Your rights
under GDPR.

The General Data Protection Regulation (GDPR) — Regulation (EU) 2016/679 — is a comprehensive data protection law that grants individuals in the European Union and European Economic Area significant rights over their personal data.

This page explains how TheJMStudios approaches GDPR compliance in relation to Meridix Compass and your rights as a data subject. If you are based in the EU or EEA and use the Services, this information applies to you.

Meridix Compass does not collect personally identifiable data directly. However, the following categories of technical data may be processed automatically through third-party services integrated into the application:

• Device identifiers — anonymised device-level identifiers used by Firebase for crash correlation.
• App usage events — anonymised records of feature interactions and session data processed by Google Analytics for Firebase.
• Crash diagnostics — stack traces and error logs captured by Firebase Crashlytics to identify application bugs.
• Performance data — anonymised timing and latency data used for performance monitoring.

Compass sensor data (heading, accelerometer) is processed entirely on-device in real time and is never transmitted off the device.

Where technical data is processed through Google Analytics for Firebase and Firebase Crashlytics, the legal basis is our legitimate interests (Article 6(1)(f) GDPR) in maintaining application stability, diagnosing errors, and improving the user experience.

We process only the minimum data necessary for these purposes and implement appropriate safeguards. We do not rely on your consent as a basis for analytics processing, as the data collected is anonymised and not used for any purpose that materially affects your individual rights or interests.

Analytics and crash reporting data is processed by Google LLC through the following Firebase services:

• Google Analytics for Firebase — anonymised usage analytics.
• Firebase Crashlytics — crash and error diagnostics.

Google acts as a data processor on our behalf and processes data in accordance with its own Data Processing Terms and Privacy Policy. Google may process data on servers located outside the European Economic Area; Google's Standard Contractual Clauses apply to such transfers where required under GDPR.

No other third parties receive data collected through the Services for any purpose.

If you are located in the EU or EEA, you have the following rights with respect to personal data processed in connection with the Services:

• Right of Access (Article 15) — you have the right to request confirmation of whether we process personal data about you, and to receive a copy of that data.
• Right to Rectification (Article 16) — you have the right to request correction of inaccurate personal data we hold about you.
• Right to Erasure (Article 17) — you have the right to request deletion of your personal data where it is no longer necessary, consent has been withdrawn, or processing is unlawful.
• Right to Restrict Processing (Article 18) — you have the right to request that we limit how we use your personal data under certain circumstances.
• Right to Object (Article 21) — you have the right to object to processing carried out on the basis of legitimate interests, including processing for analytics purposes.
• Right to Data Portability (Article 20) — where processing is based on consent or contract and is carried out by automated means, you have the right to receive your data in a structured, machine-readable format where technically feasible.
• Right to Lodge a Complaint — you have the right to lodge a complaint with your national data protection supervisory authority if you believe your rights have been infringed.

Analytics and crash data processed through Google's Firebase platform is retained in accordance with Google's standard data retention settings, which can be configured within the Firebase console. TheJMStudios does not retain personal data independently beyond what Google retains under its own policies.

Data submitted through direct contact with TheJMStudios (e.g., via email) is retained only as long as necessary to respond to and resolve your enquiry, and is then deleted or anonymised.

To exercise any of the rights described above, please contact TheJMStudios by email. Your request should include sufficient detail for us to identify the nature of your enquiry and the right you wish to exercise. We will respond within 30 calendar days.

Please note that, because Meridix Compass does not collect personally identifiable information, we may be unable to identify or retrieve data specific to you in all cases. Where we cannot fulfil a request due to the anonymous nature of the data, we will inform you of this clearly.