1. Introduction
NovoTech Pty Ltd ("we", "us", or "our") operates the ConvertX mobile
application (the "App"), available on the Google Play Store under the package name
com.novotechx.convertx.
This Privacy Policy explains what information we collect, how we use it, and the choices
you have. By installing or using the App you agree to the practices described in this
policy. If you do not agree, please uninstall the App.
We are committed to protecting your privacy. ConvertX is designed as a
privacy-conscious utility — it does not require you to create an account
and operates with minimal data collection. Where advertising or analytics services are
used, we obtain your consent before processing data where required by law.
2. At-a-Glance Summary
| Category |
Status |
Details |
| User accounts / login |
None |
No account is required; some pseudonymous device and app identifiers may be processed when enabled |
| Personal information collected |
No direct identifiers |
No name, email, phone, or address; optional SDKs may process pseudonymous identifiers |
| Device permissions |
Internet + SDK permissions |
INTERNET, ACCESS_NETWORK_STATE, AD_ID, and ad-SDK permissions (see Section 5) |
| Analytics |
Yes |
Firebase Analytics and Facebook Analytics (anonymous usage events, consent-gated) |
| Crash reporting |
Yes |
Firebase Crashlytics (anonymous crash logs) |
| Advertising |
Yes |
Google AdMob mediation, including Meta Audience Network (banner ads only, consent-gated) |
| Consent management |
Yes |
Google User Messaging Platform (UMP) for GDPR/CCPA consent |
| In-app purchases |
Yes |
Annual ConvertX Pro subscription via Google Play Billing (processed by Google) |
| Data sold to third parties |
No monetary sale |
We do not sell your data for money, though ad-tech sharing may occur with consent |
3. Consent and Your Choices
ConvertX uses the Google User Messaging Platform (UMP) to present a
consent form before any advertising or analytics data is processed. This form complies
with the IAB Transparency and Consent Framework (TCF v2) and is shown to users in
jurisdictions where consent is required (e.g., EEA, UK, California).
By default, all analytics and advertising data collection is disabled.
Data is only processed after you provide consent through the consent form. You can change
your consent preferences from the App's consent management entry point when available for
your region.
The App's manifest sets all Firebase consent signals to false by default
(analytics storage, ad storage, ad user data, and ad personalisation signals). These are
only enabled after you opt in.
4. Information We Collect
4.1 Information You Provide
ConvertX does not require registration, login, or any form of account
creation. You are never asked to provide your name, email address, phone number, or any
other personal information.
All conversion inputs, favourite conversions, and conversion history you create are
stored locally on your device only and are never transmitted to our
servers or any third party.
The App also creates a locally stored pseudonymous app-instance identifier that we use
for app event attribution and backend analytics when those features are enabled.
4.2 Information Collected Automatically (with consent)
When you use the App and have provided consent, the following non-personal information
may be collected automatically:
a) Firebase Analytics
We use Google Firebase Analytics to understand general usage patterns and improve the App.
Firebase Analytics may automatically collect:
- App opens and session duration
- Screen views and navigation flows
- Device model, operating system version, and screen resolution
- App version and country/region (derived from IP address, which is not stored)
- Installation source (install referrer)
This data is aggregated and anonymised. We do not link analytics data to any individual user.
b) Firebase Crashlytics
We use Google Firebase Crashlytics to detect and fix crashes and errors. When a crash or
non-fatal error occurs, Crashlytics may collect:
- Crash stack traces and exception details
- Device model, operating system version, and orientation
- Available memory and disk space at the time of the crash
- App version and build number
- Breadcrumb logs (general event sequence leading to a crash, containing no personal data)
c) Facebook Analytics
The App integrates the Facebook SDK (Meta Platforms, Inc.) for analytics
purposes. The Facebook SDK may collect:
- App events (e.g., app installs, app opens, in-app actions)
- Device information (model, OS version, screen size)
- App version and language settings
Advertiser ID collection is disabled in our configuration. The Facebook
SDK does not auto-initialise — it is only activated after consent has been granted.
d) Advertising Data (Google AdMob and Meta Audience Network)
ConvertX displays banner advertisements through
Google AdMob, using AdMob mediation to also serve ads from the
Meta Audience Network. When ads are served, Google AdMob and its
mediation partners may collect:
- Advertising identifier (Google Advertising ID / Android Ad Services ID)
- Device information (model, manufacturer, OS version, screen size)
- IP address (used for general geographic targeting, not stored in personally identifiable form)
- Ad interaction data (impressions, clicks, viewability)
- App information (package name, version)
- Network connection type (Wi-Fi, cellular)
This data is used to serve relevant advertisements and measure ad performance. If you
do not consent to personalised advertising, you may still see non-personalised
(contextual) ads.
e) Install Referrer
If you have granted analytics consent, we may capture install referrer information
provided by the Google Play Store. This tells us how you found the App
(e.g., a search, an ad campaign, or a direct link) but does not identify who
you are.
4.3 Information We Do NOT Collect
ConvertX does not collect any of the following:
- Names, email addresses, phone numbers, or physical addresses
- Precise or coarse location data (GPS, Wi-Fi, or cell tower)
- Contacts, calendar entries, or call logs
- Photos, videos, or files from your device
- Microphone or camera input
- Financial or payment information (purchases are handled entirely by Google Play)
- Passwords or authentication credentials
- Health, fitness, or biometric data
5. Device Permissions
ConvertX itself requests only the INTERNET permission. However,
third-party advertising and analytics SDKs bundled with the App may declare additional
permissions in the merged Android manifest. These include:
| Permission |
Purpose |
| INTERNET |
Required for currency rate fetching, analytics, crash reporting, and ad delivery |
| ACCESS_NETWORK_STATE |
Detect network availability before making requests |
| AD_ID / ACCESS_ADSERVICES_AD_ID |
Access the Android Advertising ID for ad personalisation (consent-gated) |
| ACCESS_ADSERVICES_ATTRIBUTION |
Android Privacy Sandbox attribution reporting for ad measurement |
| ACCESS_ADSERVICES_TOPICS |
Android Privacy Sandbox Topics API for interest-based advertising |
| ACCESS_ADSERVICES_CUSTOM_AUDIENCE |
Android Privacy Sandbox Protected Audiences for remarketing |
| ACCESS_WIFI_STATE |
Used by ad SDKs to determine connection type for ad serving |
| WAKE_LOCK |
Used by Firebase and WorkManager for background task completion |
| RECEIVE_BOOT_COMPLETED |
Used by WorkManager to reschedule pending tasks after device restart |
| FOREGROUND_SERVICE |
Used by WorkManager for long-running background currency rate updates |
| VIBRATE |
Declared by ad SDKs for interactive ad experiences |
| BILLING / CHECK_LICENSE |
Google Play Billing for premium in-app purchases |
The App does not request or use dangerous runtime permissions such as
camera, microphone, contacts, or precise location. Location permissions
(ACCESS_FINE_LOCATION and ACCESS_COARSE_LOCATION) are explicitly removed from the
merged manifest.
6. How We Use Your Information
The limited data we collect is used exclusively for the following purposes:
- App functionality: Fetching live currency exchange rates from
third-party APIs so that currency conversions are accurate and up to date.
- Stability and performance: Identifying crashes, bugs, and performance
issues through Crashlytics so we can deliver timely fixes.
- Usage analytics: Understanding aggregate usage patterns (e.g., which
conversion categories are most popular) to guide feature development.
- Install attribution: Measuring the effectiveness of marketing channels
and campaigns using install referrer data.
- Advertising: Displaying banner advertisements through Google AdMob
and its mediation partners (including the Meta Audience Network) to support the free
version of the App.
- Ad measurement: Measuring ad impressions, clicks, and conversions to
evaluate advertising performance.
We do not use collected data for profiling, automated decision-making,
or any purpose unrelated to the operation and improvement of the App.
7. Local Data Storage
ConvertX stores the following data locally on your device using
Android app sandbox storage, including Room/SQLite and app preferences. This data is
not encrypted by us at the application layer and is never uploaded to our servers unless
explicitly described elsewhere in this policy:
- Favourites: Your saved conversion pairs (e.g., "kg to lb") for quick
access.
- Conversion history: A log of recent conversions you have performed,
including the category, units, and values.
- Cached currency rates: The most recently fetched exchange rates and
the timestamp of the last update, so the App can display rates even when offline.
- Consent preferences: Your advertising and analytics consent choices,
stored in local app preferences.
- App settings: Your preferences (e.g., default categories, display
options).
- Local app identifier and attribution state: A pseudonymous device/app
identifier, app-open counters, and install-referrer state used for analytics and
attribution when enabled.
- Subscription state: Your ConvertX Pro subscription status (active or
free), product identifier, the opaque Google Play purchase token, purchase timestamp,
auto-renewal flag, and last-verified timestamp. This data is stored locally so the App
can apply your Pro benefits without re-querying Google Play on every launch.
You may clear this data at any time by clearing the App's data through your device
settings or by uninstalling the App.
8. Third-Party Services
ConvertX integrates with the following third-party services. Each service has its own
privacy policy governing the data it processes:
8.1 Google Firebase (Analytics & Crashlytics)
- Provider: Google LLC
- Purpose: Anonymous usage analytics and crash reporting
- Data processed: Anonymous device and usage metadata as described in
Section 4.2
- Privacy Policy:
https://firebase.google.com/support/privacy
8.2 Facebook SDK (Meta Platforms)
- Provider: Meta Platforms, Inc.
- Purpose: App analytics and install attribution
- Data processed: Anonymous app events and device metadata; Advertiser
ID collection is disabled
- Privacy Policy:
https://www.facebook.com/privacy/policy/
8.3 Google AdMob (Ad Mediation)
- Provider: Google LLC
- Purpose: Ad mediation — selects and serves banner advertisements,
including demand served through the Meta Audience Network
- Data processed: Advertising ID, device information, IP address, ad
interaction data (as described in Section 4.2(d))
- Privacy Policy:
https://policies.google.com/privacy
Google AdMob acts as the mediation layer. Through AdMob mediation, banner ad demand may
also be served by the following partner, which operates under its own privacy policy:
These networks may collect device identifiers, IP addresses, and ad interaction data to
serve and measure advertisements, subject to the consent choices you make through the
Google UMP consent form.
8.4 Google User Messaging Platform (UMP)
- Provider: Google LLC
- Purpose: Presenting GDPR/CCPA consent forms and managing user
consent preferences in compliance with the IAB TCF v2 framework
- Data processed: Consent choices and jurisdiction information
- Privacy Policy:
https://policies.google.com/privacy
8.5 Frankfurter API
- Provider: Open-source project (frankfurter.dev)
- Purpose: Primary source for live currency exchange rates
- Data sent: Currency codes only (e.g., "USD", "EUR") — no personal
or device data
- Privacy Policy:
https://www.frankfurter.dev
8.6 ExchangeRate-API
- Provider: ExchangeRate-API
- Purpose: Fallback source for live currency exchange rates when the
primary API is unavailable
- Data sent: Currency codes only — no personal or device data
- Privacy Policy:
https://www.exchangerate-api.com/terms
8.7 Supabase
- Provider: Supabase, Inc.
- Purpose: Backend services for app configuration, feature management,
and first-party app event analytics
- Data sent: App configuration requests and, when analytics is enabled,
pseudonymous app event data such as app-instance identifier, app version, country code,
device metadata, and event payloads
- Privacy Policy:
https://supabase.com/privacy
8.8 Google Play Install Referrer
- Provider: Google LLC
- Purpose: Measuring how users discover and install the App
- Data processed: Install referrer string and timestamps
- Privacy Policy:
https://policies.google.com/privacy
8.9 Google Play Billing
- Provider: Google LLC
- Purpose: Processing the annual ConvertX Pro subscription and
verifying its status
- Data processed: All payment information is handled entirely by
Google Play — we do not receive or store any payment card details, billing addresses,
or financial information. The App queries Google Play for your active subscription
status and stores the resulting purchase token and subscription metadata locally on
your device only (see Section 7).
- Privacy Policy:
https://policies.google.com/privacy
9. Advertising
ConvertX displays banner advertisements only. We do not use interstitial
ads, video ads, or rewarded ads.
Ads are served through Google AdMob, which uses AdMob mediation to
select ads in real time — including demand from the Meta Audience Network. When you
consent to personalised advertising, ad networks may use your Advertising ID and device
information to show ads that are more relevant to your interests. If you do not consent,
you will still see ads, but they will be non-personalised (contextual).
Your Advertising Choices
- Consent form: You can change your ad consent preferences at any time
from the App's Settings screen.
- Reset Advertising ID: You can reset or delete your Android
Advertising ID from your device Settings → Google → Ads.
- Opt out of personalisation: If you opt out via the consent form, ad
networks will not use your data for personalised ad targeting.
10. Background Processing
ConvertX may periodically refresh currency exchange rates in the background using
Android WorkManager. This background task:
- Runs approximately once per day, only when a network connection is available.
- Only activates if you have used the currency conversion feature within the last
seven (7) days.
- Sends only currency codes (e.g., "USD") to the exchange rate APIs — no personal
data is transmitted.
- Stores the updated rates locally on your device.
You can disable background data usage for ConvertX through your device's battery and
data settings.
11. Data Sharing and Disclosure
We do not sell, rent, trade, or otherwise share your personal information with
any third party for their own marketing purposes.
We may share non-personal data in the following limited circumstances:
- Advertising partners: When you consent to personalised advertising,
device identifiers and ad interaction data are shared with Google AdMob and its
mediation partners (including the Meta Audience Network, listed in Section 8.3) for the
purpose of serving and measuring advertisements.
- Analytics providers: Firebase (Google) and Facebook (Meta) process
anonymous analytics data on our behalf, subject to their respective data processing
terms.
- Legal requirements: We may disclose information if required to do so
by law, regulation, legal process, or enforceable governmental request.
- Safety: We may disclose information if we believe in good faith that
it is necessary to protect the rights, safety, or property of NovoTech Pty Ltd, our
users, or the public.
12. Data Retention
- Local data (favourites, history, cached rates, consent preferences)
is retained on your device until you clear the App's data or uninstall it.
- Pseudonymous local identifiers used for analytics or attribution are
retained on your device until you clear the App's data, use the in-app deletion
option, or uninstall the App.
- Firebase Analytics data is retained for up to 14 months by default,
after which it is automatically deleted from Google's servers.
- Firebase Crashlytics data is retained for 90 days, after which it
is automatically purged.
- Advertising data retained by Google AdMob and its mediation partners
(including the Meta Audience Network) is governed by their respective retention
policies. Please refer to the
Google Privacy Policy and the
Meta Privacy Policy for details.
- Facebook Analytics data is retained according to Meta's data
retention policies.
13. Data Security
We take reasonable measures to protect the information associated with the App:
- All network communication uses HTTPS/TLS encryption in transit.
- Local database storage is protected by Android's application sandboxing.
- Release builds use code obfuscation (R8/ProGuard) to deter reverse engineering.
- Location permissions are explicitly removed from the merged manifest.
- The Facebook SDK Advertiser ID collection is disabled by default.
- All analytics and advertising consent signals default to
false until the
user opts in.
While we strive to use commercially acceptable means to protect your data, no method of
electronic transmission or storage is 100% secure. We cannot guarantee absolute security.
14. Children's Privacy
ConvertX is a general-purpose utility application. It is not directed at children under
the age of 13 (or the applicable age in your jurisdiction). We do not knowingly collect
personal information from children.
Our advertising partners are configured to comply with applicable child protection
regulations. We do not enable child-directed ad targeting.
If you are a parent or guardian and believe your child has somehow provided personal
information through the App, please contact us so we can take appropriate action.
15. Your Rights and Choices
Depending on your jurisdiction, you may have the following rights regarding your data:
15.1 General Choices
- Manage consent: Change your advertising and analytics consent
preferences from the App's consent management entry point when available.
- Opt out of analytics: You can disable Firebase Analytics data
collection by withdrawing consent or by restricting the App's network access in your
device settings.
- Reset or delete Advertising ID: Go to your device Settings →
Google → Ads to reset or delete your Advertising ID.
- Delete local data: Clear all locally stored data (favourites,
history, cached rates, settings, consent choices, and local identifiers) by using the
App's in-app deletion option, going to your device Settings → Apps →
ConvertX → Storage → Clear Data, or by uninstalling the App.
- Disable background refresh: Prevent background currency rate updates
by restricting the App's background data usage in your device settings.
15.2 European Economic Area (EEA), United Kingdom, and Switzerland — GDPR
If you are located in the EEA, UK, or Switzerland, you have rights under the General
Data Protection Regulation (GDPR), including the right to:
- Access the personal data we hold about you
- Request rectification or erasure of your data
- Object to or restrict processing of your data
- Data portability
- Withdraw consent at any time (without affecting the lawfulness of processing based on
consent before its withdrawal)
- Lodge a complaint with your local supervisory authority
Advertising and analytics data is processed only after you grant consent through the
UMP consent form. You may withdraw consent at any time from the App's Settings screen.
If you have questions or wish to exercise any right, contact us at the address in
Section 18.
15.3 California Residents — CCPA / CPRA
Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA),
California residents have the right to know what personal information is collected, to
request deletion, and to opt out of the sale or sharing of personal information.
ConvertX does not sell personal information for money. However, some
ad-tech disclosures under the CCPA/CPRA may characterize certain advertising-related
sharing as "sale" or "sharing". Where applicable, we honor user privacy choices through
our consent management flow. For questions, contact us at the address in Section 18.
15.4 Brazil — LGPD
If you are located in Brazil, the Lei Geral de Proteção de Dados (LGPD)
grants you rights over your personal data, including the right to access, correct, delete,
and port your data. Advertising data processing is based on your consent. For enquiries,
contact us at the address in Section 18.
16. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make changes, we will:
- Update the "Last Updated" date at the top of this page.
- Post the revised policy at the same URL.
- For material changes, provide notice within the App or through the Google Play
Store listing.
Your continued use of the App after any changes constitutes your acceptance of the
revised policy. We encourage you to review this page periodically.
17. Legal Basis for Processing (GDPR)
Where GDPR applies, we rely on the following legal bases for processing the data
described in this policy:
- Consent (Art. 6(1)(a)): Processing advertising data, analytics data,
crash reporting data, and advertising identifiers. You may withdraw consent at any
time via the App's consent management entry point when available.
- Performance of a contract (Art. 6(1)(b)): Fetching currency exchange
rates, which is necessary to provide the core functionality of the App.
18. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our
data practices, please contact us:
We will respond to your enquiry within 30 days.
19. Governing Law
This Privacy Policy shall be governed by and construed in accordance with the laws of
Australia, without regard to its conflict-of-law provisions, except where mandatory local
privacy legislation (such as GDPR, CCPA, or LGPD) applies.