Privacy Policy

Introduction

This privacy policy applies to the website at remnantworkshop.com and all mobile applications published by Remnant Workshop. Individual apps may use different features described in this policy (such as analytics or advertising).

Remnant Workshop, Inc. is a Delaware corporation with a principal place of business in the United States. Remnant Workshop is the data controller responsible for the data described in this policy.

Data Stored on Your Device

Some of our apps store data locally on your device to provide their core functionality. This data never leaves your device and is not accessible to us. Examples include:

• Workout logs and exercise preferences
• Vinyl record collections
• Drawings and sketches
• Edited images
• Voice recordings
• App settings and preferences

You can delete this data at any time by clearing the app's data in your device settings or by uninstalling the app.

Website Information

When you visit our website, standard web server logs may collect usage data such as your IP address, browser type, and pages visited. We use this information to improve our website and respond to inquiries.

Analytics

Some of our apps collect pseudonymous usage analytics to help us understand how people use the app and improve the experience. This data is not linked to your identity and is not used to identify you.

Analytics data may include:

• Anonymous device identifier — a random ID generated on your device, used only to count unique users. This is not your Apple ID, advertising ID, or any other system identifier.
• App usage events — which features you use (e.g., session duration, content selections, settings adjustments). These events contain no personal information.
• Device context — device type, operating system version, app version, color scheme, and language setting.
• App lifecycle events — when the app is opened, backgrounded, installed, or updated.

We use PostHog to process analytics data. PostHog acts as a data processor on our behalf and does not sell or share your data with third parties. Privacy policy: posthog.com/privacy.

We do not call PostHog's identify function — analytics data is pseudonymous and is not used to identify you.

Crash Reporting

Some of our apps (currently sound-bath-2) use Sentry (Functional Software, Inc.) for crash and error reporting. This helps us identify and fix stability issues.

In GDPR regions (EU/EEA/UK): Crash reporting is completely disabled. No crash data is sent to Sentry.

In all other regions, the following data may be collected when a crash or error occurs:

• Crash stack traces and error messages
• Device type and operating system version
• App version
• Performance traces (sampled at a 20% rate)

Crash reports do not contain names, email addresses, or user identifiers. The sendDefaultPii option is disabled, meaning no personally identifiable information is attached to reports.

Sentry acts as a data processor on our behalf. Data is processed on servers located in the United States. In regions where crash reporting is active, the legal basis for this processing is our legitimate interest in maintaining application stability (Article 6(1)(f) GDPR).

Sentry's privacy policy: sentry.io/privacy.

Advertising

Some of our apps display ads served by Google AdMob. To deliver ads, Google may collect:

• Advertising data — ad interaction data (impressions, taps) used to serve and measure ads.
• Coarse location — approximate location derived from your IP address, used by Google to serve regionally relevant ads. We do not request precise location access.
• Device identifier — on iOS, if you grant tracking permission via the App Tracking Transparency prompt, Google may use your advertising identifier to deliver personalized ads. If you decline, ads are still shown but are not personalized.

When an ad-supported app launches, you may be shown a consent form (powered by Google's User Messaging Platform) asking about your ad personalization preferences.

Google's privacy policy: policies.google.com/privacy.

Children's Privacy

Who Says Moo is designed for young children. In this app:

• Ads are served in child-directed mode with no personalized advertising or behavioral targeting.
• No analytics data is collected.
• Voice recordings (if used) are stored only on the device and are never transmitted.
• We do not knowingly collect personal information from children under 13.

Our other apps are general-audience applications not directed at children.

What We Do Not Collect

Across all of our apps, we do not collect:

• Names, email addresses, or contact information
• Account credentials or login information
• Precise location data
• Health or clinical data
• Photos, files, or user-generated content (these stay on your device)
• Data from other apps on your device
• Crash reports or diagnostic logs in GDPR regions (EU/EEA/UK). In other regions, limited crash data is collected as described in the Crash Reporting section above. Apple and Google may independently collect their own device diagnostics.

Data Sharing

We do not sell, rent, or share your personal data for monetary or cross-context behavioral advertising purposes. We do not track users across apps or websites owned by other companies unless you explicitly allow advertising tracking. We share data only with the following third-party services, and only as described in this policy:

• PostHog — anonymous usage analytics
• Google AdMob — advertising
• Sentry — crash and error reporting (non-GDPR regions only)

These services act as data processors on our behalf. We have data processing agreements in place with our service providers where required. Analytics, advertising, and crash reporting data may be processed on servers located in the United States or other countries where our service providers operate.

Data Retention

Analytics data is retained for up to one year, after which it is automatically deleted. Crash reporting data is retained by Sentry for 30 days. Data stored locally on your device persists until you clear it or uninstall the app.

GDPR (EU/EEA/UK Users)

If you are located in the European Union, European Economic Area, or the United Kingdom, the following additional information applies to you.

Legal bases for processing:

• Analytics — Consent. You must opt in before any analytics data is collected.
• Crash reporting — Currently disabled in GDPR regions pending EU data residency support. No crash data is sent. If enabled in the future, the legal basis would be legitimate interest in application stability (Article 6(1)(f)).
• Personalized advertising — Consent, collected via Google's User Messaging Platform (UMP) consent form.

Data residency: Analytics data for GDPR-region users is processed via PostHog's EU instance located in Frankfurt, Germany.

Data subject rights: Under the GDPR, you have the right to:

• Access your personal data and request a copy of the data we hold about you.
• Rectification — request correction of inaccurate data.
• Erasure — request deletion of your personal data ("right to be forgotten").
• Data portability — receive your data in a structured, commonly used format.
• Object to processing based on legitimate interest.
• Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@remnantworkshop.com.

Supervisory authority: You have the right to lodge a complaint with your local data protection authority if you believe your data has been processed unlawfully.

Your Rights

Regardless of your location, you can:

• Opt out of personalized ads by declining the App Tracking Transparency prompt on iOS, or adjusting ad preferences in your device settings.
• Delete local data by clearing app data in your device settings or uninstalling the app.
• Request deletion of analytics data by contacting us at privacy@remnantworkshop.com.
• Request access to your data — ask us what data, if any, we hold about you.
• Request data portability — receive any data we hold in a structured format.
• Withdraw consent for analytics or personalized advertising at any time.

For GDPR-specific rights (rectification, erasure, right to object, complaint to a supervisory authority), see the GDPR section above.

California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the right to:

• Know what personal information we collect and how it is used
• Request deletion of your personal information
• Opt out of the sale or sharing of personal information

We do not sell personal information. To exercise any of these rights, contact us at privacy@remnantworkshop.com.

Third-Party Links

Our website and apps may contain links to third-party websites. We are not responsible for the privacy practices of those websites and encourage you to review their privacy policies.

Changes to This Policy

We may update this policy from time to time. Updates will be posted here with a revised date.

Contact Us

If you have questions about this privacy policy, contact us at privacy@remnantworkshop.com.