Privacy Policy

Privacy Policy

Last updated: 2025-10-04

1. Scope and Data Controller

This Privacy Policy governs the processing of information in connection with the Puzzle Royale mobile application (the "App") and the website https://www.puzzleroyale.app (collectively, the "Services"). The Services are operated by Sean McCarren, Regenboogven 89, 5508RK Veldhoven ("Puzzle Royale", "we", "us"). For purposes of the EU General Data Protection Regulation ("GDPR"), we are the data controller for the processing activities described herein.

2. Categories of Personal Data

We process the following categories of personal data:

• Registration and account data: Google account identifier, email address, display name, and Google-provided profile image when you sign in with Google. You may voluntarily supply a display name and profile image inside the App.
• Gameplay and usage data: match results, rankings, achievements, gameplay history, and other telemetry generated through your use of the Services.
• Diagnostic data: device identifiers, crash reports, performance metrics, and analytics events collected automatically by Google Play Services, Google Analytics for Firebase, and Firebase Crashlytics. Each service processes personal data pursuant to its own privacy notice:
  • Google Privacy Policy
  • Firebase Privacy Notice
• Device permissions: (i) Android INTERNET (mandatory) for multiplayer and synchronisation; (ii) Android CAMERA and iOS camera access (optional) for capturing a profile picture; (iii) Android READ_EXTERNAL_STORAGE/READ_MEDIA_IMAGES and iOS photo-library access (optional) for selecting an existing picture. Declining an optional permission may disable the related feature.

We do not intentionally collect precise geolocation, payment card information, address book contents, or SMS content through the Services.

3. Purposes and Legal Bases for Processing

Your personal data is processed for the following purposes and legal bases:

• Contract performance (Article 6(1)(b) GDPR): to create and maintain your account, deliver multiplayer functionality, synchronise progress, and provide core gameplay features.
• Legitimate interests (Article 6(1)(f) GDPR): to protect the Services against fraud and abuse (including cheat detection and enforcement), to analyse usage for service improvement, and to maintain the stability and security of our infrastructure. Our interests are balanced against your rights and freedoms.
• Consent (Article 6(1)(a) GDPR): for optional features such as uploading a profile image or granting camera/photo-library permissions. You may withdraw consent at any time inside the App or by contacting us.

4. Recipients and Processors

We engage Google LLC and its affiliates (Firebase, Google Play Services, Google Analytics for Firebase, Firebase Crashlytics) as data processors pursuant to written data-processing agreements. Personal data may also be disclosed to competent authorities or legal counsel where disclosure is required to comply with legal obligations or to protect our legitimate interests (for example, in connection with enforcement of the Terms & Conditions).

5. International Data Transfers

Personal data may be stored on or accessed from servers located outside the European Economic Area, including the United States. Such transfers rely on appropriate safeguards, including Standard Contractual Clauses approved by the European Commission and, where applicable, supplementary protective measures implemented by Google LLC.

6. Retention Periods

We retain account data and gameplay history for as long as your account remains active. When you use the in-app deletion function, we will delete or anonymise personal data within thirty (30) days, unless longer retention is required for legal, regulatory, or dispute-resolution purposes. Aggregated or anonymised analytics data may be retained indefinitely.

7. Data Subject Rights

Subject to applicable law, you may request access to, rectification or erasure of, or restriction of processing concerning your personal data. You may also object to processing based on legitimate interests, request data portability, or lodge a complaint with your local supervisory authority. Please submit requests via the in-app tools or by emailing mccarrenapps@gmail.com.

8. Children

The Services are intended for individuals aged thirteen (13) years and older. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child has provided personal data without consent, contact us so that we can delete the information promptly.

9. Security Measures

We maintain administrative, technical, and physical safeguards appropriate to the nature of the data, including Firebase Authentication, App Check, Play Integrity API, encrypted transport, and access controls. While we strive to protect personal data, no security measure is infallible. We will notify affected users and competent authorities of personal-data breaches when legally required.

10. Updates to this Policy

We may revise this Privacy Policy from time to time to reflect changes in law, our processing activities, or the Services. Material changes will be communicated through the App, our website, or app store listings. Continued use of the Services after the effective date constitutes acknowledgement of the revised policy.

11. Contact

If you have questions about this Privacy Policy or our data practices, contact us at mccarrenapps@gmail.com. You may also write to the postal address listed above. We endeavour to respond within thirty (30) days.