1Overview
At frostdevcloudgrid, privacy is the foundational principle of every product we design and every service we deliver. This Privacy Policy explains, in plain language, what information we collect, why we collect it, how long we keep it, who we share it with, and what rights you have over it.
We have written this policy to be as comprehensive as possible while still being readable. If you have any questions after reading it, please email us at privacy@frostdevcloudgrid.com and a real human will respond within two business days.
1.1 Definitions
- "Personal Information" or "Personal Data" means any information that identifies, or can reasonably be used to identify, an individual person.
- "Processing" means any operation performed on Personal Data, including collection, storage, use, disclosure, or deletion.
- "Service" or "Services" means our website at frostdevcloudgrid.com, our mobile applications, and the professional services we offer to clients.
- "App" or "Apps" means any mobile application published by frostdevcloudgrid on the Apple App Store, Google Play, or any other distribution platform.
1.2 Data Controller
frostdevcloudgrid is the data controller for the Personal Information described in this policy, except where a third-party service provider acts as the data controller (for example, Google in respect of certain advertising services). Our registered office is at St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom.
Our commitment: All Apps published by frostdevcloudgrid are designed on a "local-first" architecture. This means that, by default, your content lives only on your device and is never transmitted to our servers.
2Information We Collect
The Personal Information we collect depends on how you interact with our Services. We have designed our Services to collect the minimum information necessary.
2.1 Website Data
When you visit frostdevcloudgrid.com, we may automatically collect technical information (IP address anonymised after 24 hours, browser type, OS, device type), usage information (pages visited, time on page, referrer), and cookies (see Section 14). We do not use third-party analytics services on our marketing website.
2.2 App Data (Local-First Architecture)
Our Apps are designed around a "local-first" architecture. By default, all user-generated content (pet health records, wardrobe inventory, vocabulary progress, sheet music scans) is stored exclusively on your device, in an encrypted local store, and is never transmitted to our servers. We do not collect user-generated content, health data, financial data, location data, contacts, photos, or device identifiers for tracking purposes.
2.3 Advertising Data
Our Apps display advertising through third-party ad networks (see Section 5). When advertising is displayed, the ad network may collect: Advertising Identifiers (IDFA/GAID) only with explicit user consent via the ATT prompt; device information; ad interaction data (impressions, clicks, video views); approximate location from IP; and app context.
2.4 Service Enquiry Data
When you contact us about a project, we collect information you voluntarily provide, including name, email, phone (optional), company, project description, budget range, timeline, and any other context you share.
3How We Use Information
We use Personal Information only for the purposes described in this policy, and only when we have a valid legal basis. The purposes include:
- Service delivery: to operate, maintain, and improve our website, Apps, and professional services.
- Communication: to respond to enquiries and provide customer support.
- Personalisation: to remember preferences and tailor the user experience.
- Advertising: to display, measure, and improve advertisements through third-party networks (with consent where required).
- Security: to detect and prevent fraud, security incidents, and abuse.
- Legal compliance: to comply with applicable laws and regulations.
We never use Personal Information for cross-app tracking without consent, for selling to data brokers, for profiling with legal effects, or for any incompatible purpose.
5Advertising & Ad Networks
To keep our Apps free to download, we display advertising through carefully selected third-party ad networks. We work only with ad networks that respect user privacy, support the App Tracking Transparency framework on iOS, and comply with applicable privacy regulations.
All advertising in our Apps is clearly labelled within the App Privacy Label on the App Store. You can opt out of personalised advertising at any time through your device settings (iOS: Settings → Privacy & Security → Tracking; Android: Settings → Google → Ads).
5.1 Google AdMob
Our Apps use Google AdMob, Google's mobile advertising platform, to serve ads. When you grant tracking consent on iOS (via the App Tracking Transparency prompt) or the equivalent consent on Android, AdMob may collect and use the following information to serve and measure personalised advertising:
- Advertising Identifiers (IDFA on iOS, GAID on Android) — only with explicit user consent.
- Device information: device type, OS version, language, time zone, mobile carrier, screen size.
- Approximate location derived from IP address (country / region level only).
- Ad interaction data: impressions, clicks, video views, completion events.
- App context: which App is showing the ad, the placement of the ad, and any in-app events you have completed.
AdMob's use of information is governed by the Google Privacy Policy and the Google Advertising Privacy & Terms. You can opt out of personalised advertising through your device settings or through Google's Ads Settings.
For users in the European Economic Area, the United Kingdom, or Switzerland, AdMob serves non-personalised advertising by default unless explicit consent is granted via Google's User Messaging Platform (UMP) consent flow.
5.2 Supported Ad Networks
In addition to Google AdMob, our Apps may integrate the following ad networks and mediation partners. Each is bound by its own privacy policy and our data processing agreements.
| Ad Network | Privacy Policy | Opt-out / Controls |
|---|---|---|
| Google AdMob | View | Manage |
| Google AdSense | View | Manage |
| Google Ad Manager (DFP) | View | Manage |
| Meta Audience Network (Facebook) | View | Manage |
| Unity Ads | View | Manage |
| AppLovin MAX | View | Manage |
| ironSource (Unity) | View | Manage |
| Vungle (Liftoff) | View | Manage |
| Liftoff Monetize | View | Manage |
| Chartboost (Digiday) | View | Manage |
| InMobi | View | Manage |
| Pangle (ByteDance) | View | Manage |
| Mintegral | View | Manage |
| Tapjoy | View | Manage |
| AdColony (Digital Turbine) | View | Manage |
| Digital Turbine | View | Manage |
| Start.io | View | Manage |
| Ogury | View | Manage |
| Smaato (Verve) | View | Manage |
| Pubmatic | View | Manage |
| MoPub (X / Twitter) | View | Manage |
| Yahoo Advertising (Verizon Media) | View | Manage |
| Microsoft Advertising (Xandr) | View | Manage |
| Criteo | View | Manage |
| Taboola | View | Manage |
| Outbrain | View | Manage |
| BidMachine | View | Manage |
| Yandex Advertising | View | Manage |
| Amazon Publisher Services (APS) | View | Manage |
5.3 Ad Format Inventory
Our Apps may display the following advertising formats. Each format is subject to user-consent requirements of the network and platform.
5.3.1 Banner Ads
Banner ads are small, rectangular image or text ads that appear at the top or bottom of a screen. Standard sizes: 320×50 (mobile), 728×90 (tablet leaderboard), 300×250 (medium rectangle). Format: static image, animated GIF, or HTML5. Refresh: 30 to 60 seconds. Personalisation: served through standard auction; non-personalised by default in jurisdictions requiring consent.
5.3.2 Interstitial Ads
Interstitial ads are full-screen ads that appear at natural transition points (between levels in a game, or after completing a vocabulary review). Frequency capped at one per user action, intervals of not less than 60 seconds. Placement only at natural transition points. Most include a "skip" or "close" button after 5 seconds, in compliance with Coalition for Better Ads guidelines.
5.3.3 Rewarded Video Ads
Rewarded video ads are opt-in video ads that users can choose to watch in exchange for an in-app reward (extra life in a game, streak freeze, premium content unlock). Length: 15 to 60 seconds, with the reward clearly disclosed before opt-in. Users must explicitly tap a "Watch Ad" button — we never auto-play rewarded videos. Reward granted only after the full video is watched (or skipped past the network threshold, typically 30 seconds). Capped at 5 rewarded video ads per session by default.
5.3.4 Splash Ads (App Open Ads)
Splash ads, also known as app open ads, are full-screen ads that appear when the user opens or returns to the App. Format: image, video, or HTML5. One splash ad per cold start, minimum interval 4 hours between subsequent splash ads (per Google AdMob best practices). Close button available immediately for image splash ads, after 5 seconds for video splash ads.
5.3.5 Native Ads
Native ads are ad creatives that match the visual design and feel of the App in which they are displayed. Our Apps may use native ads in the form of "sponsored" or "promoted" cards within content feeds.
5.3.6 MREC Ads (Medium Rectangle)
MREC (medium rectangle) ads are 300×250 ads typically placed within a content scroll. They are common in Apps that display article-style or card-style content.
5.3.7 Playables (Interactive Ads)
Playable ads are interactive ad formats that let users try a mini-version of an advertised game before downloading. Playable ads are opt-in and clearly labelled.
Children's apps: None of our Apps are directed to children under 13. Our Apps do not serve personalised advertising to anyone, and we have configured all integrated ad networks to disable interest-based advertising and the serving of ads in categories inappropriate for younger audiences.
6Legal Basis for Processing (GDPR)
For users in the European Economic Area, the United Kingdom, or Switzerland, we process Personal Data on the following legal bases under the GDPR:
- Consent (Art. 6(1)(a)): for advertising, non-essential cookies, and processing not strictly necessary for the operation of the Service.
- Contract (Art. 6(1)(b)): for the performance of a contract with you.
- Legal obligation (Art. 6(1)(c)): for compliance with legal obligations to which we are subject (tax, accounting, anti-money-laundering).
- Legitimate interests (Art. 6(1)(f)): for our legitimate interests in operating, securing, and improving our Services, provided such interests are not overridden by your fundamental rights and freedoms.
7Data Retention
We retain Personal Information only as long as necessary to fulfil the purposes for which it was collected:
- App user data (local-first): retained on your device until you choose to delete it. We have no access to this data.
- Enquiry data: retained for 24 months from the date of last contact, unless an engagement is formed (then duration of engagement plus 7 years for accounting).
- Server logs: retained for 30 days, then automatically deleted.
- Aggregated analytics: retained indefinitely, with all identifiers removed or anonymised.
8Your Rights & Choices
Depending on your jurisdiction, you have some or all of the following rights:
- Right of access: you can request a copy of the Personal Information we hold about you.
- Right of rectification: you can request that we correct any inaccurate or incomplete Personal Information.
- Right of erasure ("right to be forgotten"): you can request that we delete Personal Information we hold about you, subject to certain exceptions.
- Right to restrict processing: you can request that we restrict the processing of your Personal Information in certain circumstances.
- Right to data portability: you can request a machine-readable copy of Personal Information you have provided to us.
- Right to object: you can object to the processing of your Personal Information in certain circumstances.
- Right to withdraw consent: if we process your Personal Information on the basis of consent, you can withdraw that consent at any time.
- Right to lodge a complaint: you can lodge a complaint with your local data protection authority.
To exercise any of these rights, please email privacy@frostdevcloudgrid.com. We will respond to your request within 30 days. We may need to verify your identity before fulfilling the request.
9Jurisdiction-Specific Rights
9.1 California (CCPA / CPRA)
If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA):
- Right to know what Personal Information we collect, use, disclose, or sell.
- Right to delete Personal Information we have collected from you.
- Right to correct inaccurate Personal Information.
- Right to opt out of the sale or sharing of your Personal Information. (Note: frostdevcloudgrid does not sell or share Personal Information.)
- Right to limit the use and disclosure of sensitive Personal Information.
- Right to non-discrimination for exercising your CCPA rights.
You can exercise these rights by emailing privacy@frostdevcloudgrid.com or by using our "Do Not Sell or Share My Personal Information" link, which is provided in the footer of our website even though we do not sell or share Personal Information. We will respond within 45 days as required by California law. If you are a California resident under 16, you must obtain parental consent before any Personal Information is collected through our Services.
9.2 United Kingdom (UK GDPR)
If you are in the United Kingdom, the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 apply. You can lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
9.3 European Union (GDPR)
If you are in the European Economic Area, the General Data Protection Regulation (GDPR) applies. You can lodge a complaint with your national data protection authority. A list is available at edpb.europa.eu.
9.4 Brazil (LGPD)
If you are in Brazil, the Lei Geral de Proteção de Dados (LGPD) applies. You can lodge a complaint with the Autoridade Nacional de Proteção de Dados (ANPD).
9.5 China (PIPL)
If you are in the People's Republic of China, the Personal Information Protection Law (PIPL) applies. We have appointed a representative within China for the purpose of PIPL compliance. You can exercise your PIPL rights by emailing privacy@frostdevcloudgrid.com.
9.6 Australia (Privacy Act 1988)
If you are in Australia, the Privacy Act 1988 and the Australian Privacy Principles (APPs) apply. You can lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
9.7 Canada (PIPEDA)
If you are in Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) applies, along with applicable provincial legislation (e.g. Quebec's Law 25). You can lodge a complaint with the Office of the Privacy Commissioner of Canada (OPC) at priv.gc.ca.
9.8 Japan (APPI)
If you are in Japan, the Act on the Protection of Personal Information (APPI) applies. You can exercise your APPI rights by emailing privacy@frostdevcloudgrid.com, and you can lodge a complaint with the Personal Information Protection Commission (PPC).
9.9 South Korea (PIPA)
If you are in South Korea, the Personal Information Protection Act (PIPA) applies. We have appointed a domestic representative for the purpose of PIPA compliance. You can exercise your PIPA rights by emailing privacy@frostdevcloudgrid.com, and you can lodge a complaint with the Personal Information Protection Commission (PIPC).
9.10 Singapore (PDPA)
If you are in Singapore, the Personal Data Protection Act 2012 (PDPA) applies. You can lodge a complaint with the Personal Data Protection Commission (PDPC) at pdpc.gov.sg.
9.11 UAE (DPL)
If you are in the United Arab Emirates, Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (DPL) applies. We have appointed a Data Protection Officer who can be contacted at dpo@frostdevcloudgrid.com.
9.12 India (DPDPA)
If you are in India, the Digital Personal Data Protection Act 2023 (DPDPA) applies. You can exercise your DPDPA rights by emailing privacy@frostdevcloudgrid.com, and you can lodge a complaint with the Data Protection Board of India (DPB).
10Children's Privacy (COPPA / GDPR-K / AADC)
Protecting children's privacy online is something we take very seriously. Our Services are not directed to children under the age of 13 (or under 16 in the European Economic Area, the United Kingdom, and Switzerland, in line with the higher standard required by GDPR-K), and we do not knowingly collect Personal Information from children.
We comply with the U.S. Children's Online Privacy Protection Act (COPPA), the UK Age-Appropriate Design Code (AADC), the EU GDPR-K provisions, and equivalent legislation in other jurisdictions.
Specifically with respect to advertising:
- We do not serve behavioural or personalised advertising to anyone, regardless of age.
- We have configured all integrated ad networks to treat all ad requests as coming from users who are not in a "child-directed" audience.
- We do not use any re-engagement or remarketing techniques in our Apps.
- We do not collect any personal identifiers (such as IDFA or GAID) from anyone, unless explicit consent has been obtained via the App Tracking Transparency prompt or equivalent mechanism.
If you believe we have inadvertently collected Personal Information from a child, please contact us at privacy@frostdevcloudgrid.com and we will delete the information within 5 business days.
11App Store Compliance
11.1 Apple App Store
Our Apps published on the Apple App Store comply with all applicable Apple App Store Review Guidelines, including but not limited to:
- Guideline 1.4.1 (Physical Harm): Our Apps do not facilitate physical harm.
- Guideline 2.1 (App Completeness): Our Apps are fully functional and complete at submission.
- Guideline 2.3 (Accurate Metadata): All App metadata is accurate and current.
- Guideline 3.2.1 (Acceptable Business Practices): We do not engage in fraudulent or misleading business practices.
- Guideline 4.0 (Design): Our Apps meet Apple's design standards.
- Guideline 5.1.1 (Privacy - Data Collection and Storage): Our Apps collect the minimum data necessary and clearly disclose all data collection in the App Privacy Label.
- Guideline 5.1.2 (Data Use and Sharing): We do not use or share data in violation of the user's consent.
- Guideline 5.4 (App Tracking Transparency): We use the ATT framework for any advertising identifier access.
Each App has a complete and accurate App Privacy Label on its App Store product page, declaring the data types collected, the purposes of collection, and whether the data is linked to the user's identity or used for tracking.
Our privacy manifest (PrivacyInfo.xcprivacy) is included in every App build and accurately declares all Required Reason API access.
11.2 Google Play Store
Our Apps published on the Google Play Store comply with the Google Play Developer Program Policies, the User Data Policy, and all applicable Google Play Console requirements, including:
- Data Safety Form: Every App has a complete and accurate Data Safety Form declaring data collection, sharing, and security practices.
- Families Policy: Our Apps are not currently designated as "Designed for Families" but are appropriate for general audiences.
- Personalized Ads: Where personalised advertising is served, we obtain explicit consent via the Google UMP consent flow.
- Data Deletion: Our Apps support the in-app data deletion requirement, and we delete server-side data within 30 days of request.
12Security
We take the security of your Personal Information very seriously. We implement industry-standard technical and organisational measures to protect your information, including:
- Encryption of Personal Data in transit (TLS 1.3) and at rest (AES-GCM-256).
- Regular security audits and penetration testing by independent third parties.
- Strict access controls, including role-based access and multi-factor authentication.
- Continuous security monitoring and anomaly detection.
- Regular backup and tested disaster recovery procedures.
- Security awareness training for all team members.
- Incident response procedures with notification commitments consistent with GDPR Article 33 (72 hours).
No method of transmission over the internet, however, is 100% secure. We cannot guarantee absolute security of your information.
13International Data Transfers
We are based in the United Kingdom. When we transfer Personal Information out of the UK, the EEA, or other jurisdictions with restricted transfer rules, we do so using an appropriate safeguard, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission.
- The UK International Data Transfer Addendum to the EU SCCs.
- The EU-US Data Privacy Framework (where the recipient is certified).
- Binding Corporate Rules (where applicable).
Where Personal Information is transferred to a third-party service provider in a third country, we have entered into a data processing agreement that includes these safeguards.
15Changes to this Policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date at the top of the policy. If the changes are material, we will provide additional notice (for example, by email or by a prominent notice within our Apps or on our website) at least 30 days before the changes take effect, unless a shorter period is required by law.
We encourage you to review this policy periodically to stay informed about how we are protecting your information.
16Contact Us
If you have any questions about this Privacy Policy, our data practices, or your rights, please contact us:
- By email: privacy@frostdevcloudgrid.com
- By post: frostdevcloudgrid — Privacy Office, St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom
- Data Protection Officer: dpo@frostdevcloudgrid.com
We aim to respond to all enquiries within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.