Privacy Policy

1. Definitions

In this Policy, the following capitalised terms have the meanings given below. Other terms have their ordinary English meaning unless context indicates otherwise.

Account

A user account created in LuckMap, whether via Google Sign-In or as an anonymous Firebase user, that allows access to features and storage of personal preferences.

App or LuckMap

The LuckMap Android application available on the Google Play Store, the LuckMap web application available at luckmap.app, and any related progressive web app installation, including all current and future versions, features, and updates of either.

Web App

The LuckMap web application accessible via a browser at luckmap.app (and its localised paths).

Birth Data

A User’s date of birth, time of birth, place of birth (including geographic coordinates and time zone derived therefrom), and gender. For Saved Profiles (Section 4.4), Birth Data refers to the equivalent details for the Third-Party Subject.

CCPA

The California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, the “CCPA/CPRA”).

Cookies

Small data files stored on a User’s browser when accessing our Website. The App does not use Cookies as such; it uses analogous mechanisms such as SharedPreferences and Hive boxes that we treat with comparable transparency.

COPPA

The Children’s Online Privacy Protection Act of the United States, applicable to children under thirteen (13) years of age.

Data Controller or Controller

The entity that determines the purposes and means of Processing Personal Data. For the purposes of this Policy, AppskKuber is the Data Controller in respect of all User Personal Data described herein.

Data Processor or Processor

A third party that Processes Personal Data on behalf of the Data Controller under written contractual obligations restricting the Processor’s use of the data to the Controller’s instructions.

DPDP or DPDP Act

The Digital Personal Data Protection Act, 2023 of India, including subordinate rules, notifications, and amendments from time to time.

GDPR

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the General Data Protection Regulation), and the equivalent UK General Data Protection Regulation as retained in UK law.

Personal Data

Any information relating to an identified or identifiable natural person, as defined in Article 4(1) of the GDPR and equivalent provisions in the DPDP and the CCPA.

Processing

Any operation or set of operations performed on Personal Data, whether or not by automated means, including collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

Saved Profile

A profile created within the App by a User that records Birth Data of another natural person (e.g. a partner, family member, friend, or child) for compatibility analysis or other features.

Sensitive Personal Data

Categories of Personal Data afforded heightened protection under the DPDP, Article 9 of the GDPR, and analogous laws. For the purposes of this Policy, we treat Birth Data, information that may indicate religious or philosophical beliefs (inferable from astrology preferences), data revealing political opinions or ethnic origin (where inferable), gender, and data concerning a child as Sensitive Personal Data.

Service

The LuckMap App, our website at https://luckmap.app, our legal-documents subdomain at https://legal.luckmap.app, and any related products, features, content, or applications offered by AppskKuber.

Third-Party Subject

A natural person, other than the User, whose Birth Data is recorded in a Saved Profile.

User, you, or your

Any natural person who downloads, installs, accesses, or otherwise uses the Service. Where this Policy refers to "you", it refers to that User.

Website

The public website at https://luckmap.app, including all subdomains operated by AppskKuber.

We, our, us

AppskKuber, the operator of LuckMap, acting as Data Controller for the purposes of this Policy.

2. Scope & Applicable Law

This Policy applies to all Users of the Service worldwide, regardless of the country from which the Service is accessed. We are headquartered in India and primarily store User data in India. Depending on your jurisdiction, additional laws may apply to our processing of your Personal Data, including but not limited to the following.

2.1 India

For Users in India, this Policy is governed primarily by:

• The Digital Personal Data Protection Act, 2023 ("DPDP Act"), including subordinate rules and notifications;
• The Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), to the extent not superseded by the DPDP Act;
• The Indian Contract Act, 1872, in respect of consent to terms;
• The Consumer Protection Act, 2019, in relation to digital services;
• Such other Indian laws as may be applicable to the operation of digital services and astrology-based content.

The provisions of the DPDP Act came into force in stages. Sections of the DPDP Act applicable as of the Effective Date of this Policy have been complied with. Provisions concerning verifiable parental consent for minors, Significant Data Fiduciary obligations, and certain cross-border transfer rules are scheduled to come into full force by May 2027, and we are progressively implementing the corresponding controls.

2.2 European Union, European Economic Area, and the United Kingdom

If you reside in the European Union, the European Economic Area, Switzerland, or the United Kingdom, the General Data Protection Regulation (Regulation (EU) 2016/679), the UK General Data Protection Regulation, the UK Data Protection Act 2018, the Swiss Federal Act on Data Protection, and the Privacy and Electronic Communications Regulations apply to our processing of your Personal Data.

Where the GDPR applies, we act as the Data Controller of your Personal Data. We have appointed a Grievance Officer (Section 24) to handle privacy queries from EU/EEA/UK residents. AppskKuber is established in India and has not designated a representative in the European Union under Article 27 of the GDPR; you may contact us directly using the details in Section 24.

2.3 United States

If you reside in the United States, your privacy rights vary by state. We comply specifically with:

• The CCPA/CPRA for California residents;
• COPPA for children under thirteen (13);
• State-specific privacy laws of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Florida, and other states with comprehensive consumer-privacy statutes, to the extent applicable to our Service;
• The Federal Trade Commission Act’s prohibition on unfair or deceptive trade practices.

2.4 Other Jurisdictions

If you access the Service from a jurisdiction not specifically listed above, you do so on your own initiative and are responsible for compliance with local laws. By using the Service from such a jurisdiction, you consent to the transfer of your Personal Data to India and the United States as described in Section 14, where it will be processed in accordance with this Policy and the laws of those countries.

2.5 Conflicts

Where the requirements of two or more applicable laws conflict, we will apply the more protective standard for the User to the extent legally permissible.

3. About AppskKuber and LuckMap

AppskKuber is a digital-product studio based in India that develops games and mobile applications focused on culturally rooted experiences. LuckMap is our flagship astrology and personal-insight platform.

The LuckMap App combines several traditions and methods:

• Vedic astrology — including birth-chart computation, planetary periods (dashas), lunar mansions, yogas, doshas, and remedial guidance;
• Krishnamurti Paddhati (KP) — sub-lord-based timing analysis;
• Western astrology — tropical zodiac with Placidus houses, aspects, and synastry;
• Chinese Bazi — four-pillars analysis with five-element interactions;
• Korean Saju — four-pillars with day-master analysis;
• Numerology — Pythagorean and Lo-Shu-square analyses;
• Tarot — Rider-Waite seventy-eight-card system;
• Coffee fortune (kahve falı) — Turkish coffee-cup symbol reading;
• AI-assisted readings — conversational chat, life readings, big-question reports, marriage compatibility, tarot interpretations, and coffee-reading interpretations powered by large language models.

We use the Swiss Ephemeris library (an established astronomical calculation engine maintained by Astrodienst AG) for planetary positions, and we generate AI-assisted interpretations through licensed access to large language models offered by Anthropic, PBC and Google LLC.

We are not affiliated with any religious institution, government body, or other astrology brand. References in our content to deities (such as Hanuman, Lakshmi, Shiva, Bhairav, Ganesha, Saraswati, Durga, and Kali) reflect traditional Vedic remedial guidance and are provided respectfully and culturally rather than as religious instruction.

4. Information We Collect

We collect information from and about you in the following ways: (a) information you provide directly; (b) information we collect automatically when you use the Service; (c) information we receive from third parties; and (d) information we generate (compute) from the data you provide.

4.1 Account Information

When you sign up or sign in to LuckMap, we collect:

• If you sign in with Google: your Google account email address, your display name as shown in Google, and your profile photograph URL;
• A Firebase user identifier ("UID") — a unique pseudonymous string we assign to your account;
• Authentication metadata such as sign-in timestamps, sign-in method, and the device(s) on which you signed in;
• If you do not sign in, an anonymous Firebase UID, which is created the first time you launch the App and is bound to that App installation only.

You are not required to provide any name, email address, or photograph other than what is automatically transmitted by Google during the sign-in process. Anonymous use is supported, with the limitation that you will lose access to your data if you uninstall the App or switch devices.

4.2 Birth Data (Sensitive Personal Data)

To compute astrological charts, the Service collects the following information about you (and, separately, about each Third-Party Subject for Saved Profiles):

• Full name or chosen display name;
• Date of birth — day, month, and year;
• Time of birth — hour and minute, with optional precision indicator (exact, approximate, or unknown);
• Place of birth — city, region, and country;
• Geographic coordinates — latitude and longitude derived from your stated city, used for celestial calculations;
• Time zone — derived from your place of birth, used to convert local birth time to Universal Time;
• Gender — used in Vedic gender-specific readings (e.g. Manglik analysis, marriage matching), and to choose appropriate masculine or feminine pronouns in interpretive text. The Service supports male, female, and non-binary options.

4.3 Computed Astrological Data

From your Birth Data we calculate, store, and display the following derivatives. These are stored in your account so that future sessions can present them instantly without recomputation.

• Western astrology: Sun sign, Moon sign, Ascendant (rising sign), Midheaven, planetary house placements, major and minor aspects, modality and element distributions;
• Vedic astrology: Janma Rashi (Vedic moon sign), Lagna (ascendant), Nakshatra (lunar mansion), Pada, Dasha balance at birth, Vimshottari Dasha sequence, Mahadasha, Antardasha, Pratyantardasha, Sookshma Dasha, divisional charts (D1, D7, D9, D10, etc.), Ashtakavarga, Shadbala, Bhava strengths, Yogas detected, Doshas detected, Manglik status, Sade Sati status, Kaal Sarp status, Pitra status, and remedial recommendations;
• KP system: sub-lord placements, ruling planets, significators of houses;
• Chinese Bazi: Year, Month, Day, and Hour pillars; day-master element; favourable and unfavourable elements; animal-zodiac trines and conflicts;
• Korean Saju: Four Pillars; day master; useful god; ten-spirits placement;
• Numerology: Life Path Number, Destiny Number, Soul Urge Number, Personality Number, Birthday Number, and Lo-Shu grid;
• Daily computations: Cosmic Score, Lucky Number, Lucky Colour, Lucky Direction, today’s ruling planets, transits and gochar.

These computed values are derived data. We hold them solely to deliver the Service to you and do not enrich them with information from outside sources.

4.4 Saved Profiles for Compatibility

You may create profiles within the App for partners, family members, friends, or children to enable compatibility analyses such as Vedic Gun Milan, KP synastry, Western synastry, Bazi compatibility, Saju 궁합, and numerology compatibility. For each Saved Profile we collect:

• The same set of Birth Data described in Section 4.2;
• A relationship label (e.g. partner, mother, father, child);
• Optional notes you may add (free-text).

By creating a Saved Profile, you confirm that you have obtained the necessary consent from the Third-Party Subject. Your obligations are described in detail in Section 20.

4.5 Device and Technical Information

We automatically collect technical information about your device when you use the App:

• Device model, manufacturer, and brand (e.g. Samsung Galaxy S22, OnePlus Nord);
• Operating system and OS version (e.g. Android 14);
• App version (so that we can investigate version-specific issues);
• Device language and locale (e.g. en-IN, hi-IN);
• Country code as reported by the device or SIM;
• Time zone setting;
• Network type (Wi-Fi or mobile, but not the SSID or carrier);
• Battery and storage diagnostics during crash events only;
• Crash logs, including the application stack trace at the time of crash, OS state, and an anonymous installation identifier.

4.6 Usage and Behavioural Information

We collect information about how you interact with the Service. This is collected via Firebase Analytics and includes approximately twenty-one (21) typed events:

• Onboarding-funnel progress (each onboarding step you complete);
• Screen views and feature opens;
• Astrology system selected (Vedic, Western, KP, Chinese, Saju, Numerology, Tarot, Coffee);
• AI chat sends — tier (Quick / Detailed / Expert / On-Device), tokens consumed, paddhati used, and response latency;
• Tarot draws and coffee-reading uploads;
• Profile additions and deletions;
• Big-question report views and report generations;
• Purchase events (start, success, cancel) with product identifier and price tier;
• Advertising interactions (impressions, clicks, completions, rewards);
• Credit usage and balance changes;
• Notification opens.

4.7 AI Chat Content

When you use AI-powered features, we collect and store:

• Your questions, prompts, and the AI-generated responses;
• The last four (4) exchanges of each conversation, retained as context for follow-up replies;
• Session metadata: session identifier, start time, last-update time, and a snippet of the first message used as a chat-history label;
• Tier selected, tokens consumed, and the AI service provider used (Anthropic or Google).

4.8 Payment Information

When you purchase a subscription or credit pack, we collect:

• Active plan name (Starter, Plus, Pro, or Sage) and billing period (monthly or yearly);
• Plan renewal date and the next scheduled drip date for yearly plans;
• Transaction identifier issued by the relevant payment processor — Google Play Billing (Android), Razorpay (web, India billing region), or Dodo Payments (web, international billing region);
• Product identifier and price tier;
• For web purchases: billing region (IN or INTL), currency of charge (INR or USD), and the processor used to route the payment;
• Purchase timestamp and credit grant timestamp.

We do not collect, store, or process credit-card numbers, debit-card numbers, UPI handles, net-banking credentials, wallet identifiers, or any other payment-instrument details. All payment processing is performed by Google Play Billing, Razorpay, or Dodo Payments depending on the platform and billing region as described above. Each of those processors handles your payment-instrument data under its own privacy policy — see Section 8.4 for the full list and links.

4.9 Push Notification Data

• Firebase Cloud Messaging ("FCM") token;
• Notification permission state (granted, denied, or not yet requested);
• Topic subscriptions based on language, country, active astrology system, plan tier, and inactivity status;
• Delivery receipts and open events for product analytics.

4.10 Camera and Photo Library (Optional)

For the Coffee Reading feature, you may grant access to the device camera or photo library. The Service:

• Captures or receives an image you select;
• Processes the image locally on the device for symbol detection;
• Uploads the image only when you explicitly submit a reading request;
• Deletes the uploaded image from our servers within 24 hours of generating the reading;
• Retains only the textual interpretation tied to your reading history.

You may revoke camera or photo permission at any time from your device settings. Doing so will disable the Coffee Reading feature for future use but will not affect previously generated readings.

4.11 Information from Third Parties

We receive certain information about you from third parties:

• Google, when you sign in via Google Sign-In, transmits your authenticated email, display name, and profile photograph;
• Google Play, when you make a purchase from the Android app, transmits your transaction identifier and product details;
• Razorpay, when you make a web purchase from the India billing region, transmits the payment identifier, payment method category (card / UPI / netbanking / wallet, but not the underlying instrument details), and capture status via webhook;
• Dodo Payments, when you make a web purchase from outside India, transmits the order identifier, capture status, currency, and applicable tax breakdown via webhook;
• Firebase services, when you use them, transmit telemetry as described in Section 8;
• If you use a referral code from a friend, we receive the referral code and link your account to the referrer for credit attribution.

4.12 Information We Do Not Collect

For the avoidance of doubt, we do not:

• Collect biometric data (fingerprints, face geometry, voiceprints);
• Collect precise GPS location of the device (we use only the city of birth you provide);
• Read your contacts, SMS, call logs, or calendar;
• Access your microphone (the App does not request mic permission);
• Track your location after the App is closed;
• Collect health data, IDFA-equivalent precise identifiers, or financial-account credentials.

5. Sensitive Birth Data Notice & Explicit Consent

Under Section 2 of the DPDP Act and Article 9 of the GDPR, your Birth Data is treated as Sensitive Personal Data. Sensitive Personal Data may not be processed unless one of a limited set of legal bases applies. For LuckMap, the only practical legal basis for processing Birth Data is your explicit consent.

5.1 What "Explicit Consent" Means

Explicit consent is a freely given, specific, informed, and unambiguous indication of your wishes by which you, by a clear affirmative action, signify agreement to the processing of your Personal Data. In LuckMap, you provide explicit consent by:

• Tapping “Agree & Continue” at the privacy-consent screen during onboarding;
• Entering Birth Data into the chart-creation form;
• Subsequently confirming the use of AI features through the in-app banner that appears the first time you open an AI feature.

Each act is logged with a timestamp on our servers as a record of consent.

5.2 Specific Processing Activities Covered by Your Consent

By providing Birth Data, you give explicit, informed consent for the following specific activities:

• Computation of astrological charts using the Swiss Ephemeris library;
• Generation of personalised readings via our AI service providers (Section 7);
• Storage of your Birth Data and its derivatives in our secure databases (primarily Cloud Firestore in the asia-south1 / Mumbai region);
• Use of your Birth Data for compatibility analysis when you initiate it;
• Generation of premium PDF reports if you purchase them;
• Aggregation and anonymisation for product improvement, in a manner that does not allow re-identification.

5.3 Duration and Renewal of Consent

Your consent remains valid until you withdraw it. We will not require you to re-consent at routine intervals; however, if we change the purposes of processing, we will request fresh consent before processing under the new purpose. Material changes to AI providers or processing locations also trigger a re-consent prompt.

5.4 Withdrawal of Consent

You may withdraw consent at any time by:

• Visiting https://legal.luckmap.app/delete-account and submitting an account-deletion request;
• Emailing support@luckmap.app with subject "Withdraw Consent".

Withdrawal of consent does not affect the lawfulness of processing performed before withdrawal. Upon withdrawal we will cease processing, retain your data for the post-deletion period described in Section 14, and delete it thereafter (subject to retained categories listed in that section).

6. How We Use Your Information & Legal Bases

We use your information for the following purposes. For each purpose we identify (a) the data categories used, (b) the legal basis under the GDPR (and the analogous concept under the DPDP), and (c) why we believe the processing is proportionate.

6.1 Service Provision

To deliver the core LuckMap experience — computing charts, generating readings, displaying daily horoscopes, sending transit alerts, processing purchases, maintaining your plan and credit balance, and supporting compatibility analyses — we use:

• Account Information (Section 4.1);
• Birth Data and Computed Astrological Data (Sections 4.2 and 4.3);
• Saved Profile data (Section 4.4) when you initiate a compatibility reading;
• Payment information (Section 4.8) for billing;
• Push notification data (Section 4.9) where you have opted in.

Legal basis: Article 6(1)(b) GDPR — performance of a contract; Section 7 DPDP Act — explicit consent for Sensitive Personal Data.

6.2 AI-Generated Readings

To generate AI chat replies, life readings, big-question reports, marriage compatibility analyses, tarot interpretations, and coffee-reading interpretations, we share certain data with AI service providers as detailed in Section 7. We use:

• Birth Data;
• Computed Astrological Data;
• Your AI prompts and recent conversation history.

Legal basis: Explicit consent under Article 9(2)(a) GDPR; explicit consent under Section 6 of the DPDP Act.

6.3 Communication

To send you push notifications about daily horoscopes, transits, festival offers, and product updates, we use:

• FCM token and topic subscriptions;
• Plan tier and active astrology system (to choose relevant topics);
• Inactivity status (for re-engagement messages).

Legal basis: Consent under Article 6(1)(a) GDPR; Section 7 DPDP Act — consent. You may opt out anytime as described in Section 12.

6.4 Product Improvement and Analytics

To understand how Users interact with the Service, identify bugs and crashes, prioritise feature improvements, and run experiments, we use:

• Usage and behavioural information (Section 4.6);
• Crash logs (Section 4.5);
• Aggregated and anonymised metrics.

Legal basis: Legitimate interests under Article 6(1)(f) GDPR, balanced against User rights and freedoms; Section 7 DPDP Act — legitimate use for product improvement. You may object to processing for legitimate-interests purposes by contacting us; we will weigh your objection and inform you of the outcome.

6.5 Personalised Advertising

For free-tier Users aged eighteen (18) or older outside child-directed regions, we display personalised advertisements based on the Google Advertising ID and aggregated app behaviour. We use:

• Advertising identifiers;
• Approximate non-precise location (country, language);
• Engagement signals (apps installed, ads watched).

Legal basis: Consent (Article 6(1)(a) GDPR), where required; legitimate interests for users in jurisdictions that permit it. See Section 9 for opt-out controls.

6.6 Fraud Prevention and Abuse Detection

To detect and prevent fraud, abuse, automated bots, and policy violations, we use:

• Firebase App Check tokens (Play Integrity);
• Rate-limit hit logs;
• Pattern detection on usage and behavioural data.

Legal basis: Legitimate interests (Article 6(1)(f) GDPR) in maintaining a safe service; compliance with legal obligation (Article 6(1)(c) GDPR) where the processing is required to comply with applicable law.

6.7 Legal Compliance

To comply with applicable laws, respond to lawful requests from public authorities, defend against legal claims, and enforce our Terms of Service, we may use any of the data described in Section 4.

Legal basis: Legal obligation (Article 6(1)(c) GDPR); compliance with law (Section 7 DPDP Act).

6.8 Customer Support

When you contact us, we use the information you provide (email address, account email, message contents, screenshots if attached) to respond to your query.

Legal basis: Performance of a contract (Article 6(1)(b) GDPR); legitimate interests (Article 6(1)(f) GDPR).

7. AI Processing Disclosure

The use of large language models (LLMs) to generate astrological interpretations is central to LuckMap. This section explains in detail what data leaves the App and where it goes when you use AI-powered features.

7.1 AI-Powered Features

The following features rely on third-party AI processing:

• The AI Astrologer chat (Quick, Detailed, and Expert tiers);
• Personalised life readings and big-question reports (career, marriage, family, money, health, spiritual);
• Marriage compatibility readings (Ashtakoot Gun Milan, KP, Western synastry, Bazi, Saju, numerology, Chinese);
• Tarot three-card spread interpretations;
• Coffee-reading symbol interpretations;
• Premium PDF report generation (Annual Forecast, Career Forecast, Birth Chart Deep Analysis, Child Naming, Marriage Compatibility);
• Sun-sign, numerology, and tarot daily-card interpretations beyond static fallback content.

7.2 Data Transmitted to AI Providers

For each AI-powered request, we transmit a subset of your data tailored to the request. Typically this includes:

• Selected birth-chart calculations relevant to the question (e.g. your moon sign and current Vimshottari period when asking a marriage question);
• Your question or prompt as you typed it;
• Up to four (4) most recent exchanges from the same conversation, used as context;
• Your active astrology system (Vedic, Western, etc.) and language preference;
• For partner compatibility, the birth chart of the Saved Profile;
• For Coffee Reading interpretation, the textual descriptors of the symbols detected in your photograph (we do not transmit the photograph itself to the AI provider).

We do not transmit your name, email address, Firebase UID, payment information, advertising identifier, device model, IP address, or any data unrelated to your specific request.

7.3 AI Service Providers

The Service uses two AI service providers:

• Anthropic, PBC — United States — processes data via the Claude family of models (e.g. Claude Sonnet, Claude Haiku);
• Google LLC — United States — processes data via the Gemini family of models.

The Service routes requests through Firebase Cloud Functions deployed in the asia-south1 region. The Cloud Function attaches the API key (held only on the server, never on your device), forwards the request to the AI provider, and returns the response. This architecture prevents API-key exposure and allows us to enforce rate limits and content filters.

7.4 No Training on User Data

Both Anthropic and Google offer enterprise-grade API access where customer data is contractually excluded from being used to train future models. We use the API access tier with the strictest data-handling terms available, namely:

• Anthropic: zero data-retention API access, with prompts and responses not retained beyond the immediate processing window;
• Google: Gemini API enterprise terms, with model-training opt-out enabled.

While we have configured these contracts to the strictest terms our providers offer, we cannot independently audit either provider’s implementation. In the unlikely event of a provider breach of contract, we will notify you and applicable regulators per Section 16.

7.5 Latency and Quality Limitations

• AI responses typically take 5 to 30 seconds depending on tier and load;
• Network failures, rate limits, or provider outages may cause occasional response failures;
• AI-generated content may contain factual inaccuracies, contradictions with traditional astrological texts, or stylistic inconsistencies;
• AI predictions are not guaranteed and should not be relied upon for medical, legal, financial, or psychological decisions (Section 19).

7.6 Avoiding AI Processing

You may avoid AI processing entirely by not using AI-powered features. The App remains fully functional for chart computation, dasha timelines, doshas, yogas, panchang, daily transits, tarot card-of-the-day, numerology summaries, and Saved Profile chart viewing without invoking any AI provider. The only features that necessarily invoke AI are the AI chat, AI life readings, AI big-question reports, AI compatibility narratives, AI tarot-spread interpretation, and AI coffee-reading interpretation.

8. Third-Party Services & SDKs

We integrate the following third-party services. Each provider acts as a Data Processor under contract with us, except where they collect data directly from your device under their own privacy policies (notably Google).

8.1 Firebase Suite (Operated by Google LLC)

We use the following Firebase products:

• Firebase Authentication. Manages account creation and sign-in via Google Sign-In or anonymous identifiers. Stores your authentication state, refresh tokens, and last-sign-in timestamp.
• Cloud Firestore. Stores your Personal Data, Birth Data, Saved Profiles, plan, credit balance, chat history headers, and computed derivatives. Primary region: asia-south1 (Mumbai, India).
• Firebase Cloud Messaging (FCM). Delivers push notifications. Stores your FCM token and topic subscriptions.
• Firebase Analytics. Records typed events for product analytics. Tied to Firebase Installation ID, not your account UID.
• Firebase Crashlytics. Records application crashes and non-fatal errors for diagnostics.
• Firebase Remote Config. Allows server-controlled feature flags and configuration without an app update. Receives your locale and active version to deliver appropriate values.
• Firebase App Check. Verifies that requests originate from a genuine, untampered LuckMap App via Play Integrity attestation.
• Firebase Cloud Functions. Executes server-side code for AI-provider proxying, premium PDF generation, account-deletion processing, and other backend logic.
• Firebase Hosting. Hosts our website at luckmap.app and legal.luckmap.app.

Privacy policy: policies.google.com/privacy.

8.2 Google Sign-In

When you sign in with Google, Google receives the fact that you used Google Sign-In on LuckMap and the user-agent string of your device. We receive your Google account email, display name, and profile photograph URL. Google’s processing of your Google account is governed by Google’s own privacy policy.

8.3 Google Mobile Ads / AdMob

We display advertisements through Google AdMob to free-tier Users. AdMob may collect:

• Google Advertising ID;
• Approximate location based on IP address;
• App-usage signals to determine ad relevance;
• Ad impressions, clicks, completions, and rewards.

For Users under 18 (India), under 16 (EEA), or under 13 (US), AdMob is invoked in non-personalised mode with the child-directed treatment flag enabled. See Section 9.

8.4 Payment Processors (Google Play, Razorpay, Dodo)

Depending on the platform and your billing region, payments are processed by one of three processors. Each processor handles your payment-instrument details directly — we do not. We receive only the transaction identifier, product identifier, and acknowledgement from the chosen processor.

• Google Play Billing — all purchases inside the Android App. Privacy policy: policies.google.com/privacy.
• Razorpay Software Private Limited — web purchases from the India billing region. Privacy policy: razorpay.com/privacy.
• Dodo Payments — web purchases from billing regions outside India. Privacy policy: dodopayments.com/privacy-policy.

The web app routes you to Razorpay or Dodo based on your browser’s timezone at the moment of purchase. Region detection happens client-side; the chosen processor is then recorded with your transaction.

8.5 AI Service Providers

As described in Section 7:

• Anthropic, PBC — anthropic.com/privacy
• Google LLC (Gemini) — policies.google.com/privacy

8.6 Software Development Kits in the App

The LuckMap App includes the following SDKs of third-party services. Each SDK may collect data as described in its provider’s privacy policy.

9. Advertising & Device Identifiers

We display advertisements through Google AdMob to support the free tier of the Service. Free-tier ads include banner advertisements during specific screens, interstitial advertisements at appropriate transitions, and rewarded video advertisements that you may opt to watch in exchange for credits.

9.1 Personalised vs Non-Personalised Advertising

The Service requests personalised advertising from AdMob only when you are eighteen (18) years of age or older and located outside child-directed jurisdictions. In all other cases, the Service requests non-personalised advertising.

9.2 Device Identifiers Used for Advertising

• Google Advertising ID (AAID). A user-resettable identifier provided by Google Play Services. Used for ad personalisation when permitted. You can reset or delete it from your device settings.
• Firebase Installation ID. An anonymous identifier tied to the App installation, used for analytics and ad measurement. Reset by uninstalling the App.

9.3 How to Control Advertising

• Reset your Advertising ID in device Settings → Privacy → Ads;
• Opt out of personalised ads in Android Settings → Google → Ads;
• Use the “Why this ad?” controls available on individual AdMob advertisements;
• Upgrade to any paid plan to remove all advertising entirely.

10. In-App Purchases & Payments

LuckMap offers paid features through subscription plans and one-time credit-pack purchases.

10.1 Subscription Plans (Indicative; Subject to Change)

10.2 Credit Packs

10.3 Payment Processing

All payment processing is performed by Google Play Billing (Android), Razorpay (web, India), or Dodo Payments (web, international). Payment-instrument details (card number, UPI handle, banking credentials, wallet identifiers) are entered directly into the chosen processor, never into LuckMap. The processor receives and stores those details under its own privacy policy (see Section 8.4 for links). We receive only:

• Product identifier (e.g. luckmap_plan_plus_yearly);
• Transaction identifier issued by the processor;
• Purchase timestamp and granted entitlement;
• For web purchases: billing region, currency of charge, and the processor used to route the payment;
• Confirmation that the purchase succeeded.

10.4 Refunds

Refund requests are handled in accordance with our Refund Policy and the chosen processor’s refund procedures. Refunds for app subscriptions and credit packs are governed primarily by Google Play’s policies for Android purchases, by Razorpay’s and our own policies for India web purchases, and by Dodo’s and our own policies for international web purchases. As a general rule, refunds are not provided after credits have been spent or after a subscription benefit has been consumed in the cycle being refunded. Web purchases are eligible for refund within three (3) days of purchase if the credit pack remains entirely unspent or no subscription benefit has been consumed — see Refund Policy §5 and §4.

11. Analytics & Telemetry

We use Firebase Analytics to understand product usage in aggregate. Firebase Analytics records typed events, screen views, and user properties.

11.1 Identifiers Used by Analytics

• Firebase Installation ID — an anonymous identifier tied to the App installation, not your Firebase UID;
• App and OS metadata as listed in Section 4.5;
• User properties such as language, country, plan tier, and active astrology system.

11.2 Event Examples

Examples of recorded events:

• onboarding_step_n
• screen_view with screen name
• ai_chat_send with tier, paddhati, and tokens used
• tarot_draw with spread type
• coffee_reading_upload
• purchase_subscription with plan
• purchase_credits with pack
• ad_watch_complete with ad type and reward
• credit_spent with feature
• profile_added with relationship

11.3 Crash Diagnostics

Firebase Crashlytics receives the application stack trace, OS version, device model, App version, and a non-personally-identifying installation identifier when the App crashes or experiences a non-fatal error. We have configured Crashlytics to suppress known noise events such as routine network failures, image-loader cache misses, and audio-timeout errors.

11.4 Aggregation and De-identification

Aggregated and de-identified analytics data may be retained beyond account deletion for product improvement, trend analysis, and capacity planning. De-identification is performed by removing direct identifiers and aggregating to cohorts of at least one hundred (100) Users.

12. Push Notifications & Marketing Communications

Push notifications are an optional feature of LuckMap. We send notifications only after you grant the permission requested by the operating system.

12.1 Categories of Notifications

• Daily Horoscope — a brief reading once per day at a time chosen by you;
• Transit Alerts — notifications when significant astrological events occur (e.g. Sade Sati phase change, Jupiter transit into a new sign);
• Promotional Offers — festival discounts, subscription offers, and special pricing;
• Re-engagement — notifications if you have not used the App in a long period, encouraging you to return;
• Product Updates — feature launches and important product news.

12.2 FCM Topics

To target relevant content, the Service automatically subscribes you to FCM topics based on your selected language, country, active astrology system, plan tier, and inactivity status. Topic subscriptions are stored in Cloud Firestore and reconciled with the FCM service.

12.3 Email Marketing

We do not currently send marketing emails. If we begin email marketing in the future, we will obtain your express opt-in consent (where required by law) and provide a one-click unsubscribe link in every email.

12.4 Opting Out

You can disable notifications at any time:

• In-app: Settings → Notifications → Off;
• Device: Android Settings → Apps → LuckMap → Notifications → Off;
• Per-category: Settings → Notifications → choose categories to silence.

Opting out invalidates your FCM token within 24 hours, removes you from all topics, and stops further deliveries.

13. Data Sharing & Disclosure

We do not sell your Personal Data to advertisers, brokers, data marketplaces, or any third party. We do not "share" your Personal Data for cross-context behavioural advertising as those terms are defined under the CCPA/CPRA.

We share your Personal Data only in the following circumstances:

13.1 Service Providers (Data Processors)

We share data with the third-party Service Providers listed in Section 8 strictly to deliver the Service to you. Each Service Provider has signed a data-processing agreement that:

• Limits their use of the data to providing the contracted service;
• Obligates them to maintain confidentiality and security;
• Prohibits resale or unauthorised disclosure of the data;
• Requires them to assist us with respect to Users’ rights;
• Includes Standard Contractual Clauses where required for cross-border transfers.

13.2 AI Service Providers

We share specific data subsets with Anthropic and Google solely for AI inference, as described in Section 7.

13.3 Legal Compliance

We may disclose your Personal Data if required to do so by law, regulation, or valid legal process — including in response to subpoenas, court orders, or other legal requests from public authorities. We will challenge requests we consider to be invalid or overly broad and will notify affected Users where the law permits.

13.4 Safety and Protection of Rights

We may disclose Personal Data if we reasonably believe disclosure is necessary to:

• Detect, prevent, or address fraud, security, or technical issues;
• Protect the rights, property, or safety of AppskKuber, our Users, or the public;
• Enforce our Terms of Service.

13.5 Corporate Transactions

If AppskKuber undergoes a merger, acquisition, asset sale, or change of control, we will transfer Personal Data as part of the transaction. We will notify Users of any such transfer through an in-app notification, email, or website notice and will obtain fresh consent where required by applicable law.

13.6 Aggregated and De-identified Data

We may share aggregated and de-identified information that cannot reasonably be used to identify you for industry research, public reporting, marketing materials, and product improvement.

13.7 With Your Direction

If you request that we share specific data with a third party (e.g. export your chart to a third-party astrology software), we will do so subject to your written instruction.

14. International Data Transfers

Your Personal Data is stored and processed in the locations identified below.

14.1 Storage Locations

• Cloud Firestore primary region: asia-south1 (Mumbai, India). Your account data, Birth Data, Saved Profiles, plan, credits, and chat-history headers are stored here.
• Firebase Cloud Functions region: asia-south1. Server-side execution for the AI proxy, PDF generation, and account-deletion processing happens here.
• Firebase Authentication, Analytics, Crashlytics, FCM, Remote Config, App Check: these Firebase services have global infrastructure managed by Google. Specific data centres for these services are not always under our control; Google routes traffic to the nearest healthy region.

14.2 Cross-Border Transfers

Your data is transferred to the United States when:

• We invoke our AI service providers (Anthropic and Google) for AI-powered features;
• We use Google Mobile Ads / AdMob;
• You sign in via Google Sign-In;
• Google processes your transaction in Google Play Billing;
• Dodo Payments processes an international web transaction (billing region outside India), including any associated VAT/GST that Dodo collects on our behalf;
• Razorpay processes an India web transaction (Razorpay infrastructure is hosted within India, but cross-border transfer may occur for fraud-screening and reconciliation purposes).

14.3 Transfer Mechanisms

Cross-border transfers are governed by:

• Standard Contractual Clauses approved by the European Commission, as supplemented for our purposes;
• Adequacy decisions of the European Commission, where applicable;
• The EU-US Data Privacy Framework, where the recipient has self-certified;
• Your explicit consent, given at sign-up and confirmed each time you initiate an AI feature.

14.4 Rights Concerning Transfers

If you reside in the EEA or UK, you may exercise transfer-related rights under Article 46 of the GDPR, including the right to obtain a copy of the safeguards we have put in place. Please contact support@luckmap.app for such information.

14.5 Indian Cross-Border Provisions

Section 16 of the DPDP Act permits cross-border transfers except to countries restricted by the Central Government. As of the Effective Date of this Policy, no restrictions apply to the United States. Should restrictions change, we will adjust our processing arrangements accordingly.

15. Data Retention & Account Deletion

We retain your Personal Data for as long as necessary to provide the Service to you and to comply with our legal obligations.

15.1 Retention Periods

15.2 Deleting Your Account

You may delete your account in either of the following ways:

• Web: Visit https://legal.luckmap.app/delete-account and submit the deletion form. We respond within seventy-two (72) hours and complete deletion within thirty (30) days.
• Email: Send an email to support@luckmap.app with the subject "Account Deletion Request" and include the email address registered with LuckMap.

15.3 Effect of Account Deletion

• Your profile, Birth Data, Saved Profiles, and chat history are scheduled for deletion immediately upon receipt of your request and permanently removed from our active systems within thirty (30) days;
• Backups containing your data are overwritten in the normal course of backup-rotation, typically within ninety (90) days;
• Your active subscription is not automatically cancelled by account deletion. You must cancel through the relevant payment processor — Google Play (Android purchases), or via the LuckMap web app subscription portal which calls Razorpay or Dodo on your behalf (web purchases). After account deletion you will lose access to subscription features regardless of remaining subscription period;
• Unused credits and free-tier balances are forfeited and are not refundable;
• Your transaction records are retained for seven (7) years to comply with Indian tax and accounting law, but are unlinked from your account profile after account deletion.

15.4 Inactivity-Based Deletion

If your account remains inactive for thirty-six (36) consecutive months and you have no active subscription, we may delete your account after providing thirty (30) days’ advance notice via email and in-app banner. Unused credits and free-tier balances are forfeited upon inactivity-based deletion.

16. Data Security

We implement administrative, technical, and physical safeguards to protect Personal Data from unauthorised access, alteration, disclosure, or destruction.

16.1 Technical Safeguards

• Encryption in transit. All data exchanged between your device and our servers is encrypted using HTTPS with TLS 1.3 or later;
• Encryption at rest. Cloud Firestore encrypts data at rest using Google-managed keys (AES-256);
• Authentication required. All access to your data requires authentication via Firebase Authentication;
• Per-user access rules. Cloud Firestore security rules enforce that you can read and write only your own data and Saved Profiles;
• App Check. Firebase App Check, backed by Play Integrity, verifies that requests originate from a genuine, untampered LuckMap App;
• Server-side secrets. AI provider API keys are stored as Cloud Function secrets and never embedded in the App;
• Rate limiting. AI features are rate-limited at the client and server (5 requests per minute and 200 per day) to prevent abuse;
• SDK and dependency hygiene. We monitor security advisories and apply security patches in a timely manner;
• Crashlytics monitoring. We monitor for unexpected behaviour that may indicate security incidents;
• Code obfuscation. Release builds are obfuscated using Flutter’s split-debug-info and obfuscation flags.

16.2 Organisational Safeguards

• Access to Personal Data is restricted to personnel with a legitimate business need and is logged;
• Personnel are bound by confidentiality obligations;
• Periodic privacy and security training is conducted;
• Incident-response procedures are documented.

16.3 Limitations

No system can guarantee absolute security. Internet transmissions are inherently susceptible to interception, and despite our safeguards, unauthorised parties may gain access to data through means beyond our control.

16.4 Data Breach Notification

In the event of a data breach affecting your Personal Data we will:

• Notify the Data Protection Board of India under the DPDP Act in the prescribed manner and within the prescribed time;
• Notify our supervisory authority within seventy-two (72) hours of becoming aware of the breach if the GDPR applies;
• Notify you without undue delay where the breach is likely to result in a high risk to your rights and freedoms;
• Notify the relevant California Attorney General and affected California residents under California breach laws where applicable.

17. Your Rights & Choices

Subject to applicable law, you have the following rights with respect to your Personal Data. The specific rights available depend on your jurisdiction.

17.1 Rights Under the DPDP Act (India)

• Right to access information — obtain a summary of the Personal Data being processed and the activities undertaken;
• Right to correction and erasure — have inaccurate or out-of-date data corrected and have unnecessary data erased;
• Right of grievance redressal — raise grievances with our Grievance Officer (Section 24);
• Right to nominate — nominate another individual to exercise rights on your behalf in case of incapacity or death;
• Right to withdraw consent — at any time.

17.2 Rights Under the GDPR (EEA / UK)

• Right of access (Article 15) — obtain a copy of your Personal Data and information about how it is processed;
• Right to rectification (Article 16) — have inaccurate Personal Data corrected;
• Right to erasure ("right to be forgotten") (Article 17) — have your Personal Data deleted in specified circumstances;
• Right to restriction of processing (Article 18) — restrict processing in specified circumstances;
• Right to data portability (Article 20) — receive your Personal Data in a structured, commonly used, machine-readable format and transmit it to another controller;
• Right to object (Article 21) — object to processing carried out on the basis of legitimate interests, including profiling;
• Right not to be subject to automated decision-making (Article 22) — LuckMap does not make decisions about you using solely automated means that produce legal or similarly significant effects;
• Right to withdraw consent at any time, where processing is based on consent;
• Right to lodge a complaint with your supervisory authority.

17.3 Rights Under the CCPA / CPRA (California)

• Right to know what categories of Personal Information are collected and the sources, purposes, and recipients;
• Right to access specific pieces of Personal Information;
• Right to delete Personal Information;
• Right to correct inaccurate Personal Information;
• Right to opt out of "sale" or "sharing" — we do not sell or share your data in the CCPA/CPRA sense, but you may submit a verifiable request;
• Right to limit use of sensitive personal information for purposes other than those reasonably necessary to provide the Service;
• Right of non-discrimination for exercising privacy rights.

17.4 How to Exercise Your Rights

To exercise any right described above, send an email to support@luckmap.app with the subject line "Privacy Rights Request" and include:

• The email address linked to your LuckMap account;
• A description of the right you are exercising;
• Sufficient information to allow us to verify your identity (we may ask for additional information if necessary);
• Your jurisdiction (India / EEA / UK / California / other US state / other).

17.5 Identity Verification

To prevent unauthorised access we may verify your identity before fulfilling a request. Verification typically involves confirming control of the email address registered with your account. For sensitive requests we may request additional verification information.

17.6 Response Time

• DPDP requests: thirty (30) days;
• GDPR requests: thirty (30) days, extendable by up to two (2) further months for complex requests;
• CCPA/CPRA requests: forty-five (45) days, extendable by another forty-five (45) days for good cause.

17.7 Authorised Agents

Where the law permits, you may authorise an agent to make rights requests on your behalf. We may verify both the agent’s authority and your identity.

17.8 Fees

Rights requests are typically free of charge. We may charge a reasonable fee for repeated requests that are manifestly unfounded or excessive, in accordance with applicable law.

17.9 No Discrimination

We will not discriminate against you for exercising any right described in this Section 17. Specifically, we will not deny you the Service, charge you different prices, or provide a different level of quality solely because you exercised a privacy right.

18. Children’s Privacy

LuckMap is rated Teen (13+) on the Google Play Store and is not intended for use by children below the minimum applicable age.

18.1 Minimum Age Requirements

• United States: thirteen (13) years — per COPPA;
• European Union: sixteen (16) years — per GDPR Article 8 (some Member States have set thirteen, fourteen, or fifteen);
• United Kingdom: thirteen (13) years — per the UK age of digital consent;
• India: eighteen (18) years — per Section 9 of the DPDP Act, with verifiable parental consent required for those below eighteen.

18.2 Age Verification at Sign-Up

During onboarding, the App requests confirmation that you are at least thirteen (13) years old. By proceeding, you represent that you meet the minimum age in your jurisdiction.

18.3 Treatment of Minors

For Users who self-declare an age below the local age of digital consent (eighteen in India, sixteen in the EEA, thirteen in the United States), the Service:

• Disables personalised advertising and behavioural targeting;
• Tags AdMob requests for child-directed treatment;
• Disables Firebase Analytics where required by law;
• Does not include the User in re-engagement campaigns;
• Restricts AI chat to safe-mode prompts where available.

18.4 Verifiable Parental Consent for Indian Users (DPDP)

The Indian DPDP Act requires verifiable parental consent for processing the Personal Data of children under eighteen (18). The DPDP Rules implementing this requirement enter into full force in May 2027. We are progressively implementing a verifiable parental-consent flow that, when active, will require:

• An identifying email address or phone number of a parent or legal guardian;
• Confirmation of consent through a verification code sent to that email or phone;
• Storage of the consent record alongside the child’s account.

Until that flow is in production, Indian Users below eighteen are advised to refrain from using the Service. Where we discover that an Indian child has used the Service without parental consent, we will obtain consent from the parent or guardian, or, failing that, delete the account.

18.5 Action by Parents and Guardians

If you are a parent or guardian and believe a child below the minimum age has provided Personal Data to LuckMap, please email support@luckmap.app with the child’s registered email and a brief description. We will promptly investigate, delete the data, and confirm the deletion to you, unless retention is required by law.

18.6 No Knowingly-Targeted Marketing

We do not knowingly market to children, knowingly collect children’s data without parental consent, or sell children’s data.

19. Astrological Predictions Disclaimer

LuckMap is provided for entertainment, educational, cultural, and personal-reflection purposes only. While we use the Swiss Ephemeris library and traditional astrological texts to compute charts, the interpretive content — including AI-generated readings — should not be relied upon as professional advice in any field.

19.1 Not Professional Advice

LuckMap content is not a substitute for:

• Medical advice — consult a licensed physician for health concerns. Astrological remedies are not validated medical treatments;
• Legal advice — consult a licensed attorney for legal matters. AI predictions about lawsuits or legal outcomes are speculative;
• Financial advice — consult a registered investment adviser before making financial decisions. Predictions about wealth, business, or markets do not constitute investment advice;
• Mental-health advice — consult a licensed psychologist or psychiatrist for mental-health concerns. AI chat is not a therapy substitute;
• Marriage or relationship counselling — compatibility scores and AI marriage predictions are for entertainment.

19.2 No Guarantees

We make no warranty regarding:

• The accuracy of astrological predictions;
• The outcome of decisions made based on readings;
• The success of relationships rated as compatible;
• The avoidance of difficulties indicated as challenging;
• The materialisation of events identified as auspicious.

19.3 AI-Specific Limitations

AI-generated content reflects pattern recognition from training data and astrological corpora. AI does not predict the future. AI responses may contain factual inaccuracies, misinterpretations of traditional texts, or biases inherent in their training data.

19.4 Cultural and Religious Sensitivity

References to deities, mantras, gemstones, rituals, and other religious or cultural elements are presented respectfully and contextually. They are not religious instruction and should not be construed as such. If you have religious or ethical concerns about specific content, please contact support@luckmap.app.

19.5 User Responsibility

You are solely responsible for decisions you make based on LuckMap content. AppskKuber disclaims all liability for outcomes attributable to reliance on the Service, to the maximum extent permitted by law.

20. Partner & Third-Party Birth Data

LuckMap permits you to add Birth Data of other natural persons (Saved Profiles) to compute compatibility analyses. This functionality is convenient but raises specific privacy obligations.

20.1 Your Representations

By creating a Saved Profile you represent and warrant that:

• You have obtained the Third-Party Subject’s informed consent before adding their Birth Data;
• You have informed them that their data will be processed for compatibility analysis and may be transmitted to AI service providers in the United States;
• You have informed them that they may exercise their privacy rights directly with us;
• You have authority and the technical means to delete their data upon their request;
• The Third-Party Subject is at least eighteen (18) years old, or you are their parent or legal guardian.

20.2 Sensitive-Data Caveats

Adding a Saved Profile is processing of another natural person’s Sensitive Personal Data. Doing so without consent may violate the DPDP Act, the GDPR, the CCPA/CPRA, or other applicable laws and may expose you (not us) to liability.

20.3 Removing Saved Profiles

• You can delete a Saved Profile at any time via App → Profiles → [Profile] → Delete;
• The Third-Party Subject may request deletion directly from us by emailing support@luckmap.app with sufficient details to allow us to identify the Saved Profile (typically the registered User’s email plus the Subject’s name and date of birth).

20.4 Indemnification

You agree to indemnify and hold AppskKuber harmless from any claims, demands, damages, or liabilities arising out of your addition of Saved Profiles in violation of applicable law or this Policy.

21. Cookies & Web Tracking on the Website

Our Website uses minimal cookies and tracking. The App does not use traditional browser cookies; it uses local storage mechanisms (SharedPreferences, Hive boxes) which we treat with comparable transparency under Section 4.

21.1 Cookies on luckmap.app and legal.luckmap.app

The Website is largely static and uses only essential cookies, including:

• Firebase Hosting session identifiers, used to attribute and rate-limit requests;
• Analytics cookies (only on luckmap.app, not on legal.luckmap.app), set by Firebase Analytics if it is enabled.

We do not use third-party advertising cookies on the Website. We do not use cross-site tracking pixels.

21.2 Local Storage in the App

The App stores the following on your device using SharedPreferences and Hive boxes:

• Active astrology system, language, and notification preferences;
• A local cache of your computed birth charts and recent readings (for offline access);
• Chat-history session headers (session ID, first-message snippet, timestamps);
• Onboarding completion flags;
• App-installation identifier.

This local storage is not transmitted to our servers in raw form; servers receive only the synchronised subset described in Section 4. Uninstalling the App removes all local storage.

21.3 Managing Cookies

You can manage browser cookies through your browser’s settings. Disabling essential cookies may impair Website functionality. Disabling analytics cookies is supported via your browser’s Do Not Track setting (Section 22).

22. Do Not Track Signals

Some browsers offer a "Do Not Track" (DNT) signal. There is currently no industry consensus on how websites should respond to DNT signals.

Our Website honours DNT signals as follows:

• If your browser sends a DNT header, the Website does not load Firebase Analytics scripts;
• Essential cookies described in Section 21 are still set;
• The legal-documents subdomain (legal.luckmap.app) does not use analytics regardless of DNT.

The App does not have a "Do Not Track" equivalent at this time. To opt out of App analytics, please email support@luckmap.app with subject "Disable Analytics".

23. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, applicable laws, or to clarify existing language.

23.1 Notification of Material Changes

For material changes — including but not limited to changes in legal bases for processing, addition or removal of Service Providers, changes in retention periods, or changes in international transfer arrangements — we will provide advance notice through:

• An in-app banner notification displayed on App launch for at least seven (7) days prior to the new Effective Date;
• An email to your registered email address (if any);
• An updated “Last Updated” date and version number at the top of this Policy;
• A summary of changes section that we will add to this Policy.

23.2 Non-Material Changes

For non-material changes — including typographical corrections, formatting improvements, and minor language clarifications — we update the Policy without prior notice but always update the “Last Updated” date.

23.3 Continued Use

Continued use of the Service after the Effective Date of an updated Policy constitutes acceptance of the updated terms. If you disagree with changes, please discontinue use and delete your account using the procedures in Section 15.

23.4 Re-Consent for Material Changes Affecting Sensitive Data

Where a material change affects the processing of your Sensitive Personal Data — for example, addition of a new AI provider, change in transfer destination, or expansion of purposes — we will obtain fresh explicit consent before applying the new processing to your data.

24. Contact & Grievance Officer

This Privacy Policy is the entire agreement between you and AppskKuber regarding the privacy of your Personal Data, and it supersedes any prior privacy notices issued by AppskKuber for the LuckMap Service.