Bloxel — Privacy Policy
Bloxel is a single-player block-placement puzzle with a pixel-art aesthetic. Gameplay is offline; an optional online leaderboard (powered by Cloud Firestore) records a player-chosen display name and high scores. There is no real-time multiplayer.
Last updated: May 9, 2026 · Effective: May 9, 2026Summary
Data We Process
| Data type | Purpose | Legal basis | Retention |
|---|---|---|---|
| Advertising identifier (IDFA / GAID) | AdMob ad delivery, frequency capping, fraud prevention | Consent (ATT/UMP) where personalised; legitimate interests where non-personalised | Per Google AdMob retention |
| Firebase Installation ID (anonymous, per-install) | Remote Config delivery, Crashlytics installation tracking, platform abuse prevention | GDPR 6(1)(f) legitimate interests | Rotates per uninstall/reinstall; deleted on uninstall |
| Firebase Analytics pseudonymous ID (App Instance ID) + auto-collected events (first_open, app_update, session_start, screen_view) with device model, OS version, app version, country-level location | Anonymous usage analytics, product improvement | GDPR 6(1)(a) consent (via UMP) or (f) legitimate interests | 2 months (current Firebase Analytics configuration; maximum supported is 14 months) |
| Crash reports (stack trace, OS version, device model, app version, locale, time of crash) — release builds only, disabled in debug | Diagnose and fix bugs that cause the app to crash | GDPR 6(1)(f) legitimate interests | Per Firebase Crashlytics retention (Google retains for up to 90 days) |
| Firebase Authentication anonymous UID (auto-generated, no email/password) | Identifies the leaderboard row that belongs to your install so reinstalls and Game Center sign-ins keep your historical scores | GDPR 6(1)(b) contract performance (leaderboard feature) | Persists in Firebase until account deletion is requested |
| User-entered display name (3–12 characters, stripped of control characters; no real-name validation) | Show next to your score on the leaderboard | GDPR 6(1)(b) contract performance | Device-local (SharedPreferences) and server-side as part of the leaderboard documents (see retention below). Editable in the app |
Cloud Firestore leaderboard documents — fields: uid, name (display name), mode (infinite/timeRush/hell), score, updatedAt, daily/weekly bucket key | Cross-device daily, weekly, and all-time leaderboards | GDPR 6(1)(b) contract performance + (f) legitimate interests | Daily docs: 2-day TTL. Weekly docs: 14-day TTL. All-time docs: retained until the player requests deletion. Deletion of a player's daily/weekly buckets happens automatically via Firestore TTL |
| Game Center / Google Play Games credential (binds your Apple ID / Google account's gaming profile to the same Firebase UID, only after you accept the platform sign-in sheet) | Sign-in for native leaderboards; preserves your Firestore leaderboard row when you reinstall the app | GDPR 6(1)(a) consent (you tap "Continue" on the platform sheet) | Apple/Google retain the gaming profile per their policies; the app stores only the Firebase UID it derives from it |
| Game Center / Play Games leaderboard scores (mode, value) | Native iOS / Android leaderboards in Game Center / Play Games | GDPR 6(1)(b) contract performance | Per Apple Game Center / Google Play Games policy |
| Purchase status for the "Remove Ads" non-consumable IAP | Unlock the ad-free experience and restore purchases | GDPR 6(1)(b) contract performance | Device-local (SharedPreferences). Transaction records held by Apple/Google per their policies. |
| Device-local game data: settings, coin/joker wallet, scores, highest score, locale and theme choice | App functionality | Not transmitted to us | Device-local; user-deletable |
| Coarse targeting parameters for Remote Config (country, language, platform, app version) — anonymous | Group-based configuration roll-outs | GDPR 6(1)(f) legitimate interests | Processed in memory by Firebase |
Periodic connectivity probe (DNS resolution of google.com) — no payload | Detect when the device is online so queued leaderboard submissions can be flushed | GDPR 6(1)(f) legitimate interests | Not stored |
We do not collect real name, email, phone number, precise location, contacts, photos, microphone, or camera data. The display name is user-entered and pseudonymous; we recommend against using your legal name.
Third-Party Services
Google AdMob
Banners, interstitials, and rewarded-video ads are shown to support free access. On iOS we present App Tracking Transparency consent; declining limits ads to non-personalised. On Android, the Google User Messaging Platform (UMP) SDK collects GDPR consent where applicable. Google advertising policy.
Firebase Analytics
Firebase Analytics provides anonymous usage statistics (screens used, session duration, device/OS distribution, gameplay events such as game_start, game_over, iap_purchase, rewarded_ad_shown) to prioritise product improvements. Firebase assigns a pseudonymous App Instance ID; we do not transmit real names, emails, or other identifiers we have linked to your real identity. Event and user-level retention is configured to 2 months, the minimum supported by Firebase Analytics (maximum is 14 months), in line with the data-minimisation principle of GDPR Art. 5(1)(e). Aggregated standard reports (e.g., daily-active-user counts) are retained independently by Google and are not user-identifiable. Users may opt out by declining the ATT prompt (iOS) or the Google UMP consent prompt (Android), or by resetting the advertising identifier. We do not use Firebase Performance Monitoring. Firebase privacy and security.
Firebase Crashlytics
Crashlytics is enabled in release builds only and disabled in debug builds. When the app crashes or hits an uncaught exception, Crashlytics sends a stack trace together with device model, OS version, app version, locale, the Firebase Installation ID, and the time of the crash. We use this strictly to find and fix bugs. Crashlytics never receives the leaderboard display name or the contents of SharedPreferences. Google retains Crashlytics data for up to 90 days. To opt out at the platform level, decline the Google UMP / ATT prompt — non-personalised consent disables Crashlytics' advertising-derived identifiers.
Firebase Remote Config
Remote Config delivers feature flags (whether IAP is enabled, banner/interstitial/rewarded toggles, interstitial interval) and tunable strings from Firebase servers. Firebase Core, shared between Analytics, Crashlytics, and Remote Config, generates an anonymous Firebase Installation ID (FID) used to deliver configurations to your install and to detect abuse. The FID is not linked to your personal identity.
Firebase Authentication (anonymous)
To attribute leaderboard scores to your install, Bloxel signs you into Firebase Authentication anonymously the first time you launch the app online. The anonymous UID is the only identifier persisted server-side in Firestore. No email, phone, or password is involved. On iOS, after you accept the Game Center sign-in sheet, the same Apple gaming credential is linked to this anonymous UID so your leaderboard row survives reinstalls and device migrations. The same pattern applies to Google Play Games on Android.
Cloud Firestore (leaderboards)
High scores are written to three Firestore collections — scores_daily, scores_weekly, and scores_alltime. Each document contains your anonymous UID, your chosen display name, the game mode, the score, an updatedAt timestamp, and a bucket key (e.g. 2026-05-03 for daily, 2026-W18 for weekly). Firestore security rules verify that you can only write documents whose IDs end with your own UID and that the score is within bounds (0 – 10,000,000). Reads are public so the leaderboard sheet works for everyone. Daily documents expire automatically after 2 days; weekly documents after 14 days; all-time documents persist until you request deletion. We never store any of your other game data (e.g., the contents of SharedPreferences) on the server.
Apple Game Center / Google Play Games Services
On iOS, Bloxel surfaces three native Game Center leaderboards (Infinite, Time Rush, Hell). On Android, the equivalent Google Play Games leaderboards are used. Apple / Google may collect a gaming profile (player nickname, alias, avatar) according to their own privacy policies. Bloxel only sends the score value and the leaderboard ID. To use these features the platform sign-in sheet must be accepted. See Apple Game Center & Privacy and Google Privacy Policy.
In-App Purchases (IAP)
The single non-consumable purchase "Remove Ads" is processed by Apple App Store or Google Play. We never see your card number, billing address, or payment method. Our app receives only a purchase verification token, which it uses to unlock the ad-free experience locally. Refund requests must be made directly to Apple or Google per their policies.
International Transfers
AdMob, Firebase Analytics, Crashlytics, Remote Config, Authentication, and Cloud Firestore traffic may reach Google data centres globally, including the United States, under the EU–US Data Privacy Framework and Standard Contractual Clauses (GDPR Art. 46). Game Center traffic may reach Apple data centres globally per Apple's policies. We do not operate our own backend for Bloxel beyond these managed Firebase services. Full details in the common policy — International Data Transfers section.
Children's Privacy
Bloxel is a puzzle game suitable for a broad age range. It is not directed to children under 13 (COPPA) or 16 (GDPR Art. 8). We do not knowingly collect personal data from users below these thresholds, and we recommend parents avoid letting underage users submit a display name to the leaderboard. If you are a parent or guardian, we recommend using platform parental controls (Apple Screen Time / Google Family Link). To report inadvertent child data collection, email privacy@albooren.com; we will delete the data promptly upon verification.
In-App Privacy Controls
Bloxel exposes three privacy controls inside the app under Settings (gear icon on the mode-select screen). You do not need to email anyone to use them:
- Privacy Options — visible when UMP detects you are in a region where ad consent is mandatory (EEA / UK). Reopens the Google UMP consent form so you can withdraw or change your advertising consent at any time. Withdrawal is applied immediately to subsequent ad requests.
- Privacy Policy — opens this page in your browser.
- Delete My Data (red button) — after a confirmation dialog, this wipes (a) every leaderboard row owned by your install across the daily, weekly, and all-time collections; (b) the locally stored display name, queued offline scores, and per-mode high scores; and (c) the Firebase Authentication anonymous account itself. The app then transparently signs you back in with a fresh anonymous UID so you can keep playing — your future scores are stored under a new identity with no link to the deleted records. The operation is irreversible. Your purchases, theme, language, and sound preferences are retained because they are not tied to an identity.
Your Rights & Deletion
Uninstalling the app removes all device-local data (scores, settings, coin/joker wallet, purchase flag, display name). Server-side leaderboard documents persist until you delete them. The fastest way to delete them is Settings → Delete My Data inside the app (see previous section) — the wipe completes within seconds and does not require us to be involved. As a fallback, you can email privacy@albooren.com with the subject "Bloxel Account Deletion" and we will process the request within 30 days via the Firebase User Deletion API. To reset the advertising identifier on iOS: Settings → Privacy & Security → Tracking. On Android: Settings → Google → Ads → "Delete advertising ID". For full GDPR / KVKK rights (access, rectification, portability, complaint to a supervisory authority) see the common policy.
Direct requests: privacy@albooren.com