Privacy Policy — StormGlass Interactive

Introduction

StormGlass Interactive ("StormGlass," "we," "us," or "our") respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you:

Visit our website at stormglassinteractive.com;
Install or use any mobile application we publish on Google Play or the Apple App Store (each, an "App");
Use any desktop software or web application we distribute;
Contact us for inquiries, support, or services.

By using our website, Apps, or services, you agree to the terms of this Privacy Policy. If you do not agree, please do not use our services.

Scope

This Privacy Policy applies to:

Our website — stormglassinteractive.com and any subdomain we operate.
Mobile applications we publish under the StormGlass Interactive developer account on Google Play and the Apple App Store, including SpendLens and LexForge.
Desktop and web applications we distribute, including WorkOrder Pro when operated by StormGlass directly.

This policy does not apply to third-party services, even if they are linked from our services. Where we build software for a client and that client publishes it under their own developer account or operates it under their own brand, the client's privacy policy governs — not this one.

Information we collect

Information you provide directly

We collect information you give us when you:

Contact us — your name, email address, company name (if applicable), and the content of your message.
Make a purchase or subscribe — we do not store payment-card information. Payments are handled by Google Play, Apple, Stripe, or another PCI-compliant processor. We receive only a transaction confirmation and your subscription status.
Submit user-generated content — any content, photos, or data you create within an App (such as a receipt photo in SpendLens, a puzzle game record in LexForge, or a work order in WorkOrder Pro).

Information collected automatically

When you use our website or Apps, we may collect automatically:

Device information — device model, operating-system version, unique device identifiers (Android Advertising ID where applicable), language, and time zone.
Usage information — features you interact with, screens visited, session duration, and in-app events. Aggregated and used to improve the product.
Diagnostic information — when an App crashes or encounters an error, we may collect crash logs and device state at the time of the crash.
IP address and approximate location (website only) — for security and fraud prevention. We do not track precise GPS location unless you explicitly grant a permission required for a specific feature.

Information per app

Different apps collect different data. The sections below describe what each of our published apps actually handles.

SpendLens Android

SpendLens is a privacy-first receipt scanner and budget tracker. It is designed so that your spending data stays on your device.

What stays on your device: your scanned receipts, transactions, categories, budgets, and spending history are stored locally in an encrypted Room (SQLite) database. We do not have a server that holds your spending data.

What is sent off-device:

Receipt images sent to Anthropic's Claude API for line-item extraction. Anthropic processes the image to return structured data (merchant, items, total, tax) and does not retain the image for training. See Anthropic's Privacy Policy.
Anonymous purchase tokens via Google Play Billing if you upgrade to SpendLens Pro.
Anonymous diagnostic and crash data if you have crash reporting enabled in your device settings.

SpendLens does not connect to your bank, link to financial accounts via Plaid or similar services, or share your spending data with third parties.

LexForge Android

LexForge is a daily word-puzzle game designed to work entirely offline.

What stays on your device: your puzzle history, win streak, statistics, and settings. All gameplay state is stored locally using Android DataStore. No account or login is required.

What is sent off-device:

Anonymous purchase tokens via Google Play Billing if you upgrade to a Pro tier (where applicable).
Anonymous diagnostic and crash data if you have crash reporting enabled in your device settings.

LexForge does not use ads, advertising identifiers, analytics SDKs, or any cross-device tracking.

WorkOrder Pro Desktop · Web · Tablet

WorkOrder Pro is a CMMS (computerised maintenance management system) for biomedical engineering and clinical equipment teams. It is typically deployed for and operated by client organisations under their own administrative accounts.

When StormGlass Interactive hosts WorkOrder Pro directly, the application processes:

Asset records (equipment metadata, serial numbers, locations, maintenance history);
Work orders, technician assignments, and status updates;
User account information for authorised staff (name, email, role);
Files and photos attached to work orders or device records.

If WorkOrder Pro is deployed for a client under their own infrastructure or organisational account, that client is the data controller and their privacy policy governs.

How we use information

We use information for the following purposes:

To provide and maintain our services — delivering each App's core functionality and processing transactions.
To communicate with you — responding to inquiries, sending service-related notices (security alerts, updates, terms changes), and providing support.
To improve our services — analysing aggregate usage patterns, identifying bugs, and prioritising features.
To ensure security — detecting and preventing fraud, abuse, and unauthorised access; enforcing our Terms of Service.
To comply with legal obligations — meeting tax, accounting, and regulatory requirements, and responding to lawful legal requests.

We do not sell your personal information to third parties. We do not use your personal data for automated decision-making that produces legal effects on you.

Legal basis for processing (GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, we process your personal data based on one or more of these legal grounds:

Performance of a contract — to provide the services you requested.
Legitimate interests — operating and improving our services, preventing fraud, and keeping our systems secure, where these interests are not overridden by your fundamental rights.
Consent — where required by law (for example, certain cookies or push notifications). You may withdraw consent at any time.
Legal obligation — to comply with applicable laws.

We do not sell your personal data. We may share information only in these limited circumstances:

Service providers — trusted vendors who process data on our behalf (hosting, payment processing, AI inference). They are contractually bound to protect your data and use it only for purposes we specify.
Legal compliance — when required by law, court order, or government request, or to protect our legal rights.
Business transfers — if we merge with or are acquired by another company, your information may be transferred. You will be notified before this happens.
With your consent — for any other purpose, we will ask first.

Third-party SDKs and services

Our Apps integrate the following third-party services. Each one has its own privacy policy:

Google Play Services Distribution and in-app billing for our Android apps. Google Privacy Policy

Google Play Billing Processes Pro subscriptions or one-time purchases. We never see your payment-card data.

Anthropic Claude API Used by SpendLens to extract line items from receipt photos. Anthropic Privacy Policy

Android system crash reporting If enabled in your device settings, anonymous crash logs help us identify and fix bugs.

If we add or change SDKs in the future, this Privacy Policy and our Google Play Data Safety form will be updated to reflect the change.

App permissions

Our Apps request only the permissions necessary for their declared functionality. You can grant or deny each permission individually in your device settings.

SpendLens permissions

Camera — required only for the receipt-scanning feature. Used solely to capture the receipt image for processing.
Internet — required to send the receipt photo to Anthropic Claude for line-item extraction and to verify Pro purchases.
Notifications (optional) — weekly digest reminders if you opt in.

LexForge permissions

Internet — required only to verify Pro purchases (where applicable). Gameplay does not require connectivity.

Data retention

We retain personal information only as long as necessary for the purposes described in this policy, unless a longer retention period is required by law.

On-device app data — remains on your device until you uninstall the App or clear its data.
Receipt images sent to Anthropic Claude (SpendLens) — processed in real time and not retained by Anthropic for training, per Anthropic's API terms.
Crash and diagnostic logs — typically retained for 90 days.
Support correspondence — retained for up to 3 years.
Transaction records — retained as required by applicable tax and accounting laws (typically 7 years).

Security

We implement appropriate technical and organisational measures to protect your information:

All data transmitted between your device and our services is encrypted using HTTPS / TLS.
On-device databases use Android's built-in encryption where available.
Access to any production systems is restricted to authorised personnel and protected by multi-factor authentication.
We monitor for vulnerabilities and apply security updates promptly.

No method of transmission or electronic storage is 100% secure. We cannot guarantee absolute security but do our utmost to protect your information using reasonable means.

Your rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

Access — request a copy of personal data we hold about you.
Correction — request that we correct inaccurate data.
Deletion — request that we delete your personal data (see below).
Restriction — request that we limit how we process your data.
Objection — object to processing based on legitimate interests.
Portability — request your data in a machine-readable format.
Withdraw consent — where processing is based on consent, you may withdraw it at any time.
Complaint — lodge a complaint with your local data-protection authority.

To exercise any of these rights, email support@stormglassinteractive.com. We will respond within 30 days.

Data deletion requests

You can delete data at any time:

SpendLens and LexForge — uninstall the App or use the "Reset all data" option in app settings to permanently delete all on-device data. Because these apps don't have a server-side account, no further action is needed.
WorkOrder Pro — if your organisation operates the system, deletion is handled by your administrator. If StormGlass hosts the deployment, contact support@stormglassinteractive.com.
Other personal data — email support@stormglassinteractive.com from the email address associated with your inquiry.

We delete personal data within 30 days of a verified request, except where retention is required by law (for example, tax records) or necessary for fraud prevention. Anonymised aggregate data may be retained.

Children's privacy

Our services are not directed to children under the age of 13 (or under 16 in the EEA/UK). We do not knowingly collect personal information from children under these ages.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@stormglassinteractive.com and we will promptly delete the information.

International data transfers

Your information may be processed and stored in countries outside your country of residence, including the United States, where some of our service providers operate. These countries may have data-protection laws different from your own.

When we transfer personal data outside the EEA or UK, we rely on appropriate safeguards such as the Standard Contractual Clauses approved by the European Commission, or transfers to countries with an adequacy decision.

California residents (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

Right to know what personal information we collect, use, disclose, and sell about you.
Right to delete personal information (with certain exceptions).
Right to correct inaccurate personal information.
Right to opt out of the sale or sharing of personal information. We do not sell personal information.
Right to limit use of sensitive personal information.
Right to non-discrimination for exercising your privacy rights.

To exercise these rights, email support@stormglassinteractive.com.

Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

Post the updated policy on this page with a new "Last updated" date;
For significant changes, notify you by email or through an in-app notification before the changes take effect.

Continued use of our services after the effective date of an update means you accept the revised policy.

Contact us

If you have questions, concerns, or requests regarding this Privacy Policy:

Email support@stormglassinteractive.com

Data controller StormGlass Interactive

Based in New York, NY, United States

Website stormglassinteractive.com