Privacy Policy – Andy Arevalo

Andy Arevalo ("we," "us," or "our") is committed to protecting your privacy. This policy covers all our apps: Student Guardian (SchoolSync), OnTime Speaker Pro, OnStage Timer Pro, Not Another Twin Calculator, Not Another Stage Timer, Duse – Habit Tracker, ThermoTimer, RoadWatch CA, CareLedger, and future releases.

1. Information We Do NOT Collect

Our apps do not gather:

Personal identifiers (name, email, phone) unless explicitly provided for app functionality
Precise geolocation data (RoadWatch CA uses approximate location only to show nearby cameras)
Contact information
Media files
Health metrics
Usage patterns or analytics
Tracking data
Device IDs
Apple ID-linked information

We do not build user profiles, track behavior, or sell data.

2. Google API Services Usage (Student Guardian)

Student Guardian (SchoolSync) uses Google API Services to provide email synchronization functionality. This section describes our use of Google user data in compliance with the Google API Services User Data Policy.

2.1 Data We Access

When you connect your Gmail account, we request access to:

Gmail Read-Only Access (gmail.readonly): To read and display your school-related emails within the app
Email Address (userinfo.email): To identify your account and display your email address in the app

2.2 How We Use Google User Data

Your Google data is used exclusively to:

Fetch and display emails from senders you designate as "trusted sources" (schools, teachers)
Extract calendar events and dates from school communications
Generate AI-powered summaries of school emails (with your explicit action)
Identify grade notifications and newsletter content

        Important: We do NOT use your Google data for advertising, marketing, or any purpose unrelated to the app's core functionality of organizing school communications.
      

2.3 Data Storage and Protection

Your Google data is protected through multiple security measures:

Local-First Storage: Email content is stored locally on your device, not on our servers
Encrypted Credentials: OAuth tokens are stored in iOS Keychain with AES-256 encryption
Secure Transmission: All API communications use TLS 1.3 encryption
No Server Storage: We do not store your emails, attachments, or email content on any external servers
Token Security: Access tokens are refreshed automatically and can be revoked at any time through your Google Account settings

2.4 Data Retention and Deletion

Email data is cached locally for offline access and deleted when you disconnect your account
You can disconnect your Google account at any time in Settings, which immediately deletes all cached email data
You can also revoke access via Google Account Permissions

2.5 AI/ML Training Disclosure

        We do NOT use Google user data for AI or machine learning model training. When you request an AI summary of an email, the email content is processed in real-time and is not stored or used to train any models. The AI summarization feature uses third-party APIs that process data ephemerally and do not retain your content.
      

2.6 Third-Party Sharing

We do not share, sell, or transfer your Google user data to third parties except:

When you explicitly request an AI summary (processed by our summarization service)
As required by law or valid legal process

3. Device-Only Storage

Limited information may remain locally on your device:

Email data and settings (Student Guardian)
Habit entries (Duse)
Calculation records (Twin Calculator)
Timer configurations (Stage Timer/Speaker Timer)
Meeting Mode information (OnTime Speaker Pro)
Session history (ThermoTimer)
Favorite cameras and groups (RoadWatch CA)
Patient profiles, medications, dose events, and caregiver notes (CareLedger)

Data remains on-device unless intentionally exported or shared by you.

3.2 CareLedger - Health Data

CareLedger handles sensitive health-related information with extra care:

Local Storage Only: All patient profiles, medications, dose events, symptoms, and caregiver notes are stored exclusively on your device
No Server Storage: Your health information is never transmitted to or stored on our servers
AI Features (Optional): When you use AI-powered features (prescription scanning, medication education), only the specific text or image being processed is sent to the AI service
AI Data Handling: AI requests are processed in real-time and not retained by the AI service
Export Control: You choose when and how to export or share your data (e.g., Visit Prep PDF summaries)

        Important: CareLedger is a personal health tracking tool for individual and family use. It is NOT HIPAA compliant and should not be used by healthcare providers, covered entities, or for any purpose requiring HIPAA compliance. This app does not provide medical advice.
      

3.1 RoadWatch CA - Location Data

RoadWatch CA requests location permission to:

Show traffic cameras near your current location
Calculate and display distances to cameras
Sort cameras by proximity

        Important: Your location data is used only on your device and is never transmitted to our servers or any third party. Camera data is fetched directly from the public Caltrans API. We do not track your location history or movements.
      

4. Payment Processing

All transactions occur through Apple's system using your Apple ID. We receive only anonymized subscription status from Apple, never your payment details.

5. No Third-Party Analytics

Our apps exclude: Google Analytics, Firebase Analytics, advertising SDKs, tracking tools, and social plugins.

6. User-Initiated Data Sharing

Exported information (such as timer reports via email/messages or shared calendar events) remains outside our control once shared.

7. Child Safety

Our apps contain no child-specific data collection mechanisms. Student Guardian is designed for parents to manage their children's school communications; children's personal data is not collected or processed.

8. Data Security

We implement industry-standard security measures to protect your data:

Encryption at Rest: Sensitive data stored using iOS Keychain (AES-256)
Encryption in Transit: All network communications use TLS 1.3
Secure Authentication: OAuth 2.0 with PKCE for third-party account connections
No Plain Text Storage: Tokens and credentials are never stored in plain text
Automatic Token Refresh: Access tokens are short-lived and automatically refreshed

9. Your Rights

You have the right to:

Access: View all data stored by our apps on your device
Delete: Remove all app data by deleting the app or using in-app data deletion options
Revoke: Disconnect third-party accounts (Gmail, Outlook) at any time
Export: Export your data where export functionality is provided

10. Policy Updates

Changes will be published on this page with an updated "Last Updated" date. Continued use of our apps after changes constitutes acceptance of the updated policy.

11. Contact

For privacy-related questions or to exercise your data rights:

Email: [email protected]
We typically respond within 48 hours.