Skip to content

Privacy Policy for OmniTimer

Last Updated: November 15, 2025

Effective Date: November 15, 2025

Introduction

OmniTimer ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the "App"). This policy applies to all users worldwide.

By using OmniTimer, you agree to the collection and use of information in accordance with this Privacy Policy.

Information We Collect

1. Personal Information You Provide

We do NOT collect email addresses or any personal information.

When you make a purchase to remove ads, we only collect device-specific technical information (see "Device Information" below). No email or personal contact information is required or collected.

2. Automatically Collected Information

Device Information

We collect technical information about your device, including:

  • Device model and manufacturer
  • Operating system version (Android/iOS)
  • Device unique identifier (hashed device ID) - used exclusively for purchase verification on this specific device
  • App version
  • Install ID (randomly generated UUID unique to each app installation)

Usage Data

  • Timer session data (duration, intervals, completion status)
  • App feature usage statistics
  • Settings preferences
  • Local notification preferences

Advertising Identifiers

When you have not purchased ad removal, we use:

  • Google Advertising ID (Android) or IDFA (iOS): For serving personalized advertisements
  • These identifiers allow advertisers to deliver relevant ads while maintaining your anonymity

3. Local Storage

The following data is stored only on your device using SQLite database (via Drift ORM) and is never transmitted to our servers:

  • Timer presets and configurations
  • Session history and statistics
  • App settings and preferences (theme, notification settings)
  • Local analytics data (completion rates, time patterns)
  • Purchased status cache (after verification with backend)

This data can be deleted by clearing app data or uninstalling the app.

How We Use Your Information

Purchase Processing and Verification

Device identifiers are used for:

  • Verifying purchase ownership on the specific device where the purchase was made
  • Preventing unauthorized use or fraud
  • Linking the ad-free status to your device

Backend Communication: Purchase verification requires communication with our secure backend server. Your device identifier and transaction details are transmitted over encrypted HTTPS connections and stored securely to validate your purchase status on your specific device.

Important: Purchases are device-specific. If you change devices or reinstall the app, you will need to purchase again as there is no cross-device restoration.

Advertising (For Users Without Ad Removal)

Advertising identifiers are used to:

  • Serve personalized or non-personalized advertisements through Google AdMob (based on your consent)
  • Measure ad effectiveness and optimize ad delivery
  • Prevent fraudulent ad activity

Consent Management: We use Google's User Messaging Platform (UMP) SDK to obtain and manage your consent for personalized advertising in compliance with GDPR and CCPA. You can change your advertising preferences at any time.

App Functionality

Device identifiers enable:

  • Purchase verification on the specific device
  • Fraud prevention and security measures
  • Secure purchase validation with our backend server

Local notifications provide:

  • Timer completion alerts
  • Interval change notifications
  • Session reminders
  • These are generated locally on your device and do not involve remote servers

Background service (Android only):

  • Keeps timers running when app is minimized
  • Maintains session state
  • No data is transmitted during background operation

Analytics and Improvement

Usage data (stored locally only) helps us:

  • Display personal statistics (completion rates, time patterns, favorite presets)
  • Improve app features based on anonymous patterns
  • Identify and fix bugs

No Third-Party Analytics: We do NOT use Google Analytics, Firebase Analytics, or any other third-party analytics services. All statistics and usage data remain on your device.

Third-Party Services

OmniTimer Backend Server (Purchase Verification)

What it does: Verifies purchases and prevents fraud.

Data collected:

  • Device unique identifier (hashed device ID)
  • Transaction IDs from Stripe
  • Purchase product information
  • Purchase timestamp and device info

Purpose: To validate purchase ownership on the specific device and prevent unauthorized access or fraud.

Security: All data is transmitted over HTTPS/TLS encryption. API endpoints require authentication via secure API keys and app signature verification. Purchase records are stored in encrypted databases.

Data Retention: Purchase records retained to prevent duplicate charges and fraud; can be deleted upon request.

Google AdMob (Advertising)

What it does: Displays advertisements to users who have not purchased ad removal.

Data collected by AdMob:

  • Device advertising identifier (Google Advertising ID/IDFA)
  • IP address
  • Device information (model, OS version)
  • Ad interaction data (views, clicks)

Purpose: To serve personalized or non-personalized advertisements based on your consent preferences.

Consent Management: We use Google's User Messaging Platform (UMP) SDK to obtain your consent for personalized advertising in compliance with GDPR, CCPA, and other privacy regulations. Your consent choice is stored locally on your device.

Privacy Policy: https://policies.google.com/privacy

Opt-out options:

  • Android: Settings → Google → Ads → Opt out of Ads Personalization
  • iOS: Settings → Privacy → Tracking → Disable tracking for specific apps
  • Google Ad Settings: https://adssettings.google.com
  • In-App: Change consent preferences in Settings → Privacy → Ad Preferences

Stripe (Payment Processing)

What it does: Securely processes payments when you purchase ad removal.

Data collected:

  • Payment information (credit card, billing address)
  • Transaction details

We do NOT store: Credit card numbers, CVV codes, email addresses, or full payment details are handled exclusively by Stripe.

Privacy Policy: https://stripe.com/privacy

PCI Compliance: Stripe is PCI-DSS Level 1 certified, the highest level of payment security.

Data Sharing and Disclosure

We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

When We Share Data

  1. Backend Server (OmniTimer purchase verification):
  2. Device identifiers (for purchase validation)

  3. Transaction details (for purchase verification)

  4. Service Providers (Google AdMob, Stripe):

  5. Only to provide essential app functionality (advertising, payment processing)

  6. These providers have their own privacy policies governing data use

  7. Legal Requirements:

  8. If required by law, court order, or government regulation
  9. To protect our rights, property, or safety

  10. To prevent fraud or abuse

  11. Business Transfers:

  12. In the event of a merger, acquisition, or sale of assets, your information may be transferred (you will be notified)

Data Retention

  • Purchase Records: Retained to prevent duplicate charges and fraud; can be deleted upon request
  • Device Identifiers: Stored as long as needed for purchase verification and fraud prevention
  • Transaction Records: Maintained for accounting and refund purposes per legal requirements
  • Local App Data: Stored on your device until you uninstall the app or clear app data
  • Ad Consent Preferences: Stored locally on device until you change them or uninstall the app

Your Privacy Rights

General Rights (Worldwide)

You have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your data (subject to legal retention requirements)
  • Opt-out: Disable personalized advertising (see Advertising section above)

European Union (GDPR)

If you are located in the EU, you have additional rights under the General Data Protection Regulation:

  • Right to data portability: Receive your data in a machine-readable format
  • Right to restriction: Limit how we process your data
  • Right to object: Object to processing based on legitimate interests
  • Right to lodge a complaint: Contact your local data protection authority

California (CCPA/CPRA)

If you are a California resident, you have rights under the California Consumer Privacy Act:

  • Right to know: What personal information we collect and how it's used
  • Right to delete: Request deletion of your personal information
  • Right to opt-out: Opt out of the "sale" of personal information (we do not sell data)
  • Right to non-discrimination: We will not discriminate against you for exercising your rights

United Kingdom (UK GDPR)

UK residents have the same rights as EU residents under UK GDPR.

Brazil (LGPD)

Brazilian users have rights under Lei Geral de Proteção de Dados:

  • Confirmation of data processing
  • Access to your data
  • Correction of incomplete or inaccurate data
  • Deletion of unnecessary or excessive data
  • Portability of data to another service provider

Children's Privacy (COPPA Compliance)

OmniTimer is NOT intended for children under the age of 13.

We do not knowingly collect personal information from children under 13. The app is designed for users aged 13 and above (teenagers, adults, fitness enthusiasts, students, professionals).

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at arcanumlabsapp@gmail.com. We will delete such information from our systems.

Age Restriction: The app is rated for users 13+ on Google Play and the App Store.

International Data Transfers

Your information may be transferred to and processed in countries other than your own, including:

  • United States: Where our backend servers (for purchase verification) and Stripe payment processor are located
  • European Union: Where some Google AdMob servers may be located

We ensure that adequate safeguards are in place when transferring data internationally:

  • Standard Contractual Clauses (SCCs) for GDPR compliance
  • Encryption in transit and at rest
  • Secure API authentication and app signature verification

Your device identifier is only transmitted to our backend server for purchase-related operations (verification, fraud prevention).

Data Security

We implement industry-standard security measures to protect your information:

Technical Safeguards

  • Encryption in transit: All data transmitted between the app and our servers uses HTTPS/TLS 1.2+ encryption
  • Secure storage: Purchase records are stored in encrypted databases on our backend server
  • App signature verification: Prevents unauthorized API access using cryptographic signatures
  • API authentication: Backend endpoints require secure API keys and request signing
  • Device identifier hashing: Device IDs are hashed using SHA-256 before transmission

Organizational Safeguards

  • Access to personal data is limited to authorized personnel only
  • Regular security audits and updates
  • Compliance with PCI-DSS standards for payment processing (via Stripe)
  • Backend server hardening and firewall protection

No system is 100% secure: While we strive to protect your information using industry best practices, we cannot guarantee absolute security. Please use strong device passwords and keep your operating system updated.

Cookies and Tracking Technologies

Mobile Advertising SDK

Google AdMob uses software development kits (SDKs) that function similarly to web cookies:

  • Purpose: Deliver personalized or non-personalized ads based on your consent
  • Data collected: Advertising ID, device info, ad interactions
  • Consent Management: Managed through Google's User Messaging Platform (UMP)
  • Opt-out: See "Third-Party Services → Google AdMob" section above

Local Storage (SQLite/Drift)

The app stores data locally on your device using SQLite database:

  • Timer presets, settings, session history
  • Purchase status cache
  • App preferences and statistics
  • This data is not transmitted to external servers (except purchase verification data to our backend)
  • Can be deleted by clearing app data or uninstalling the app

No Web Cookies

OmniTimer is a native mobile application and does not use web cookies or browser-based tracking.

Your Choices and Controls

Personalized Advertising

  • Opt-out on Android: Settings → Google → Ads → Reset advertising ID or opt out
  • Opt-out on iOS: Settings → Privacy → Tracking → Deny tracking permission
  • Change consent in-app: Settings → Privacy → Ad Preferences (reopens consent form)
  • Remove ads entirely: Purchase the "Remove Ads Forever" option within the app

Notifications

  • Control notification preferences in the app's Settings screen
  • Disable specific notification types (interval changes, completion alerts)
  • Disable all notifications via device settings (Settings → Apps → OmniTimer → Notifications)

Background Service (Android)

  • Toggle background service in app Settings
  • Disable via Android's app settings if needed
  • Stopping the service will pause timers when app is closed

Data Deletion

  • Local data: Uninstall the app or clear app data in device settings
  • Backend purchase data: Email arcanumlabsapp@gmail.com to request deletion of purchase records, email address, and device fingerprints
  • Note: Deleting backend purchase data will permanently remove your ability to restore purchases

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

  • Changes in our practices
  • Legal or regulatory requirements
  • New features or services

How you'll be notified:

  • The "Last Updated" date at the top of this policy will change
  • For material changes, we may display an in-app notification
  • Continued use of the app after changes constitutes acceptance

We encourage you to review this policy periodically.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Email: arcanumlabsapp@gmail.com

Developer: Arcanum Labs

Response Time: We aim to respond to all inquiries within 30 days.

For GDPR-related requests (EU users), we will respond within 1 month as required by law.

For users in the EU/UK, we process your data based on:

  1. Consent: For personalized advertising (can be withdrawn at any time)
  2. Contract Performance: To process purchases and provide ad-free service
  3. Legitimate Interests: To improve app functionality, prevent fraud, and ensure security
  4. Legal Obligation: To comply with applicable laws and regulations

Your Acceptance of These Terms

By using OmniTimer, you signify your acceptance of this Privacy Policy. If you do not agree to this policy, please do not use our app.

Thank you for trusting OmniTimer with your time management needs. Your privacy is important to us.

Last updated: November 15, 2025