Play All Day App Privacy Policy

Introduction
At Play All Day App ("we," "our," or "us"), we are committed to protecting and respecting your privacy in compliance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy regulations. This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal information across different regions where our services are available.
By accessing or using the Play All Day App and its services, you agree to the practices outlined in this Privacy Policy. If you do not agree with this policy, please do not use the Play All Day App.

1. What Personal Information We Collect

We collect and process various types of personal information to provide you with our services, including but not limited to:
- Account Registration Data: When you create an account, we collect your name, email address and chosen username.
- Children's Data: Nickname and birth month/year (for parent/guardian accounts).
- Purchase & Subscription Data: We collect information about your subscription status and purchase history (e.g. whether your subscription is active or expired). Payment transactions are processed securely by Apple and Google; we do not collect or store your payment card details.
- Customer Support Data: If you contact us for support, we collect the information you provide (such as your name, email and details of your enquiry).
- Analytics & Usage Data: We collect information about how you use the App, including session data, screens visited, interactions, performance data and crash data. This is collected via PostHog, an analytics provider we use to improve functionality and user experience.
- Technical Information: Device type, operating system, IP address and similar technical details that help us maintain and secure the App.
- User-Generated Content: Any documents, images, or media uploaded by users to the platform.

2. Legal Basis for Processing Personal Information

We process your data based on the following legal grounds, depending on your region:
- Consent: When you provide explicit permission for a particular purpose (GDPR, CCPA).
- Contractual Necessity: For performing a contract with you (e.g., account setup or order processing).
- Legitimate Interests: To improve our services and ensure a secure platform.
- Legal Obligation: To comply with our legal obligations such as fraud prevention or cooperating with law enforcement.

3. How We Collect Your Data

We collect your data through:
- Direct interactions: You provide data when creating an account, completing forms, or contacting us.
- Automated technologies: When you use our app, we collect data via cookies and tracking technologies.
- Third-party sources: Information from partners such as payment processors and analytics providers.

4. How We Use Your Personal Information

We use your data for the following purposes:
- App Functionality: To create and manage your account, deliver features, and provide subscription access.
- Analytics: To monitor usage trends, diagnose issues, and improve the App using tools such as PostHog.
- Customer Support: To respond to your enquiries, troubleshoot problems, and improve service.
- Marketing & Communication: To send service updates, renewal reminders if your subscription expires, and occasional information about Play All Day features or content. You can opt out of these communications at any time.
- Security: Protecting against fraudulent or unauthorised activities.
- Compliance: Meeting legal obligations such as reporting data breaches and cooperating with regulatory authorities.

We do not sell your information or use it for third-party advertising or cross-app tracking.

5. Disclosure of Your Personal Information

We disclose personal data to third parties for the following reasons:
- Service Providers: We use trusted service providers such as PostHog (for analytics) and email platforms to operate and improve the App. These providers process data only on our behalf.
- Legal Requirements: Where required by law, regulation, or legal process.
- Business Transfers: In the event of a merger or acquisition, personal data may be transferred to the new owners.
- Cross-border Transfers: Personal data may be transferred to service providers outside your region. We ensure compliance with APP 8, GDPR, and other applicable regulations for cross-border data transfers.

6. Children's Privacy

We are committed to protecting the privacy of children. In compliance with APP 3, COPPA, and GDPR-K, we do not knowingly collect personal data from children under the age of 16 without parental consent. If we become aware of data collected from a child without such consent, we will delete it.

7. Data Retention

We retain your data only as long as necessary to fulfil the purposes outlined in this policy or to comply with legal obligations. Data may be kept for up to 7 years in compliance with tax, accounting, and legal requirements, after which it will be securely deleted or anonymised.

8. Your Rights Regarding Personal Data

You have the following rights, depending on your location and applicable regulations:
- Access: Request access to your data.
- Correction: Request corrections if your data is inaccurate or incomplete.
- Erasure: Request the deletion of data that is no longer needed.
- Restriction: Request restrictions on processing your data.
- Objection: Object to data processing for marketing purposes.
- Data Portability: Request a transfer of your data to another service provider.
To exercise these rights, please get in touch with us at hello@playalldayapp.com.au.

9. Data Security

We use appropriate security measures to protect your data, including:
- Encryption: AES-256 encryption for data at rest and TLS 1.2/1.3 for data in transit.
- Access Control: Only authorised personnel can access sensitive data.
- Anonymisation: Personal data is anonymised or pseudonymised where possible for analysis.
In the event of a data breach, we will notify affected users and the appropriate authorities in compliance with regional regulations.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to:
- Enhance user experience.
- Track website usage and performance.
- Improve security.
- Personalise content and advertising.
You can manage your cookie preferences through your browser settings or opt out of certain cookies through available tools.

11. Cross-Border and International Data Transfers
Where we transfer your data to third parties outside of Australia, we ensure compliance with the Australian Privacy Principles (APPs), General Data Protection Regulation (GDPR), and other relevant privacy regulations. We implement appropriate safeguards, such as Standard Contractual Clauses (SCCs), to ensure that your data is protected during these transfers.

We strive to ensure that any third-party service providers or partners receiving your data adhere to equivalent high standards of data protection. If a transfer occurs outside Australia, it will only proceed where the recipient complies with Australian privacy laws or where the transfer is otherwise lawful under the relevant regulations.

12. Complaints

If you believe we have breached Australian privacy law or any applicable privacy laws in other jurisdictions, you can submit a complaint to our Privacy Officer at hello@playalldayapp.com.au. You can also contact the Office of the Australian Information Commissioner (OAIC) via their website at www.oaic.gov.au or by mail at GPO Box 5218 Sydney NSW 2001. For users in the EU, you may also contact your local data protection authority.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If changes are significant, we will notify you in the App or by email.

15. Contact Us

If you have any questions or concerns about this Privacy Policy or how your data is handled, please get in touch with us at:
Email: hello@playalldayapp.com.au