Privacy Policy (GDPR)

1. Data Controller

Controller: Independent developer of Associations (individual controller)

Privacy contact email: gjenial.games@gmail.com

You can contact us by email for all privacy requests. Additional contact details may be provided where legally required.

2. Personal Data We Process

2.1 Account and identifiers

• Firebase Anonymous Authentication user ID (UID)
• Technical identifiers processed by ad partners (for ad delivery/measurement)

2.2 Gameplay and service data

Stored in Firebase Firestore to run the game service:

• game/session IDs
• pseudonymous player IDs (UIDs)
• game state (turns, revealed clues, guesses, scores, outcomes)
• timestamps (created/updated/activity)
• private game short codes ("Play with Friend")

2.3 User-provided text in gameplay

When specific gameplay conditions are met (wrong column guess with one revealed clue), the App may send:

• language code
• guessed text
• associated clue text

This is sent to the game API endpoint (e.g., /game/words/temporary) for puzzle-quality improvement.

2.4 Local on-device data (AsyncStorage)

• language preference
• energy amount and refill timing
• interstitial ad counter/threshold state
• auth persistence cache used by Firebase Auth runtime

2.5 Advertising data

The App integrates Google Mobile Ads (AdMob) for banner/interstitial/rewarded ads. AdMob and partners may process ad-related device/app data under their own policies.

3. Purposes and GDPR Legal Bases (Art. 6)

We process personal data for these purposes:

1. Provide core gameplay and account/session continuity

   Legal basis: Art. 6(1)(b) Contract

2. Operate multiplayer synchronization, anti-abuse/reliability, service security

   Legal basis: Art. 6(1)(f) Legitimate Interests

3. Product improvement (including temporary wrong-association reporting)

   Legal basis: Art. 6(1)(f) Legitimate Interests

4. Advertising, including personalized ads where applicable

   Legal basis: Art. 6(1)(a) Consent where required by local law (including ePrivacy/ATT context), otherwise Art. 6(1)(f) Legitimate Interests for non-personalized/essential ad operations where permitted.

You may withdraw consent at any time for consent-based processing, without affecting lawfulness before withdrawal.

4. Data Recipients / Processors

We share personal data with service providers acting as processors or independent controllers (depending on context):

• Google Firebase (Authentication, Firestore)
• Google AdMob / Google Mobile Ads (ad serving and measurement)
• Game API provider (api.gjenial.com or configured equivalent)

We may also disclose data if required by law or to protect legal rights, security, and safety.

5. International Data Transfers

Data may be processed outside your country, including outside the EEA/UK/Switzerland. Where required, transfers rely on appropriate safeguards (for example, adequacy decisions or Standard Contractual Clauses) provided through our vendors' contractual frameworks.

6. Data Retention

• Firestore gameplay data: game records are retained to operate the service and are manually reviewed/deleted as part of regular maintenance. Finished game records are deleted on a monthly manual cleanup cycle.
• Waiting-lobby cleanup: stale waiting lobbies may be deleted by cleanup logic.
• Local device data: kept until app data is cleared or app is uninstalled.
• Ad-related and infrastructure logs: retained per provider retention schedules.

We may retain limited data longer where legally required or needed for dispute/security/fraud handling.

7. Your GDPR Rights

If GDPR applies, you may have the right to:

• access your personal data
• rectify inaccurate data
• erase data ("right to be forgotten")
• restrict processing
• object to processing based on legitimate interests
• data portability (where applicable)
• withdraw consent at any time (where processing is consent-based)
• lodge a complaint with your local supervisory authority

To exercise rights, contact: gjenial.games@gmail.com.

7.1 How to request deletion in the App

• In the App settings, you can use the Request data deletion action.
• This opens an email draft to our privacy contact and includes your Firebase UID so we can locate your records.
• If email cannot be opened on your device, the App shows manual instructions and the request text to copy.
• If you contact us without enough information to locate your records (for example, missing UID), we may ask for additional details before we can complete the request.

8. Children

The App is not intended for children under 13 (or higher minimum age required by local law). We do not knowingly process children's personal data in violation of applicable law.

9. Security

We use appropriate technical and organizational measures to protect personal data. No method of transmission or storage is completely secure.

10. Automated Decision-Making

We do not use automated decision-making that produces legal or similarly significant effects under Article 22 GDPR.

11. Changes to This Policy

We may update this Policy from time to time. Material changes will be reflected by updating the date above and, where required, providing additional notice.

12. Third-Party Policies

• Firebase Privacy and Security: https://firebase.google.com/support/privacy
• Google AdMob policy resources: https://support.google.com/admob/answer/6128543
• Google Privacy Policy: https://policies.google.com/privacy