Privacy Policy

Last updated 14 May 2026 · Effective 14 May 2026 · Version 3.0

This Privacy Policy explains how karenlee ("we", "us", "our") collects, uses, discloses and protects personal information in connection with our website, our client services, and any iOS, iPadOS, macOS, watchOS, tvOS or visionOS applications we publish on the App Store under our developer name. By using this website or our applications, you confirm you have read this Policy.

1. Scope & controller

karenlee is the data controller for personal information processed about visitors to this website and prospects who contact us. For applications we build for clients under their own App Store accounts, the client is typically the controller and karenlee is a processor; that relationship is governed by a separate Data Processing Agreement.

Our address. karenlee, 1221 E Lancaster Ave, Downingtown, Pennsylvania, United States. Email: help@karenlee.online. Phone: +1 (706) 696-5683.

2. Information we collect

2.1 Information you provide

• Contact & enquiry data. Name, email, phone, company, and any details you include when emailing us or submitting the contact form.
• Project data. Briefs, documents, design files, source code and credentials shared with us by clients under engagement.
• Account data. For any application that includes a user account, the identifiers required to create it (email, Sign in with Apple identifier, etc.).

2.2 Information collected automatically

• Server logs. IP address, browser type, referring page, timestamps. Used for security, abuse prevention and aggregate analytics.
• Local storage. Your selected colour theme and a cookie-banner acknowledgment, stored in your browser. We do not use third-party analytics cookies on this website.

2.3 Information from third parties

• Apple App Store Connect. Aggregate statistics about applications we publish (downloads, ratings, crash diagnostics if the end user has opted in to share with developers).
• Service providers. Information from collaboration platforms our clients use, only to the extent necessary to perform the engagement.

3. How we use information

• To respond to your enquiry, send a proposal and operate our website;
• To deliver services under a written agreement with a client;
• To improve our applications, fix bugs and respond to App Review;
• To comply with legal obligations, prevent fraud and enforce our agreements;
• To send transactional communications (e.g. project updates, invoices). We do not send marketing emails without your prior consent.

4. Legal bases (GDPR)

If you are located in the European Economic Area or the United Kingdom, we process your personal data on these bases:

• Contract. When we are negotiating or performing an engagement with you.
• Legitimate interests. To operate and secure our website, respond to enquiries, and improve our services. We balance these interests against your rights.
• Consent. Where required (for example, optional analytics in client applications).
• Legal obligation. Where the law requires us to retain or disclose information.

5. Sharing & disclosures

We do not sell personal information. We share it only as needed:

• Service providers. Email, cloud storage, version control, accounting and Apple Developer services, under contracts that restrict their use.
• Apple. For TestFlight distribution, App Review and analytics that end users have opted into.
• Legal. When required by law, court order, or to protect the rights, property or safety of karenlee, clients or users.
• Business transfers. In connection with a merger, acquisition or asset sale (notice will be provided in advance where practicable).

6. Apple platform privacy

When you use an application we have built (whether for ourselves or for a client) on an Apple platform, additional information is governed by Apple's privacy framework:

• App Privacy Details. Each application on the App Store carries a privacy nutrition label that summarises the data collected by the application and its third-party SDKs. The label is the authoritative summary; this Policy expands on it where required.
• Sign in with Apple. If an application offers Sign in with Apple, you may choose to hide your email; we will only receive a private relay address. We will not attempt to associate your hidden identifier with other identifiers.
• iCloud & CloudKit. When an application stores data in your iCloud account or a CloudKit container, that data is held under Apple's privacy and security controls. Apple does not give us access to your iCloud private database.
• On-device intelligence. Where we use Core ML, Vision, Speech or Natural Language frameworks, processing is performed on your device unless the application's privacy label specifically states otherwise.
• HealthKit / HomeKit. Health and home data is never transmitted to our servers and is not shared with third parties unless the application explicitly requests and obtains your consent.

7. App Tracking Transparency

Apple's App Tracking Transparency framework requires us to obtain your permission before tracking you across applications and websites owned by other companies. Our own first-party applications do not engage in cross-app tracking. If we build an application that includes any tracking SDK, the application will request your permission at first launch, the request will identify the SDK, and your choice can be changed at any time in Settings → Privacy & Security → Tracking.

8. Retention

We retain personal information only as long as needed for the purposes set out in this Policy or required by law:

• Website enquiries: 24 months from last contact;
• Active client records: for the duration of the engagement plus seven years for tax and contract recordkeeping;
• Server logs: 30 days unless required for a security investigation;
• Cookie-banner acknowledgment: 12 months in your browser's local storage.

9. Security

We protect personal information with technical and organisational measures appropriate to the risk:

• Encryption in transit (TLS 1.2 or later) and at rest where supported by the provider;
• FileVault and full-disk encryption on all studio devices;
• Multi-factor authentication on all production accounts (Apple Developer, App Store Connect, source control, email);
• Secure Enclave-backed keys for client signing identities;
• Least-privilege access controls, with quarterly review.

No system is perfectly secure. If we become aware of a personal data breach affecting your information, we will notify you and applicable supervisory authorities as required by law.

10. International transfers

We are based in the United States. If you contact us from outside the U.S., your information will be transferred to and processed in the U.S. and other countries where our service providers operate. Where required, we rely on the European Commission's Standard Contractual Clauses and equivalent UK and Swiss safeguards.

11. Your rights

Depending on where you live, you may have the right to:

• Access the personal information we hold about you;
• Correct inaccurate information;
• Delete information, subject to legal retention requirements;
• Restrict or object to certain processing;
• Withdraw consent at any time without affecting the lawfulness of prior processing;
• Receive a copy of your information in a portable format;
• Lodge a complaint with a supervisory authority.

To exercise any of these rights, email help@karenlee.online. We may ask for proof of identity. We will respond within 30 days, or sooner where the law requires.

12. California (CCPA / CPRA)

If you are a California resident, you have the right to know what personal information we have collected, the categories of sources and third parties with which it is shared, and to request deletion. We do not sell or share personal information for cross-context behavioural advertising. To submit a request, email help@karenlee.online with "California Privacy Request" in the subject line.

13. Children's privacy

This website and our services are not directed to children under 13 (or under 16 in the EEA / UK). We do not knowingly collect personal information from children. If you believe a child has provided personal information to us, please contact us so we can delete it.

Applications we build that target children are designed against Apple's Kids Category requirements: no third-party advertising, no analytics, no behavioural tracking, and verifiable parental consent for any account creation.

14. Do Not Track signals

We honour browser-level "Do Not Track" requests and Global Privacy Control (GPC) signals where transmitted by your browser.

15. Changes to this Policy

We may update this Policy from time to time. The current version is always available at this URL, and the "Last updated" date at the top reflects the most recent change. Material changes will be highlighted on the homepage for at least 14 days.

16. Contact & complaints

Privacy questions, requests and complaints:

• Email: help@karenlee.online
• Phone: +1 (706) 696-5683
• Mail: karenlee, 1221 E Lancaster Ave, Downingtown, Pennsylvania, United States

EU/UK users may also lodge a complaint with their national data protection authority.