Privacy Policy

Last updated: February 20, 2026

This Privacy Policy explains how Pudoru Inc. ("we," "our," or "us") collects, uses, discloses, and safeguards your information when you use our applications and services. We are committed to protecting your privacy and being transparent about our data practices.

Data Controller

The data controller responsible for your personal data is:

Information We Collect

When you use our applications, we may collect the following information:

• Account Information: Email address and name provided during sign-in
• User ID: A unique identifier for your account
• User Content: Content you create, import, and save within our applications
• Purchase History: Transaction identifiers to verify your subscription status (we do not store payment card information)
• Communication Preferences: Your marketing opt-in status for receiving promotional communications

Categories of Personal Information (CCPA)

Sources of Personal Information

We collect personal information from:

• Directly from you: When you create an account, add content, or contact support
• Authentication providers: Name and email only, when you sign in using a third-party authentication provider
• Platform app stores: Subscription verification (transaction IDs only)

Information We Do NOT Collect

We want to be clear about what we do not collect:

• No First-Party Analytics: We do not operate our own analytics or behavioral tracking systems
• No Location Data: We do not access or store your location
• No Cross-App Tracking: We do not track you across other apps or websites

Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

• Contractual Necessity (Article 6(1)(b)): Processing your account data, user content, and subscription information is necessary to provide our services to you
• Consent (Article 6(1)(a)): We process your data for marketing communications only with your explicit opt-in consent. You may withdraw consent at any time via your app settings
• Legal Obligation (Article 6(1)(c)): We may retain certain transaction records to comply with tax and accounting requirements
• Legitimate Interests (Article 6(1)(f)): We process data as necessary to protect against fraud and ensure security, where such interests are not overridden by your rights

How We Use Your Information

We use the information we collect for the following business purposes:

• Providing Services: Storing and syncing your data across devices
• Authentication: Verifying your identity and securing your account
• Subscription Management: Verifying your subscription status and managing access to premium features
• Customer Support: Responding to your inquiries and resolving issues
• Security: Protecting against unauthorized access, fraud, and abuse
• Communications: Sending service-related notifications and, with your consent, marketing communications

Data Retention

We retain your personal data as follows:

• Active Account Data: Retained for as long as your account remains active
• After Account Deletion: All personal data is permanently deleted within 30 days of account deletion, except as required by law
• Transaction Records: Subscription transaction identifiers may be retained for up to 7 years to comply with tax and accounting obligations
• Support Communications: Records of support interactions may be retained for up to 2 years for quality assurance

International Data Transfers

Your personal data is stored on servers located in the United States. If you are located outside the United States, please be aware that your data will be transferred to and processed in the United States.

For transfers from the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on:

• Standard Contractual Clauses (SCCs): We use EU-approved contractual clauses to ensure adequate protection for international data transfers
• EU-U.S. Data Privacy Framework: Our service providers may be certified under the EU-U.S. Data Privacy Framework where applicable

You may obtain a copy of the relevant transfer mechanisms by contacting us at founder@pudoru.com.

Third-Party Services

Our applications may integrate with the following categories of third-party services:

• Database Hosting: Cloud-based database infrastructure for storing and syncing your data
• Authentication Providers: Third-party sign-in services for secure account access
• Payment Processing: Platform app stores handle subscription and payment processing (we do not receive or store your payment card details)
• Ad Networks: Third-party advertising SDKs may serve non-personalized ads in free tiers of our applications. These SDKs may collect device identifiers, performance data, and ad interaction data. Pro subscribers do not see ads.

Your Privacy Rights

Rights for All Users

Regardless of your location, you have the right to:

• Access Your Data: Export your data via in-app settings
• Delete Your Account: Permanently remove all your data via in-app settings
• Data Portability: Receive your data in a machine-readable format (JSON)
• Update Your Information: Correct your profile information via in-app settings
• Manage Communications: Opt out of marketing communications via in-app settings

Additional Rights for EU/EEA Users (GDPR)

If you are located in the European Union or EEA, you also have the right to:

• Right to Rectification (Article 16): Request correction of inaccurate personal data
• Right to Erasure (Article 17): Request deletion of your personal data ("right to be forgotten")
• Right to Restriction (Article 18): Request restriction of processing in certain circumstances
• Right to Object (Article 21): Object to processing of your personal data based on legitimate interests
• Right to Withdraw Consent (Article 7): Withdraw consent for processing at any time (for consent-based processing)
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement

To exercise any of these rights, contact us at founder@pudoru.com. We will respond within 30 days.

Additional Rights for California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) provides you with additional rights:

• Right to Know: Request the categories and specific pieces of personal information we have collected about you in the past 12 months
• Right to Delete: Request deletion of your personal information
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out of Sale/Sharing: See "Do Not Sell or Share My Personal Information" section below
• Right to Limit Use of Sensitive Personal Information: We do not use or disclose sensitive personal information for purposes other than providing our services
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

Authorized Agents: You may designate an authorized agent to make requests on your behalf. The agent must provide proof of authorization and we may verify your identity directly.

To exercise your California privacy rights, contact us at founder@pudoru.com or use the in-app privacy controls.

Do Not Sell or Share My Personal Information

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.

As defined by the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), Pudoru Inc. does not sell personal information to third parties, nor do we share personal information with third parties for targeted advertising purposes.

We do not offer financial incentives for the collection, sale, retention, or deletion of personal information.

Automated Decision-Making

We do not use your personal data for automated decision-making that produces legal effects or similarly significant effects concerning you.

Children's Privacy

Our applications are not intended for children under 13 years of age (or 16 years in certain jurisdictions). We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child without parental consent, we will delete that information promptly. If you believe we have collected information from a child, please contact us immediately at founder@pudoru.com.

Data Security

We implement industry-standard security measures to protect your personal data:

• Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS/SSL
• Encryption at Rest: Your data is encrypted when stored on our servers
• Access Controls: Database policies ensure you can only access your own data
• Secure Authentication: We use industry-standard authentication protocols for account access
• Regular Security Reviews: We regularly review and update our security practices

Data Breach Notification

In the event of a data breach that affects your personal data, we will:

• Notify the relevant supervisory authority within 72 hours as required by GDPR (where applicable)
• Notify affected users without undue delay if the breach is likely to result in a high risk to your rights and freedoms
• Document the breach and remediation actions taken

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Notify you via email or in-app notification for significant changes
• Provide at least 30 days notice before material changes take effect

Your continued use of our applications after the effective date of changes constitutes acceptance of the updated policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to all privacy-related inquiries within 30 days. For EU residents, you have the right to lodge a complaint with your local data protection authority if you are not satisfied with our response.