How we collect, use, and protect your information.
Last updated: July 13, 2026
What's new in this version. Aletto is a connected alerting
service. It offers paid subscription plans and one-time credit
purchases (via the Apple App Store / Google Play, managed through RevenueCat); public
handles and an "Allow others to find me" setting; multiple
devices and email addresses; location alerts that trigger
when you arrive at or leave a place you save (using device location and background geofencing); adding
other users as connections and alert recipients; access grants &
permissions; email magic links; blocking and reporting of
users with content moderation; in-app data export ("Export My Data"); an in-app
Help & FAQ and support channels; accessibility support; sharing
the app via your device share sheet; and in-app advertising via Google AdMob with a
consent prompt at startup (and Apple App Tracking Transparency on iOS) for applicable
regions. It explains your rights under India's DPDP Act, the EU/UK GDPR, and US laws such as the
CCPA/CPRA. We are the Data Fiduciary / Controller for your data.
01 Interpretation and Definitions
Account: A unique account created for You to access our Service.
Application / Service: The software program named Aletto.
Company ("We", "Us", "Our"):Tandavaworks Global
LLP, Chennai, Tamil Nadu, India — acting as Data Fiduciary / Controller.
Personal Data: Any data about an identifiable individual.
Handle: A unique public username you choose to identify yourself to other users.
Connection: Another Aletto user you have linked with, or whom you designate to send
or receive alerts.
Recipient: A person (a Connection, or an email address you provide) to whom an
alert is delivered.
Saved Location: A place you save (a name and map coordinates) to reuse when
creating location alerts.
Location Alert / Geofence: An alert that triggers when your device enters, leaves,
or remains ("dwells") for a set duration within a virtual boundary (a "geofence") around a Saved
Location, so it can fire based on where you are — including while the app is closed.
Subscription: A recurring paid plan (e.g., Basic, Premium, Elite).
Credits: A consumable in-app balance (one-time purchase or included with a plan)
used to send alerts over paid channels.
Access Grant / Permission: An authorization that lets one user act in relation to
another; can be requested, approved, declined, or revoked.
Magic Link: A single-use, time-limited link sent to an email address to verify
ownership or grant/accept access.
Block / Report: Controls that let you stop another user from contacting you (Block)
or flag a user or message for our review (Report).
Data Principal / Subject / Consumer: You, the individual to whom the data relates.
02 Collecting and Using Your Personal Data
Types of data collected
Contact Information: Email, first name, last name (via Google Sign-In).
Profile & Handle: A unique public handle and display name; with your photo,
these identify you and (if discoverability is on) let others find you.
Device identifiers & multiple devices: Per device, a persistent UUID, FCM
token, and basic metadata for secure routing. Removable any time.
Additional Email Addresses: Added/verified addresses for delivery channels or magic
links, with verification status.
Profile Photo: For profile customization and identity; uploaded over HTTPS, on
private infrastructure; deletable any time.
Connections & Recipient Data: User identifier, handle, display name, and email
channels of people you connect with or send to, plus approval/consent status. Your handle, name, and
photo are visible to connections. Only add people who have agreed to receive alerts.
Location Data (only if you use location alerts): The map coordinates and name of
each Saved Location you create, and the geofence transitions (arriving at, leaving,
or dwelling at a Saved Location) that trigger your location alerts. To detect these transitions your
device's operating system monitors your location in the background, subject to the
permission you grant. Saved-location coordinates are stored encrypted, are visible
only to you, and are used solely to power your location alerts — never for advertising or profiling,
and never shared with your connections. We do not build a location history or track your continuous
movements; we only process the arrive/leave/dwell events for the places you choose. Because
geofences
are registered and monitored locally on your physical device, location alerts are bound to the
specific
device on which they were created and cannot be moved to another device; if you switch devices,
you'll need to create a new location alert on the new one. Location alerts are
entirely optional — if you never create a Saved Location or grant location permission, no location
data is collected.
Access Grants & Permissions: The users involved, the scope, and the status
(requested/approved/declined/revoked) with timestamps.
Blocking, Reporting & Moderation Data: When you block a user we record the
blocking relationship so we can stop contact. When you report a user or message, we collect the
report (reason you select, the reported content/identifier, and timestamps) and any automated or
manual moderation outcomes, to keep the Service safe and comply with law. See §6.
Email Magic Links: The destination email and a one-time, short-lived token,
invalidated once used.
Subscription & Purchase Data: Plan, status, renewal/expiry, credit balance and
transactions. We never receive/store full card or bank details — payments are
processed by Apple/Google; RevenueCat manages validation & entitlements (pseudonymous token +
product).
Advertising Identifiers & Ad Data: Google AdMob may process device advertising
identifiers — Google Advertising ID on Android, IDFA on iOS only where you permit tracking via
Apple's App Tracking Transparency (ATT) — plus coarse ad-interaction data.
Voice Data. Voice commands used to set note alerts or location alerts are processed
locally or sent securely
solely to transcribe them into text. We do not permanently store raw audio.
Never used for advertising or profiling.
Location Permission & Background Access. Location alerts rely on device location.
We request permission the first time you add a Saved Location or create a location alert. Because an
alert must be able to fire when the app is closed, we ask for background ("Allow all the
time") access; if you grant only "While using the app," alerts may not trigger in
the background and we tell you so. You can change or revoke location access at any time in your device
settings, and you can remove Saved Locations in Settings → My Locations — doing so stops the
related location alerts from firing. On Android this uses fine/coarse, background, and
foreground-service location; on iOS it uses When In Use and Always location.
Purposes of processing
To: create and secure your Account; operate your profile/handle and (where enabled) let others find you;
register and route alerts across your devices; verify email addresses and operate magic links; deliver
and route alerts to you and your Recipients; create and manage Saved Locations and trigger location
alerts when you arrive at or leave them; manage Connections, access grants, and permission requests;
operate blocking, reporting, and content moderation; provide and manage Subscriptions and Credits and
prevent fraud; display and measure advertising subject to your consent; provide an in-app Help & FAQ
and support; enable you to export a copy of your data; maintain security and accessibility; and comply
with law.
Discoverability and Visibility Controls
When you enable "Allow others to find me," your handle, display name, and profile photo
may appear in other users' search results so they can send you a connection or alert request. Turn it
off any time in settings; this stops new users from discovering you by search, while existing
connections are unaffected.
03 Advertising and Your Consent
The Service displays ads through Google AdMob. Ads may be personalized or
non-personalized depending on your region and consent.
Consent at startup (EEA, UK & Switzerland): we present a consent message at
startup via Google's User Messaging Platform (UMP), per Google's EU User Consent Policy, before
personalized ads or non-essential storage. You can change it later in Settings → Ad Privacy
Settings.
iOS App Tracking Transparency: on iOS we request permission via Apple's ATT prompt
before any cross-app tracking; declining means non-personalized ads.
Opting out: reset/limit your advertising identifier in device settings, decline
ATT/consent, or withdraw consent in-app — we then instruct AdMob to serve non-personalized ads.
Children: we do not knowingly serve personalized ads to users below the applicable
age (see §16).
We do not sell your Personal Data for money. We share it only:
With Recipients and Connections you choose — alert content and your handle, name,
and photo are shared with those you send to or connect with.
With other users via discovery, only if you enable "Allow others to find me".
With processors under contract — Google Firebase, RevenueCat, the Apple/Google
stores, and Google AdMob.
For legal reasons, where required by law or to protect rights and safety.
When you use "Share Aletto" to recommend the app, your device's share sheet sends only a
link to our store listing — we do not collect who you share with.
06 Blocking, Reporting and Moderation
To keep the Service safe, you can block and report other users, and we
apply content moderation to messages and alerts.
Blocking: Blocking a user stops them from contacting you, connecting with you, or
sending you alerts. We store the blocking relationship to enforce it; you can manage blocked users
in Settings → Blocked Users.
Reporting: When you report a user or a message, we collect the reason you select,
the reported content or identifier, and related metadata, and may review it manually or with
automated tooling.
Moderation: We may automatically screen or filter message content for prohibited
material, and may suspend or remove handles, content, relationships, or accounts that violate our
Terms. Moderation records may be retained for safety, dispute handling, and legal compliance.
07 Notifications and Your Devices
Alerts and notifications are delivered to your registered devices via Firebase Cloud Messaging and shown
using your device's notification system.
Per-device controls: You can pause a specific device or email address from
receiving your own self-alerts without affecting your other devices.
System & account notifications: Important system / account
notifications — for example subscription or credit changes, alerts being auto-paused, security and
account messages — are delivered to all of your registered devices even when a device is
paused from receiving your self-alerts, so you don't miss messages about your account.
These are operational messages tied to your use of the Service, not marketing.
Operating-system permissions: Delivery still depends on the notification permission
you grant to the app at the OS level; you can change it any time in device settings. Location alerts
additionally depend on the location permission (including background access) you
grant — see the Location Permission note in §2.
08 Platform-Specific Information (Android / iOS)
Android (Google Play)
Purchases use Google Play Billing; advertising uses the Google Advertising
ID; our practices are also summarized in the Play Data safety section. You
can reset/delete the Advertising ID in Android settings. If you use location alerts, Aletto requests
foreground and background location access (fine/coarse location,
background location, and a foreground location service) solely to detect
arrivals/departures at your Saved Locations; you can manage or revoke this in Android's location
settings.
iOS (Apple App Store)
Purchases use the Apple App Store / StoreKit; cross-app tracking for personalized ads is
gated by App Tracking Transparency; and our practices appear in Apple's App
Privacy ("nutrition label") on the App Store. Apple is not responsible for the Service or
its data practices. If you use location alerts, Aletto requests "When In Use" and then
"Always" location access so alerts can trigger in the background; you can adjust or
revoke this in iOS location settings.
09 Storage, Transfers and Retention
Data is stored securely on private servers. Some processors (e.g., Google, RevenueCat) may store/process
data outside India, including in the US and EU; international transfers rely on appropriate safeguards
such as the EU Standard Contractual Clauses. We retain data only as long as necessary for the stated
purposes or as required by legal, tax, and accounting obligations.
10 Security
We use commercially acceptable safeguards, including HTTPS encryption and secure UUID mappings, and
delegate card/payment handling to the app stores so sensitive payment credentials never reach our
servers. Sensitive actions, such as deleting your account or exporting your data, may require
re-authentication. No method is 100% secure, and we cannot guarantee absolute security.
11 Accessibility
We aim to make Aletto usable by everyone. The app is designed to work with platform accessibility
features such as screen readers (TalkBack / VoiceOver), dynamic text sizing, sufficient color contrast,
and reduced-motion preferences. Accessibility settings you choose are applied on your device and are not
used to identify or profile you. If you encounter an accessibility barrier, contact us (§19) and we will
try to help.
12 Help, FAQ and Support
The app includes an in-app Help & FAQ (opened from Settings → Support &
Feedback) and Contact Support / Send Feedback options. When
you contact us by email we receive your message, your email address, and any details you include (such
as your handle) to respond to and resolve your request.
13 Your Rights (General & India DPDP Act)
Subject to applicable law, you may access and export a copy of your
data; correct, complete, update, or erase it; withdraw consent any
time (as easily as you gave it — see §15); nominate another
person to act for you; and
seek grievance redressal with us (§19) and, if unresolved, with
the Data
Protection Board of India. Withdrawing consent may limit or end your use of the Service.
14 Regional Privacy Rights (EU/UK & US)
EEA & UK (GDPR)
Our legal bases are: contract (to provide the Service), consent (e.g.,
personalized ads and optional features), legitimate interests (security, reliability,
fraud prevention, moderation), and legal obligation. You have rights of access,
rectification, erasure, restriction, portability, and objection, and to withdraw consent. Transfers rely
on Standard Contractual Clauses or equivalent. You may complain to your local supervisory
authority.
United States (CCPA/CPRA & similar)
We do not sell personal information for money. We may "share" limited identifiers for
cross-context behavioral advertising only where permitted; California and certain other state residents
may opt out of such sharing and of personalized advertising, and we honor recognized
opt-out signals (e.g., Global Privacy Control) where required. You also have rights to know, access,
correct, delete, and to non-discrimination. Use in-app controls, the consent prompt, or our Data Request Form (which also serves
as a "Do Not Sell or Share" request).
15 Export and Delete Your Data
Export your data (in-app): Use Profile → Export My Data to download a copy
of your Aletto data as a file you can save or share. This action may require re-authentication.
Update / delete in-app: Update or delete your information any time in settings.
Account deletion permanently removes your alert history, connections, credit balances, and profile
metadata. It does not cancel an active store subscription — also cancel it in your
Apple App Store or Google Play settings. Records we must keep by law (e.g., proof of purchase) may be
retained for the legally required period.
16 Children's Privacy
The Service is for general audiences and is not directed to children under 13. We do not
knowingly collect data from children under 13. Where local law sets a higher age (e.g., India's DPDP Act
treats under-18 as children; the EU GDPR sets 13–16 by country), users below that age
need verifiable parental/guardian consent, and we do not track, behaviourally monitor,
or target ads to them. Purchases require legal capacity to contract (generally 18+). We delete any child
data collected without required consent.
17 Changes to this Privacy Policy
We may update this policy. We will post the new version here, update the "Last updated" date, and give
in-app notice of material changes where required. Continued use after changes take effect constitutes
acceptance.
18 Governing Law
This policy and your use of the Service are governed by the laws of India, including the
DPDP Act, 2023 and the IT Act, 2000, without prejudice to mandatory rights under the GDPR or applicable
US state laws.
19 Contact Us & Grievance Officer
Grievance Contact:Grievance Officer, Tandavaworks Global
LLP