Privacy Policy
This Privacy Policy describes how WordFall collects, uses, and shares information when you use the WordFall mobile game on iOS or Android devices. If you have any questions, contact us at wordfallgamewithwiffle@gmail.com.
1. Information We Collect
1.1 Information You Provide
- Account information when signing in with Apple or Google: the identity token issued by Apple or Google, your email address or Apple relay address, and any display name you choose to share. Email is stored on our servers for account recovery, account linking, and support.
- Display name and avatar selections you set inside the app.
- Customer support communications if you contact us.
1.2 Information Collected Automatically
- Device identifier generated locally and used as a stable anonymous identifier for your account.
- Player identifier assigned by our servers.
- Authentication tokens stored encrypted on your device using Android Encrypted SharedPreferences or iOS Keychain.
- Device and app metadata such as platform, app version, language, locale, and IP address received by our servers.
- Push notification token used to deliver in-game notifications.
- Game progress and stats, including levels, scores, currency, ELO rating, and multiplayer match history.
- In-app purchase receipts, transaction IDs, product IDs, and subscription status for verification and fraud prevention.
- Multiplayer session data such as player ID, display name, moves, emoji reactions, room state, and disconnect events.
- Usage analytics events such as first app open, tutorial completion, level completion, rewarded ad completion, ad revenue events, and in-app purchase events. These events may include product IDs, transaction IDs, app platform, language, level number, score, stars, ad placement, ad unit, currency, and value.
1.3 Information Collected by Third Parties
- Google AdMob displays advertisements and may collect advertising identifiers, ad interaction data, and approximate location derived from IP. On iOS, we use Apple's App Tracking Transparency prompt. In the EEA, United Kingdom, Switzerland, and other required regions, we also use Google's User Messaging Platform consent form. If you decline tracking or consent, we serve only non-personalized or limited ads as required by your privacy choices. You can change these choices from Settings > Privacy options where available and from your device privacy settings.
- Google Play Billing and Apple In-App Purchase process purchase information under their own privacy policies.
- Firebase Cloud Messaging delivers push notifications and may receive a device push token.
- Firebase Crashlytics collects crash and diagnostic information so we can diagnose technical issues.
- Firebase Analytics collects app usage and event data so we can understand app performance and advertising results.
- Meta App Events helps us measure Meta advertising performance and may receive app event, purchase event, device identifier, advertising identifier, and attribution data where permitted by your device settings and consent choices.
We do not sell personal information. We do not use a mobile measurement partner SDK in this release; Meta App Events is used only for Meta advertising measurement.
2. How We Use Your Information
- Create and authenticate your account and synchronize game progress.
- Operate leaderboards, multiplayer matchmaking, daily challenges, notifications, and the lives system.
- Process in-app purchases and prevent fraud or abuse.
- Diagnose technical issues and improve app performance.
- Measure app usage, advertising performance, conversion events, and ad revenue.
- Comply with legal obligations.
3. How We Share Your Information
We do not sell your personal information. We share information with service providers such as Apple, Google, Hetzner, Google AdMob, and Meta as needed to operate the app and measure advertising performance; with other players for gameplay features such as leaderboards and multiplayer; when legally required; or in connection with a business transfer subject to this policy.
4. Data Retention
We retain your information while your account is active. When you delete your account, we remove personal data within 30 days except where we must retain transaction records for legal or tax reasons. Authentication tokens and local game state are removed from your device when you sign out or uninstall the app.
5. Data Security
Network traffic is encrypted using HTTPS/TLS. Authentication tokens are stored encrypted on device. Server and database access are restricted, and inputs are validated at API boundaries. No system is completely secure; if we become aware of a security incident affecting your information, we will notify you as required by law.
6. Your Rights
You may request access, correction, deletion, restriction, objection, withdrawal of advertising consent, or a portable copy of your data by contacting us. You can delete your account in Settings > Account > Delete my account, or request deletion from the web at wordfall.org/delete-account. You can also change advertising choices through iOS tracking settings, Android ads settings, or WordFall Settings > Privacy options where available.
7. Children's Privacy
WordFall is rated for general audiences and is not directed to children under 13, or under 16 in the EEA/UK. We do not knowingly collect personal information from children below those ages.
8. International Transfers
Our backend is operated in Germany. If you access the app from outside the European Economic Area, your information may be transferred to and processed in Germany.
9. Third-Party Links
The app may link to third-party websites or services. We are not responsible for their privacy practices.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated through an in-app notice or by email where appropriate.
11. Contact Us
Email: wordfallgamewithwiffle@gmail.com
Subject line suggestion: Privacy Inquiry - [Your Player ID]