Privacy Policy

Effective Date: May 3, 2026 · Last Updated: May 9, 2026

Introduction

Welcome to Threadologie by Lu (the "App"), a mobile application designed for beadwork enthusiasts to create, track, and manage their beadwork patterns. This Privacy Policy explains how we collect, use, and protect your information when you use our App.

This Privacy Policy is provided for your information. Where we rely on your consent — for example, for analytics and crash reporting — we will ask for it separately, and you can withdraw it at any time in Settings.

Data We Store Locally

All your data is stored ONLY on your device. We do not have servers or cloud storage.

Local Data Storage (On Your Device Only):

• Beadwork Patterns: Pattern images, designs, grid data, and color palettes you create or import
• Progress Tracking: Which beads you've marked as complete in your patterns
• Pattern Notes: Custom notes you add to patterns
• Favorites: Patterns you've marked as favorites
• Recently Viewed: Patterns you've recently opened
• Preferences: App settings and customizations

Camera and Photo Library Access

• Camera: Used only to scan QR codes for importing patterns and to take photos for creating patterns from images
• Photo Library: Used only to import photos for creating custom bead patterns
• We do NOT store, upload, or share any photos or camera data

Auto-Renewable Subscriptions (In-App Purchases)

We offer optional subscription tiers processed by Apple (iOS) or Google (Android) via RevenueCat.

Subscription Tiers:

* Prices shown in USD. Local currency equivalent applies. Includes applicable taxes (VAT/GST).

Subscription Terms:

• Free Trial: 7-day free trial available for first-time subscribers (may not be available in all regions)
• Auto-Renewal: Subscriptions automatically renew unless cancelled at least 24 hours before the end of the current period
• Payment Timing: Your account will be charged for renewal within 24 hours prior to the end of the current period
• Payment Processor: RevenueCat (via Apple App Store / Google Play Store)

What We Store Locally:

• Subscription Status: Whether you have an active subscription (stored locally on your device)
• Subscription Expiration Date: When your current subscription period ends (for offline access)
• Purchase Receipts: Encrypted receipt data (stored securely using platform-provided secure storage)
• Pattern Creation Count: Number of patterns you've created (for free tier enforcement: 1 pattern limit)

Managing Your Subscription:

You can manage, cancel, or view your subscription status through your device settings:

• iOS (iPhone/iPad): Settings → [Your Name] → Subscriptions → Threadologie by Lu → Cancel Subscription
• Android: Google Play Store → Profile → Payments & subscriptions → Subscriptions → Threadologie by Lu → Cancel subscription
• Learn more: iOS | Android

Cancellation and Refunds:

• Cancel Anytime: You can cancel your subscription at any time through your App Store/Play Store account
• No Partial Refunds: Cancelling does not provide refunds for partial months
• Access Continues: After cancellation, you retain access until the end of your current billing period
• Auto-Renewal Stops: Your subscription will not renew after the current period expires
• Resubscribe: You can resubscribe at any time to regain access

What You Get:

Free Tier ($0):

• Create and manage 1 pattern
• Track progress on all patterns
• View statistics and favorites
• Scan QR codes to import patterns
• Import patterns from JSON files

Creators Tier ($2.99/month or $29.99/year):

• Unlimited pattern creation
• Create blank patterns from scratch
• Create patterns from photos/images
• Full pattern editor with drawing tools
• Shape library access
• PDF export (with watermark)
• Export and share patterns via QR code
• Personal use license

Creators Pro Tier ($5.99/month or $59.99/year):

• All Creators features, plus:
• Word chart export (row-by-row instructions)
• Clean PDFs (no watermark)
• Creator branding on exports
• Commercial license (sell your patterns)

Data After Cancellation:

• Your Patterns Are Safe: Patterns you created while subscribed remain accessible even after cancellation
• Viewing Only: After cancellation, you can view all your patterns but cannot create new ones (except 1 free pattern)
• No Data Loss: We never delete your patterns when a subscription expires

Receipt Verification:

• Apple/Google process payments and verify receipts
• We store encrypted receipts locally for offline verification
• Your payment information never reaches us - it stays with Apple/Google

What We Do NOT Collect

We do not collect or store directly identifying information about you. Specifically, we do not collect:

• Your name, email address, phone number, or postal address
• Location data
• Advertising identifiers
• Third-party tracking cookies (in the app)
• Account credentials (no signup required)

We do collect a limited amount of pseudonymous data via Firebase (analytics and crash reports) and a small amount of operational data on our servers (coupon redemption records keyed to an anonymous user ID). Under EU law, pseudonymous identifiers are treated as personal data even though they are not linked to your name or contact details. See "Analytics and Crash Reporting" and "Cloud Functions & Coupon Redemption" below for details.

Data Processing

Local Processing Only:

• Pattern Creation: Process images locally on your device to convert them to bead patterns
• Progress Tracking: Store your bead completion states locally to track your progress
• Pattern Management: Organize, search, filter, and sort your patterns locally
• Export/Share: Generate QR codes and JSON files locally for sharing patterns

Server Communication:

• Patterns stay local: Your patterns, progress, and notes are never uploaded to our servers
• Offline-first: Core pattern creation, editing, tracking, and viewing work offline. Optional features such as coupon redemption, subscription verification, opening shared pattern links, and analytics require a network connection.
• No cloud sync or backup of your patterns
• Limited server calls: The app contacts our Firebase Cloud Functions only when you redeem a coupon code, and our website when opening a shared pattern link. See "Cloud Functions & Coupon Redemption" below for details.

Cloud Functions & Coupon Redemption

We operate a small set of Firebase Cloud Functions (hosted by Google Cloud) to support promotional coupon codes. These are the only server-side components we run.

When This Runs:

• Only when you enter a coupon code in the app and tap "Redeem"
• Never in the background, never during normal app use

What Is Sent:

• The coupon code you entered
• Your anonymous RevenueCat app user ID (a random identifier, not linked to your name, email, or device)
• A Firebase App Check token (proves the request comes from the genuine app)

What Is Stored (Firestore):

• A record of the coupon code, its expiration, and the anonymous app user IDs that have redeemed it
• Purpose: Prevent the same coupon from being redeemed twice by the same user, and enforce campaign limits
• Retention: Coupon redemption records are kept for the duration of the campaign and then deleted
• No personal data: No name, email, device ID, IP, or payment information is stored

Analytics and Crash Reporting

We use Firebase Analytics and Firebase Crashlytics solely to improve the app and fix bugs. These services collect pseudonymous, non-identifying data only — never linked to your name, email, or contact details. They do not power advertising, profiling, or third-party marketing, and you can disable them at any time in Settings → Privacy & Legal → Analytics & Crash Reporting.

What Firebase Analytics Collects:

• App Usage Events: Which features you use — for example, patterns created/imported/completed, editor tools used (paint, fill, eyedropper, stamp), color interactions, navigation changes, paywall views, and purchase funnel steps
• Anonymous User Properties: Whether you have an active subscription, how many patterns you have created, preferred language and theme, and similar aggregate attributes. These are never linked to your name, email, or device identifier.
• Device Information: Device model, OS version, screen size (no device ID)
• Session Data: How long you use the app, screen views
• App Version: Which version of the app you're using

What Firebase Crashlytics Collects:

• Crash Reports: When the app crashes, technical details about the error
• Device State: Memory usage, battery level at time of crash
• Stack Traces: Technical information to help us fix bugs

What Firebase Does NOT Collect:

• ❌ No personal information (name, email, phone number)
• ❌ No location data
• ❌ No pattern content or images
• ❌ No bead colors or designs you create
• We do not store IP addresses ourselves. Firebase may process IP addresses transiently for security and analytics; IPs are not retained in identifiable form by the app.
• ❌ No advertising identifiers

Why We Use Firebase:

• Improve App Quality: Understand which features are used most to prioritize improvements
• Fix Crashes: Identify and fix bugs before they affect more users
• Optimize Performance: See which devices struggle and optimize accordingly
• Better User Experience: Make data-driven decisions about new features

Your Control:

• Analytics data is pseudonymized by Firebase — not linked to your name, email, or device identity
• You can disable analytics and crash reporting in Settings > Privacy & Legal > Analytics & Crash Reporting toggle
• Analytics data is used solely to improve app quality and fix bugs

Firebase Privacy Policies:

• Firebase Privacy Policy
• Google Privacy Policy

Website Analytics (threadologie-app.com)

This website uses Google Analytics 4 (provided by Google Ireland Limited) to understand how visitors interact with our site so we can improve content and usability. This applies only to the website — the mobile app is covered by the Firebase section above.

Legal Basis:

We only load Google Analytics after you give consent via the cookie banner shown on your first visit (Art. 6(1)(a) GDPR — consent). If you decline, no analytics scripts are loaded and no data is sent to Google. You can change your choice at any time by clearing your browser's site data for this domain.

What Google Analytics Collects (with consent):

• Pages viewed and time spent on each page
• Referring website (how you arrived here)
• Approximate location (country/region only — IP address is anonymized before storage)
• Device type, browser, and operating system
• A pseudonymous identifier stored in a cookie to recognize returning visitors

What Google Analytics Does NOT Collect:

• ❌ Your full IP address (anonymized via the anonymize_ip setting)
• ❌ Name, email, or any personal identifier
• ❌ Any data from inside the mobile app

Data Processor:

Google acts as a data processor on our behalf. Data may be transferred to and processed in the United States under the EU-U.S. Data Privacy Framework. See Google's Privacy Policy and Google Analytics data practices.

Opting Out:

• Click "Decline" on the cookie banner (no data is collected)
• Install the Google Analytics Opt-out Browser Add-on
• Enable "Do Not Track" or use a privacy-focused browser

Legal Basis for Processing (Mobile App, GDPR)

For users in the European Union, we rely on the following legal bases under Art. 6 GDPR:

• Performance of a contract (Art. 6(1)(b)): Processing strictly necessary to deliver subscription features and entitlements (Apple/Google billing, RevenueCat, coupon redemption).
• Legitimate interests (Art. 6(1)(f)): Product analytics (Firebase Analytics) to improve app quality and prioritize features, crash reporting (Firebase Crashlytics) to identify and fix bugs, and app integrity verification (Firebase App Check) to prevent abuse and protect server resources. These services do not power advertising, profiling for marketing, or third-party data sharing. You have the right to object at any time via Settings → Privacy & Legal → Analytics & Crash Reporting, which disables both analytics and crash reporting.

For purposes of GDPR, Lucie Levices (Austria) is the data controller for personal data processed under this Privacy Policy. Contact: hello@threadologie-app.com.

Your Rights (GDPR Compliance)

If you are in the European Union, you have the following rights:

• Right to Access: You can view all your data in the app
• Right to Rectification: You can edit or correct your patterns and notes
• Right to Erasure ("Right to be Forgotten"): You can delete all local data via "Clear All Data" in Settings. Note: anonymous analytics data previously sent to Firebase is retained per Google's data retention policy (typically 2 months). RevenueCat retains subscription records for billing and legal purposes.
• Right to Data Portability: You can export all your patterns as JSON files
• Right to Object: Since we don't collect personal data, there's nothing to object to
• Right to Withdraw Consent: You can revoke camera/photo permissions in device settings
• Right to Lodge a Complaint: You have the right to lodge a complaint with a data protection supervisory authority. In Austria, this is the Datenschutzbehörde (www.dsb.gv.at). You may also contact the supervisory authority in your EU member state of residence or where the alleged infringement occurred.

Children's Privacy (COPPA Compliance)

The app is designed to avoid collection of personal information from children:

• No personal information collected
• No account creation
• No social features or chat
• No advertisements
• No location tracking
• No third-party data sharing

Parents may use their judgment to allow children to use this app for creative beadwork projects.

Data Security

We take security seriously:

• Local Encryption: Pattern data stored using SQLite with platform security
• Secure Storage: Purchase receipts encrypted using flutter_secure_storage (AES-256-GCM on Android, Keychain on iOS)
• Pattern Data Protection: Your pattern data never leaves your device. Only anonymous analytics are sent to Firebase (can be disabled in Settings)
• Device Lock: Your data is protected by your device's lock screen/biometric security

Data Retention

• Your Data: Stored on your device until you delete the app
• App Deletion: Uninstalling the app removes all local data permanently
• No Backups: We don't maintain backups (your device may backup via iCloud/Google)

Your Control Over Data

Data Deletion:

• Delete Patterns: Delete individual patterns and all associated data (progress, notes)
• Clear All Data: Use "Clear All Data" in Settings to delete everything permanently
• Uninstall App: Deleting the app removes all local data from your device

Data Export:

• Export Patterns: Export patterns as JSON files to your device
• Batch Export: Export all patterns at once
• Manual Backup: Save exported files to iCloud, Google Drive, or your preferred cloud storage

Data Portability:

• JSON Format: All patterns are exportable in standard JSON format
• QR Codes: Patterns can be shared via QR codes
• Cross-Platform: Pattern files work on any device running Threadologie by Lu

Third-Party Services

We use the following third-party services:

App Distribution & Payments:

• Apple App Store / Google Play Store: For app distribution and in-app purchases
• Apple StoreKit / Google Play Billing: For payment processing (privacy policies apply from Apple/Google)

Analytics & Crash Reporting (Firebase):

• Firebase Analytics: Pseudonymous app usage analytics (see "Analytics and Crash Reporting" section above)
• Firebase Crashlytics: Crash reports to fix bugs (see "Analytics and Crash Reporting" section above)
• Firebase Authentication: We do not require login. The Firebase SDK may create a pseudonymous session identifier on your device, but no name, email, or password is collected. Cloud Functions are secured via Firebase App Check, not user credentials.
• Data Collection: Pseudonymous only — no name, email, phone, or contact information
• Privacy Policies:
  • Firebase Privacy Policy
  • Google Privacy Policy

App Integrity Verification (Firebase App Check):

• Firebase App Check: Verifies that requests to our cloud services come from the genuine app
• Data Collected: Device integrity signals via Play Integrity (Android) and DeviceCheck (iOS)
• Purpose: Protects against unauthorized API access and abuse
• No Personal Data: Does not collect or store personal information

Subscription Management (RevenueCat):

• RevenueCat: Manages subscription status and entitlements
• Data Collected: Pseudonymous app user ID (auto-generated UUID, not linked to your name or email), subscription status, purchase history, device metadata
• Purpose: Verify subscription status, process purchases, manage entitlements
• No Personal Data: No name, email, or payment details (handled by Apple/Google)
• Privacy Policy: RevenueCat Privacy Policy

QR Code Detection (Google ML Kit):

• Google ML Kit Barcode Scanning: Detects QR codes from camera and images
• Processing: Entirely on-device — no data sent to Google servers
• No Data Collection: Images and scan results stay on your device

We do NOT use:

• ❌ Advertising networks (no ads in this app)
• ❌ Social media SDKs (no social login or sharing SDKs)
• ❌ A/B testing platforms
• ❌ Marketing or tracking pixels
• ❌ Third-party data brokers

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Updating the "Last Updated" date at the top of this policy
• Displaying a notice in the app
• Requiring you to accept the new policy (for material changes)

Your continued use of the app after changes means you accept the updated policy.

Legal Information

• Developer: Lucie Levices
• Location: Austria (EU)
• Jurisdiction: Austrian law applies

Thank you for using Threadologie by Lu!