PRIVACY POLICY
Last updated: 11 December 2025
Controller
Appaya Sp. z o.o.
Aleje Jerozolimskie 109 / 70
02-011 Warsaw, Poland
KRS: 0001207992
NIP: 7011288190
REGON: 543353962
Email: studio@appaya.net
This Privacy Policy explains what data the App collects, how it is used, who it is shared with, how long we retain it, and your rights. The App is distributed globally and this Policy is intended to meet the requirements of Apple App Store, Google Play, GDPR, CCPA and similar laws.
1. Summary (short version)
We do not collect personal user data such as name, email, address or payment card details for core App functionality.
We collect anonymous, non-personal data (device data, analytics, ad interactions, subscription entitlements) to operate and improve the App and to serve ads.
Subscriptions and payments are processed by Apple App Store, Google Play and may be managed/validated by RevenueCat. We do not receive or store your payment card details.
You can contact us at studio@appaya.net for privacy or data requests.
2. Data categories we collect and process
We only collect the minimum data necessary for the stated purposes. Categories include:
A. Device & Technical Data (automatically collected)
Device model and manufacturer
Operating system and OS version
App version
Language and locale settings
Device locale and time zone
Screen size and performance metrics
Purpose: app operation, troubleshooting, analytics, performance optimisation.
B. Usage & Behavioural Data (anonymous)
Which game modes are started and how often (mode popularity)
Session start and end times, session duration
Feature usage (e.g., which buttons/features are used)
Aggregated counts and metrics (for product decisions)
Purpose: analytics, product improvement, ranking and history features.
C. Advertising & Identifiers
Advertising identifiers (IDFA on iOS, AAID/GAID on Android) — only if the user/device permits tracking.
Ad impressions, ad clicks, rewarded ad completion events.
Ad metadata required by advertising partners.
Purpose: ad delivery, reward granting for rewarded ads, ad measurement and fraud detection.
D. Subscription & Purchase Data (non-card)
Subscription status (active/expired), purchase token/receipt validation (via Apple/Google/RevenueCat)
Purchase timestamps, product identifiers
Purpose: entitlement enforcement, subscription features, customer support.
E. Diagnostics & Crash Reports
Crash logs, stack traces, performance diagnostics (may include limited device identifiers).
Purpose: troubleshooting and product stability.
3. Personal data vs anonymous data
We do not intentionally collect personal data such as names, email addresses, phone numbers or payment card data. However, depending on local law and how identifiers are interpreted, some data (such as advertising identifiers) may be treated as personal data. Where applicable, we treat such identifiers responsibly and provide opt-out mechanisms described below.
4. Legal basis for processing (where applicable)
Contractual necessity: processing necessary to provide subscription entitlements and App functions.
Legitimate interests: analytics, product improvement, fraud detection, advertising measurement (balanced with user rights).
Consent: where required (for tracking or personalized advertising), we will obtain consent via platform controls (iOS App Tracking Transparency prompt) or in-App mechanisms if needed.
5. Use of third-party services and data recipients
We use third-party processors to provide Ads, analytics, billing and crash reporting. These parties may process data on our behalf:
Examples of service providers we use or may use (actual selection depends on implementation):
Google AdMob (ads)
Firebase Analytics & Firebase Crashlytics (analytics, diagnostics)
RevenueCat (subscription entitlement management)
Apple SKAdNetwork (ad measurement)
Other advertising/analytics providers as required (e.g., AppLovin, Unity Ads) — only if configured.
These providers have their own privacy policies. We require processors to act only on our instructions and to implement appropriate security safeguards.
6. Advertising, personalization and tracking
6.1 Ad delivery: Ads (rewarded and interstitial) are provided by third-party ad networks (e.g., AdMob). Ads may be personalized only if the user/device permits tracking.
6.2 Rewarded ads: For modes that require rewarded ads, completion events are logged and entitlement for that single match is granted upon successful ad completion.
6.3 App Tracking Transparency (iOS) & Android ad settings:
On iOS, users will be prompted to permit tracking via the ATT prompt. If tracking is denied, we will not use the IDFA for personalized advertising.
On Android, users may disable ad personalization in Google settings; we will respect those choices.
6.4 Non-personalized ads for children: We will configure ad providers to serve non-personalized ads to users identified as children to comply with COPPA and Google Families policies.
7. Data retention
7.1 Usage and analytics data: retained in aggregated or anonymized form for product analysis. Raw analytics and crash logs are retained per provider default retention schedules (commonly 90 days to 2 years depending on provider and configuration). We will purge or anonymize data upon request where feasible.
7.2 Subscription records: retained for the duration needed to validate entitlements and support customer requests.
7.3 Where a deletion request is made, we will delete records under our control and request deletion from third-party processors where feasible, subject to legal retention requirements and platform limitations.
8. Transfers outside the EEA / international processing
Data processed by third-party providers (e.g., Google, RevenueCat) may be transferred and stored outside the European Economic Area (EEA). We rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) or provider certifications. By using the App, you consent to such transfers as described.
9. Your rights (EU / GDPR and similar)
Where applicable you have the right to:
request access to the personal data we hold about you;
request rectification of inaccurate personal data;
request deletion of personal data;
request restriction of processing;
request portability of your data (data we provided in a commonly used machine-readable format);
object to certain processing based on legitimate interest;
withdraw consent where consent is the basis for processing;
lodge a complaint with a supervisory authority (in Poland: Urząd Ochrony Danych Osobowych — UODO).
To exercise rights or request deletion, contact studio@appaya.net. We will respond within applicable statutory timeframes.
10. How to opt out or control data collection
Ads & tracking: disable tracking via iOS App Tracking Transparency prompt, or disable ad personalization in Android Google settings.
Device settings: you may choose not to grant permission for tracking; core features remain available but some personalized ads may not be shown.
Contact: for data deletion or other privacy actions, email studio@appaya.net.
11. Security
We implement reasonable technical and organizational measures to protect data under our control. However, no method of transmission or storage is completely secure; we cannot guarantee absolute security.
12. Children
The App is suitable for children and adults. We do not knowingly collect personal information from children under applicable minimum age. If you believe a child's personal information has been collected, contact us at studio@appaya.net and we will take steps to remove it.
13. Changes to this Privacy Policy
We may update this Privacy Policy to reflect changes in the App, legal requirements, or third-party services. The "Last updated" date at the top reflects the most recent revision. Continued use after changes indicates acceptance.
14. Contact and data protection officer / representative
For privacy queries, data access or deletion requests, contact: studio@appaya.net
If you are in the EU/EEA and require a local representative for privacy matters, we will provide contact details upon request to the email above.
15. Additional platform statements (Apple & Google)
App Store: The App's privacy and data usage are declared in App Store Connect (App Privacy information). This Policy supplements those declarations.
Google Play: We have completed the Google Play Data Safety form consistent with this Policy.
16. Important notices about purchases and refunds
All purchases and subscriptions are processed by Apple or Google. Please use the respective store's mechanisms for subscription management and refund requests. We cannot change or refund charges processed by Apple/Google, except as permitted by store policies.
17. Legal basis and contact for EU users
Legal basis: contract performance (subscriptions), legitimate interest (analytics), consent (where required); see above for rights.
Supervisory authority: Poland — Urząd Ochrony Danych Osobowych (UODO). You may lodge a complaint with your local data protection authority.
Terms of Use
This app uses the standard Apple Terms of Use (EULA):
https://www.apple.com/legal/internet-services/itunes/dev/stdeula/