Effective date: 2 October 2025
1. Introduction
Talimee (“we”, “us”, or “our”) provides a mobile application to help users access educational content. This Privacy Policy explains what personal data we collect, why we collect it, how we use and share it, and your rights. By using Talimee you agree to the collection and use of information described here.
2. Data we collect and why
Phone number (required): used for account creation, authentication, verification codes, account recovery, security notifications, and fraud detection. Legal basis: contract necessity and legitimate interest. We do not use your phone number for marketing unless you explicitly opt in.
Email address (required): used for account recovery, communication, and verification. May also be used to send service-related updates or promotional content if you have opted in. Legal basis: consent and legitimate interest for account security.
Username (optional): used as a display name and for personalization. Legal basis: consent.
District (optional): used to localize content and improve relevance. Legal basis: consent.
Device and usage data (automatic): device model, OS version, app version, crash reports, analytics events, approximate location derived from IP, and device identifiers. Purpose: analytics, performance monitoring, crash reporting, security, and app improvement. Legal basis: legitimate interest.
Advertising identifiers and signals: collected by AdMob and similar partners for ad delivery and measurement. Legal basis: consent or device-level settings where required.
We do not collect national identity numbers, financial account numbers, biometric identifiers, or precise geolocation unless you explicitly provide them in future optional features.
3. How we use and share data
Primary uses: create and secure accounts, authenticate users, personalize features, communicate account and security messages, analyze and improve the app, and serve ads.
Service providers: we share personal data with processors that help operate Talimee, including Firebase (authentication and storage) and Google AdMob (advertising). These processors act under contract and only process data for specified purposes.
Analytics and crash reporting: aggregated or pseudonymized event data and crash logs may be shared with analytics providers.
Legal disclosures: we may disclose data to comply with legal process, respond to claims, or to prevent fraud or imminent harm.
Aggregated, anonymized data: may be used or shared without restriction.
4. International transfers and legal basis
Data stored in Firebase and processed by third parties may be transferred outside Pakistan. We rely on contractual safeguards, standard contractual clauses, and provider commitments to protect personal data during cross-border transfers. For EU users we process personal data under applicable GDPR legal bases and honor data subject rights. For other jurisdictions we follow mandatory local laws and applicable consumer protections.
5. Retention, deletion and account closure
· Active accounts: we retain account data while the account exists.
· Deletion requests and account closure: you can delete your account via the in‑app deletion flow or by contacting us at the contact address below from the registered phone number for verification. After verified deletion we remove personal data from live systems within 30 days and delete backups within 90 days, except where longer retention is required for legal compliance, fraud prevention, or dispute resolution (typically up to 12 months).
· Export and portability: upon verified request we will provide a machine‑readable export of personal data linked to your phone number within a reasonable timeframe.
6. Security measures
We implement technical and organizational measures to protect personal data, including: TLS for data in transit; encryption at rest where supported by platform providers; role‑based access controls and least‑privilege permissions; multi‑factor authentication for administrative access where practical; monitoring and logging of administrative access; periodic vulnerability scanning and penetration testing; and incident response procedures. Subprocessors must meet our security requirements under signed Data Processing Agreements.
7. Incident response and breach notification
We maintain an incident response plan. Where required by law, we will notify affected users and relevant supervisory authorities without undue delay; notification timing follows applicable law (for example, within 72 hours to EU authorities where applicable). Notifications describe the nature of the incident, likely impact, mitigation steps, and contact information.
8. Your rights and how to exercise them
You have the right to access, correct, delete, or port your personal data, and to object to or request restriction of certain processing. To exercise these rights, contact us at the address below and include your registered phone number for verification. We will respond within applicable statutory timeframes.
9. Children and sensitive data
Talimee is not intended for children below the minimum age required by local law. If we learn we collected personal data from a child without required parental consent we will delete it. We do not intentionally collect sensitive categories of personal data; if such features are introduced we will obtain explicit consent and apply enhanced protections.
10. Automated decision-making and profiling
Talimee does not perform automated decision‑making that produces legal or similarly significant effects on users. Analytics and ad‑targeting by third parties may involve profiling; you can object to targeted advertising via device or vendor settings.
11. Changes to this policy
We may update this policy; material changes will be communicated in‑app. Continued use after notice indicates acceptance. The full policy and historic versions are published at: [Talimee].
12. Force majeure (limited)
We are not liable for delays or failures caused by circumstances beyond our reasonable control.
13. Contact and how to submit requests
Data controller and operator: the entity listed in the app store listing. For privacy requests, data subject requests, or breach notifications contact: greyapple123@gmail.com. To help us process requests, include: registered phone number, request type (access/correction/deletion/portability), and any supporting information. Requests from verified phone numbers are processed faster.