy Policy

1. Data Controller

We are the controller of the personal data processed through the App.

We have not appointed an EU/EEA or UK representative and we have not designated a Data Protection Officer.

2. Scope of This Policy

This policy applies to personal data collected through the App and related support services. It does not cover third-party services that are governed by their own privacy terms.

3. Personal Data We Collect

We collect and process the following categories of personal data when you use the App:

• Device information: device model, operating system version, language settings, and similar technical data.
• Usage and analytics information: app interactions, session events, approximate location derived from IP address, advertising identifiers, and analytics identifiers collected via Google Firebase Analytics.
• Crash and performance data: diagnostics information such as stack traces and device state data collected via Google Firebase Crashlytics.
• Advertising data: information required to deliver ads (for example, advertising identifiers and consent signals) collected via Google AdMob.

We do not intentionally collect user-generated content, account registration data, or special categories of personal data through the App.

4. Purposes and Legal Bases

• App analytics (Firebase Analytics): we analyse aggregated usage trends to improve functionality and plan new features. Legal basis: your consent (GDPR Article 6(1)(a)). The App uses Google’s User Messaging Platform (UMP) to request this consent.
• Advertising (Google AdMob): we show ads and measure their performance. Legal basis: your consent (GDPR Article 6(1)(a)). Consent is also collected through UMP. The App will not load AdMob until you grant consent where required.
• Crash diagnostics (Firebase Crashlytics): we investigate crashes and maintain the security and reliability of the App. Legal basis: our legitimate interests in ensuring service stability (GDPR Article 6(1)(f)). You may object to this processing (see Section 10).
• Mandatory compliance: we may process data to comply with legal obligations or respond to lawful requests. Legal basis: legal obligation (GDPR Article 6(1)(c)).

5. Consent Management

Where consent is required, the App displays Google’s User Messaging Platform (UMP) to collect, record, and respect your choices. You can revisit your consent settings within the App whenever the consent prompt is made available, or by contacting us at info@lufesu.com to request assistance. You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

6. Cookies and Similar Technologies

The App does not use traditional browser cookies, but Firebase Analytics, Firebase Crashlytics, and AdMob rely on mobile identifiers (such as Google Advertising ID) and SDK-based storage to operate. These technologies only run after we have captured the appropriate consent where required.

7. Sharing and International Transfers

We share personal data with the following service providers solely for the purposes described above:

• Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) – provides Firebase Analytics and Google AdMob services for users in the EU/EEA and UK.
• Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) – provides Firebase services, including Crashlytics, with servers located outside Japan and the EU/EEA.

Personal data may be transferred to countries outside the EU/EEA or UK (including the United States and Japan). We rely on Google’s commitments to Standard Contractual Clauses and other appropriate safeguards as described in Google’s data processing terms. If you would like more information about these safeguards, please contact us.

8. Data Retention

We retain personal data only for as long as necessary for the purposes set out in this policy:

• Firebase Analytics data is retained in accordance with Google’s default retention period (currently up to 26 months) and is stored in aggregated form.
• Firebase Crashlytics crash reports are typically retained for up to 90 days.
• Advertising identifiers and consent records are stored for as long as required to document your consent and comply with applicable law.

When data is no longer needed, we delete or irreversibly anonymise it.

9. Information Security

We implement technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These include access controls, encryption in transit offered by our service providers, and regular monitoring of the App’s security posture.

10. Your Rights

Under the GDPR and UK GDPR, you have the following rights, subject to legal conditions:

• Access your personal data and obtain a copy.
• Request correction of inaccurate or incomplete data.
• Request deletion of personal data.
• Request restriction of processing.
• Object to processing based on legitimate interests.
• Request data portability for data you provided to us.
• Withdraw consent at any time.
• Lodge a complaint with your local data protection authority.

We will respond to your requests within one month as required by law. To exercise your rights, please contact us at info@lufesu.com. We may need to verify your identity before fulfilling certain requests.

11. Children

The App is not directed at children under 16 years of age. We do not knowingly collect personal data from children. If you believe that a child has provided personal data without parental consent, please contact us so that we can delete the data.

12. Changes to This Policy

We may update this policy from time to time to reflect changes in our practices or applicable laws. We will post the revised policy within the App or on our website and indicate the date of the latest revision. If changes materially affect your rights, we will provide additional notice or request your consent where required.

13. Contact

If you have questions, concerns, or requests about this policy or our handling of personal data, please contact us at info@lufesu.com.

You also have the right to lodge a complaint with your local supervisory authority, particularly in the EU/EEA or UK member state where you live or work.