Privacy Policy

1. INTRODUCTION AND IDENTITY OF THE DATA CONTROLLER

This Privacy Policy ("Policy") describes how WarthogLab SARL ("WarthogLab," "we," "us," or "our"), a société à responsabilité limitée organized under the laws of France, collects, uses, discloses, and protects personal information ("personal data") in connection with the mobile applications, software, websites and online services we make available (collectively, the "Services"), including, without limitation, the applications "Universal Remote Control TV," "Reverse Image Search," "Teleprompter," "AI Note Taker," and any other applications we may publish from time to time on the Apple App Store, the Google Play Store or any other distribution channel.

For the purposes of Regulation (EU) 2016/679 (the "GDPR") and the French Data Protection Act of 6 January 1978 (Loi n° 78-17 relative à l'informatique, aux fichiers et aux libertés, the "French Data Protection Act"), WarthogLab acts as the data controller ("responsable de traitement") for the personal data processed through the Services, save where expressly stated otherwise in this Policy.

By installing, accessing, downloading or otherwise using the Services, you acknowledge that you have read, understood and accepted this Policy. If you do not agree with this Policy, you must not use the Services.

2. CONTACT INFORMATION

Data Controller: WarthogLab SARL
Registered office: France (full registered address available upon request)
Email: contact@warthoglab.com
Privacy contact: contact@warthoglab.com

We have not appointed a Data Protection Officer ("DPO") because we are not legally required to do so under Article 37 of the GDPR. You may, however, contact us at any time at the address above for any matter relating to your personal data.

3. SCOPE OF THIS POLICY

This Policy applies to all individuals (the "Users" or "you") who access or use the Services, regardless of the device or jurisdiction from which the Services are accessed. Where required by applicable law (in particular for residents of the European Economic Area ("EEA"), the United Kingdom, Switzerland, the State of California and other U.S. states with applicable privacy statutes), additional rights and disclosures are described below.

Some of our Services may operate fully on-device and process little or no personal data. Some Services rely on cloud-based features (e.g. AI processing, cloud storage). Section 12 of this Policy summarizes the data flows that are specific to each individual application.

4. CATEGORIES OF PERSONAL DATA WE COLLECT

We strive to collect only the data we genuinely need. Depending on the Service you use and the choices you make, we may collect the following categories of personal data:

4.1. Information you provide voluntarily

• Contact and support data: your email address and the contents of your message when you contact us for support, feedback, billing questions or to exercise your rights.
• User-generated content: any text, images, video, audio recordings, scripts, prompts or other materials you create, import or submit through the Services. Unless explicitly stated in-app, such content is stored locally on your device and is not transmitted to us.
• Account and purchase identifiers: if you subscribe to a paid plan, an anonymous identifier provided by Apple/Google and/or RevenueCat is used to identify your subscription. We do not receive your full payment details.

4.2. Information collected automatically

• Device and technical data: device model, operating system version, language, country, time zone, screen resolution, mobile carrier (where exposed by the OS), app version, build identifier, installation identifier.
• Usage and analytics data: screens viewed, features used, taps and navigation events, session duration, in-app conversions, performance and stability metrics.
• Diagnostic and crash data: stack traces, error codes, breadcrumbs leading to a crash, memory and CPU snapshots related to a crash, technical logs.
• Network data: IP address (transiently used for routing and abuse prevention), connection type, latency metrics. For Services that interact with devices on your local network, we may also process the local IP addresses, MAC addresses, mDNS/SSDP broadcasts and device names of devices on your local network solely to perform device discovery and control. This local-network data is not transmitted to our servers.
• Advertising identifier (IDFA / GAID): only collected where the relevant Service displays personalized advertising and only after you have given the explicit consent required by Apple's App Tracking Transparency framework or by Google's equivalent mechanism.

4.3. Information collected with your express permission

Some features rely on operating-system permissions that you can grant or revoke at any time in your device settings:

• Camera — to capture photos and videos within the relevant Services.
• Microphone — to record audio, drive voice-controlled features and perform on-device speech recognition.
• Photo Library — to select existing media you wish to use within the Services and, where applicable, to save outputs created by the Services.
• Speech Recognition — to transcribe your voice into text. Where supported, transcription occurs on-device.
• Local Network — to discover and control devices on your home network (e.g. televisions).
• Notifications — to send you transactional notifications (e.g. processing complete, subscription updates).

We do not access health data, contacts, calendars, location, biometric data, payment cards, or any other "special category" of data within the meaning of Article 9 of the GDPR.

5. PURPOSES OF PROCESSING AND LEGAL BASES

We process personal data only for specific, explicit and legitimate purposes. The table below summarizes the main processing activities, the categories of data involved and the legal bases on which we rely under Article 6 of the GDPR. Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

We do not engage in solely automated decision-making producing legal effects on you within the meaning of Article 22 of the GDPR.

6. THIRD-PARTY SERVICE PROVIDERS AND SUB-PROCESSORS

We rely on a limited number of trusted service providers, each acting as our "processor" within the meaning of Article 28 of the GDPR. We have entered into appropriate data-processing agreements with each of them. The categories listed below cover all of our Services; not every Service uses every provider. Section 12 specifies which providers are used by which Service.

We do not sell personal data and we do not share personal data with third parties for their own marketing purposes. We may, however, share your personal data with:

• Professional advisors (lawyers, accountants, auditors) under strict confidentiality obligations;
• Public authorities, where we are required to do so by law, regulation, court order or other legal process, or where necessary to protect our rights or the safety of our users or the public;
• Acquirers or successors in the context of a merger, acquisition, restructuring, sale of assets, bankruptcy or similar transaction, in which case we will require the recipient to honor the commitments made in this Policy.

7. INTERNATIONAL DATA TRANSFERS

We are based in France. Some of our service providers (in particular Google, RevenueCat, SmartBear/Bugsnag and Apple) may host or process your personal data outside the EEA, including in the United States. Where we transfer personal data outside the EEA, the United Kingdom or Switzerland to a country that has not been deemed adequate by the European Commission, we put in place one of the safeguards required by Articles 44 to 49 of the GDPR, namely:

• The European Commission's Standard Contractual Clauses (Decision (EU) 2021/914), where appropriate together with supplementary technical and organizational measures;
• Reliance on the EU-U.S. Data Privacy Framework for providers self-certified under that framework (and the UK and Swiss extensions thereto, as applicable);
• Any other lawful transfer mechanism recognized by the GDPR.

You may request a copy of the relevant safeguards by contacting us at contact@warthoglab.com.

8. DATA RETENTION

We retain personal data only for as long as is necessary for the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, consumer-law or reporting requirements. The main retention periods are summarized below; specific periods may be shortened or extended where required by law.

• Analytics data: up to 14 months from collection.
• Crash and diagnostic data: up to 90 days from collection, unless required for the investigation of a specific incident.
• Subscription data: for the duration of your subscription and up to 10 years thereafter, in accordance with French commercial and tax record-keeping obligations (Article L.123-22 of the French Commercial Code).
• Support correspondence: up to 3 years from our last meaningful contact with you.
• User content stored in cloud features: for the time strictly necessary to deliver the feature, plus a short technical buffer (typically less than 30 days) before deletion. Content kept locally on your device is governed by your own settings and is removed when you delete the application.
• Data processed for the establishment, exercise or defense of legal claims: for the duration of the relevant limitation period.

When the applicable retention period expires, your personal data is deleted or anonymized in such a way that you can no longer be identified.

9. YOUR RIGHTS

9.1. Rights of users in the EEA, the United Kingdom and Switzerland

Subject to the conditions set out in the GDPR and the French Data Protection Act, you have the right:

• to access your personal data and obtain a copy thereof (Article 15 GDPR);
• to obtain the rectification of inaccurate or incomplete data (Article 16);
• to obtain the erasure of your data ("right to be forgotten") (Article 17);
• to restrict the processing of your data (Article 18);
• to data portability for data you have provided to us and that is processed on the basis of consent or contract (Article 20);
• to object to processing carried out on the basis of our legitimate interests (Article 21), including for direct marketing purposes;
• to withdraw your consent at any time, where processing is based on consent (Article 7(3));
• to define directives concerning the fate of your personal data after your death, in accordance with Article 85 of the French Data Protection Act.

To exercise any of these rights, please contact us at contact@warthoglab.com. We may need to verify your identity before responding. We will respond within one (1) month of receipt of your request, which may be extended by two (2) further months where necessary, taking into account the complexity and number of requests.

Right to lodge a complaint. If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL), 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France — www.cnil.fr, or with the supervisory authority of your country of residence or place of work.

9.2. Rights of California residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the "CCPA"), gives you the right to:

• know the categories and specific pieces of personal information we have collected about you;
• request the deletion of your personal information;
• request the correction of inaccurate personal information;
• opt out of the "sale" or "sharing" of your personal information for cross-context behavioral advertising — we do not sell or share personal information within the meaning of the CCPA;
• limit the use of sensitive personal information — we do not use sensitive personal information for any purpose other than those expressly permitted by the CCPA;
• not be discriminated against for exercising your privacy rights.

You may exercise these rights by contacting us at contact@warthoglab.com. You may use an authorized agent to submit a request on your behalf, subject to verification.

9.3. Other U.S. state privacy laws

Residents of certain other U.S. states (including Virginia, Colorado, Connecticut, Utah, Texas and other states with comprehensive privacy laws) may have similar rights, including the rights to access, correct, delete, port and opt out of targeted advertising or profiling. To exercise these rights, please contact us at the address above.

10. CHILDREN'S PRIVACY

The Services are not directed at children under the age of 13 (or under any higher minimum age applicable in your country, including 15 in France pursuant to Article 7-1 of the French Data Protection Act and 16 in jurisdictions that have set a higher age under Article 8 of the GDPR). We do not knowingly collect personal data from children below such age without verifiable parental consent. If you believe that a child has provided us with personal data, please contact us at contact@warthoglab.com and we will take all reasonable steps to delete such data promptly.

We comply with the U.S. Children's Online Privacy Protection Act (COPPA) and Apple's "Kids" / "Family" guidelines, where applicable.

11. SECURITY

We implement appropriate technical and organizational measures designed to protect personal data against unauthorized or unlawful access, alteration, disclosure, loss or destruction, in accordance with Article 32 of the GDPR. These measures include, among others, transport encryption (TLS), encryption at rest where supported by our providers, App Check / token-based authentication for our backend functions, the principle of least privilege, internal access controls and regular review of our service providers' security posture.

No security measure is, however, infallible. In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the CNIL within 72 hours where required by Article 33 of the GDPR, and we will inform you without undue delay where required by Article 34 of the GDPR.

12. APP-SPECIFIC PRACTICES AND PERMISSIONS

The following table describes the device permissions, the data flows and the third-party providers used by each of our main Services. Services not listed below either follow the same defaults as the Services listed or display their own in-app disclosures. We will update this table when we publish new Services.

Each Service's App Store "Privacy Nutrition Label" and Google Play "Data Safety" section provide an additional summary of the data collected.

13. ADVERTISING, TRACKING AND CONSENT

Some of our Services display advertising provided by Google AdMob in order to fund a free tier. In Services that display advertising:

• If you reside in the EEA, the United Kingdom or Switzerland, we use the Google User Messaging Platform to obtain your prior, free, specific, informed and unambiguous consent for the storage of information on your device and for the processing of personal data for advertising and analytics purposes (Article 82 of the French Data Protection Act, transposing Article 5(3) of the ePrivacy Directive). You may withdraw your consent at any time from within the relevant Service.
• On iOS, we comply with Apple's App Tracking Transparency framework. We will not access your IDFA, nor track you across applications and websites owned by other companies, unless you have granted permission via the system prompt. You can change your choice at any time in Settings > Privacy & Security > Tracking.
• On Android, you can reset or disable your advertising identifier in your Google account settings.

Services that do not display advertising do not perform any cross-app tracking and do not request ATT permission.

14. COOKIES AND SIMILAR TECHNOLOGIES

Our mobile applications do not use HTTP cookies. They may, however, use the local storage made available by the operating system (e.g. UserDefaults, the file system, the keychain) to store your preferences, your subscription state and the technical identifiers required to operate the Services. Our website warthoglab.com uses only strictly necessary cookies; if and when we deploy non-essential cookies, a dedicated cookie banner will be displayed.

15. CHANGES TO THIS POLICY

We may update this Policy from time to time to reflect changes in our Services, our practices or applicable law. The "Last updated" date at the top of this page indicates when this Policy was last revised. Material changes will be brought to your attention through the Services or by other appropriate means. Your continued use of the Services after the effective date of the revised Policy constitutes your acceptance of the changes, except where additional consent is required by law.

16. HOW TO CONTACT US

If you have any questions or concerns about this Policy or our processing of your personal data, please contact us at:

WarthogLab SARL
Email: contact@warthoglab.com
Registered office: France

This Privacy Policy is provided in English. A French-language version is available upon request and shall prevail in case of inconsistency for users domiciled in France.