Effective date: 22 aug 2025
Developer/Company: Tubertech.inc (“we”, “us”, “our”)
Contact: jackmartin7717@gmail.com
Data Controller (GDPR/UK-GDPR): [Company Legal Name]

1) What this app does

Vidon is an offline video player. It scans your device storage to find and play media files (videos, audio) and load local subtitles, and gives you file-level controls (browse, rename, delete, move—if you expose those features).

2) Permissions we request (Android)

• All Files Access (MANAGE_EXTERNAL_STORAGE): used only to:
  
  

  • Discover and index media files stored on your device.
    
    

  • Read/play videos and audio.
    
    

  • Read local subtitle files (e.g., .srt, .vtt).
    
    

  • Provide file controls you choose to expose (e.g., rename/move/delete within your app).
    We do not copy your files to our servers; processing happens on-device.
    
    

• Other typical Android permissions (if used):
  
  

  • INTERNET/NETWORK: to fetch in-app content that requires the network and/or display ads (if integrated).
    
    

  • WAKE_LOCK / AUDIO FOCUS: ensure stable playback.
    
    

  • POST_NOTIFICATIONS (Android 13+): optional, for playback controls—user may deny.
    We do not request location, contacts, or SMS.
    
    

Compliance note (Google Play): We declare MANAGE_EXTERNAL_STORAGE in Play Console, justify core functionality (local media playback), and show in-app disclosure at first launch explaining why the permission is needed and how it’s used.

3) What data we collect

By default, we designed the app to avoid collecting personal data. Specifically:

• Personal identifiers (name, email, phone): Not collected.
  
  

• Media files & subtitles: Not uploaded; accessed locally on your device for playback/controls only.
  
  

• Analytics/Ads (if you integrate them):
  
  

  • Advertising ID / device identifiers may be accessed by ad SDKs (e.g., Google AdMob) for ad delivery and frequency capping.
    
    

  • Crash/usage analytics (e.g., Firebase Crashlytics/Analytics) may collect aggregated, pseudonymous event data to improve stability and features.
    If you do not use ads/analytics, delete this bullet and the related sections below.
    
    

4) Why we process data (GDPR legal bases)

If ads/analytics are integrated, our legal bases are:

• Legitimate interests (Art. 6(1)(f)) for app security, crash diagnostics, anti-fraud, and non-personalized measurement.
  
  

• Consent (Art. 6(1)(a)) where required for personalized advertising or analytics in the EEA/UK (obtained via a CMP compliant with IAB TCF v2.2 or equivalent). You can withdraw consent anytime in the app’s privacy/consent screen.
  
  

If you run no ads/analytics, we rely on no personal data processing; all media use is local to your device.

5) Do we share data?

• We do not sell personal data.
  
  

• If using third-party SDKs (e.g., Google AdMob, Firebase), they act as processors/independent controllers for their limited purposes (ads, crash logs, analytics). See their policies within our in-app “Third-Party Services” list and links.
  
  

6) International transfers

If third-party services process data outside your region, they use safeguards such as Standard Contractual Clauses (SCCs) or equivalent mechanisms. Links provided in-app under “Third-Party Services.”

7) Data retention

• On-device media/subtitles: never uploaded; we retain nothing server-side.
  
  

• Ads/Analytics (if enabled): retained by providers per their policies; we keep only aggregated, non-identifying metrics as long as needed for the purposes above.
  
  

• You can reset the Advertising ID or opt out of Ads Personalization in Android settings.
  
  

8) Your rights

EEA/UK (GDPR/UK-GDPR)

You can access, correct, delete, restrict, or object to processing; and withdraw consent at any time (does not affect past lawful processing). You also have data portability rights and may lodge a complaint with your local Data Protection Authority.

California (CCPA/CPRA)

California residents can request access, deletion, correction, and opt out of sharing for cross-context behavioral advertising. We do not sell personal information. Use the in-app privacy options or contact us.

Brazil (LGPD) (optional if relevant)

You have rights to confirm processing, access, correct, anonymize, block, delete, and revoke consent.

We will verify your identity before fulfilling rights requests. Contact: jackmartin7717@gmail.com.

9) Children’s privacy

This app is not directed to children under 13 (or under 16 in the EEA where consent applies). We do not knowingly collect children’s personal information. If you believe a child provided data, contact us to remove it.

10) Security

We use technical and organizational measures to protect any limited data processed via third-party SDKs (TLS in transit, role-based access, minimization). Local media stays on your device.

11) In-app disclosures & controls

• First-run permission rationale for All Files Access with clear, revocable controls.
  
  

• Consent/Privacy screen (EEA/UK) to choose personalized vs non-personalized ads (or disable analytics), with a link to this policy.
  
  

• A “Privacy” entry in app settings to revisit choices and view third-party links.
  
  

12) Changes to this Policy

We may update this policy. We will post the new version and update the Effective date above. Material changes will be highlighted in-app.

Google Play Data safety mapping (example – customize to your build)

• Data collected:
  
  

  • If no ads/analytics → No data collected.
    
    

  • If AdMob → Device or other IDs (Advertising ID), App interactions (ad views/clicks) → Collected, Shared with third parties (ad partners), Data is not sold, Used for advertising.
    
    

  • If Crashlytics → Crash logs, Diagnostics → Collected, Not shared, Used for app functionality.
    
    

• Data is encrypted in transit: Yes.
  
  

• Data deletion: Users can request deletion of analytics data via jackmartin7717@gmail.com; Ads data governed by provider settings and Android system controls.