Pitshkofy — Privacy Policy
Last updated: 2026-05-16 · Effective immediately.
This policy explains what data the Pitshkofy Android application (package com.vagabond.pitshkofy) and the supporting backend at api.pitshkofy.com collect, why, and what your rights are. The data controller is:
Vagabond Consulting LLC
30 N Gould St Ste R
Sheridan, WY 82801, USA
privacy@pitshkofy.com
1. Data we collect
- Account data — email address, display name, password hash, optional profile photo. Created when you sign up via email or Google Sign-In.
- Device + diagnostic data — device model, Android version, locale, install ID, IP address, crash logs, performance metrics. Used to operate the app, prevent fraud and abuse, and improve stability.
- Advertising ID (Google AAID / device-or-other-IDs) — your device's Google Advertising ID is collected on every launch and shared with the third-party ad networks listed in §3 (Google AdMob, AppLovin MAX, Unity Ads, Meta Audience Network, AdGem, Pollfish) for ad serving, frequency capping, attribution, personalised advertising, and ad-fraud / invalid-traffic detection. This data collection is required for the app to function — Pitshkofy is funded by advertising and cannot operate without ad delivery. EU/UK users see Google's UMP consent screen on first launch and can opt for non-personalised ads, but the Advertising ID is still transmitted to ad networks in non-personalised mode (this is how Google's ad ecosystem operates). The Advertising ID is not processed ephemerally — it is persisted by the ad networks to provide their service.
- Earnings + activity data — coin balance, completed tasks, redemption requests, referral code usage. Required to operate the rewards feature.
- Payout data — your PayPal email or chosen gift-card email when you submit a redemption. Stored only as long as the payout is being processed (max 30 days after dispatch).
2. Why we process it (legal basis under GDPR Art. 6)
- Contract performance (Art. 6(1)(b)) — running your account, awarding coins, paying out redemptions.
- Legitimate interests (Art. 6(1)(f)) — fraud prevention, security, product improvement, basic analytics.
- Consent (Art. 6(1)(a)) — personalised advertising, optional newsletter. You can withdraw consent at any time inside the app under Settings → Privacy.
3. Third parties that receive data
We use the following processors. Each runs under their own privacy policy linked here. We disclose only the minimum data each service needs.
- Google AdMob — ad serving, fill, attribution. policy
- Google Firebase (Analytics, Crashlytics, Cloud Messaging, Authentication) — diagnostics, push, login. policy
- AppLovin MAX — ad mediation. policy
- Unity Ads — ad demand. policy
- Meta Audience Network — ad demand. policy
- AdGem — offerwall (CPA leads). policy
- Pollfish — survey rewards. policy
- PayPal Payouts — payout to your PayPal account. policy
- Tremendous — gift-card delivery. policy
4. EU / UK consent (UMP)
On first launch from an EU or UK device, Pitshkofy shows Google's User Messaging Platform (UMP) consent screen. We do not load any ad SDK or run analytics until you decide. Your consent record is stored locally and synced to the backend so it persists across sessions. You can revisit the consent screen anytime under Settings → Privacy → "Manage consent".
5. Retention
- Account + earnings data: until you delete your account, or after 24 months of inactivity (we'll email a warning first).
- Payout records: 7 years (German tax law, §147 AO, even though we are a US LLC we keep the same retention to be safe).
- Crash logs: 90 days.
- Ad-id / IP-bound diagnostic data: 14 months max (Google default).
6. Your rights
Under GDPR (EU/UK) and the California CCPA you can:
- Access a copy of your data — email privacy@pitshkofy.com, response within 30 days.
- Correct or update your data — directly in the app or by email.
- Delete your account — Settings → Account → "Delete my account". This wipes profile + earnings within 14 days. Payout records retained for tax purposes (see §5).
- Withdraw consent — Settings → Privacy → "Manage consent".
- Lodge a complaint with your local data protection authority.
7. Children
Pitshkofy is rated 18+ and not directed at children. The app refuses sign-ups from users under 18 (age-gate on first launch).
8. Security
Passwords are stored as bcrypt hashes (cost 10). Transport security is TLS 1.2+ via Let's Encrypt. The backend runs on our own server in Germany. We never sell or rent personal data to third parties.
9. Changes to this policy
If we materially change this policy we'll notify you in-app and via email at least 14 days before the changes take effect. The current version is always at pitshkofy.com/legal/privacy.html.