Privacy Policy
1. Who we are
Gustavo André Richter ("we", "us") is the individual developer responsible for CruciFlow: Global Quest, available on the Google Play Store. This Privacy Policy describes how we collect, use, store, and protect your data when you use the app.
2. Data we collect
2.1 Data collected automatically by third parties
The app integrates third-party services that may collect data under their own policies:
| Service | Data collected | Purpose | Policy |
|---|---|---|---|
| Google Firebase Analytics | Anonymous usage events, installation identifier (e.g. levels, hints, language) | Usage analysis — only with your consent in EU/EEA/UK/CH | firebase.google.com/policies/analytics |
| Google Firebase Crashlytics | Crash logs, device model, OS version | Error fixing — separate consent in EU/EEA/UK/CH | firebase.google.com/terms/crashlytics |
| Google Firebase Remote Config | Economy and ad parameters (no direct user identification) | App behavior tuning | firebase.google.com/support/privacy |
| Google AdMob | Advertising identifier (GAID), approximate IP address | Personalized ads | policies.google.com/privacy |
| Google Play Billing | Purchase data processed by Google | IAP verification | play.google.com/about/play-terms |
| Google Play Games Services | Google player ID, progress snapshot (coins, puzzles, streak), leaderboard scores, achievement status | Optional Cloud Save, leaderboards, achievements | policies.google.com/privacy |
2.2 Data we do NOT collect
- We do not collect name, email, or any directly identifiable personal data.
- We do not require a proprietary account; Google Play Games sign-in is optional.
- We do not store data on our own servers.
- We do not share data with third parties other than those listed in section 2.1.
- We do not sell personal data.
2.3 Data stored locally on the device
The app saves locally on your device (via Hive/SQLite), regardless of Play Games login:
- Puzzle progress, coins, streak
- Selected language and preferences
- IAP purchase receipt (encrypted, for offline verification)
This data remains on the device until uninstall or app data clearance. It is not sent to external servers unless you opt into Play Games Cloud Save (section 2.4).
2.4 Google Play Games (optional)
If you sign in to Google Play Games (Settings → Google Play Games → Sign in), the app may:
- Upload a JSON snapshot (
cruciflow_save) with progress, coins, and puzzles to Google's Cloud Save - Record leaderboard scores and achievement status
- Associate this data with your Google account under Google's Privacy Policy
Without Play Games sign-in, leaderboards, achievements, and Cloud Save remain inactive; the game works normally with local data only.
If local and cloud progress conflict, the app shows a dialog for you to choose which version to keep.
How to opt out: do not sign in to Play Games, or sign out in the app Settings. To remove data already stored by Google, follow your Google account and Google Privacy Center instructions.
3. Legal basis for processing
3.1 LGPD (Brazil, Law No. 13,709/2018)
Processing is based on:
- Art. 7(IX) — legitimate interest for usage analysis and crash fixing
- Art. 7(V) — contract performance (IAP via Google Play Billing)
- Art. 7(I) — consent (optional Play Games login and Cloud Save)
3.2 GDPR (European Union, Regulation 2016/679)
Legal basis:
- Art. 6(1)(a) — explicit consent (Firebase Analytics and Crashlytics in EU/EEA/UK/CH; optional Play Games login)
- Art. 6(1)(b) — contract performance (IAP)
- Art. 6(1)(f) — legitimate interests (Remote Config without direct user identification)
In EU/EEA/UK/CH: Analytics and Crashlytics are off by default. You choose after accepting the Terms and may change choices in Settings → Privacy. Data sent to Google is subject to SCCs and the EU-U.S. Data Privacy Framework where applicable.
3.3 CCPA (USA, Cal. Civ. Code § 1798.100)
We declare that we do not sell California users' personal data to third parties. Advertising data is processed by Google AdMob under its own policies. California users may request access and deletion as described in section 8.
4. Firebase consent (EU/EEA/UK/Switzerland)
If your Google Play country (or device locale fallback) indicates residence in the EU/EEA/UK/CH:
- After accepting the Terms, you will see separate toggles for Usage analytics and Crash reports (Crashlytics) — both off by default.
- These choices are independent of advertising consent (AdMob/UMP).
- You may change them anytime under Settings → Privacy.
Outside those regions, Analytics and Crashlytics are enabled by default (no toggle screen).
5. Consent for personalized advertising (GDPR/EEA and UK)
Users in the EU/EEA/UK/CH will see an advertising consent notice on the home screen, managed by Google UMP — separate from Firebase toggles above.
- If you accept personalized ads: AdMob may use your advertising identifier (GAID).
- If you decline: non-personalized ads when allowed. The app remains functional.
- Change later: Settings → Privacy → Ad Preferences.
Outside the EU/EEA/UK/CH, AdMob follows device settings (Android: Settings → Google → Ads).
6. Advertising and COPPA (USA)
CruciFlow: Global Quest is not directed at children under 13. The app does not knowingly collect children's data. If you are a parent or guardian and believe your child provided data through the app, contact us by email below to request deletion with service providers.
Ads shown by Google AdMob may be personalized based on the device advertising identifier. Users can opt for non-personalized ads in device settings (Settings → Google → Ads → Reset advertising ID / Disable ad personalization).
7. Data retention
- Analytics and Crashlytics: retained by Google per its policies (up to 14 months by default for Firebase Analytics).
- Play Games Cloud Save: retained by Google per its policies while the account remains active.
- Local device data: remains on the device until app uninstall or user data clearance.
8. Your rights
Regardless of location, you have the right to:
| Right | How to exercise |
|---|---|
| Access | Request by email |
| Correction | Request by email |
| Deletion ("right to be forgotten") | Request by email; for third-party data (Firebase/AdMob/Play Games), we will guide you through Google's process |
| Portability | Request by email |
| Object to processing | Disable toggles in Settings → Privacy (EU) or contact by email |
| Withdraw consent | Firebase toggles, UMP ad settings, sign out of Play Games, or email |
Contact for rights requests: grichterdev@gmail.com Response time: up to 15 business days (per LGPD and GDPR).
9. Security
We adopt reasonable technical measures to protect local device data, including encryption of IAP purchase receipts. Data transmitted to third parties (Firebase, AdMob, Play Games) is protected by SSL/TLS.
10. Changes to this policy
We will notify material changes via app updates on the Play Store. The effective date at the top will be updated. Continued use after publication constitutes acceptance.
11. Applicable law and jurisdiction
This policy is governed by the laws of the Federative Republic of Brazil. For EU users, GDPR and local data protection laws also apply. For US users, COPPA and CCPA apply where relevant.
Chosen forum: Santo Ângelo, State of Rio Grande do Sul, Brazil, for disputes not resolved amicably.
12. Contact
Gustavo André Richter grichterdev@gmail.com