PRIVACY POLICY
Effective Date: 05/17/2025
PREAMBLE
This Privacy Policy (“Policy”) governs the manner in which BluTapp, Inc. (“Company,” “we,” “us,” or “our”), collects, utilizes, maintains, and discloses data obtained from users (“User,” “you,” or “your”) of the BluLateral mobile application (“Application”). This Policy applies to the Application and all products and services offered by the Company in connection therewith. The utilization of third-party services, such as analytics and crash reporting services, services rendered by Google LLC (“Google”), is also addressed herein.
Your access to and use of the Application signifies your acknowledgment, understanding, and unequivocal agreement to be bound by the terms and conditions set forth in this Policy and any ancillary terms of service. Should you not concur with any provision of this Policy, you are hereby instructed to cease all access to and utilization of the Application.
The Company reserves the exclusive right to amend, modify, or otherwise revise this Policy at its sole discretion and at any time. Notification of such revisions will be effectuated by updating the “Effective Date” of this Policy. Users are advised to periodically review this Policy to remain informed of such revisions.
ARTICLE I: DEFINITIONS
For the purposes of this Policy, the terms listed hereunder shall have the meanings ascribed to them below:
1.1. Application: Shall mean the BluLateral mobile software application. 1.2. Personal Data: Shall mean any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular natural person or household. 1.3. Usage Data: Shall mean data collected automatically, either generated by the utilization of the Application or from the Application infrastructure itself (e.g., the duration of a session). 1.4. Service Provider: Shall mean any natural or juridical person who processes data on behalf of the Company. This definition encompasses third-party entities or individuals engaged by the Company to facilitate the Application, provide the Application on its behalf, perform Application-related services, or assist the Company in analyzing the utilization of the Application. Google is designated as a material Service Provider for Firebase services. 1.5. Data Controller: Shall mean the natural or juridical person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any Personal Data are, or are to be, processed. For the purposes of this Policy, the Company is the Data Controller of Personal Data directly collected via the Application. 1.6. Data Processor: Shall mean any natural or juridical person who processes data on behalf of the Data Controller. Google acts as a Data Processor for data processed through Firebase Analytics and Firebase Crashlytics under the Company’s instruction.
ARTICLE II: DATA COLLECTION PRACTICES
The Company may collect various categories of data pertaining to Users. The nature and extent of data collection are contingent upon the User’s interaction with the Application and the functionalities utilized.
2.1. Personal Data Furnished by the User: The Company collects Personal Data that Users voluntarily furnish when engaging in specific activities within the Application, including but not limited to account registration, form submission, correspondence with customer support. The categories of Personal Data so furnished may include: (a) Full Legal Name (b) Electronic Mail Address (c) User-selected credentials (example: username, password) (d) User-defined preferences (e) Survey responses
2.2. Automatically Processed Data (Usage Data): Upon User access and utilization of the Application, the Company may automatically process certain data pertaining to the User’s device and interaction with the Application. Such data may encompass: (a) Device Specifications: Including, but not limited to, the mobile device’s unique identifier (e.g., Android ID, IDFA/IDFV), device model, operating system type and version, Internet Protocol (IP) address, mobile network information, language settings, and screen resolution. (b) Application Interaction Metrics: Data concerning User interactions with the Application, such as functionalities utilized, screens or pages viewed, actions undertaken within the Application, timestamps of activities, frequency of utilization, and referring application or website details. (c) Location Data: General geographic location may be inferred from the User’s IP address. Collection of precise geolocation data (e.g., GPS coordinates) shall only occur subject to the User’s explicit prior consent. (d) Cookies and Analogous Tracking Technologies: Firebase services may utilize identifiers for data collection as further described herein; the Company does not typically deploy supplementary cookies within the mobile Application environment in a manner analogous to traditional websites.
2.3. Data Collection via Third-Party Services: The Company utilizes Firebase Analytics and Firebase Crashlytics (services provided by Google) for Application enhancement and User behavior analysis.
(a) Firebase Analytics: (i) Purpose: Firebase Analytics is employed to gather statistical data regarding User interaction with the Application. This facilitates an understanding of User requirements, identification of prevalent functionalities, improvement of Application performance, optimization of User experience, and informed decision-making for future development. (ii) Data Categories: Firebase Analytics automatically processes specific Usage Data, which may include, without limitation: device specifications (as delineated in Section 2.2.a); instance identifiers or other unique device identifiers (e.g., Android Advertising ID, iOS Identifier for Advertisers); Application usage metrics (e.g., application launches, functionalities utilized, screens viewed, session duration, user-defined in-app events, user-configured properties); IP addresses (potentially utilized for general geolocation); and demographic/interest data (if Google signals are activated and data is available in an aggregated, de-identified format). (iii) Data processed by Firebase Analytics is generally aggregated and may be subjected to anonymization or pseudonymization. (iv) For comprehensive details regarding Google’s data collection, utilization, and protection practices pertaining to Firebase, and User options, Users are directed to review Google’s Privacy Policy (https://policies.google.com/privacy) and the Firebase privacy documentation (https://firebase.google.com/support/privacy).
(b) Firebase Crashlytics: (i) Purpose: Firebase Crashlytics is utilized to monitor Application stability, and to identify, diagnose, and rectify crashes, errors, and performance anomalies. This enables the Company to expeditiously address software defects and enhance overall Application reliability. (ii) Data Categories: In the event of an Application crash or non-fatal error, Firebase Crashlytics automatically collects data pertinent to the incident, which may encompass: crash traces (Application and device state at the time of the crash, including code stack traces); device specifications (e.g., device model, operating system version, orientation, RAM, disk space); Application version and build identifier; unique device identifiers or installation UUIDs for correlating crash data with specific Application instances; Application log data relevant to the crash context (if custom logging is implemented by the Company); and data regarding device state (e.g., battery level, network connectivity) and settings. (iii) Such data is integral to the Company’s ability to ascertain the context of a crash and effectuate its resolution. (iv) For further information concerning Google’s data practices for Firebase Crashlytics, Users are referred to the Google and Firebase privacy resources hyperlinked above.
ARTICLE III: UTILIZATION OF COLLECTED DATA (PURPOSES OF PROCESSING)
The Company utilizes collected data, inclusive of Personal Data and Usage Data, for the following enumerated purposes:
3.1. Provision, operation, and maintenance of the Application and its constituent functionalities. 3.2. Enhancement, personalization, and expansion of the Application, including the tailoring of content and user experiences. 3.3. Comprehension and analysis of User utilization of the Application, monitoring of usage patterns, and aggregation of demographic data (principally via Firebase Analytics). 3.4. Identification, diagnosis, and resolution of technical issues, software defects, and application crashes (principally via Firebase Crashlytics). 3.5. Development of new products, services, features, and functionalities predicated on User feedback and usage analysis. 3.6. Communication with Users, whether directly or through authorized partners, for purposes including, but not limited to, customer service, provision of Application-related updates and information, and marketing and promotional activities (subject to applicable law and User consent, where requisite). 3.7. Processing of User transactions 3.8. Prevention of fraudulent activities, ensuring of security, and enforcement of the Company’s terms and policies. 3.9. Compliance with applicable legal and regulatory obligations and response to lawful requests from public authorities. 3.10. Any other purpose for which the User provides explicit consent.
ARTICLE IV: DISCLOSURE AND SHARING OF DATA
The Company does not engage in the sale of User Personal Data. The Company may share data collected from Users under the circumstances delineated below:
4.1. With Service Providers: The Company may disclose data to third-party vendors, consultants, and other Service Providers who perform services on its behalf and require access to such data to effectuate said services. (a) Specifically, Usage Data and crash report data are shared with Google LLC for the provision of Firebase Analytics and Firebase Crashlytics services as described herein. Google, in its capacity as a Data Processor, is contractually and legally obligated to protect such data in accordance with its privacy policies and its contractual agreements with the Company.
All such Service Providers are contractually obligated to implement appropriate safeguards for User data and are restricted from utilizing Personal Data for any purpose extraneous to the services contracted by the Company.
4.2. For Legal Obligations and Protection of Rights: The Company may disclose User data if legally compelled to do so, or in the good faith belief that such action is necessary to: (a) comply with a legal obligation, subpoena, court order, or other lawful governmental mandate; (b) protect and defend the rights, property, or safety of the Company, its Users, or the public; (c) prevent or investigate potential malfeasance in connection with the Application; or (d) protect the personal safety of Application Users or the public.
4.3. In Connection with Business Transfers: The Company may share or transfer User data in connection with, or during the negotiation of, any merger, sale of Company assets, financing, or acquisition of all or a portion of its business by another entity. Users will be notified prior to their Personal Data being transferred and becoming subject to a disparate privacy policy.
4.4. Aggregated or De-identified Data: The Company may share aggregated or de-identified data, which cannot reasonably be utilized to identify a User, with third parties for research, marketing, analytical, or other legitimate purposes.
4.5. Subject to User Consent: The Company may disclose a User’s Personal Data for any other purpose not specified herein, subject to the User’s explicit prior consent.
ARTICLE V: USER DATA PROTECTION RIGHTS
The Company is committed to facilitating User control over their Personal Data. Contingent upon the User’s geographical location and applicable data protection legislation (e.g., the General Data Protection Regulation (GDPR) for Users within the European Economic Area; the California Consumer Privacy Act (CCPA) for California residents), Users may possess the following rights concerning their Personal Data:
5.1. Right of Access: The right to request access to and copies of Personal Data held by the Company. 5.2. Right to Rectification: The right to request correction of any Personal Data deemed inaccurate or incomplete. 5.3. Right to Erasure (Right to be Forgotten): The right to request erasure of Personal Data, subject to certain statutory conditions. 5.4. Right to Restrict Processing: The right to request restriction of the processing of Personal Data, subject to certain statutory conditions. 5.5. Right to Data Portability: The right to request the transfer of Personal Data collected by the Company to another organization, or directly to the User, subject to certain conditions (primarily applicable to data processed by automated means predicated on consent or contract). 5.6. Right to Object to Processing: The right to object to the Company’s processing of Personal Data, subject to certain conditions (e.g., for direct marketing or processing based on legitimate interests). 5.7. Right to Withdraw Consent: Where processing is predicated on User consent, the right to withdraw such consent at any time. Such withdrawal shall not affect the lawfulness of processing undertaken prior to the withdrawal.
Exercising User Rights: To exercise any of the aforementioned rights, Users shall direct their requests to info@blulateral.com. The Company shall respond to such requests in accordance with applicable data protection laws. The Company may require verification of the User’s identity prior to acceding to such requests.
Specific Choices Pertaining to Firebase Services:
Firebase Analytics: Users may typically exercise control over the collection of certain advertising identifiers (e.g., Google Advertising ID on Android; Apple's Identifier for Advertisers on iOS) via their mobile device's operating system settings. Users are advised to consult their respective device documentation for instructions. Google provides Users with controls over data collected by Google services, potentially including management of activity data via Google's "My Activity" page (https://myactivity.google.com/myactivity).
Firebase Crashlytics: Firebase Crashlytics is integral to maintaining the stability and performance of the Application. Firebase Crashlytics automatically processes crash data to facilitate Application stability improvements. This functionality is intrinsic to the Application's performance.
Location Data Choices: Users may enable or disable location services for the Application at any time via their mobile device’s settings.
ARTICLE VI: DATA RETENTION
The Company shall retain User Personal Data only for such duration as is necessary to fulfill the purposes articulated in this Policy. Personal Data shall be retained and utilized to the extent necessary to comply with the Company’s legal obligations (e.g., statutory data retention requirements), resolve disputes, and enforce its legal agreements and policies.
Usage Data, including data processed by Firebase Analytics and Crashlytics, is generally retained for a shorter term, unless such data is utilized to enhance Application security or functionality, or the Company is legally mandated to retain such data for extended periods. Firebase services adhere to their own data retention schedules, detailed in Google’s Firebase documentation. The Company configures Firebase Analytics data retention controls to their default settings. Crashlytics retains crash data for a period determined by Google to permit analysis and resolution.
ARTICLE VII: DATA SECURITY
The Company implements and maintains reasonable administrative, technical, and physical security measures designed to protect User Personal Data from unauthorized access, use, alteration, or destruction. Notwithstanding these measures, Users are hereby advised that no security system is infallible, and no method of data transmission over the Internet or method of electronic storage is entirely secure. Consequently, the Company cannot guarantee the absolute security of Personal Data. Any disclosure of Personal Data is undertaken at the User’s own risk.
Firebase services incorporate robust security measures to protect data processed on the Company’s behalf, as detailed in Google’s security documentation.
ARTICLE VIII: INTERNATIONAL DATA TRANSFERS
User data, including Personal Data, may be transferred to, and maintained on, computer systems situated outside of the User’s state, province, country, or other governmental jurisdiction where data protection laws may differ from those of the User’s jurisdiction.
Users located outside of the United States of America who elect to provide data to the Company are hereby notified that the Company transfers data, including Personal Data, to the United States of America for processing. Furthermore, as Google operates globally, data processed by Firebase services may be stored and processed on servers located in various countries worldwide, including the United States.
The Company shall undertake all steps reasonably necessary to ensure that User data is treated securely and in accordance with this Policy. No transfer of Personal Data shall occur to an organization or country unless adequate data protection controls, including the security of said data, are in place. For data transfers involving Google’s services, Google utilizes mechanisms such as Data Processing Agreements, Standard Contractual Clauses, and its Data Privacy Framework certification (where applicable) to ensure the lawfulness of such transfers.
ARTICLE IX: CHILDREN’S PRIVACY
The Application is not designed for, nor is it intended for utilization by, individuals under the age of thirteen (13) if in the U.S., or sixteen (16) for GDPR in many EU countries, or the relevant age of digital consent in operative jurisdictions. The Company does not knowingly collect Personal Data from Minors.
If a parent or legal guardian becomes aware that their Minor child has provided Personal Data to the Company without requisite consent, said parent or guardian shall contact the Company at info@blulateral.com. Upon verification that Personal Data has been collected from Minors without appropriate parental consent, the Company shall take commercially reasonable steps to delete such information from its servers.
ARTICLE X: EXTERNAL LINKS AND THIRD-PARTY SERVICES
The Application may contain hyperlinks to external websites or services not operated by the Company. Users who click on such third-party links will be redirected to the respective third-party’s site or service. The Company strongly advises Users to review the privacy policy of every external site visited. The Company exercises no control over, and assumes no responsibility or liability for, the content, privacy policies, or practices of any third-party sites or services.
ARTICLE XI: MODIFICATIONS TO THIS PRIVACY POLICY
The Company reserves the right to modify or amend this Policy at its sole discretion and at any time. Notification of any such modifications will be effectuated by posting the revised Policy within the Application and by updating the “Effective Date” indicated at the commencement of this Policy. In certain circumstances, the Company may elect to provide more conspicuous notice (e.g., via in-app notification or electronic mail, if User contact information is available).
Users are advised to review this Policy periodically for any revisions. Revisions to this Policy become effective upon their posting. Continued utilization of the Application by the User subsequent to any modification of this Policy shall constitute the User’s acceptance of, and agreement to be bound by, such modifications.
ARTICLE XII: CONTACT INFORMATION
For any inquiries, concerns, or requests pertaining to this Privacy Policy, the Company’s data practices, or the User’s interactions with the Application, Users may contact the Company via the following channels:
Electronic Mail: info@blulateral.com
Company Website: https://www.blulateral.com/support