Legal
Privacy Policy
Effective date: March 17, 2026 · Last updated: July 7, 2026
noonchi labs. ("we," "our," or "us") operates the mobile applications listed below (collectively, the "Apps") and the noonchilabs.com website (the "Site"). This Privacy Policy explains how we handle information when you use our Apps and Site.
This policy applies to all current noonchi labs. apps, including:
- Claimd (iOS and Android)
- Bandee (iOS and Android)
1. The Short Version
- Everything you enter in our Apps (cards you track, claim history, names you add, kid profiles and learning progress) is stored on your device. We do not run accounts and we do not have servers that store your content.
- We never ask for, collect, or store card numbers, account credentials, bank logins, or transaction data. Our Apps do not connect to your bank or card issuer.
- If you buy a subscription in Claimd, the purchase is validated by our payment processor (RevenueCat) using an anonymous identifier. That is the only personal data processing we initiate.
- Bandee, our app for children, collects nothing at all: no accounts, no purchases, no ads, no analytics, and no third-party SDKs that receive user data. It works fully offline.
- We do not sell data, we do not run ads, and we do not use advertising or tracking SDKs.
2. Information You Provide
Our Apps let you enter app-specific information. In Claimd, that is things like which credit cards you hold, which benefits you have claimed, optional custom benefits and values, renewal months, and names for people in your household. In Bandee, it is kid profile names, avatar choices, and lesson progress. This data is stored only on your device (and, on some platforms, in the operating system's app group storage so home-screen widgets can display it). It is never transmitted to our servers, because we do not have any.
To be explicit, our Apps never request and we never receive:
- Card numbers, CVVs, expiration dates, or any payment card credentials
- Bank or card issuer account logins
- Transaction or statement data
- Government identifiers, biometric data, or health data
If you use the export feature, the App creates a backup file of your data and hands it to the share destination you choose. Where that file goes (email, cloud storage, another device) is under your control and subject to that destination's terms.
3. Information Processed Automatically
Subscription purchases (RevenueCat, Claimd only)
Purchases are processed by the Apple App Store or Google Play. To validate subscriptions and unlock premium features, Claimd uses RevenueCat, a subscription-management service. Bandee has no purchases and does not include RevenueCat. RevenueCat receives a randomly generated app user identifier, purchase receipt data, and basic device metadata (such as device model, OS version, and locale). We do not provide RevenueCat your name, email, or contact information. RevenueCat processes this data on our behalf under its privacy policy.
App updates (Expo Application Services)
Our Apps periodically check for over-the-air content updates using Expo's update service. This involves a standard network request in which your IP address and basic device information are transiently processed to deliver the correct update. We do not use this to identify or profile you.
Platform diagnostics
We may receive limited, non-identifiable crash or diagnostic information through the operating system's standard mechanisms (Apple and Google), governed by their own privacy policies and your device's diagnostic settings.
Notifications
Reminders are scheduled locally on your device. We do not operate a push-notification server and do not collect push tokens.
Website analytics
The Site uses Vercel Analytics, a privacy-focused, cookie-free analytics service that collects aggregated page-view statistics. It does not track you across sites.
4. Data Collection Summary
The following table summarizes our data practices, consistent with Apple's App Privacy and Google Play's Data Safety disclosures:
| Category | Data Type | Collected? | Shared? | Purpose |
|---|---|---|---|---|
| Your content | Cards, benefits, claim history | No* | No | Stored locally only |
| Purchases | Purchase history | Yes† | No | Subscription validation |
| Identifiers | Anonymous app user ID | Yes† | No | Subscription validation |
| Crash Logs | Crash data | Optional‡ | No | App stability |
| Device IDs | Advertising ID | No | No | Not used |
| Location | Precise / Approx. | No | No | Not used |
* User-entered data in our Apps is processed entirely on your device.
† Applies to Claimd only, and only if you purchase a subscription. Processed by RevenueCat as our service provider, using a random identifier not linked to your identity. Bandee collects nothing in any category. "Shared" here means shared with third parties for their own purposes, which we do not do.
‡ Crash reports may be sent to the platform provider (Apple or Google) based on your device's diagnostic settings.
5. Third-Party Services
We rely on the following providers, each acting under its own privacy policy:
- Apple App Store and Google Play — app distribution, payment processing, refunds, and platform diagnostics
- RevenueCat — subscription validation (see Section 3)
- Expo Application Services — delivery of app content updates
- Vercel — website hosting and cookie-free, aggregated site analytics
We do not sell, trade, rent, or share your personal data with third parties for their marketing purposes, and we do not permit our service providers to use data we send them for anything other than providing services to us.
6. Other Disclosures
We may disclose information in the following limited circumstances:
- Legal requirements: if required by law, subpoena, or other legal process, or if we believe in good faith that disclosure is necessary to comply with the law, protect our rights, or ensure user safety.
- Business transfers: if noonchi labs. is involved in a merger, acquisition, or asset sale, any information we hold may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.
7. Data Retention & Deletion
Because your content is stored on your device, you can delete it at any time by:
- Using the reset option in the App's settings
- Clearing the App's data in your device settings
- Uninstalling the App
Subscription records held by RevenueCat are retained as needed to honor your subscription and meet legal obligations. You may request deletion of RevenueCat-held data by contacting us; note that deleting these records may interrupt your ability to restore a purchase.
If you contact us by email, we retain your correspondence only as long as necessary to respond and resolve any issues, typically no longer than 12 months.
8. Children's Privacy
With the exception of Bandee, our Apps are not directed to children under 13 (or under 16 in the European Economic Area), and we do not knowingly collect personal information from children through them.
Bandee is an educational app designed for children ages 7 to 10, and it is built so that no personal information is collected from anyone, child or adult. Specifically, Bandee:
- Requires no account, sign-in, or registration of any kind
- Contains no advertising and no in-app purchases
- Includes no analytics, advertising, or tracking SDKs
- Stores profile names and learning progress only on the device, where a parent can edit or delete them at any time
- Transmits no user data off the device; the app works fully offline
Because Bandee collects no personal information, there is nothing for us to store, share, or delete on our end. This design is intended to satisfy the Children's Online Privacy Protection Act (COPPA), the GDPR's provisions on children's data, and the family policies of the Apple App Store and Google Play. If you believe a child has somehow provided us with personal information (for example, by emailing us), please contact us and we will delete it promptly.
9. Security
We take reasonable technical and organizational measures appropriate to the minimal data involved. Since your content never leaves your device, the primary security controls are those built into your device's operating system (file encryption, app sandboxing, device passcode). No method of storage or transmission is 100% secure, and we cannot guarantee absolute security.
10. Your Rights
Depending on your jurisdiction, you may have rights including the right to access, correct, delete, or port personal data we hold about you, and the right to lodge a complaint with a supervisory authority. Because we collect minimal data, there is typically very little for us to access or delete, but we will honor verified requests. To make a request, email us at the address below.
- California (CCPA/CPRA): we do not sell or "share" personal information as those terms are defined in California law, and we do not use sensitive personal information beyond what is necessary to provide the Apps.
- EEA / UK (GDPR): where we process personal data, we do so to perform our contract with you (validating your subscription) or based on our legitimate interest in operating the Apps. We do not profile you or make automated decisions about you.
11. International Users
We are based in the United States, and our service providers process data in the United States. By using our Apps and Site, you understand that the limited data described in this policy may be processed in the United States, which may have different data-protection laws than your jurisdiction.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For material changes, we will provide additional notice (for example, through the App or via email if you have contacted us). Your continued use of our Apps after changes take effect constitutes acceptance of the revised policy.
13. Contact Us
If you have questions about this Privacy Policy or your data, please contact us:
noonchi labs.