Privacy Policy

Version: 1.2 | Effective date: May 22, 2026
Developer: Gustavo André Richter | Contact: grichterdev@gmail.com
App: CruciFlow: Global Quest (com.gustavoarichter.cruciflow)

1. Who we are

Gustavo André Richter ("we", "us") is the individual developer responsible for CruciFlow: Global Quest, available on the Google Play Store. This Privacy Policy describes how we collect, use, store, and protect your data when you use the app.

2. Data we collect

2.1 Data collected automatically by third parties

The app integrates third-party services that may collect data under their own policies:

Service	Data collected	Purpose	Policy
Google Firebase Analytics	Anonymous usage events, installation identifier (e.g. levels, hints, language)	Usage analysis — only with your consent in EU/EEA/UK/CH	firebase.google.com/policies/analytics
Google Firebase Crashlytics	Crash logs, device model, OS version	Error fixing — separate consent in EU/EEA/UK/CH	firebase.google.com/terms/crashlytics
Google Firebase Remote Config	Economy and ad parameters (no direct user identification)	App behavior tuning	firebase.google.com/support/privacy
Google AdMob	Advertising identifier (GAID), approximate IP address	Personalized ads	policies.google.com/privacy
Google Play Billing	Purchase data processed by Google	IAP verification	play.google.com/about/play-terms
Google Play Games Services	Google player ID, progress snapshot (coins, puzzles, streak), leaderboard scores, achievement status	Optional Cloud Save, leaderboards, achievements	policies.google.com/privacy

2.2 Data we do NOT collect

We do not collect name, email, or any directly identifiable personal data.
We do not require a proprietary account; Google Play Games sign-in is optional.
We do not store data on our own servers.
We do not share data with third parties other than those listed in section 2.1.
We do not sell personal data.

2.3 Data stored locally on the device

The app saves locally on your device (via Hive/SQLite), regardless of Play Games login:

Puzzle progress, coins, streak
Selected language and preferences
IAP purchase receipt (encrypted, for offline verification)

This data remains on the device until uninstall or app data clearance. It is not sent to external servers unless you opt into Play Games Cloud Save (section 2.4).

2.4 Google Play Games (optional)

If you sign in to Google Play Games (Settings → Google Play Games → Sign in), the app may:

Upload a JSON snapshot (cruciflow_save) with progress, coins, and puzzles to Google's Cloud Save
Record leaderboard scores and achievement status
Associate this data with your Google account under Google's Privacy Policy

Without Play Games sign-in, leaderboards, achievements, and Cloud Save remain inactive; the game works normally with local data only.

If local and cloud progress conflict, the app shows a dialog for you to choose which version to keep.

How to opt out: do not sign in to Play Games, or sign out in the app Settings. To remove data already stored by Google, follow your Google account and Google Privacy Center instructions.

3. Legal basis for processing

3.1 LGPD (Brazil, Law No. 13,709/2018)

Processing is based on:

Art. 7(IX) — legitimate interest for usage analysis and crash fixing
Art. 7(V) — contract performance (IAP via Google Play Billing)
Art. 7(I) — consent (optional Play Games login and Cloud Save)

3.2 GDPR (European Union, Regulation 2016/679)

Legal basis:

Art. 6(1)(a) — explicit consent (Firebase Analytics and Crashlytics in EU/EEA/UK/CH; optional Play Games login)
Art. 6(1)(b) — contract performance (IAP)
Art. 6(1)(f) — legitimate interests (Remote Config without direct user identification)

In EU/EEA/UK/CH: Analytics and Crashlytics are off by default. You choose after accepting the Terms and may change choices in Settings → Privacy. Data sent to Google is subject to SCCs and the EU-U.S. Data Privacy Framework where applicable.

3.3 CCPA (USA, Cal. Civ. Code § 1798.100)

We declare that we do not sell California users' personal data to third parties. Advertising data is processed by Google AdMob under its own policies. California users may request access and deletion as described in section 8.

4. Firebase consent (EU/EEA/UK/Switzerland)

If your Google Play country (or device locale fallback) indicates residence in the EU/EEA/UK/CH:

After accepting the Terms, you will see separate toggles for Usage analytics and Crash reports (Crashlytics) — both off by default.
These choices are independent of advertising consent (AdMob/UMP).
You may change them anytime under Settings → Privacy.

Outside those regions, Analytics and Crashlytics are enabled by default (no toggle screen).

5. Consent for personalized advertising (GDPR/EEA and UK)

Users in the EU/EEA/UK/CH will see an advertising consent notice on the home screen, managed by Google UMP — separate from Firebase toggles above.

If you accept personalized ads: AdMob may use your advertising identifier (GAID).
If you decline: non-personalized ads when allowed. The app remains functional.
Change later: Settings → Privacy → Ad Preferences.

Outside the EU/EEA/UK/CH, AdMob follows device settings (Android: Settings → Google → Ads).

6. Advertising and COPPA (USA)

CruciFlow: Global Quest is not directed at children under 13. The app does not knowingly collect children's data. If you are a parent or guardian and believe your child provided data through the app, contact us by email below to request deletion with service providers.

Ads shown by Google AdMob may be personalized based on the device advertising identifier. Users can opt for non-personalized ads in device settings (Settings → Google → Ads → Reset advertising ID / Disable ad personalization).

7. Data retention

Analytics and Crashlytics: retained by Google per its policies (up to 14 months by default for Firebase Analytics).
Play Games Cloud Save: retained by Google per its policies while the account remains active.
Local device data: remains on the device until app uninstall or user data clearance.

8. Your rights

Regardless of location, you have the right to:

Right	How to exercise
Access	Request by email
Correction	Request by email
Deletion ("right to be forgotten")	Request by email; for third-party data (Firebase/AdMob/Play Games), we will guide you through Google's process
Portability	Request by email
Object to processing	Disable toggles in Settings → Privacy (EU) or contact by email
Withdraw consent	Firebase toggles, UMP ad settings, sign out of Play Games, or email

Contact for rights requests: grichterdev@gmail.com Response time: up to 15 business days (per LGPD and GDPR).

9. Security

We adopt reasonable technical measures to protect local device data, including encryption of IAP purchase receipts. Data transmitted to third parties (Firebase, AdMob, Play Games) is protected by SSL/TLS.

10. Changes to this policy

We will notify material changes via app updates on the Play Store. The effective date at the top will be updated. Continued use after publication constitutes acceptance.

11. Applicable law and jurisdiction

This policy is governed by the laws of the Federative Republic of Brazil. For EU users, GDPR and local data protection laws also apply. For US users, COPPA and CCPA apply where relevant.

Chosen forum: Santo Ângelo, State of Rio Grande do Sul, Brazil, for disputes not resolved amicably.

12. Contact

Gustavo André Richter grichterdev@gmail.com