Glyph-Echo-A-Word-Puzzle-Privacy

Privacy Policy for Glyph Echo: A Word Puzzle

Effective Date: September 30, 2025

1. Who We Are

• App: “Glyph Echo: A Word Puzzle” (the “App” or “Service”)
• Data Controller (sole developer): Wiktor Zawadzki
• Contact: contact.glyphecho@gmail.com

2. Scope

This Privacy Policy explains what data I collect, how and why I process it, who I share it with, and your choices and rights. By using the App, you agree to the practices described here.

3. No Ads; In‑App Purchases Only

• The App does not display ads and does not use advertising networks or advertising identifiers.
• The App offers optional in‑app purchases processed by Google Play Billing. I do not receive or store payment card details. I only receive transaction status and the product identifier to grant purchased content (e.g., diamonds, packs, themes included in bundles).

3.1 Purchases & Restoration

• Non‑consumables (e.g., themes) are restored by Google Play on the same Google account after reinstall/device change.
• Consumables (e.g., diamonds, hints, skips) are not restored by Google Play. If you uninstall the App, consumable balances stored locally may be lost. If the player has logged into the game and their data has been correctly saved in the cloud, the player is safe.

4. What Data I Collect and Why

4.1 Data You Provide Voluntarily

• Google Play Games sign‑in (optional)
  I receive your Play Games profile identifier and display name. (I do not receive your Google account email address via this flow.)
  Purpose: cloud‑save sync (Saved Games), achievements, leaderboards.

• Community level submissions (optional; Level Editor)
  If you submit a level for review/publication, I store: the encoded level content, your Play Games ID (creatorId), display name (creatorName), a timestamp, moderation status, and basic level metadata (e.g., target score).
  Purpose: moderation, abuse prevention, and (if approved) publication.

• Contact by email (optional)
  If you email me, I process your email address and the message content to respond and handle privacy/data requests.

4.2 Data Collected Automatically

• Usage and diagnostics
  Anonymous/aggregated events (e.g., sessions/screens) and crash logs.
  Providers: Firebase Analytics and Firebase Crashlytics.
  Purpose: stability, performance, and quality improvements.

• Device information
  OS version, device model, and technical identifiers used by analytics/crash reporting for stability and diagnostics. No advertising ID is used, as the App serves no ads.

4.3 Gameplay and Personalization Data

• Cloud saves (Google Play Games: Saved Games)
  I store gameplay progress and preferences to sync across devices (e.g., highest unlocked level, selected and unlocked color themes, token balances—hints/skips/diamonds, daily challenge streak and (after completion) that day’s arrangement, rewards calendar status, your own level codes, and per‑level progress states).
  Purpose: reliable multi‑device sync and restore after reinstall.

• Local storage (SharedPreferences)
  Similar data may also be stored locally to support offline play and reduce network latency.

4.4 Device Permissions

• Camera (optional) — used only to scan QR codes for levels. Camera frames are not uploaded or stored by me.

4.5 OS / Device Backup

• Depending on your Android settings, the operating system (e.g., Android Auto Backup / Google backup) may back up local App data (such as settings and SharedPreferences) to your Google account and restore it on reinstall. This backup is controlled by the OS, not by me. You can manage or disable device backups in your system settings.

5. Children’s Privacy

The Service is not intended for or directed to anyone under the age of 13. I do not knowingly collect personally identifiable information from children under 13. If you are a parent or guardian and you are aware that your child has provided me with personal information, please contact me. If I become aware that I have collected personal information from a child under 13 without verification of parental consent, I will take steps to remove that information from my servers.

6. Legal Bases (EEA/UK)

Depending on your region, I process data based on:

• Performance of a contract (providing the core game and saving progress);
• Legitimate interests (analytics, security, diagnostics, abuse prevention);
• Consent (e.g., Play Games sign‑in, community submissions);
• Legal obligations (where applicable).

7. Third‑Party Services and Policies

• Google Play Games Services (Saved Games, Achievements, Leaderboards)
  https://www.google.com/policies/privacy/
• Google Play Billing
  https://policies.google.com/privacy
• Firebase Analytics
  https://firebase.google.com/policies/analytics
• Firebase Crashlytics
  https://firebase.google.com/support/privacy
• Google Cloud Firestore (community level queue)
  https://cloud.google.com/privacy
• Android OS Backup / Google backup (device‑level backup/restore)
  https://support.google.com/android/answer/2819582

8. Sharing and Recipients

• Service providers (processors) — I share only what is necessary for them to operate on my behalf (see Section 7).
• Public authorities — only when required by law.
• Aggregated/Anonymized data — I may share aggregate statistics that do not identify individuals.

9. Data Retention

• Cloud saves: retained until you delete your account/save or per Google’s retention policies.
• Analytics/crash data: retained per provider defaults (e.g., Crashlytics commonly ~90 days; Analytics per configured window).
• Community content: retained until removal or moderation completes; approved content may remain public until withdrawn.

10. Your Choices and Rights

Depending on your jurisdiction, you may have rights to:

• access, obtain a copy of, correct, or delete your data;
• restrict or object to processing; data portability;
• withdraw consent for optional features—without affecting lawful processing before withdrawal;
• lodge a complaint with your local data protection authority.

11. How to Delete Your Data

• Email: contact me at contact.glyphecho@gmail.com to request deletion; I will process your request within up to 30 days. Due to provider backups, complete removal may take additional limited time per their policies.
• Note: community content already published may remain visible until withdrawn; on account deletion I can anonymize or remove it upon request.

12. Security

I rely on reputable infrastructure (Google Play Games, Firebase, Firestore) with encryption in transit and industry practices. However, no method of transmission or storage is 100% secure; I cannot guarantee absolute security.

13. International Data Transfers

Your data may be processed outside your country (e.g., EU/US). I rely on provider safeguards and contractual clauses intended to ensure an adequate level of protection.

14. Changes to This Policy

I may update this Policy from time to time. I will post updates in the App and/or on the website with a new effective date. For material changes, I may display an in‑App notice.

15. Contact

• Data Controller (sole developer): Wiktor Zawadzki
• Email: contact.glyphecho@gmail.com