Privacy Policy
Thank you for using OurDays (“App”), package name com.ourdays.yesaa. We respect your privacy. This Privacy Policy explains how we handle your information and is designed to comply with Google Play requirements and applicable privacy laws in the United States, the European Union/EEA, the United Kingdom, and other regions where the App may be available.
For the purposes of this Privacy Policy:
Account means a unique account created for you to access our Service or parts of our Service. OurDays does not require you to create an account.
Affiliate means an entity that controls, is controlled by, or is under common control with a party, where “control” means ownership of 50% or more of the shares, equity interest, or other securities entitled to vote for the election of directors or other managing authority.
Application refers to the software program provided by the Company, named OurDays, a date tracking and countdown application that lets you manage anniversaries, countdown and count-up events, notebooks/categories, optional custom card backgrounds, and related in-app preferences on your device.
Company (referred to as “the Company”, “We”, “Us”, or “Our” in this policy) refers to Yesaa Technologies.
Country refers to: India (where Yesaa Technologies is established).
Device means any device that can access the Service, such as a computer, mobile phone, or digital tablet.
Personal Data means any information that relates to an identified or identifiable individual.
Service refers to the Application.
Service Provider means any natural or legal person who processes data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service, or to assist the Company in analyzing how the Service is used.
1. Information we collect
1.1 Information we do not ask you to submit
OurDays does not require registration or login. We do not ask you for your name, email, phone number, or postal address for core countdown and event features.
1.2 Local app data (on your device)
To provide countdown and count-up events, notebooks/categories, display preferences, optional custom card backgrounds, and related features, the Application stores related data locally on your device (for example event titles, target dates, categories, and similar data) using local app storage (including SharedPreferences or other on-device storage where applicable). This data is used to restore your content and is not uploaded to our own servers by the Application for the features described in this version.
If you choose a custom background image, the App uses your device’s system photo picker; a compressed copy may be saved in the App’s private, app-specific storage on your device so the background can be shown offline. That file stays on your device unless you clear the App’s data or uninstall the App.
Except for the single internal statistic request described in Section 1.5, event content and similar local feature data are not uploaded to our own servers.
1.3 Advertising-related data (TopOn and ad networks)
The Application integrates the TopOn SDK and multiple third-party advertising networks to show ads (such as interstitial and rewarded ads). Those partners may process data for ad delivery, measurement, fraud prevention, and optimization, which may include:
- Device information such as device model, OS version, language, screen parameters, and similar technical identifiers;
- Advertising identifiers such as Google Advertising ID (where available and permitted);
- Approximate location inferred from IP address;
- App usage and ad interaction data such as impressions, clicks, completions, and related events;
- Network information such as IP address, connection type (Wi-Fi/cellular), and carrier-related information when available.
These Service Providers process data under their own privacy policies. We recommend reviewing their policies to understand their practices.
1.4 Transmission security (ads)
Communications between the Application and TopOn, and between TopOn and its partners, normally use industry-standard HTTPS/TLS encryption to protect data in transit. No method of transmission over the Internet is 100% secure.
1.5 First open after install (internal statistics only)
After you install the Application and open it for the first time, the Application sends one lightweight HTTPS POST to:
https://www.aiabn.space/api/stat/report?appCode=ourdays
The body is minimal JSON ({}) with Content-Type: application/json. The Application does not add custom HTTP headers that carry your app version, device model, operating-system version, advertising ID, or event data—only the JSON body (and the minimal headers the HTTP client needs to send that body, such as Content-Type) are sent. It is only for our internal count of installs or first opens. Under normal use it runs once per install (first Application process start), before the TopOn GDPR / consent UI if that UI is shown on that start, and does not depend on login (there is none), advertising consent completion, or TopOn initialization. The call is asynchronous; success or failure does not affect using the App or ads. Clearing app storage or reinstalling may cause this one-time request to be attempted again because the on-device “already sent” flag is reset.
Like any HTTPS request, the server may still receive ordinary connection-layer metadata (for example IP address and TLS-related signals). Align your Google Play Data safety answers with what you declare for this endpoint.
2. How we use information
We use locally stored app data solely to operate countdown, event, and related features on your device.
We use the first-open request described in Section 1.5 solely for internal install / first-open statistics and not for identifying individuals.
We rely on TopOn and advertising partners to show ads and measure ad performance. Their processing is described in their policies and in Section 5 of this Privacy Policy.
We do not sell your personal data. Where advertising partners process identifiers or usage data that may be considered personal data under applicable law, their processing is governed by their policies and your device and platform settings.
3. Data storage and retention
Locally stored app data remains on your device until you clear app data or uninstall the Application, unless your device backup/restore copies it according to your OS or account settings.
Advertising partners may retain ad-related data according to their own retention schedules (often months to up to approximately 24 months, then deletion or anonymization, depending on the partner).
4. Permissions (our manifest and merged SDK manifest)
The final installed APK/AAB merges permissions from OurDays’s own AndroidManifest.xml with those contributed by TopOn and integrated advertising SDKs (Section 5). Labels on your device may differ slightly by OEM or Android version; the authoritative list is under Settings → Apps → OurDays → Permissions. We do not enable precise/coarse location or legacy external storage write permissions in our manifest (those lines remain commented).
4.1 Declared in our own AndroidManifest.xml
These are the uses-permission entries we actively declare and enable (not commented out) in our project:
- android.permission.INTERNET — Allows the app to use network access. The integrated TopOn SDK and ad network partners need the internet to fetch ad configuration and creatives, show interstitial/rewarded ads, and communicate with ad and measurement servers. Without this permission, those ad-related features cannot work normally. This permission alone does not mean a specific category of personal data is always uploaded; it enables lawful network communication under this Policy and partners’ policies. If you disable mobile data/Wi-Fi for the app or restrict background data, ads and network-dependent features may fail or behave inconsistently.
- android.permission.ACCESS_NETWORK_STATE — Lets the app read whether the device has connectivity and the connection type (for example Wi-Fi vs cellular). The app and ad SDKs use this to decide whether to request ads, whether large downloads are appropriate on cellular, and to degrade gracefully on offline or poor networks. Used for connectivity checks and policy optimization only.
- com.google.android.gms.permission.AD_ID — Where supported and permitted under Google Play policies, allows the app and integrated ad SDKs (TopOn and partners) to access the Google advertising ID for personalized ads and measurement (impressions, clicks, conversions, attribution) in support of the free ad-supported model. The advertising ID is provided by Google Play services and can be reset by you; it is not your name, email, or phone number. You can reset the advertising ID or limit ad personalization in device settings (paths vary by OEM/Android version).
4.2 Additional permissions commonly merged from third-party SDKs
Depending on SDK version and build variant, the merged manifest may also include permissions such as the following. They are listed for transparency; not every build or device will surface every item in Settings. Typical purposes are summarized; see each partner’s policy for detail.
- android.permission.ACCESS_WIFI_STATE — Wi-Fi connection state for network diagnostics and ad/media loading behavior.
- android.permission.ACCESS_ADSERVICES_ATTRIBUTION — Android Privacy Sandbox–related attribution APIs where supported.
- android.permission.ACCESS_ADSERVICES_TOPICS — Android Privacy Sandbox Topics (or related ad-services APIs) where supported.
- android.permission.READ_PHONE_STATE — Often declared by ad SDKs for call-state awareness (e.g. pausing ads during a call) and network-type signals. It does not authorize us to collect call content; partners must comply with law and platform policy.
- android.permission.VIBRATE — Haptics in UI or ad UI.
- com.android.vending.CHECK_LICENSE — Play licensing when distributed via Google Play.
- com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE — Install referrer / campaign attribution via Play services.
- android.permission.WAKE_LOCK — May be merged for ad playback, downloads, or SDK background work where applicable.
- android.permission.RECEIVE_BOOT_COMPLETED — System broadcast after reboot for SDK scheduling (as implemented by each SDK).
- android.permission.FOREGROUND_SERVICE — Foreground service types that media or ad components may use under system rules.
- App-specific non-exported receiver permission (signature-level, e.g. com.ourdays.yesaa.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION) — Restricts dynamic broadcast receivers; security hardening, not for collecting personal information.
If a merged permission is not granted at runtime (where Android requires runtime consent), affected SDK features may be limited. Your Google Play Data safety section should align with actual data collected or shared, which may depend on these SDKs—not only the permissions in Section 4.1.
5. Third-party services: TopOn SDK and integrated advertising SDKs
The Application integrates TopOn (TPN / Anythink) mediation and the following advertising-related components (versions may change between releases; see your installed build or store listing for details):
- TopOn core and ad format modules (core, native, banner, interstitial, rewarded, splash)
- Vungle (Liftoff)
- Unity Ads
- ironSource (LevelPlay)
- BIGO Ads
- Pangle (ByteDance global programmatic ads SDK, overseas)
- Meta Audience Network (Facebook)
- InMobi
- SmartDigiMktTech (SDM / related TU Adx components)
- AppLovin
- Mintegral
- Kwai (Kwai Network ads)
- Chartboost
- Yandex Mobile Ads
- Fyber (Digital Turbine marketplace)
- Tramini plugin (TopOn-related analytics/measurement tooling)
- Supporting Google Play services libraries may also be present (for example components used with advertising identifiers or related APIs).
5.1 Privacy policy links (third parties)
For SmartDigiMktTech / Tramini and other TopOn companion components, also refer to TopOn documentation and the TopOn privacy policy above.
5.2 EEA/UK users (consent and SDK initialization) — how the current build behaves
Depending on your region, advertising SDKs may require a lawful basis such as consent before processing certain data for personalized advertising. In the current build:
- Region classification (before first ATSDK.init): The app calls TopOn’s
ATSDK.checkIsEuTrafficwhen the main screen Activity begins the TopOn initialization path, caches the boolean result in app SharedPreferences, and supplements EU detection with a United Kingdom heuristic based on SIM or cellular network country ISO “gb” (not system display language/locale alone) to treat UK-related traffic as within the same consent gate as EEA traffic where applicable. Duplicate in-flight probes are merged so only one network request runs. checkIsEuTrafficnetwork or API error: If the initial TopOn EU traffic probe fails (for example a network error reported viaonErrorCallback), the app does not assume all users are in the EEA/UK. It treats traffic as non-regulated for consent-gating unless a UK SIM or cellular network country code indicates GB; then it may still show the TopOn GDPR / consent UI. A successful probe on a later cold start may update the cached classification.- When the TopOn GDPR / consent UI is shown: If traffic is treated as regulated (EU per TopOn’s probe and/or the UK heuristic above) and
ATSDK.getGDPRDataLevelis stillATSDK.UNKNOWNbefore init, the app shows TopOn’s GDPR / consent UI (ATSDK.showGdprAuth) over the app before the firstATSDK.init. If traffic is not in scope, or a GDPR level is already stored (not UNKNOWN), the app may proceed without that form. - ATSDK.UNKNOWN before init (non-regulated paths): Where traffic is not treated as regulated, the Application may call
ATSDK.initeven while the GDPR level is still UNKNOWN (for example typical non-EU/UK traffic). - User choice on the TopOn GDPR UI: The TopOn consent surface records the user’s data / personalization choice (commonly personalized vs non-personalized / limited processing). After a completed choice returned by
ATSDK.showGdprAuth, the app persists the level, callsATSDK.setGDPRUploadDataLevelwith the value TopOn returns (for example PERSONALIZED or NONPERSONALIZED), and then proceeds toATSDK.init. Declining personalized ads does not skip TopOn initialization: the SDK must still initialize to fetch configuration and mediation; advertising may continue in a non-personalized or otherwise permitted form depending on the level and each partner’s policies. - TopOn GDPR page failed to load (onPageLoadFail): If the official consent web UI fails to load while the app is still waiting for a first decision in a regulated region, the Application does not persist a consent choice for that attempt (the user remains undecided locally: we do not call
ATSDK.setGDPRUploadDataLeveland do not write our GDPR level to SharedPreferences for that failure). The app then still proceeds toATSDK.initon the main thread so you can use OurDays without being blocked. On a later cold start, if traffic is still treated as regulated andATSDK.getGDPRDataLevelis stillATSDK.UNKNOWN, the app will try again to show the TopOn GDPR / consent UI before the next first-init path. - After ATSDK.init succeeds: The app may call
ATSDK.checkIsEuTrafficagain asynchronously (for example for logging). Failures of that secondary call are logged only and do not change the consent UI, re-run the form, or alter a GDPR level already persisted by the user throughATSDK.showGdprAuth.
The first-open install statistic in Section 1.5 is intended to run once per install on the first Application process start, before any TopOn consent UI if shown on that start; it does not depend on advertising consent completion and is not blocked by the advertising consent flow.
We encourage users in the EU/EEA/UK to use system ad privacy controls (for example reset advertising ID, limit ad personalization). Whether an additional certified consent platform (CMP) is required for your use case is governed by current Google and local rules—verify against the latest official guidance.
6. Children’s privacy
The app is not directed at children under 13 (or under 16 in the EEA/UK where applicable). We do not knowingly collect personal data from children for our own independent profiling. Advertising partners may have their own age-related rules and controls. If you believe we have inadvertently collected such data, please contact us at yesaatechnologies1990@gmail.com and we will address it promptly.
7. Data security
We take reasonable technical and organizational measures to protect information. Local app data stays primarily on your device. Ad-related transmissions normally use HTTPS/TLS as described above. No method of storage or transmission is 100% secure.
8. International data transfers
Advertising partners may process data in countries other than your own. Their practices are described in their privacy policies. Where required by law, they may rely on appropriate safeguards for international transfers.
9. Your rights by region
Depending on where you live, you may have rights to access, correct, delete, restrict, or object to processing, to data portability, and to withdraw consent where processing is based on consent. You may also have the right to opt out of certain “sales” or “sharing” of personal information under US state laws, where applicable.
Because advertising partners may process identifiers or usage data that can be personal data in some jurisdictions, you can also exercise controls through your device (for example reset advertising ID, opt out of ads personalization) and through partner policies linked in Section 5.
For requests to us regarding this Privacy Policy, contact yesaatechnologies1990@gmail.com.
9.1 Deletion of your personal data (and limits)
Depending on applicable law, you may have the right to request deletion of personal data we hold about you, subject to the limits below.
No in-app accounts: OurDays does not offer registration or login. There is no user account to cancel. Please describe your request clearly (for example, data related to our first-open statistic in Section 1.5) rather than using “account closure” wording.
How to contact us: Email yesaatechnologies1990@gmail.com with a clear subject line (for example, “OurDays – data deletion request”). Where we control the data and deletion is technically feasible and lawful, we aim to complete appropriate steps within approximately 30 days, unless a longer period is required by law or legitimate dispute resolution.
Data stored on your device: Local data described in Section 1.2 can be removed by clearing app data or uninstalling the Application.
Advertising ID and ad partners: You can reset or limit the Google advertising ID and ad personalization in your device settings (paths vary by OEM/Android version). That reduces linkage of future ad activity to the previous identifier for TopOn and partners, but it does not erase historical records already held by third-party networks; they process data under their policies (Section 5).
TopOn and other independent controllers: For data processed primarily by TopOn or another advertising partner, you may need to exercise rights directly with that partner using its privacy policy and tools. Our email address is for the Company’s own practices and data we control (for example, reasonable requests regarding our first-open statistic endpoint in Section 1.5, where applicable and technically feasible).
What we may retain: We may keep information where law requires it, for dispute resolution or to protect legal rights, or where information is already aggregated or anonymized so that it can no longer reasonably identify you.
Third-party retention: Advertising partners may retain ad-related data according to their schedules (often on the order of months to up to approximately 24 months, then deletion or anonymization, depending on the partner). A request to us does not automatically delete copies held by third parties.
Withdrawing consent (where applicable): You may use device settings (advertising ID, app permissions such as network access where applicable), TopOn’s GDPR/consent UI when it is shown, and email to the address above. Withdrawing consent or limiting identifiers may affect ads personalization or measurement; core countdown and event features may remain usable depending on your choices and connectivity.
This Application does not use an in-app account system, in-app WebView–based login, or cookies for the features described in this Policy; deletion lists referring to “passwords,” “WebView session tokens,” or similar items do not apply to the current store build.
9.2 European Union (EU) / European Economic Area (EEA) / United Kingdom (UK) — GDPR / UK GDPR
You may have the rights described above and the right to lodge a complaint with a supervisory authority. Contact us at yesaatechnologies1990@gmail.com for questions.
9.3 United States — California (CCPA / CPRA)
California residents may have additional rights regarding personal information. We do not “sell” personal information in the traditional sense; some sharing of identifiers for cross-context behavioral advertising may be treated as “sharing” under California law—use device opt-outs and partner controls where available.
9.4 Other US states / Brazil / other regions
Similar rights may apply under local laws. Contact us at yesaatechnologies1990@gmail.com for requests or questions.
10. Changes to this policy
We may update this Privacy Policy from time to time. We will change the “Last updated” date at the top and, where appropriate, notify you through the app or the store listing. Your continued use of the app after changes constitutes acceptance of the updated policy where permitted by law.
11. Governing law
This policy is governed by the laws of the jurisdiction in which Yesaa Technologies is established, without prejudice to any mandatory rights you have under the laws of your country of residence (including in the EEA, UK, or US states).
12. Contact us
For any questions, requests, or complaints about this Privacy Policy or our handling of your information:
Email: yesaatechnologies1990@gmail.com
We will respond within a reasonable time.