Below is a modern, responsive, 2026-updated Privacy Policy page (single self-contained HTML file with full CSS + a small JS layer for theme toggle, table-of-contents generation, section collapsing, search, and print). It references the UK GDPR / Data Protection Act 2018 framework and PECR-style tracking consent expectations, and it aligns with Google Play’s expectation that apps disclose data use and obtain valid consent where required. ([GOV.UK][1]) ```html Privacy Policy — OnPoint Tech (Updated 2026)

OnPoint Tech

Privacy Policy (2026 edition)

Privacy Policy

Controller: Kai Piper (Independent Developer) Service: OnPoint Tech (Android app) Effective: 6 January 2026 Version: 2026.1
Plain-English summary: OnPoint Tech is designed to work with minimal personal data. Some versions of the app may use third-party SDKs (for example, Google Play services and advertising/analytics tooling) that can process device identifiers and usage signals. This policy explains what may be processed, why, how long it’s kept, and the choices and rights you have under applicable data protection laws.
Key commitments
  • Data minimisation: collect/process only what is needed to operate, secure, measure, and improve the Service.
  • No intentional sale of data: OnPoint Tech does not sell your personal data.
  • Transparency: explain categories, purposes, legal bases, recipients, and retention.
  • Controls: offer opt-outs where feasible and explain OS-level controls (Advertising ID, consent settings).
Tip: Use the search box to quickly find “Advertising ID”, “Retention”, or “Your rights”.
Contact & complaints

If you have questions about privacy, use the developer contact method shown on the app’s Google Play listing (Developer contact section) or any in-app contact method provided.

If you are in the UK and believe your data protection rights have been infringed, you may also contact the UK Information Commissioner’s Office (ICO).

This policy is informational and not legal advice.
Updated for 2026 UK/EU-style privacy structure Mobile app + SDK disclosures
Last reviewed: 6 January 2026

1) Scope

What this policy covers

This Privacy Policy explains how Kai Piper (“we”, “us”, “our”) processes information when you use the OnPoint Tech mobile application (the “Service”).

This policy applies to the Service as distributed through app stores (including Google Play) and any related pages we make available for help, privacy, or support. It does not apply to third-party websites, services, or SDK providers that you may access via links from within the Service.

Important: Mobile apps commonly rely on operating system services and third-party SDKs (e.g., Google Play services, advertising, crash reporting). Those providers can process information under their own privacy policies.
See: Section 7 (Third-party services) and Section 10 (International transfers).

2) Definitions

Key terms used in this policy
  • Personal data / personal information: information that identifies you or can reasonably be linked to you (directly or indirectly).
  • Processing: any operation performed on data (collection, storage, use, sharing, deletion, etc.).
  • Controller: the party deciding why and how personal data is processed (here: Kai Piper for the Service’s decisions).
  • Processor: a party processing data on behalf of a controller (e.g., hosting, analytics, crash reporting providers).
  • Device identifiers: identifiers associated with your device/app instance, which may include an Advertising ID or similar SDK identifiers.
  • Advertising ID: an OS-provided identifier (e.g., Android Advertising ID) used to support advertising and measurement features.

3) What information may be processed

Data categories

The Service is designed to operate with limited personal data. Depending on the app build and which features are enabled, the following categories may be processed:

Category Examples Purpose Typical legal basis (where applicable) Where processed
Device & app identifiers Advertising ID App instance IDs SDK identifiers
Identifiers used for ads measurement, analytics, fraud prevention, and service integrity.
 Deliver/measure ads (if enabled), analytics, detect abuse, enforce frequency caps, prevent fraud. Consent (where required), legitimate interests, contract (service delivery), compliance obligations. On device; third-party SDK endpoints (e.g., Google services) depending on configuration.
Diagnostics & log data Crash traces, performance metrics, app state at time of crash, device model, OS version, timestamps. Stability, bug fixing, performance tuning, security monitoring. Legitimate interests; contract (service provision); consent where required. On device; third-party crash/diagnostics services if enabled.
Usage & interaction analytics Screen views, button events, feature usage, session length, coarse engagement signals. Understand feature usefulness, improve UX, identify regressions, prioritise fixes. Consent (common for analytics in some regions), legitimate interests (where permitted). On device; analytics provider endpoints if enabled.
Network / technical data IP address (typically handled by network providers/SDK endpoints), approximate region (inferred), request headers, connectivity status. Security, fraud prevention, rate limiting, service delivery, debugging. Legitimate interests; contract; compliance obligations. Primarily processed by network/SDK providers; limited use within the Service where feasible.
User-provided content (if any) If the Service includes forms or feedback features: messages you type, attachments you submit. Provide support, respond to requests, improve the Service. Contract; legitimate interests; consent (context-dependent). On device; transmitted only when you submit it.
About “retained on your device”: Some information may stay local (e.g., settings and caches). However, if third-party SDKs are enabled (ads/analytics/crash reporting), those SDKs may transmit certain identifiers and event/diagnostic data to their services as part of their normal operation.
See Sections 7, 8, and 12.

4) How we use information

Purposes of processing

We use information only for purposes consistent with operating and improving the Service, including:

  • Service delivery: maintain app functionality, store preferences, and provide requested features.
  • Reliability and debugging: investigate crashes, errors, and performance issues.
  • Security: detect, prevent, and respond to abuse, fraud, and malicious activity.
  • Analytics (if enabled): understand how the Service is used to improve features and usability.
  • Advertising (if enabled): deliver and measure ads, manage frequency caps, and detect invalid traffic.
  • Legal compliance: comply with valid legal requests and applicable laws.

6) Advertising ID, ads, and analytics

How identifiers may be used

Some versions of the Service may access the Android Advertising ID (or similar identifiers) to support: advertising (showing and measuring ads) and user analytics (measuring engagement and feature usage).

Your choices and controls (Android):

  • Reset your Advertising ID: you can reset it from Android settings to reduce linkability over time.
  • Opt out of personalised ads: Android provides settings to limit personalised advertising.
  • Consent controls: if the app provides an in-app consent/ads preference screen, you can change your choices there.
  • App permissions: if the Service requests optional permissions, you can deny them; the Service may provide reduced functionality.
Important nuance: Advertising/analytics are typically provided by third-party SDKs. Even if the Service does not operate its own servers, those SDKs can process identifiers and events under their own roles and policies.
See Sections 7 and 10 for third-party and cross-border details.

7) Third-party services

SDKs and providers that may process data

The Service may use third-party services that can process information (including identifiers and diagnostics). These providers act under their own privacy policies and terms.

Common examples include:

Service providers and confidentiality: Where we use providers to perform services on our behalf (e.g., crash reporting), they are expected to process data only for the agreed purposes and to maintain appropriate confidentiality and security safeguards.
Even so, each provider’s own role (controller vs processor) and disclosures may vary by product and configuration.

8) Sharing and disclosures

When data is shared

We disclose information only in limited circumstances:

  • To service providers: to operate, secure, analyse, and improve the Service (e.g., crash reporting, analytics, ads).
  • For legal reasons: to comply with applicable law, lawful requests, or to protect rights, safety, and security.
  • Business changes: if the Service is transferred (e.g., merger, acquisition), subject to this policy and applicable law.
  • With your direction: if you choose to share something through the Service (e.g., sending feedback).

No sale of personal data: OnPoint Tech does not sell your personal data as a business model.

9) Data retention

How long data is kept

Retention depends on the data type and how the Service is configured:

  • On-device data: settings/caches may remain until you clear app data, uninstall the app, or reset settings.
  • Diagnostics and logs: may be retained for a limited period to investigate issues, then deleted or aggregated.
  • Analytics: may be retained to understand long-term trends (often in aggregated form).
  • Advertising: measurement signals and identifiers (if used) are retained per the advertising provider’s policies and controls.
Principle: We aim to retain data only as long as necessary for the stated purposes, after which it is deleted, anonymised, or aggregated where feasible.
If you uninstall the app, on-device data is removed by the OS; third-party retention (if any) follows their policies.

10) International transfers

Cross-border processing

If third-party providers are used (e.g., Google services), information may be processed in countries outside your country of residence. Where UK/EU-style transfer restrictions apply, providers typically rely on approved mechanisms (such as standard contractual clauses and related addenda), plus technical and organisational safeguards.

You should review the privacy policies of the relevant providers for details on their international data transfer practices.

11) Security

How data is protected

We use commercially reasonable technical and organisational measures appropriate to the nature of the Service and the risk profile, such as secure development practices, least-privilege access principles, and dependency review.

However, no transmission method or storage system is guaranteed to be 100% secure. You use the Service at your own risk.

12) Your rights

Access, deletion, objection, portability

Depending on where you live, you may have rights over your personal data. Under UK/EU-style rules, these may include:

  • Right to be informed about how data is used.
  • Right of access to the data held about you.
  • Right to rectification of inaccurate data.
  • Right to erasure (in some circumstances).
  • Right to restrict processing (in some circumstances).
  • Right to data portability (in some circumstances).
  • Right to object to certain processing (e.g., based on legitimate interests).
  • Rights related to automated decision-making/profiling (where applicable).

Because OnPoint Tech is designed to minimise server-side storage, the ability to retrieve or delete specific data may depend on whether a third-party SDK processed it. In those cases, your request may need to be directed to the relevant provider as well.

How to exercise rights: Use the developer contact method shown on the app’s store listing (Developer contact section) or any in-app support mechanism. Include enough detail to identify the relevant device/app instance, and we will respond as required by applicable law.
If we cannot verify the request, we may ask for additional information to protect your data against unauthorised access.

13) Cookies, tracking, and similar technologies

Cookies, SDKs, and device identifiers

The Service itself does not typically set “cookies” in the way websites do. However, mobile SDKs and embedded web content (if any) may use cookies or similar technologies (including SDK identifiers and local storage) to provide features like analytics and advertising.

Where consent is required by law for certain tracking activities, we aim to request consent before enabling those activities and provide a way to change your choice.

14) Children’s privacy

Under-13 policy

The Service is not directed to children under the age of 13. We do not knowingly collect personal data from children under 13.

If you are a parent or guardian and believe a child has provided personal data, contact us via the developer contact method shown on the app’s store listing. We will take appropriate steps consistent with applicable law.

16) Changes to this policy

Updates and notice

We may update this Privacy Policy from time to time to reflect changes in the Service, legal requirements, or third-party integrations. Updates are effective when posted on this page (unless a later date is stated).

If changes are material, we may provide additional notice in the app or on the store listing where feasible.

17) Jurisdiction-specific notices

UK/EU/US-style add-ons

This section provides additional context for certain jurisdictions. It does not replace the main policy sections above.

  • UK: Data protection is governed by the UK GDPR and Data Protection Act 2018; you can complain to the ICO if needed.
  • EEA/EU: Similar rights apply under the EU GDPR when it is applicable to your situation.
  • US (state laws): Some states grant rights to access, delete, or opt out of certain processing (e.g., targeted advertising). Where applicable, we will honour such rights to the extent feasible given the Service architecture and third-party SDK roles.
  • Other regions: Additional rights may exist under local laws (e.g., LGPD, PIPEDA). Contact us via the store listing for requests.
Practical limitation: If a third-party provider acts as an independent controller for certain processing (common for advertising), you may need to use their controls (e.g., ad personalisation settings) in addition to contacting us.
See Section 6 for OS controls and Section 7 for provider links.

18) Contact

How to reach the developer

If you have questions or requests about this Privacy Policy, contact the developer using:

  • Google Play listing: the “Developer contact” information displayed on the OnPoint Tech store page.
  • In-app support: any support/contact feature provided within the app (if available).

Please include: your country/region, the app version, your device model, and a clear description of your request.

``` If you want, paste your *actual* Google SDK list (AdMob/Firebase/Crashlytics/etc.) and I will tighten Section 3/6/7 so it precisely matches your real data flows (which matters for both legal accuracy and Google Play’s Data Safety disclosures). ([developers.google.com][2]) [1]: https://www.gov.uk/data-protection?utm_source=chatgpt.com "The UK's data protection legislation" [2]: https://developers.google.com/admob/android/privacy/play-data-disclosure?utm_source=chatgpt.com "Google Play's data disclosure requirements | Android"