Privacy Policy

This policy describes what SudoRush ("we", "our") collects when you play the SudoRush Android app, why we collect it, and your rights. Contact: [email protected].

1. Data We Collect

• Account identifiers. Firebase Authentication user ID, Google Play Games player ID and display name.
• Profile data (Firestore). Display name, coin balance, XP, level, ranked ELO per difficulty, unlocked sabotages, themes, and music packs.
• Match state (Realtime Database). Puzzle round seeds, board positions, sabotage effects in flight, solve timestamps, trap locations. Cleared at match end.
• Match history (Firestore). Opponent ID, mode, outcome, ELO delta, timestamp, difficulty.
• Queue state (Realtime Database). Transient matchmaking state, deleted on match start.
• Purchase records. Google Play purchase token, product ID, validation status.
• Crash diagnostics (Firebase Crashlytics). Stack traces, device model, OS version, locale, install ID, app breadcrumbs.
• Advertising identifiers. Android Advertising ID (AAID) collected by Google AdMob for ad serving, frequency capping, and measurement.
• Ad interaction data. Ad impressions, clicks, and rewarded ad completions, collected by Google AdMob.
• Consent state. Your ad consent choices (IAB TCF string) stored locally on your device by Google's User Messaging Platform.
• Auto-collected by Firebase SDK. Firebase Installation ID, IP address (used by Google for approximate geolocation; not stored by us directly).

2. Why We Collect It

We collect data to provide: matchmaking and live gameplay, anti-cheat enforcement, leaderboards, customer support, crash diagnostics, in-app purchase fulfillment, and serving and measuring advertisements.

3. Advertising

SudoRush uses Google AdMob, a service operated by Google LLC, to serve advertisements. AdMob serves three types of ads in SudoRush: banner ads during gameplay, interstitial ads between matches, and optional rewarded ads you choose to watch for in-game coin rewards.

To serve and measure ads, AdMob collects:

• Android Advertising ID (AAID) and other device identifiers
• IP address
• App usage data and ad interaction data (impressions, clicks, completions)
• Device and account information

AdMob may use this data to serve personalized ads based on your interests and to measure ad performance. If you are in the EU/EEA or a CCPA-regulated US state, a consent form is shown before any ad request is made. You may update or withdraw consent at any time via Settings in the app.

You can opt out of personalized advertising by resetting your Android Advertising ID in your device settings (Settings > Google > Ads > Reset advertising ID) or by enabling "Opt out of Ads Personalization".

Purchasing the Remove Ads in-app purchase removes banner and interstitial ads. Rewarded ads remain available as an opt-in feature and are not served without your action.

For full details of how Google processes data for advertising, see Google's Privacy Policy and Google AdMob's privacy FAQ.

4. Who We Share Data With

We share personal data with Google LLC and its subsidiaries only:

• Firebase Authentication, Realtime Database, Firestore, Crashlytics. Used for authentication, live game state, persistent player data, and crash reporting.
• Google AdMob. Used for ad serving, measurement, and fraud prevention as described in Section 3.
• Google Play. Handles in-app purchase payment processing and delivers purchase records to our app.

We do not sell personal data. We do not share data with any other third parties, analytics providers, or data brokers.

5. Retention

• RTDB match and queue state: cleared at match end or on dequeue.
• Profile and match history: kept while your account is active. Deleted within 30 days of an email deletion request, or immediately via in-app account deletion.
• Crashlytics logs: retained 90 days (Google default).
• AdMob data: retained per Google's advertising data retention policies. See Google's Privacy Policy.

6. Your Rights

• Access. Request a copy of your data by emailing [email protected].
• Delete. Delete your account and all associated data in-app or via Delete Data.
• Withdraw ad consent. Update or withdraw your advertising consent at any time via Settings in the app.
• Opt out of crash reporting. Request opt-out by emailing [email protected].

7. GDPR: EU/EEA Users

If you are located in the European Union or European Economic Area, the following applies in addition to the rest of this policy.

• Data controller. Calvin Iyer (individual), Bangalore, India. Contact: [email protected].
• Lawful basis. Consent (for advertising and analytics); legitimate interest (for fraud prevention, anti-cheat, and security).
• International transfers. Google may transfer your personal data to servers in the United States. Google relies on Standard Contractual Clauses approved by the European Commission as a transfer safeguard.
• Your rights. You have the right to access, rectify, erase, port, and object to processing of your personal data. You may withdraw consent at any time via Settings in the app. These rights do not affect the lawfulness of processing before withdrawal.
• Complaints. You have the right to lodge a complaint with the data protection supervisory authority in your EU/EEA member state.

8. CCPA: California Users

If you are a California resident, the following applies.

• We do not sell personal information as defined under the California Consumer Privacy Act.
• You have the right to know what personal information we collect and to request deletion of your data.
• You have the right to opt out of the sharing of personal information for cross-context behavioral advertising. To exercise this right, update your ad consent via Settings in the app.
• We do not discriminate against users who exercise their CCPA rights.
• To exercise your rights, email [email protected].

9. Children

SudoRush is intended for users aged 13 and older. Sign-in requires a Google Play Games account, which enforces Google Family Link parental controls. We do not knowingly collect personal data from children under 13.

10. DPDP Act: Indian Users

Under India's Digital Personal Data Protection Act, 2023 ("DPDP Act"), we are the Data Fiduciary and you are the Data Principal.

• Purpose. We process your personal data only for the purposes stated in this policy. We do not use your data for any other purpose without your consent.
• Consent. By installing and using SudoRush, you provide consent to process your data as described in this policy. You may withdraw consent by deleting your account.
• Your rights. You have the right to access a summary of your personal data, correct inaccurate data, and erase your data. Email [email protected] to exercise these rights. We will respond within 30 days.
• Grievance. If you are dissatisfied with our response, you may file a complaint with the Data Protection Board of India once it is operational.

11. Updates

Material changes to this policy will be notified via in-app announcement. The "Last updated" date at the top of this page reflects the current version.

12. Contact

Questions, requests, or complaints: [email protected]