Zina (“Zina,” “we,” “our,” or “us”) respects your privacy. This Privacy Policy explains how we access, collect, use, disclose, retain, and protect information when you use the Zina mobile application and related services (the “App”). It also explains your choices and rights. By using the App, you agree to the practices described here. If you do not agree, please do not use the App.

Plain-English promise: We are transparent about data. We limit access and use to what’s needed for features you can see and use. We never sell personal or sensitive user data.
 

Developer/Controller: [Insert legal entity name]
Address: [Insert postal address]
Privacy contact: [Insert email]
Data Protection Officer (if applicable): [Insert DPO contact]
EU/UK representative (if applicable): [Insert contact]

This policy applies to information collected from or about users of the App, including device information. It complements (and does not replace) applicable privacy and data-protection laws in the places we offer our products or services (e.g., GDPR/UK GDPR, CCPA/CPRA, LGPD, PIPEDA). If you offer services in the EU, note that France’s CNIL guidance on mobile data protection may be a helpful reference, and we endeavor to follow such best practices where applicable.

We only access, collect, and use data necessary to provide current App features promoted in the Google Play listing.

• Identifiers: name, email, username, profile info.
   
• Authentication data (hashed), session tokens.
   
• Precise/coarse location (only with permission and only if a feature needs it).
   
• Contacts/phonebook (only if you enable a related feature and consent).
   
• Microphone/camera (only for features that require them and with consent).
   
• Photos/videos or files you select or upload.
   
• Health/fitness/body sensor data (only if a health feature requires it and with consent).
   
• App inventory visibility (limited; only if interoperability is a core feature).
   
• Other sensitive device/usage data is protected by Android permissions.
   

• Device model/OS, app version, language, crash logs, performance and diagnostics, and limited analytics (in line with Play policies).
   

• Content you create, upload, import, or share in the App.
   

We limit access, collection, use, and sharing to policy-compliant purposes reasonably expected by you:

• Provide, maintain, and improve App features.
   
• Account creation, authentication, and security.
   
• Customer support and service communications.
   
• Performance monitoring, debugging, and crash diagnostics.
   
• Compliance with law, valid government requests, or to protect rights, safety, and integrity.
   
• No sale: We do not sell personal or sensitive user data, and we do not share it for purposes that facilitate sale.
   

GDPR legal bases (where applicable): performance of a contract; legitimate interests (e.g., service security); consent (for optional features/permissions); legal obligation.

If Zina includes third-party SDKs or code, we ensure they comply with Google Play policies and this Privacy Policy, including a prohibition on selling personal/sensitive user data and honoring disclosure and consent requirements. We conduct due diligence, configure SDKs to the minimum necessary scope, and contractually limit their use and disclosure.

When our access, collection, use, or sharing may not be reasonably expected (e.g., background access), we provide in-app prominent disclosures immediately before any permission prompt and obtain clear, affirmative consent. Navigation away from a disclosure is not consent.

Templates you can place in-app:

• “Zina collects location data to enable [feature] even when the app is closed or not in use. We do not sell this data.”
   
• “Zina uses your camera to [describe feature, e.g., scan a code] while you are using the app. Images are used only to provide this feature.”
   
• “Zina reads selected photos you choose in the system picker to [feature]. Zina does not access other photos.”
   

• We only request permissions/APIs needed to implement current features/services promoted in our Play listing.
   
• We request access in context (incremental requests) so you understand why a permission is needed at that moment.
   
• We use data only for the purposes you consented to. If we later want to use data for a new purpose, we will ask again and obtain your affirmative agreement.
   
• Never sold nor shared for sale: Personal/sensitive data accessed via permissions/APIs is never sold or shared for the purpose of facilitating sale.
   
• We provide alternatives where feasible if you decline non-critical permissions.
   

User/device data accessed through Restricted Permissions is personal & sensitive data; Play’s User Data policy applies. We respect declines, do not manipulate consent, and accommodate users who refuse non-critical access.

• We will not declare or request SMS/Call Log permissions unless Zina is the default handler (SMS/Phone/Assistant) and the access is absolutely essential to core functionality documented in the listing. No advertising or unrelated use. No workarounds or alternate derivations.
   

• We request the minimum scope (coarse before fine; foreground before background).
   
• Background location is only for compelling, user-beneficial, core features and requires strong justification and consent.
   
• We never request location solely for ads/analytics.
   

• Requested only if essential to core, user-facing functionality, and subject to Play review. Clear user prompts. Never on behalf of third parties.
   

• Broad, persistent access is requested only if a core use case requires it and after review; otherwise we use privacy-preserving system pickers for one-time selection. We accommodate users who decline broad access.
   

• Used only when broad visibility is essential to core interoperability. Otherwise we use finite, targeted queries. Never sold nor shared for ads/analytics monetization.
   

• Declared in the Play listing. If Zina directly supports users with disabilities, we may set isAccessibilityTool=true. Otherwise, we provide disclosures and consent and use more narrowly scoped APIs when possible. We will not use Accessibility API to change settings without permission, circumvent privacy controls, or record remote call audio.
   

• Used only where core functionality involves sending/receiving app packages or enabling user-initiated installs (e.g., file managers, device migration). No self-updates or silent installs.
   

• We use granular Android health permissions (Android 16+) and Health Connect only for approved health/fitness/medical/research use cases, with explicit consent, minimum scope, and strict limited-use rules (no ads, no sale, no credit decisions). Additional obligations (e.g., HIPAA/GDPR) will be honored as applicable.
   

• Used only if VPN is a core feature or necessary for permitted categories (e.g., parental control, security). We disclose usage in the Play listing, encrypt traffic to the tunnel endpoint, and never redirect/monetize third-party traffic without consent.
   

• USE_EXACT_ALARM only if core functionality requires precise timing (e.g., alarms, calendars).
   
• USE_FULL_SCREEN_INTENT auto-granted only for alarms/calls; otherwise, we seek explicit consent and ensure no disruption or misuse.
   

If we show ads or use analytics, we do so in compliance with Google Play Ads policies and applicable law. We do not use restricted data (e.g., Call Logs, SMS, sensitive health data, background location without justification) for ads or profiling. Where required, we obtain consent and provide controls.

We maintain an accurate Data Safety section in Play Console that aligns with this policy and our in-app practices. We keep it up-to-date.

We may share limited data with:

• Service providers under contracts that restrict use and prohibit sale.
   
• Legal recipients (law enforcement, regulators) were to required.
   
• Business transfers (merger, acquisition) with appropriate notice.
   

Data may be processed outside your country. Where required, we use appropriate safeguards (e.g., EU-U.S./UK/Swiss Data Privacy Frameworks, SCCs).

We protect data using organizational and technical measures, including:

• Transport security (e.g., HTTPS/TLS).
   
• Access controls, least-privilege, and encrypted storage where appropriate.
   
• Secure development and vendor oversight.
  No method is 100% secure; we work to continuously improve.
   

We retain data only as long as needed for the purposes above or as required by law. When you delete your account, we delete associated data, except where retention is necessary (e.g., security, fraud prevention, legal compliance). We will clearly disclose any retained categories and durations.

• Permissions: Grant/deny in Android settings at any time; we’ll provide alternatives where feasible.
   
• Access/Correction/Deletion/Portability/Objection/Restriction: Where applicable by law (e.g., GDPR/CPRA), contact us to exercise rights.
   
• Consent withdrawal: You can withdraw consent for optional processing at any time in the App or by contacting us.
   
• Appeals & complaints: EU/UK users may contact a data protection authority; US users may have state-specific rights.
   

Zina is not directed to children under the age required by local law. We do not knowingly collect children’s personal data without appropriate consent. For child-directed features, only SDKs approved for child-directed services will be used.

If you can create an account in the App, you can request deletion in-app and outside the app (via our website):

• In-app: Settings → Account → Delete Account
   
• Web: [Insert URL]
  When we delete an account, we also delete the associated user data, subject to legal retention exceptions, which we disclose.
   

We do not impersonate others or conceal our identity or core purpose. We do not interfere with devices, networks, or other apps, and we comply with Android system optimization requirements and Play policies (including update mechanisms and no unauthorized executable code downloads). Zina targets an API level within one year of the latest major Android release, and we update to remain available to new users per Play policy.

We may update this policy from time to time. We will post the updated version in-app and/or on our website and update the “Last updated” date. Material changes will be highlighted or separately notified as appropriate.

Use these verbatim (or adapt) immediately before the Android permission dialog:

• Location (foreground):
  “Zina collects location data while you use the app to enable [feature]. We don’t sell this data.”
   
• Location (background; only if truly needed):
  “Zina collects location data in the background to enable [continuous feature], even when the app is closed. You can turn this off in Settings. We don’t sell this data.”
   
• Camera:
  “Zina uses your camera to [feature]. Photos/videos are processed only to provide this feature.”
   
• Microphone:
  “Zina uses your microphone to [feature]. Audio is processed only to provide this feature.”
   
• Photos/Videos (broad access):
  “Zina needs access to your photos/videos to [persistent feature]. If you prefer, choose files with the system photo picker instead.”
   
• Contacts/Phonebook:
  “Zina reads your contacts to [feature]. You can also enter contacts manually.”
   
• All Files Access (if approved):
  “Zina needs ‘All files access’ to [core file feature]. This is required for [clear reason]. Manage in Android ‘Special app access’.”
   
• Accessibility API (if not an accessibility tool):
  “Zina uses the Accessibility API to [clear benefit]. This does not change your settings without permission and follows Play policies.”
   

  Category Purpose Basis Retention     Account identifiers (email, UID) Sign-in, support Contract/Legitimate interest Until account deletion + [X] days   Crash/diagnostic data Debugging, reliability Legitimate interest Rolling [90] days   Location (if enabled) [Feature] Consent [As short as possible], then aggregate   Photos selected via picker [Feature] Consent Until you remove in-app or account deletion   Health/Body sensor (if enabled) [Feature] Consent [Define minimal period]     

We use [SDK name/version] for [purpose], configured to collect only the minimum necessary data. The SDK may receive:

• [Data elements] strictly for [purpose].
   
• No sale or use for ads unless separately and expressly disclosed and consented.
  Vendors: [link to list or include in-app]. We review and update this list as needed.
   

• We limit data to what’s needed for features you use.
   
• We provide clear in-app disclosures and ask before accessing sensitive data.
   
• You can deny permissions and still use the app with reasonable alternatives.
   
• We don’t sell personal or sensitive data.
   
• You can delete your account & data in-app and via web.
   
• We keep Data safety and this policy accurate and up-to-date.
   

If you’d like, I can:

1. Insert your exact company details/URLs, features, and permission list;
    
2. Generate localized versions (EN/ES); and
    
3. Produce a short Data Safety questionnaire answer set to match this policy.