Spiky Sweeper — Privacy Policy

1. Introduction

Spiky Sweeper is a competitive grid-logic puzzle game in which you race a pre-recorded run of another player on the same puzzle layout. This Privacy Policy explains what data the App collects, why we collect it, who we share it with, how long we keep it, and the rights you have over it.

We have designed the App to be anonymous-first: you can download, install, and play without creating an account and without providing any name, email address, or other personally identifying information. The default identity is an opaque, device-bound anonymous account. You may optionally upgrade to Google sign-in to preserve your progress across devices; doing so is the only point at which a third-party identity provider is involved, and even then we do not store your email address or Google profile data on our own servers (see Section 4).

This policy applies to the Spiky Sweeper mobile application and the backend services that support it. It does not apply to third-party services you reach by leaving the App.

2. Data We Collect

We separate the data the App handles into two categories: data that stays on your device ("local-device storage") and data stored on our servers ("server-side data"). We minimize what leaves your device.

2.1 Local-device storage (stays on your device)

The following is stored locally on your device to make the App work offline and across restarts. It is not transmitted to us unless explicitly described as server-side data below:

• In-progress match state — the puzzle layout being played, the cells you have revealed and flagged, your input timeline, elapsed and paused time, so a match survives an app close, an operating-system process kill, or a device restart and can be resumed.
• Cached puzzle and opponent-run assets — puzzle layouts and the opponent run for a match are downloaded once and cached so the match plays end-to-end without a network connection and so assets survive app restarts without re-downloading.
• Queued results awaiting upload — if you finish a match while offline, the result is queued locally and uploaded automatically on the next reconnection.
• App settings and preferences — including your notification preferences (Section 3).

2.2 Server-side data (stored on our servers)

The following is stored on our backend (Google Firebase / Cloud Firestore):

• Opaque account identifier. When you first play, the App provisions an anonymous account identified by an opaque, randomly assigned identifier issued by Firebase Authentication. This identifier carries no personally identifying information — no email, no device fingerprint, no advertising ID, no provider token. It is the only identity-shaped value we store for an anonymous account.
• Display name. You are assigned a procedurally generated default display name that you may edit. Display names are unique across the player base. A display name is a self-chosen, opaque label; it is the only identity surface other players ever see (see Section 2.3). We recommend you do not put personal information into your display name.
• Game replays (community-visible — see Section 2.3). A "replay" is the recorded timeline of your interactions during a match (each cell reveal, flag, and chord, with timestamps relative to match start), together with the puzzle identifier, the run's terminal state (cleared or mine-struck), and a snapshot of your rating at recording time.
• Per-difficulty ratings. We store three independent skill ratings for your account (one per difficulty tier) using the Glicko-2 rating system, each consisting of a rating value, a rating-deviation value, and a volatility value.
• Match records. A record of each match you complete — the puzzle, the opponent matched, the outcome, and the resulting rating change — used for your match history and re-watch feature.
• Daily challenge leaderboard entries. When you play a daily challenge, your attempt is recorded on that day's per-difficulty leaderboard.
• Abuse-prevention counters. Rate-limit counters keyed to your account and to puzzles, used to bound submission frequency.
• Device-integrity attestation tokens. Submissions carry a token from Google Play Integrity / Firebase App Check proving the request came from a legitimate, unmodified instance of the App (see Section 3 and Section 4). We retain this token with the submission for integrity validation.
• Push notification token (optional; only if you enable notifications). Notifications are dormant by default in this version of the App and no push token is collected unless you enable them. If and when you opt in to notifications, a push registration token issued by Firebase Cloud Messaging is stored on your account solely to deliver the notifications you requested. It is deleted when you opt out or when your account is deleted.

We do not collect or store your real name, email address, phone number, precise location, contacts, photos, advertising identifiers, or device fingerprints.

2.3 Community-visible content (replays and display name)

Some content you create is, by design, visible to other players as part of the competitive experience — a community-content surface distinct from your private account data:

• Your best ("canonical") replay for a given puzzle is eligible to be served to other players as the opponent they race against on that same puzzle. When it is served, the other player sees your display name and a snapshot of your rating alongside the on-screen ghost of your recorded run. They do not see your account identifier, your authentication tokens, your device, or any other private data — only the opaque display name and rating snapshot.
• Replays are queryable by the matchmaking system precisely so they can be matched and served as opponents. Treat a replay, and your display name, as content that other players may see.

Non-canonical replays are retained for your own re-watch history and for future integrity validation but are not served to other players.

3. How We Use Data

We use the data described above only for the following purposes:

• Operating gameplay — serving you puzzles, selecting an opponent replay to race against, rendering the opponent ghost, and resolving match outcomes.
• Maintaining your skill rating and leaderboards — updating your per-difficulty Glicko-2 ratings after rated matches and ranking players on leaderboards.
• Running the daily challenge — serving the day's puzzle and ranking attempts.
• Preserving your progress — keeping your ratings, replay history, and progression durable, including across an optional upgrade to Google sign-in.
• Preventing abuse and fraud — verifying device-integrity attestation and enforcing rate limits so fabricated or automated submissions are rejected at our servers.
• Diagnosing crashes and errors — see Section 4 on crash reporting.
• Sending optional notifications — notifications are dormant by default in this version and are not sent unless and until you enable them. If you do opt in, we may send a notification when a new daily challenge becomes available. Notifications are independently opt-in/opt-out from in-app settings, off until you opt in, and refusing them does not restrict any feature. Notification payloads contain only opaque identifiers and template strings — no personally identifying or rating-shaped content.

We do not sell your data, use it for third-party advertising, or build advertising profiles. The App contains no advertising and no in-app purchases.

4. Third-Party Processors

We rely on the following service providers ("processors") to operate the App. Each processes data on our behalf under its own data-processing terms. Links below point to each processor's data-processing addendum (DPA) or governing data-protection terms.

4.1 Crash and error reporting (required; no opt-out)

Crash and error reports are required app-functionality data. They cannot be turned off, because we rely on them to keep the App stable and to meet our crash-free-session commitments. This is declared as required app-functionality data in the Google Play Console Data Safety form. Reports forwarded to our diagnostics processors (Crashlytics for client-side crashes, Sentry for server-side errors) are automatically deleted from those processors after a 90-day retention window.

Before any report leaves your device, it is scrubbed on the client so that it retains only opaque identifiers and technical metadata. The retained fields differ by surface:

• Client crash reports (Crashlytics) retain your opaque account identifier, the opaque puzzle identifier, the difficulty tier, the match phase, the match identifier, and diagnostic stack/technical fields.
• Server error reports (Sentry) retain the same opaque identifiers and, in addition, the run's terminal-state code and the rating snapshot.

Authentication tokens, attestation tokens, IP addresses, display names, and any email-shaped values are stripped on the client before transmission and never reach either processor.

5. Data Retention and Deletion

We retain server-side data for as long as your account exists, except as otherwise stated:

• Account data (account identifier, display name, replays, ratings, match records, leaderboard entries, queued submissions, rate-limit counters, display-name claim, and any push token you have enabled) is retained while your account is active.
• Crash and error reports are retained by our diagnostics processors for 90 days, then auto-deleted (Section 4.1).

5.1 Account deletion

You can request deletion of your account from in-app settings. When you request deletion in-app, the purge runs immediately and removes your player record, all of your canonical and non-canonical replays, your rating history, your match records, any queued submissions, your daily challenge leaderboard entries, your abuse-prevention rate-limit counters, your push token (if any), and your display-name claim. Any deletion request made by other means is completed within 30 days. Our deletion executor acts on the authenticated account only — it accepts no other-account input and cannot be used to delete someone else's data. Once your display-name claim is released, the name returns to the pool and may be claimed by another player.

Anonymized aggregate data that carries no identifying information may be retained after deletion, as described in this policy.

Note that deleting your account does not retroactively un-serve replays that were already downloaded and cached on another player's device during an earlier match; such cached copies are local to that device and expire under that device's caching.

6. Breach Notification

If we become aware of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and any affected players without undue delay and within the timeframes required by applicable law (for example, within 72 hours where the GDPR applies), using in-app or public notice where the App's anonymous-first design means we hold no direct contact details for you.

7. Changes to This Policy

We may update this Privacy Policy from time to time. Each version carries a version number, an effective date, and a last-updated date (see the header). Substantive changes are recorded in the changelog at the end of this document and announced in-app or on our hosted site. The current version is always available from in-app settings and the Play Store listing. Continued use of the App after an update takes effect constitutes acceptance of the updated policy, to the extent permitted by applicable law.

8. Children's Privacy

Spiky Sweeper is a general-audience product and is not directed to children under 13 (or the minimum age of digital consent in your jurisdiction, where higher). We do not knowingly collect personal information from children under 13. Because the App is anonymous-first and does not require any personal information to play, we do not knowingly collect such information from anyone. If you believe a child under the applicable minimum age has provided us with personal information, please contact us (Section 11) and we will take steps to delete it.

9. Your Rights

Depending on where you live, you may have some or all of the rights described below. Because anonymous accounts are not tied to any contact information, we may need information sufficient to locate the specific account (for example, the in-app account identifier) to act on a request, and we may be unable to verify a request we cannot tie to an account.

9.1 Rights under the EU/UK GDPR (Articles 15–22)

• Access (Art. 15) — obtain confirmation of whether we process your data and a copy of it. We do not offer a self-serve export; request a copy via our contact address (Section 11) and we will fulfill it manually.
• Rectification (Art. 16) — have inaccurate data corrected (for example, by editing your display name in-app).
• Erasure / "right to be forgotten" (Art. 17) — have your data deleted; use in-app account deletion (Section 5.1).
• Restriction of processing (Art. 18) — request that we limit how we process your data in certain circumstances.
• Data portability (Art. 20) — receive your data in a structured, commonly used, machine-readable format. We do not offer a self-serve export; request your data via our contact address (Section 11) and we will provide it manually.
• Object (Art. 21) — object to certain processing.
• Automated decision-making (Art. 22) — not be subject to solely automated decisions producing legal or similarly significant effects. Our skill-rating and matchmaking computations affect only in-game matching and rankings and do not produce legal or similarly significant effects.

You also have the right to lodge a complaint with your local data-protection supervisory authority. To exercise any right above, use in-app account deletion where applicable (Section 5.1) or contact us (Section 11).

9.2 Rights under the CCPA/CPRA (California residents)

• Right to know what personal information we collect, use, and disclose.
• Right to delete personal information we hold (Section 5.1).
• Right to correct inaccurate personal information.
• Right to opt out of "sale" or "sharing" of personal information — we do not sell or share your personal information as those terms are defined under the CCPA/CPRA.
• Right to non-discrimination for exercising your privacy rights.

To exercise any of these rights, use in-app account deletion where applicable (Section 5.1) or contact us (Section 11). We will not discriminate against you for exercising your rights.

10. Governing Law

This Privacy Policy and any dispute arising out of or relating to it are governed by the laws of the State of New Jersey, United States, without regard to its conflict-of-laws provisions, except where mandatory consumer-protection or data-protection law in your place of residence applies. Nothing in this section deprives you of the protection of mandatory provisions of the law of your country of residence.

11. Contact

For privacy questions, requests, or to exercise your rights, contact the Operator:

• PraserGames LLC
• Privacy contact: support@prasergames.com

Changelog