Privacy policy.

PRIVACY POLICY

Last updated: April 24, 2026

1. WHO WE ARE AND SCOPE

This Privacy Policy explains how Loony Labs LLC ("Loony Labs," "we," "us") collects, uses, discloses, and protects information that identifies you or can reasonably be linked to you ("Personal Data") when you use the FRONTLINE mobile application, related website features, and support channels that link to this Privacy Policy (together, the "Services").

Loony Labs LLC is the current operator of the Services and the controller of the Personal Data we collect directly in connection with them, except where a third party acts as an independent controller under its own privacy notice (for example, an App Store, sign-in provider, or embedded content provider).

Support and privacy contact: hello@frontlineapp1.com

Website: https://frontlineapp1.com

Third-Party Sites, Platforms, and Embedded Services

When you access our Services through a third-party site or platform (for example, Apple or Google) or interact with embedded players (for example, YouTube), that third party may collect information under its own privacy policy. The information we collect directly is covered by this Policy; the information collected by the third party is subject to that third party's practices.

Affiliates and Service Providers

We may use affiliates, contractors, and technical service providers to help us build, host, support, secure, and improve the Services. When they process Personal Data on our behalf, they do so under contract and only for the purposes described in this Policy and as permitted by applicable law.

2. ELIGIBILITY

You may use our Services only if you are legally permitted to do so in your jurisdiction and meet the applicable App Store age rating and other eligibility requirements. Our Services are not directed to children, and we do not knowingly collect Personal Data from children.

3. PERSONAL DATA WE COLLECT

We collect only the Personal Data we reasonably need to operate the Services, comply with law, and improve safety, quality, and performance.

A. Account and Identity Data

- Sign-in tokens and identifiers from Apple and other sign-in providers, if and when enabled

- Your chosen in-app username, which may be a pseudonym

B. Device and Technical Data

- IP address, device type, operating system and version, app version, language, time zone, app-scoped identifiers, event identifiers, and similar device or app metadata

- Push notification token if push notifications are later enabled

C. Usage and Analytics Data

- In-app events, such as app opens, screen views, bookmarks, paywall interactions, trial starts, subscription status or conversion events, timestamps, and performance metrics

- Crash diagnostics and error logs, if crash reporting is enabled

- Aggregated measurement to understand feature usage and stability

- Limited app measurement events shared with Meta / Facebook for attribution and advertising performance measurement, such as account registration, trial starts, subscription conversion events where available, and related app/device context

- Identifiers used to help match app events for attribution and measurement, such as app-scoped identifiers and email address when available, including hashed or otherwise processed forms used for matching

D. Purchase and Subscription Data

- Purchase confirmations and subscription status from Apple App Store and any other App Store through which the Services are offered

- We do not process or store your full payment card details; billing is handled by the relevant App Store and its payment providers

E. Communications and Feedback

- The content of messages or feedback you send us, and your email address if you contact us

- We may use server-side AI tools to categorize, summarize, or prioritize support and feedback messages

F. Website Waitlist and Web Contact Data

- Email address submitted to receive launch or update notices

- Contact data submitted through app-facing websites or support surfaces

G. Geo-Blocking and Security Logs

- IP-based logs used to enforce geo-blocking and security

- Territory, eligibility, fraud, sanctions, export-control, and security records reasonably needed to operate the Services and comply with law

H. Search and Preference Data

- Search queries and filters you enter in the app; these may be linked to your account to improve relevance, quality, and service performance

- On-device search history stored locally on your device; you can clear it where provided in-app

I. Bookmarks and Saved Items

- Your bookmarks and saved items; these may sync to your account for cross-device access

- Local storage used for performance, convenience, and offline access

J. Future Features (Not active at launch)

- User-generated content, such as comments or uploads, if and when enabled; no public user-content features are active at launch

- We do not use third-party advertising networks to serve ads in the app at launch. We may use Meta / Facebook app-event measurement tools for attribution and advertising performance measurement as described in this Policy

- If we later enable public posting, information you post may be visible to others and may be indexed or copied

- If we later enable one-to-one or group messaging, we may process message content and metadata to operate the feature, prevent abuse, and comply with law

4. PURPOSES AND LEGAL BASES

Depending on where you are and the laws that apply, we rely on one or more of the following bases to process Personal Data:

A. Contract Necessity

- Create and manage your account

- Provide core app features and paid subscriptions

- Troubleshoot issues and provide support

B. Legitimate Interests

- Ensure service and account security

- Prevent fraud, abuse, and misuse

- Measure and improve performance, reliability, and feature quality

- Maintain non-intrusive analytics, crash diagnostics, internal reporting, service operations, app-event attribution, and advertising performance measurement

- Protect our rights, property, and safety, and those of users and third parties

- Detect, investigate, and prevent violations of our policies or unlawful activity

- Enforce eligibility, geo-blocking, and other access controls

C. Legal Obligations

- Comply with tax, accounting, corporate, consumer-protection, media, sanctions, export-control, and similar legal obligations

- Respond to lawful requests from authorities, courts, and regulators

D. Consent

- Website waitlist emails and any direct marketing communications

- Push notifications if they are later activated and permission or consent is required

- Any future advertising identifier access, tracking, or other processing that requires opt-in consent

We do not sell Personal Data. We use limited Meta / Facebook app-event measurement as described in this Policy. If applicable law treats that activity as "sharing," targeted advertising, or similar advertising processing, you may exercise available opt-out rights as described in "Your Controls and Choices" and "U.S. State Privacy Notice."

We do not engage in automated decision-making that produces legal or similarly significant effects about you, except limited automated checks used to enforce eligibility, geo-blocking, fraud, sanctions, and security rules. If you believe access was denied or limited in error, contact us at hello@frontlineapp1.com.

5. PUSH NOTIFICATIONS

At launch, push notifications are not active. If push notifications are later introduced, we may ask your device for permission, register a device token to enable remote messaging, and update this Policy as needed. If activated, you will be able to manage notification preferences in your device settings.

6. COOKIES AND ONLINE IDENTIFIERS

App

We do not use third-party advertising cookies in the app. We may use device identifiers and similar technologies, including SDKs and APIs, for essential functions, analytics, app-event attribution, advertising performance measurement, and push messaging if enabled later. Meta / Facebook measurement may use app-scoped identifiers, event identifiers, app/device context, event data, and email or similar identifiers for matching when available, including hashed or otherwise processed forms. This version does not request App Tracking Transparency permission and does not collect IDFA.

Embedded Content

When you play embedded content such as YouTube videos inside the app, the provider may collect device and usage data under its own privacy policy.

Website

If cookies are used on our website, they are primarily for essential functions and basic analytics. We do not use third-party advertising cookies at launch. We will update this Policy before introducing non-essential cookies or similar technologies that require consent.

Do Not Track and Global Privacy Control

Browsers may transmit "Do Not Track" signals; there is no industry consensus on how to respond, and we do not respond to DNT signals. We honor Global Privacy Control signals to the extent required by applicable law for sale, sharing, targeted advertising, or similar advertising processing.

7. AI USE

We may use server-side AI tools to help categorize or summarize support and feedback communications. We do not use AI to make legal or similarly significant decisions about you, and we do not use AI to profile you for cross-context behavioral advertising.

8. DISCLOSURES TO PROCESSORS AND THIRD PARTIES

We share Personal Data only with service providers acting on our behalf, third parties you interact with, or parties reasonably necessary to provide the Services or comply with law, including:

- cloud infrastructure, storage, analytics, and logging providers, including AWS and related services

- error and crash-reporting tooling

- Meta / Facebook measurement tools for app-event attribution and advertising performance measurement, including app events, app-scoped identifiers, event identifiers, app/device context, subscription measurement context, and identifiers such as email when available, including hashed or otherwise processed forms used for matching

- email delivery and support tools

- sign-in providers, if enabled

- App Stores and platform payment and subscription systems

- content and data providers accessed by or embedded in the Services, such as YouTube, news APIs, and Spotify

- affiliates, contractors, and technical service providers that help us build, host, support, secure, or migrate the Services

- professional advisers such as lawyers, auditors, and insurers under appropriate confidentiality restrictions

- government authorities, regulators, courts, and law enforcement where required by law or legal process

When you use embedded players or interact directly with third-party services, those providers may act as independent controllers under their own privacy notices.

At launch, we do not sell Personal Data and we do not use third-party advertising networks to serve ads in the app. We may share limited app-event measurement data with Meta / Facebook for attribution and advertising performance measurement as described in this Policy. If applicable law treats that activity as "sharing," targeted advertising, or similar advertising processing, the controls described in this Policy apply.

De-identified and Aggregated Data

We may create and use de-identified and aggregated data for analytics, reporting, and internal business understanding. We implement safeguards and do not attempt to re-identify such data.

A current list of processors and sub-processors is available upon request.

YouTube API Services (backend use only)

Our backend uses YouTube Data API Services to fetch public content and metadata for features such as search and embedding. We do not provide user accounts or user Personal Data to the YouTube Data API. Your interactions with the YouTube embedded player are governed by the YouTube Terms of Service and Google Privacy Policy. More information is available at https://www.youtube.com/t/terms and https://policies.google.com/privacy.

9. INTERNATIONAL TRANSFERS

We operate globally using cloud providers and service providers in multiple jurisdictions. Personal Data may therefore be processed or accessed in the United States and other countries where we or our service providers operate.

Those jurisdictions may not provide the same level of data protection as your home jurisdiction. Where required, we rely on contractual, technical, organizational, and operational safeguards appropriate to the transfer and the risk. You can contact us for more information about the safeguards relevant to your data.

10. RETENTION

We keep Personal Data only as long as reasonably necessary for the purposes described in this Policy or as required by law:

- Account data: retained while your account is active, then deleted or anonymized within 30 days after confirmed deletion

- Subscription and transaction records: retained for legal and tax obligations, typically 6 to 7 years

- Security and geo-block logs: retained as long as reasonably necessary to evidence compliance, enforce territory restrictions, maintain security, resolve disputes, and satisfy legal obligations

- Push notification tokens: retained while your account is active and removed when your device unregisters the token or upon account deletion

- Analytics and crash diagnostics: raw device-level analytics retained up to 13 months, then aggregated or anonymized

- App-event attribution and subscription measurement data: retained as needed to measure campaigns, prevent duplicate reporting, support subscription records, comply with platform or legal obligations, and maintain accurate reporting, then aggregated, anonymized, or deleted

- Search history stored on-device: retained until you clear it or reinstall the app

- Server-processed search queries: retained as necessary to provide the Services and for quality and security purposes, then aggregated or anonymized

- Bookmarks and saved items: retained while your account is active; local copies are retained until you remove them or reinstall the app

- Website waitlist data: retained until you unsubscribe or we fulfill the purpose, then deleted within 30 days

- Communications and feedback: retained as needed for support and quality, typically up to 24 months, unless legal needs require longer

We may retain information for longer where reasonably necessary to comply with law, resolve disputes, enforce agreements, or protect rights.

11. YOUR CONTROLS AND CHOICES

Push Notifications

Manage in your device settings at any time.

Search History (on-device)

Clear within the app where available.

Marketing Emails and Waitlist

Unsubscribe via the email link or by contacting us.

Account Deletion

Use the in-app path where available or email us; we will verify your identity before processing deletion requests.

Website Cookies

Use your browser settings or any cookie controls we make available for non-essential cookies where deployed.

Advertising Measurement and U.S. Opt-Outs

This version does not request App Tracking Transparency permission and does not collect IDFA. Where applicable law gives you the right to opt out of sale, sharing, targeted advertising, or similar advertising processing, you may contact us at hello@frontlineapp1.com. We honor Global Privacy Control signals to the extent required by applicable law.

Appeals

If we deny a privacy request and applicable law gives you an appeal right, you may appeal by emailing us with "Privacy Request Appeal" in the subject line.

Authorized Agents

Where applicable law allows, you may designate an authorized agent to make requests on your behalf. We will require proof of authorization and identity verification.

12. YOUR RIGHTS

Subject to applicable law, you may have rights to:

- access your Personal Data and receive a copy

- rectify inaccurate data

- erase your data

- restrict processing

- object to processing based on legitimate interests

- data portability

- withdraw consent at any time, without affecting prior processing based on consent

To exercise your rights, email hello@frontlineapp1.com. We may need to verify your identity. We aim to respond within 30 days or within the shorter or longer period required by applicable law. Where permitted, we may extend the response period for complex or high-volume requests and will let you know if we do.

Depending on your location and the law that applies, you may also have the right to complain to a supervisory or regulatory authority.

Where an in-app account deletion feature is available, you may also request deletion from within the app. We will reflect the exact in-app path where applicable.

13. SECURITY

We implement technical and organizational measures appropriate to the risk, including encryption in transit and at rest, access controls, environment segregation, and logging. We minimize logs and avoid storing secrets or tokens in production logs. No system is 100 percent secure, and we cannot guarantee absolute security.

14. CHILDREN

Our Services are not directed to children, and we do not knowingly collect Personal Data from children. If you believe a child has provided Personal Data to us, contact us so we can review and delete it where appropriate.

15. MARKETING AND CROSS-PROMOTION

We may promote our own services within the app. We do not share Personal Data with affiliates for their independent marketing without your consent. Website waitlist and marketing emails are sent only with your consent, and you may unsubscribe at any time.

16. THIRD-PARTY CONTENT AND LINKS

Our app may link to or embed third-party services, such as YouTube, news sources, and music platforms. When you interact with those services, their privacy policies apply. We do not control their practices.

Video Privacy (U.S.)

We do not disclose your video-viewing records to third parties for their own marketing. If we later introduce features that would involve sharing such information beyond our processors, we will obtain any consents required by applicable law before doing so.

17. BUSINESS TRANSFERS

If we are involved in a merger, acquisition, restructuring, asset sale, financing, or other business transfer or transition of app operations, your Personal Data may be transferred or made available to the relevant successor, replacement operator, or receiving entity, subject to applicable law and this Policy as updated from time to time. We will provide notice where required by law.

18. CHANGES TO THIS POLICY

We may update this Policy from time to time. We will indicate the "Last updated" date and, where required, provide additional notice. Continued use of the Services after an update means you acknowledge the changes to the extent permitted by law.

19. GEO-BLOCKING AND RESTRICTED TERRITORIES

We may restrict access to the app in certain jurisdictions for legal, compliance, platform, security, or business reasons. This may include the United Arab Emirates, sanctioned or embargoed territories, and other territories we later restrict under applicable law or operational requirements.

We enforce these restrictions through technical measures, including IP-based and related controls. Attempting to circumvent geo-blocks or access restrictions, for example through a VPN or proxy, may result in access being limited or terminated. If you believe you were blocked in error, contact us at hello@frontlineapp1.com.

20. U.S. STATE PRIVACY NOTICE

This supplement applies to residents of California and other U.S. states with privacy laws. Categories of Personal Data collected in the last 12 months include:

- identifiers, such as app-scoped identifiers, device identifiers, event identifiers, email address when available, and IP address

- internet or network activity, such as in-app events, app-event measurement data, and logs

- approximate geolocation derived from IP-based data

- commercial information, such as subscription status and purchase or trial measurement context

- inferences: limited analytics and measurement insights used to understand service performance, subscription flows, attribution, and advertising performance, not to make legal or similarly significant decisions about you

Sensitive personal information is not collected at launch except to the limited extent a user chooses to include it in communications to us or where limited account or device data is required to provide the Services.

Purposes

As described in "Purposes and Legal Bases."

Disclosure

We disclose Personal Data to processors and service providers as described in "Disclosures to Processors and Third Parties."

Sale / Sharing / Targeted Advertising

We do not sell Personal Data. We use limited Meta / Facebook app-event measurement as described in this Policy. If applicable law treats that activity as "sharing," targeted advertising, or similar advertising processing, you may opt out by contacting hello@frontlineapp1.com. We do not collect IDFA and this version does not request App Tracking Transparency permission.

Your Rights

Depending on your state, you may have rights to access, delete, correct, obtain a portable copy, and opt out of sale, sharing, targeted advertising, or similar advertising processing where applicable. You may also designate an authorized agent and appeal a denied request. Submit requests to hello@frontlineapp1.com. We will verify identity before fulfilling requests.

21. DMCA AND LEGAL REQUESTS

If you submit a copyright notice, counter-notice, or other legal request, we process the Personal Data contained in your submission, such as your name, contact details, and statements, to comply with law, manage claims, and operate our Services. Where required or permitted by law, we may forward your notice and contact details to the relevant user, source, rights holder, service provider, or other party involved in the matter. We retain related records as required by law and our retention schedule.

22. INFORMATION FROM OTHER SOURCES

We may receive information about you from service providers and partners, such as App Stores, sign-in providers, fraud and security vendors, analytics providers, and measurement partners. We use this information to operate our Services, prevent abuse, comply with law, and measure attribution and advertising performance as described in this Policy.

23. SENSITIVE DATA AND PRECISE LOCATION

We do not intentionally collect special or sensitive categories of Personal Data, such as health or biometric data, or precise geolocation at launch. Please do not include sensitive data in feedback or public posts. If we later introduce features involving sensitive data or precise location, we will provide clear notices and obtain consent where required.

24. CONTACT

Loony Labs LLC

Support and privacy contact: hello@frontlineapp1.com

Website: https://frontlineapp1.com