Privacy Policy

How we collect, use, and protect your information

Last updated: June 26, 2025

Bison Brush LLC – Privacy Policy

This Privacy Policy explains how Bison Brush LLC ("Bison Brush," "we," "us," or "our") collects, uses, discloses, and safeguards your information when you use any Bison Brush iOS application, including Math Sheet Prints (collectively, the "Apps"). It also describes your privacy rights and how you can exercise them.

If you do not agree with this Policy, please do not use the Apps.

1. Scope & Definitions

  • Personal data means any information that identifies or can reasonably be linked to an individual.
  • Processing means any operation performed on personal data (collection, storage, use, etc.).
  • This Policy covers data processed through the Apps, our in-app support channels, and the websites under bisonbrush.com.

2. Information We Collect

2.1 Information You Provide

Category Examples Purpose
Account data E-mail address, display name, sign-in credentials (including Sign in with Apple private-relay e-mail) Create & secure your account
User-generated content Worksheets, answer keys, settings, custom metadata Provide core worksheet-creation service
Support & feedback E-mails, screenshots, crash descriptions, App Store reviews Respond to you & improve the Apps

2.2 Information Collected Automatically

Category Examples Purpose
Device data Device model, iOS version, locale, time-zone App performance & diagnostics
Usage analytics Feature taps, session length, retention Improve UX & plan new features
Crash & error logs Stack traces, anonymized device identifiers Debug & maintain stability
In-app purchase tokens Transaction IDs, product IDs, subscription status (no full payment card data) Verify purchases via Apple
Approximate location Country & city (derived from IP) Regional feature support & analytics

2.3 Third-Party Analytics & Infrastructure Providers

We share minimal data with the following partners, each of which is contractually bound to process data solely on our behalf:

Provider Purpose Policy Link
Apple Inc. (App Store, CloudKit, TestFlight) Distribution, in-app purchases, crash reporting https://www.apple.com/legal/privacy
Google Firebase / Crashlytics Crash analytics, anonymized usage events https://firebase.google.com/support/privacy
RevenueCat Inc. Subscription & in-app purchase entitlement management https://www.revenuecat.com/privacy

We do not share data with advertising networks, nor do we sell or lease personal data.

3. How & Why We Use Your Information (Legal Bases)

Purpose Legal Basis under GDPR / UK GDPR
Provide & maintain the Apps (account creation, worksheet generation) Performance of a contract
Personalize and improve features, conduct analytics Legitimate interests (product improvement)
Respond to inquiries & provide customer support Legitimate interests (service & support)
Send critical notices about security, changes, or subscriptions Performance of a contract / Legal obligation
Detect, prevent, or investigate fraud & abuse Legitimate interests / Legal obligation
Obtain optional feedback or marketing consent Consent (you may withdraw at any time)

4. Information Sharing & Disclosure

We do not sell or rent your data. We disclose information only:

  1. To service providers listed in § 2.3 under written agreements that protect your data.
  2. For legal reasons – when required by a valid subpoena, court order, or other legal process.
  3. For safety & security – to protect the rights, property, or safety of users or the public.
  4. Business transfers – if we merge, acquire, or sell assets. Successor entities will honor this Policy or give notice and opportunity to opt out.

5. Children's Privacy

Our Apps are not directed to children under 13. We do not knowingly collect personal data from children under 13 without verifiable parental consent, in compliance with the U.S. Children's Online Privacy Protection Act (COPPA). If we learn we have collected such data inadvertently, we will delete it promptly.

6. International Data Transfers

We are based in the United States. When we transfer personal data from the EEA, UK, or Switzerland to service providers in non-adequate jurisdictions, we rely on Standard Contractual Clauses (SCCs) and comparable safeguards.

7. Security Measures

  • TLS encryption for all data in transit
  • Encryption at rest for databases and backups
  • Role-based access controls & 2-factor authentication for staff
  • Continuous monitoring, logging, and vulnerability patching

No method of transmission or storage is 100% secure; therefore we cannot guarantee absolute security.

8. Data Retention

Data Type Standard Retention Period
Account & worksheet data Until you delete your account or 24 months of inactivity
Crash & analytics logs 12 months
Support e-mails & tickets 2 years after case closure
In-app purchase receipts As long as subscription or refund rights may be exercised (up to 10 years for accounting)

We may retain data longer if required by law or to resolve disputes.

9. Your Rights & Choices

Depending on your jurisdiction, you may:

  • Access the personal data we hold about you;
  • Rectify inaccurate or incomplete data;
  • Delete your account and associated data;
  • Restrict or object to certain processing;
  • Port data to another service (structured, machine-readable format);
  • Withdraw consent at any time for optional processing.

9.1 U.S. State-Specific Rights (CCPA/CPRA, VCDPA, ColoPA, CTDPA, UTPA)

Residents of California, Virginia, Colorado, Connecticut, and Utah have the right to:

  • Know what categories of personal data we collect and share;
  • Request deletion or correction of personal data;
  • Opt out of the sale or sharing of personal data (we do not sell or share in that sense);
  • Not be discriminated against for exercising privacy rights.

Submit requests via [email protected] (subject line: Privacy Request) or by mail. We will verify your identity before fulfilling requests.

EU / UK users: You may lodge a complaint with your local Data Protection Authority. Our lead authority is the Tennessee Attorney General for U.S. matters; EU matters may be addressed to the Irish Data Protection Commission.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will post the revised version in the Apps and update the "Last updated" date. Material changes will be announced via in-app notice or e-mail 30 days before they take effect, unless immediate changes are required for legal or security reasons.

11. Contact Us

Bison Brush LLC

E-mail: [email protected]

© 2025 Bison Brush LLC. All rights reserved.