Global Privacy Policy & Data Processing Agreement

Last Updated, Revised, and Effective Date: April 11, 2026

1. Comprehensive Introduction & Scope

Welcome to AI Cleaner Phone (hereinafter referred to as the "Company," "we," "our," or "us"). We respect your privacy strings and are inextricably committed to maintaining the highest standards of data protection and privacy protocols. This Comprehensive Privacy Policy and Data Processing Agreement (the "Policy") has been compiled to transparently describe our organizational frameworks, policies, and procedural actions taken regarding the absolute collection, utilization, safeguarding, evaluation, transfer, and ultimate disclosure of your Personal Data when you integrate, download, or use the AI Cleaner Phone mobile application (the "App"), our centralized web architecture, our background Over-The-Air (OTA) architecture, and any supplementary services (collectively known as the "Service").

This Policy is systematically designed to comply with international data privacy paradigms, explicitly including the European General Data Protection Regulation 2016/679 ("GDPR"), the California Consumer Privacy Act of 2018 ("CCPA"), the California Privacy Rights Act ("CPRA"), the UK Data Protection Act 2018, and various localized telecommunications and consumer protection legislations.

By accessing, browsing, registering for, downloading, installing, or executing operations on the Service, you signify your unequivocal, explicit, and informed consent to our collection, storage, use, anonymization, and disclosure of your personal information as described comprehensively in this Policy. If you strictly disagree with any component of our data handling practices, your sole and exclusive remedy is to discontinue the use of the Service immediately and completely uninstall the Application from your host device.

2. Detailed Interpretation, Definitions, and Lexicon

The terminologies wherein the initial letter is capitalized throughout this document possess meanings specifically allocated under the following stringent conditions. These definitions shall retain their exact contextual meaning regardless of singular, plural, or possessive variations.

  • Account: A highly secure, unique virtual profile automatically or manually provisioned for you within our systemic architecture to access premium facets of our Service.
  • Application (App): Refers specifically to the proprietary software distribution branded as "AI Cleaner Phone", available for instantiation on both iOS (Apple) and Android operating systems.
  • Device Firmware and Hardware (Device): Denotes any digitally networked terminal, including but not confined to smartphones, tablets, handheld configurations, or hybrid processing items that interact with our Service.
  • Personal Data / Personally Identifiable Information (PII): Symbolizes any categorical data or cluster of information that mathematically or logically relates to an identified, pseudo-identified, or directly identifiable living natural person.
  • OTA Subsystem: Refers to our Over-The-Air dynamic silent update engine distributed within the mobile client that continuously pulls user-interface payload updates in the background.
  • Third-Party Sub-Processors: Means any external entities, algorithmic providers, or infrastructure hosts (e.g., RevenueCat, AI APIs, Cloudflare) that handle specific data computations on our strict behalf.

3. Exhaustive Categorization of Data Collection

To operate a high-caliber digital storage cleaning optimization tool coupled with Artificial Intelligence capabilities, the Application requests profound operating system-level permissions. We collect your data primarily through explicit permission granting phases implemented within the native iOS or Android Operating System wrappers.

A. Local Device Scanning & Deep Media Forensics (Photos and Videos)

The core premise of the App is to alleviate local device memory constraints. Consequently, we prompt the user for extensive media accessibility (e.g., READ_EXTERNAL_STORAGE, PHPhotoLibrary access).

  • Extent of Scan: The App analyzes hashes, file metadata (Exif data, timestamps, geolocation headers), and visual mathematical pixel similarities to categorize content into clusters such as "Similar Photos," "Exact Duplicates," "Screenshots," and "Oversized Videos."
  • Hyper-Local Processing Promise: The categorical scanning and clustering phase is conducted 100% locally on your physical device utilizing on-device machine learning matrices (such as Flutter local compression bridges). Your personal photographs, private videos, and camera roll contents are strictly prevented from leaving your device. No server upload of media assets ever occurs.
  • Erasure Authorization: The App cannot delete any medial file without user action. The final removal requires human-in-the-loop interaction ensuring you actively consent to the destruction of the data on your local filesystem.

B. Telephonic Contacts and Address Book Parsing

In conjunction with media cleaning, we offer Address Book consolidation. For this mechanism, we strictly invoke android.permission.READ_CONTACTS and android.permission.WRITE_CONTACTS (or the CNContactStore module on iOS).

  • Algorithmic Extraction: The software reads your phonebook entries, analyzing semantic similarities globally across names, numerical digits, empty fields, or lacking metadata to present you with a coherent list of "Duplicate Contacts" and "Incomplete Contacts."
  • Absolute Isolation Constraints: All contact array merging algorithms run natively inline. At no cross-section of your user experience do we pipe, stream, or copy your private contacts to our Application Programming Interfaces (APIs). Your address book remains segregated from internet traffic transmission.
  • Mutation Actions: Writing to the physical contact database is solely trigged upon your decision to execute a "Merge" protocol.

C. Generative AI Prompts and Custom-Trained Internal Models

The App integrates a robust real-time Artificial Intelligence computational layer acting as a virtual assistant. We maintain an absolute zero-transmission policy for AI queries.

  • Internal Open-Source AI: We do not use, rely on, or transmit data to external third-party commercial AI entities (such as OpenAI, Google, or Anthropic). Our AI assistant is powered exclusively by advanced open-source AI models that we have heavily customized and trained in-house.
  • Closed-Loop Processing: These open-source neural networks are hosted directly on our private, heavily restricted backend servers. All computations process internally. Consequently, we strictly declare that we do not transfer any chat data, questions, or prompts to anyone.
  • Extraneous Context: To enhance the AI's diagnostic advice, limited metadata regarding your device architecture (e.g., storage capacity stats) may be appended as an invisible system prompt payload. This never leaves our protected server cluster.

D. Diagnostic Analytics, Background State & OTA Updates

Our hybrid structural architecture relies on an advanced silent Over-The-Air (OTA) downloading sequence to push User Interface patches seamlessly.

  • API Heartbeats: The App continuously performs silent asynchronous requests (polling) to our server (`/api/latest-version`) to deduce version discrepancies. During these requests, we log generic telemetry constraints (IP Addresses, Flutter Platform Channel Version, Mobile OS baseline, latency times).
  • Passive Analytics: We assimilate general user flow statistics (e.g., clicking the "Clean Now" button) securely channeled through Websockets and basic telemetric parsers to observe UI bottlenecks and system fatigue.

4. Elaborated Use Cases for Personal Data

The multifaceted intelligence derived from the non-intrusive data streams is meticulously allocated toward the following rigid organizational targets:

  • Contractual Implementation & Premium OperationsEnforcing the fundamental service lifecycle. Synchronizing application states via local storage persistence. Processing subscription renewals dynamically, enforcing premium entitlement capabilities, and rendering the paywall UI upon entitlement loss.
  • Continuous Algorithm Fine-tuningAssessing crash stack traces (e.g., Out Of Memory errors during heavy zip extraction) to refine the background download limits and to tune the memory garbage collection routines operating inside the Native Flutter environment.
  • Legal Compliances & Security Perimeter TrackingDetecting malicious network intrusion, anomalous repeated API spamming, and executing defensive routing protocols. Fulfilling statutory legal audits dynamically.

5. In-Depth Sub-Processor & Third-Party Disclosure Framework

At the core of the Service is the necessity to interoperate with highly secure mega-providers. We strictly bind them contractually to specific privacy caveats.

Service GroupEntities InvolvedData Accessibility & Usage Extent
Financial IntegrationsRevenueCat, App Store, Google PlayIn-app tokens, purchase history markers, platform-specific anonymous ID tags. They execute the financial transaction phase and trigger webhook activations to our server indicating VIP premium access.
Internal AI ArchitectureSelf-Hosted Open-Source Models, Node.js Private SocketUnlike typical apps, our AI operates natively on our own secure server cluster. We process the text strings and do not rely on, nor transfer any data to, external AI partners or third-party APIs. Total closed-circuit computation.
Infrastructure & Data HostsDockerized Dokploy VPS, MongoDBHouses our admin portal database, OTA distribution zip blobs, and generalized application telemetry. Protected via strict environment tunneling (dokploy-network).

Extraordinary Circumstance Disclosure: Under highly rare and strictly vetted situations, your aggregate or isolated data fragments may be disclosed towards a) Corporate Business Sales or Merger & Acquisition procedures encompassing strict NDAs, or b) Mandatory Subpoena executions imposed by a globally prevailing juridical court, demanding localized legal cooperation to combat major transnational criminality.

6. Strict Data Retention Guidelines & Cryptographic Security

Duration of Retention: Given the fundamental architecture wherein virtually all user sensitivity (e.g., Photos, Contact IDs) executes at the hardware client-level (edge computing framework), we maintain little-to-no user persistence on our remote databases. Our core backend merely retains anonymized Firebase/RevenueCat unique installation identifiers combined with aggregate subscription expiry timestamps. Webhooks pertaining to subscriptions are dropped into Cold Storage within MongoDB upon expiration and kept only until financial taxation deadlines culminate.

Digital Cryptography Protocols: Any minor data point venturing out of the application interface traverses an HTTPS proxy tunneled through Traefik SSL/TLS protocols. We utilize robust 256-bit Advanced Encryption Standard (AES) equivalent methods whenever interacting natively with API nodes. However, cybersecurity physics dictates that zero networked systems boast a 100% impenetrable barrier against unknown quantum or zero-day exploitation models.

*The user inherently assumes calculated intrinsic risks pertaining to general internet architectural vulnerabilities.*

7. Child Protection Mandates (COPPA compliance)

Our software platform targets exclusively adult consumers responsible for the holistic administration of an operational smart-device. We absolutely prohibit the utilization of the platform by demographics situated beneath the age of Thirteen (13) under US Federal logic, and underneath Sixteen (16) pursuant to European implementations. Should we tangibly discover that we have inadvertently cataloged diagnostic data from a juvenile lacking legal guardian authorization, we will deploy immediate structural countermeasures to evaporate the implicated nodes from our clustered network.

8. Dedicated Continental Legislative Rights

EU/EEAGDPR Specific Directives

Individuals domiciled inside the European Economic Area possess sweeping statutory privileges:

  • The Substantive Right of Access: Total visibility into the sparse telemetry matrices we maintain connected to your installation hash.
  • The Ultimate Right to Erasure: "The right to be forgotten." Eradicating our remote instances of your subscriber tag. Note: uninstalling the frontend application eliminates our footprint locally.
  • Right of Rectification and Portability: Demand mutation of erratic configurations.
  • Absence of Automated Algorithmic Discrimination: Resolving that we do not alter subscription pricing algorithms maliciously via user profiling.

USACalifornia (CCPA & CPRA) Distinctives

Our pledge to Californian constituents under Assembly Bill No. 375:

  • Notice of Absolute Non-Sale: We declare explicitly that within the past twelve lunar calendar cycles, we have precisely generated zero ($0.00) revenue from the un-consented sale of Personal Data clusters to external advertisement brokers.
  • The Opt-out Premise: We do not deal in data trading; hence opting-out is categorically implemented at the baseline level of our codebase architecture.
  • Right to Non-discrimination: Exercising regional legislative power shall never throttle your Application performance, induce latency hurdles, or spawn disparate financial subscription barriers against your profile.

9. Mutability and Continuous Modification Policy

In parallel to our rapid CI/CD developmental pipeline where OTA updates frequently reshape the app interface, our legal architecture must maintain parallel agility. The Company preserves the overarching unilateral administrative right to modify, amend, rewrite, or contract this Privacy document. Structural permutations representing a shift in data collection logic will be signaled by updating the "Last Updated" metadata located atop the document view. Continued instantiation of the application beyond that digital timestamp explicitly serves as a signed ratification of the new ruleset parameters.

10. Centralized Communication Directorate

Should you require advanced clarification, wish to execute a sovereign data removal protocol, or intend to discuss programmatic aspects of Android/iOS permission tunneling outlined herein, our primary operational inbox is continuously monitored.

Global Support Nodesupport@dobo.ai

Notice: Operational data inquiries require verification of account ownership which may inherently demand temporary provision of subscription validation keys or device identifiers.

© 2026 Dobo AI. Codebase, architecture, and legal text heavily protected.

Version: OTA-legal-3.1Locale: EN-Global