Privacy Policy

1. Introduction

This Privacy Policy explains how Complexity Solution ("we", "us", "our") collects, uses, shares, and protects information when you use the Alarmyx mobile application ("App") on iOS and Android devices.

By downloading, installing, accessing, or using the App, you acknowledge that you have read, understood, and agree to be bound by all the terms of this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the App.

We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the "Last Updated" date of this Privacy Policy. You are encouraged to periodically review this Privacy Policy to stay informed of updates. You will be deemed to have been made aware of, will be subject to, and will be deemed to have accepted the changes in any revised Privacy Policy by your continued use of the App after the date such revised Privacy Policy is posted.

2. Who We Are & How to Contact Us

Data Controller: Complexity Solution

For privacy-related requests (access, correction, deletion, or questions about this policy), contact us at:

3. Summary of Our Data Practices

Below is a high-level overview of how Alarmyx handles your data. Detailed explanations follow in subsequent sections.

• Guest mode: You can use basic alarm features without an account. Your alarms and settings stay on your device and are not sent to our servers.
• Registered accounts: We collect account information (such as email and display name) to provide login, leaderboard, and subscription features.
• Alarms: Alarm schedules, labels, sounds, and quest settings are stored locally on your device, not on our cloud servers.
• Quest performance: If you are signed in and complete a dismiss quest, we send quest timing and difficulty to our servers for leaderboard ranking.
• Subscriptions: Purchases are processed by Apple (App Store) and Google (Play Store). We receive purchase validation data to unlock premium features.
• Advertising: Free-tier signed-in users may see ads served by Google AdMob. We may request App Tracking Transparency (ATT) permission on iOS to show more relevant ads. Premium subscribers and guest users do not see ads.
• Health data: Apple HealthKit permissions are declared in the App, but sleep/health integration is not active yet. We do not currently read or write HealthKit data.
• No third-party analytics or crash reporting: No third-party analytics SDKs (such as Firebase Analytics, Amplitude) or crash reporting tools (such as Sentry) are integrated in the current version of the App.

4. Information We Collect

We collect information about you in a variety of ways depending on how you use the App. The information we may collect depends on whether you use the App as a guest or create an account, and which features you choose to use.

4.1 Information You Provide Directly

Account Registration (Email & Password)

When you create an account, we collect:

• Email address (used for account creation, authentication, and communication)
• Password (stored on our servers in hashed form; we do not store your plain-text password)
• Display name / username (visible on leaderboards to other users)
• Country/region (ISO country code you select at sign-up, used for regional leaderboards)
• Account recovery code (generated at sign-up; stored locally on your device and on our servers for password reset purposes)

Sign in with Apple

If you use Apple Sign-In, we receive from Apple (with your permission):

• Apple identity token (used to authenticate you securely)
• Apple user identifier (unique anonymous ID assigned by Apple)
• Email address (Apple may provide a private relay email to protect your real email)
• Name (only on first sign-in, if you choose to share it with us)

Sign in with Google

If you use Google Sign-In, we receive:

• Google ID token (used to authenticate you)
• Profile information made available by Google (such as name and email, depending on your Google account privacy settings)

Profile Updates

You may update your display name and region at any time in the App Settings. These changes are sent to our servers to keep your profile current across sessions and devices.

Customer Support

If you contact us via the "Contact Support" feature within the App, you choose what to write in your email. The App may pre-fill non-personal diagnostic information in the email body to help us troubleshoot:

• App name and version number
• Bundle identifier
• Operating system type and version
• Device model name (as reported by the OS)
• Device locale/language setting

We only receive this diagnostic information if you voluntarily send the email.

4.2 Information Collected Automatically

Authentication Session

When you sign in, we issue access and refresh tokens. These are stored securely on your device to keep you logged in and to authorize API requests to our backend. Tokens are transmitted over encrypted connections (HTTPS/TLS).

Quest Completion & Leaderboard (Signed-In Users Only)

When you successfully complete an alarm dismiss quest, the App sends the following information to our servers:

• Quest start time (ISO 8601 timestamp)
• Quest finish time (ISO 8601 timestamp)
• Quest difficulty level (Easy / Medium / Hard)

From this data, we derive performance metrics (such as completion duration) used for the leaderboard, which may display to other signed-in users:

• Your rank among other users
• Your display name
• Your region/country
• Your best and average completion times
• Total number of completed quests

Leaderboard data is visible to other signed-in users according to the filters they choose (difficulty level, region).

Subscription Status

When you purchase or restore Alarmyx Plus or Alarmyx Pro, the App sends Apple/Google purchase validation data (such as receipt or StoreKit transaction data) to our servers so we can verify your entitlement and unlock premium features. We receive subscription product identifier, status, and expiry information from the platform via our backend.

We do not receive or store your full payment card details, banking information, or other financial data. All payments are handled entirely by Apple (App Store) or Google (Play Store).

Advertising (Free-Tier Signed-In Users Only)

If ads are enabled and you are on the free plan, Google AdMob may collect the following:

• Device advertising identifier (IDFA on iOS, if you grant tracking permission via ATT; Google Advertising ID on Android)
• Ad interaction data (impressions, clicks, and conversions)
• Approximate location derived from IP address (not precise GPS)
• Device and app information needed to serve and target ads

AdMob's data collection is governed by Google's Privacy Policy and Google Advertising Technologies policies.

On iOS, we may show:

• An in-app explanation before the system App Tracking Transparency (ATT) prompt, explaining why personalized ads benefit your experience
• Google's User Messaging Platform (UMP) consent form where required by law (e.g., GDPR in the EU, certain US state privacy laws)

You can change tracking preferences at any time in iOS Settings → Privacy & Security → Tracking or Android Settings → Privacy → Ads.

Premium subscribers and guest users do not see ads. Upgrading to Alarmyx Plus or Alarmyx Pro permanently removes advertising from your experience.

Local Device Storage

The App stores the following data on your device only (not uploaded to our servers unless explicitly stated above):

• Alarm configurations (time, label, sound, repeat days, quest level, vibration settings)
• App settings and preferences (theme, language, snooze defaults, notification preferences)
• Sleep schedule and wind-down preferences (local configuration; no HealthKit data is accessed)
• Active alarm session state (maintained for reliability if the App is closed mid-alarm)
• Guest session identifier (local only, never transmitted)
• Ad consent and initialization state
• In-app review prompt history

4.3 Information We Do NOT Collect

In the current version of the App, we do not:

• Upload your alarm list to our cloud servers
• Continuously track your location via GPS or other location services
• Access your photo library, contacts, or other sensitive device data
• Read or write Apple Health / HealthKit data (this feature is planned but not yet active)
• Run third-party analytics SDKs (such as Firebase Analytics or Amplitude)
• Run third-party crash reporting tools (such as Sentry or Crashlytics)
• Send push notifications from our own server (alarms use local notifications and, on supported iOS versions, AlarmKit system alarms)
• Collect biometric data (fingerprint, face scan, etc.)
• Record audio or video from your device

4.4 Guest Mode

You may use the App as a Guest without creating an account. In guest mode:

• All alarms and settings remain exclusively on your device
• No personal data or account data is sent to our servers
• Quest leaderboard and cloud-backed features requiring an account are unavailable
• Advertising is not shown to guest users
• You can create an account later to unlock social and premium features

5. How We Use Your Information

We use information we collect for the following purposes. We process only the minimum amount of data necessary to fulfill each purpose:

• Create and manage your account, including authentication and secure session management
• Provide alarm, quest, snooze, and notification functionality as the core features of the App
• Record quest completion times and calculate leaderboard rankings for signed-in users
• Validate, manage, and restore in-app subscriptions (Alarmyx Plus and Alarmyx Pro)
• Show relevant ads to eligible free-tier signed-in users (when ads are enabled)
• Respond to support requests and troubleshoot issues you report to us
• Maintain the security of our systems, prevent abuse, and detect fraudulent activity
• Comply with applicable legal obligations, regulatory requirements, and lawful government requests
• Improve the App by analyzing aggregated, non-identifiable operational data and usage trends
• Communicate important service updates, security alerts, and changes to our policies

We do not sell your personal information to third parties under any circumstances.

6. Legal Bases for Processing (EEA/UK Users)

If you are in the European Economic Area (EEA) or the United Kingdom (UK), we process personal data based on the following legal grounds under the General Data Protection Regulation (GDPR):

You may withdraw consent for tracking/ads where consent is the legal basis, without affecting the lawfulness of processing conducted before the withdrawal. Withdrawal of consent does not affect your ability to use the core alarm features of the App.

7. How We Share Information

We do not sell, rent, or trade your personal information. We share information only in the limited circumstances described below:

7.1 Service Providers

We work with the following third-party service providers who process data on our behalf and under our instructions:

• Apple — Sign in with Apple authentication, App Store in-app purchases, StoreKit subscription validation, system alarms via AlarmKit on supported iOS versions, in-app review prompts
• Google — Sign in with Google authentication, Google AdMob advertising for free-tier users, User Messaging Platform (UMP) consent management
• Hosting and infrastructure providers — Servers that operate our API backend, acting as data processors under contractual obligations to protect your data

7.2 Other Users

Leaderboard entries are visible to other signed-in App users. Specifically, the following information is shared with other users through the leaderboard feature:

• Your display name (username)
• Your country/region
• Your quest performance statistics (best time, average time, total quests completed)
• Your ranking position

We do not share your email address, alarm schedules, or any data stored locally on your device with other users or third parties.

7.3 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you (via a message in the App or email) of any such change in ownership or control of your personal information before it takes effect.

7.4 Legal Requirements

We may disclose your information if required by law, court order, subpoena, or governmental request, or to protect the rights, property, or safety of our company, our users, or the public. We will make reasonable efforts to notify you of such disclosure unless prohibited by law.

8. Apple Health / HealthKit

The App includes Apple HealthKit capability declarations for planned sleep-tracking features. As of this policy's effective date, the App does not read from or write to Apple Health. The Sleep tab in the App displays a "Coming soon" state.

If we enable HealthKit integration in a future update, we will:

• Request your explicit permission before accessing any health data
• Update this Privacy Policy to clearly describe what health data is accessed and why
• Use health data only for the specific purposes disclosed at the time of collection
• Never sell health data to third parties under any circumstances
• Never use health data for advertising, marketing, or data mining purposes
• Never share raw health data with any third-party services or analytics providers
• Encrypt all health data both in transit and at rest

You can revoke HealthKit access at any time in iOS Settings → Privacy & Security → Health → Alarmyx.

9. Data Retention

We retain your information for different periods depending on the type of data and the purpose for which it was collected:

• Account data: Retained while your account is active and for a reasonable period after account deletion to comply with legal obligations, resolve disputes, and enforce our agreements.
• Quest/leaderboard records: Retained while your account exists. Upon account deletion, your leaderboard entries are removed or anonymized.
• Subscription records: Retained as required for billing verification, tax compliance, and fraud prevention purposes (typically up to 7 years for financial records).
• Local device data: Remains on your device until you delete the App or clear App data. Uninstalling the App removes all locally stored alarms, settings, and preferences.
• Support emails: Retained as long as needed to handle your request and for our internal records.

To request deletion of your account and all associated server-side data, contact us at info@complexitysolution.com. We will process your deletion request within 30 days.

10. Security

We use reasonable technical and organizational measures to protect your information from unauthorized access, disclosure, alteration, and destruction. Our security measures include:

• Encrypted transport (HTTPS/TLS) for all API communications between the App and our servers
• Hashed password storage using industry-standard algorithms (passwords are never stored in plain text)
• Secure token-based authentication with access and refresh tokens
• Server-side access controls and least-privilege principles
• Regular review of security practices and infrastructure configurations

No method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security. You are responsible for keeping your password, recovery code, and device secure.

11. Your Rights and Choices

Depending on your location and applicable data protection laws, you may have the following rights regarding your personal information:

• Right to Access — Request a copy of the personal data we hold about you
• Right to Rectification — Request correction of inaccurate or incomplete data
• Right to Erasure — Request deletion of your account and associated server-side data
• Right to Restriction — Request that we limit the processing of your data
• Right to Object — Object to processing based on legitimate interests
• Right to Data Portability — Receive your data in a structured, machine-readable format
• Right to Withdraw Consent — Withdraw consent for ads/tracking where consent is the legal basis
• Right to Lodge a Complaint — File a complaint with your local data protection authority

How to manage your preferences:

• iOS tracking: Settings → Privacy & Security → Tracking → Alarmyx
• Android ads: Settings → Privacy → Ads
• Notifications: iOS/Android system settings for Alarmyx
• Subscriptions: Apple ID → Subscriptions (iOS) or Google Play → Subscriptions (Android)

To exercise your rights, contact us at info@complexitysolution.com. We may need to verify your identity before processing your request to protect the security of your account.

California Residents (CCPA/CPRA)

We do not sell personal information as defined under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). You may request access to, deletion of, and correction of your personal information as described above. We use advertising identifiers for cross-app advertising only where permitted and, on iOS, subject to your App Tracking Transparency (ATT) choice. We will not discriminate against you for exercising any of your privacy rights.

12. International Data Transfers

Our servers and service providers may process data in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country.

Where we transfer personal data from the European Economic Area (EEA), United Kingdom (UK), or Switzerland to countries that have not been deemed to provide an adequate level of data protection, we use appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission, or rely on other legally recognized transfer mechanisms to ensure your data remains protected in accordance with GDPR requirements.

13. Children's Privacy

Alarmyx is not directed to children under 13 (or the minimum age required in your country, such as 16 in certain EEA jurisdictions). We do not knowingly collect personally identifiable information from children under these age thresholds.

If you are a parent or guardian and you believe your child has provided us with personal data without your consent, please contact us immediately at info@complexitysolution.com. If we become aware that we have collected personal data from a child without verification of parental consent, we will take immediate steps to delete that information from our servers.

We comply with the Children's Online Privacy Protection Act (COPPA) in the United States and equivalent child protection regulations in other jurisdictions.

14. Third-Party Links and Services

The App may contain links to external websites or services (such as the App Store listing, support email, or privacy-related web pages). These third-party sites and services are not operated by us.

We strongly advise you to review the privacy policy of every external site or service you visit. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party sites or services.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:

• Post the updated version at this URL and on our website
• Update the "Last Updated" date at the top of this document
• For material changes that significantly affect your rights, notify you via email or an in-app notification
• Where required by law, obtain your consent before applying material changes to previously collected data

Your continued use of the App after any modifications to this Privacy Policy constitutes your acknowledgment of the modifications and your consent to abide by the updated policy.

16. App Store Subscription Disclosures

Alarmyx Plus and Alarmyx Pro are auto-renewable subscriptions billed through your Apple ID (iOS) or Google Play account (Android).

• Payment is charged to your Apple/Google account at confirmation of purchase
• Subscriptions automatically renew unless canceled at least 24 hours before the end of the current billing period
• Your account will be charged for renewal within 24 hours prior to the end of the current period at the same price
• You can manage or cancel your subscription at any time through your device settings (iOS: Settings → Apple ID → Subscriptions; Android: Google Play → Subscriptions)
• Any unused portion of a free trial period (if offered) will be forfeited when you purchase a subscription
• Prices may vary by region and are determined by Apple/Google including applicable taxes

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, our data practices, or your personal data, please do not hesitate to contact us. We are committed to resolving any privacy concerns promptly and transparently.

We will make every effort to respond to your inquiry within 30 days of receipt. If you are not satisfied with our response, you have the right to contact your local data protection supervisory authority.