1. Introduction
Hub4Apps ("we," "our," or "us") is committed to protecting your privacy and ensuring transparency about how we collect, use, store, and protect your personal information. This Privacy Policy applies to all Hub4Apps mobile applications and services (collectively, the "Services").
This Privacy Policy covers multiple Hub4Apps applications, each with different data practices. KidMode has a distinct, privacy-first model described in Section 3. If there is any conflict between general sections and the KidMode section, the KidMode-specific terms control for that app.
By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this policy, please do not use our Services.
This Privacy Policy should be read together with our Terms of Service, which governs your use of our Services.
2. Information We Collect
We collect different types of information depending on how you use our Services and which authentication method you choose.
2.1 Personal Information You Provide
Account Information (Optional)
If you create an account, we may collect:
- Email address (for email/password authentication)
- Name and profile information (from third-party authentication providers like Google or Apple)
- Authentication tokens (to maintain your logged-in session)
- User ID (unique identifier for your account)
Note: You can use some of our apps in "Guest Mode" without creating an account. Guest users have limited features and data is stored locally only.
User-Generated Content
Some apps allow you to create personal content:
- Journal entries (personal reflections, notes, and spiritual insights)
- Bookmarks and favorites (saved content items)
- Progress tracking (chapters read, scenarios completed)
- Preferences and settings (theme, font size, audio settings)
Privacy Commitment: Your personal content (especially journal entries) is encrypted using industry-standard AES-256 encryption and is never shared with other users or third parties without your explicit consent.
2.2 Information Collected Automatically
Technical and Device Information
- Device type and model (e.g., iPhone 14, Samsung Galaxy S23)
- Operating system and version (e.g., iOS 17.2, Android 14)
- App version (to ensure compatibility and provide updates)
- Device identifiers (anonymous IDs for analytics)
Network and Connection Information
- IP address (for security and fraud prevention)
- Network type (WiFi, cellular, offline)
- Approximate location (country/region level only, derived from IP address, not GPS)
KidMode Exception: KidMode does NOT collect any of the above information. No device identifiers, no analytics, no IP addresses, no network information. See Section 3 for KidMode's complete privacy model.
2.3 Information We Do NOT Collect
To protect your privacy, we explicitly do NOT collect:
- Precise geolocation data (GPS coordinates)
- Camera or photo access
- Microphone or audio recording
- Contacts or address book
- Calendar or reminder data
- Health or fitness data
- Payment card information (processed by app stores only)
- Browsing history outside our apps
- Social media connections or friend lists
3. KidMode App Privacy
KidMode is a parental utility app (Utilities category, NOT Kids Category) with enhanced privacy protections designed specifically for families. It helps parents and guardians temporarily restrict their iOS device to approved apps during supervised sessions.
KidMode is a privacy-first app. Unlike our other apps, KidMode collects ZERO personal data and requires NO account. It uses exclusively Apple's official FamilyControls and ManagedSettings APIs — no VPNs, MDM profiles, or configuration profiles are installed.
3.1 What KidMode Stores (Locally Only)
- PIN (as cryptographic hash): Stored in iOS Keychain with device-only protection. The actual PIN is never stored.
- Kid Profiles: Names, emojis, and app selections you create - stored only on your device.
- Session Data: Timer settings and active session state for crash recovery.
- Subscription Status: Synced from Apple App Store (not personal data).
3.2 What KidMode Does NOT Collect
- No account or login required
- No personal information (names, emails, phone numbers)
- No device identifiers or fingerprinting
- No usage analytics or behavior tracking
- No location data
- No app usage history beyond the current session
3.3 Apple Screen Time APIs
KidMode uses Apple's official Screen Time APIs (FamilyControls, ManagedSettings, DeviceActivity). These APIs provide:
- Opaque App Tokens: We cannot see which apps you select - only that you selected them.
- Local Processing: All restriction logic runs on your device.
- Apple's Privacy Protections: Subject to Apple's strict privacy requirements.
3.4 KidMode & Children's Privacy
KidMode is a parental control tool designed for parents/guardians to manage their own device. It is NOT a "kids app" and does not target children as users.
- The app is intended for adult device owners
- No data is collected from children using the restricted device
- Complies with COPPA through data minimization (no data collection at all)
3.5 KidMode Third-Party Services
| Service | Purpose | Data Shared |
|---|---|---|
| Apple StoreKit | Subscription purchases | Transaction data (handled by Apple) |
| Apple Screen Time APIs | Device restrictions | None - all local |
No analytics SDKs. No advertising SDKs. No tracking.
3.6 What KidMode Is NOT
To ensure clarity for users and compliance with App Store guidelines:
- NOT a Kids Category app — KidMode is a Utilities app designed for parents/guardians, not children
- NOT an MDM solution — KidMode does not install Mobile Device Management profiles or enterprise configurations
- NOT a VPN or network filter — KidMode does not route, monitor, or filter network traffic
- NOT a surveillance tool — KidMode does not monitor, log, or report child activity to any server
- NOT a content filter — KidMode restricts app access only; it does not filter content within allowed apps
4. Third-Party Authentication
We offer authentication through third-party providers for your convenience:
- Google Sign-In: If you authenticate with Google, we receive your name, email, and profile picture from Google. See Google Privacy Policy.
- Apple Sign-In: If you authenticate with Apple, we receive your name (optional) and email (which may be a private relay email). See Apple Privacy Policy.
- Email/Password: If you authenticate with email, we securely hash and store your password. We never store passwords in plain text.
5. How We Use Your Information
We use collected information for the following purposes:
5.1 To Provide and Improve Services
- Deliver app content and functionality
- Sync your data across devices (for authenticated users)
- Personalize your experience (themes, preferences, bookmarks)
- Remember your progress and settings
- Optimize app performance and user interface
5.2 To Maintain Security and Prevent Fraud
- Authenticate your identity
- Detect and prevent unauthorized access
- Identify and fix security vulnerabilities
- Prevent spam, abuse, and fraudulent activity
5.3 To Communicate With You
- Send important service updates and announcements
- Respond to your support requests and feedback
- Notify you about account-related matters
- Send optional daily verse notifications (if enabled)
Note: We do NOT send marketing emails unless you explicitly opt-in. You can unsubscribe at any time.
6. Data Storage and Security
6.1 Where We Store Data
Local Storage (On Your Device):
- App settings and preferences
- Cached content for offline access
- Guest user data (if not signed in)
- Encrypted journal entries (with encryption keys in secure device storage)
Cloud Storage (For Authenticated Users):
- Account information (email, profile)
- Encrypted journal entries (synced across devices)
- Bookmarks and progress data
- User preferences and settings
Cloud data is stored on secure servers provided by our infrastructure partner, Supabase, which uses AWS data centers. See Supabase Privacy Policy.
6.2 How We Protect Your Data
Encryption
- At Rest: All personal information is encrypted using AES-256 encryption via Supabase
- In Transit: All data transmission uses TLS 1.3 encryption (HTTPS)
- Journal Entries: Encrypted on your device before transmission using AES-256
- Encryption Keys: Stored in platform-specific secure storage (iOS Keychain, Android KeyStore)
Infrastructure Security
We host our Services on Supabase, which provides enterprise-grade security:
- SOC 2 Type II Certified - Independent security audit certification
- ISO 27001 Certified - International information security standard
- AWS Infrastructure - Secure data centers with physical security controls
- GDPR & CCPA Compliant - Meets international privacy standards
7. How We Share Your Information
7.1 We Do NOT Sell Your Data
We do NOT sell, rent, or trade your personal information to third parties for marketing purposes. Period.
7.2 Third-Party Service Providers
We share limited data with the following trusted service providers who help us operate our Services:
- Supabase - Database, backend, and authentication (SOC 2 & ISO 27001 certified)
- Apple & Google - Authentication providers for Sign in with Apple/Google
- App Stores - Payment processing for subscriptions (if applicable)
7.3 Legal Requirements
We may disclose your information if required by law or in response to valid legal process (subpoena, court order, search warrant).
8. Data Retention
We retain your information for as long as necessary to provide Services:
- Account Data: Retained while your account is active. Deleted within 30 days of account deletion.
- Journal Entries: Retained until you delete them or delete your account. Deletion is immediate and permanent.
- Crash Reports: Retained for up to 90 days, then automatically deleted.
9. Your Privacy Rights
9.1 Rights for All Users
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate or incomplete data
- Deletion: Request deletion of your account and personal data
- Export: Request a copy of your data in a portable format (JSON/CSV)
- Opt-Out: Opt-out of optional notifications and communications
9.2 California Residents (CCPA Rights)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to Know: Request details about categories of personal information collected
- Right to Delete: Request deletion of personal information
- Right to Opt-Out of Sale: We do NOT sell personal information
- Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights
12-Month Data Collection Disclosure (CCPA Requirement)
| Category | Collected? | Purpose | Sold? |
|---|---|---|---|
| Identifiers (email, name) | YES | Account creation, authentication | NO |
| Personal Content (journal entries) | YES | Provide journaling features | NO |
| Device Information | YES | App compatibility, bug fixes | NO |
| Geolocation (GPS) | NO | N/A | NO |
9.3 European Union / EEA Residents (GDPR Rights)
If you are in the European Union or European Economic Area, you have rights under the General Data Protection Regulation (GDPR):
- Right of Access: Confirm whether we process your data and request a copy
- Right to Rectification: Correct inaccurate or incomplete personal data
- Right to Erasure: Request deletion of your data
- Right to Data Portability: Receive your data in a structured format
- Right to Object: Object to processing based on legitimate interests
- Right to Lodge a Complaint: File a complaint with your local data protection authority
9.4 How to Exercise Your Rights
In-App Account Deletion: Go to Settings > Account > Delete Account
Email Requests: Send requests to support@hub4apps.com
We will respond to verified requests within 30 days (or as required by applicable law).
10. Children's Privacy
Our Services are NOT intended for children under 13 years of age (or 16 in the European Economic Area). We do not knowingly collect personal information from children under the applicable age limit.
If we become aware that we have collected personal information from a child under the applicable age without parental consent, we will take steps to delete that information as quickly as possible.
KidMode Clarification: While children may use a device during a KidMode supervised session, KidMode is operated exclusively by parents or guardians. No data is collected from children during these sessions — KidMode collects no data from anyone.
Parents/Guardians: If you believe your child has provided personal information to us, please contact us at support@hub4apps.com.
11. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:
- Privacy Inquiries: support@hub4apps.com
- General Support: support@hub4apps.com
- Website: hub4apps.com
In-App Access: This privacy policy is also accessible from within our apps, including KidMode, via the Settings or About section.
Privacy is a priority. This policy reflects transparency about data practices. For questions or concerns, please reach out via the contact methods above.