Privacy Policy

Guessong - Music Quiz Game | Last updated: December 2024

1. Introduction

Guessong ("we", "our", or "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our mobile application.

2. Information We Collect

Account Information

When you create an account, we collect:

• Email address
• Username and display name
• Password (stored securely using bcrypt hashing)
• Profile avatar (optional)

Third-Party Authentication

If you sign in using third-party services, we collect:

• Google Sign-In: Your Google ID, email address, and profile name
• Apple Sign-In: Your Apple ID and associated email address

Game Data

We collect information about your gameplay:

• Game history (songs played, correct/incorrect guesses, response times)
• Statistics (total games, accuracy rate, streaks)
• Level progress and XP (experience points)
• Daily challenge attempts and completion status
• Diamond balance and transaction history

Social Features Data

When you use social features, we collect:

• Friends list and friend requests
• Online/offline presence status
• Multiplayer room participation
• Game statistics with friends

Device Information

We automatically collect:

• Device type and operating system (iOS/Android)
• Device token for push notifications
• Advertising Identifiers: IDFA (iOS) and Advertising ID (Android)
• Approximate location (city/country level)
• App usage data and crash reports

Purchase Information

For in-app purchases, we collect:

• Subscription status and plan type
• Purchase history and transaction IDs
• Diamond purchase records

Note: We do not directly collect or store payment card information. All payments are processed through Apple App Store, Google Play Store, or RevenueCat.

3. How We Use Your Information

We use the collected information to:

• Provide and maintain our game services
• Authenticate your account and ensure security
• Track your game progress, achievements, and statistics
• Enable multiplayer features, leaderboards, and friend interactions
• Process in-app purchases and manage subscriptions
• Send push notifications (game invites, daily reminders, streak alerts)
• Provide customer support
• Improve our app performance and features
• Detect and prevent fraud, cheating, and abuse
• Comply with legal obligations

4. Third-Party Services

We integrate with the following third-party services:

Music Services

• Apple Music API: To provide music content, song previews, and album artwork for the game
• Deezer API: As an alternative music source for song data and previews

Authentication Services

• Google OAuth: For Google Sign-In functionality
• Apple Sign-In: For Sign in with Apple functionality

Payment Processing

• RevenueCat: For managing in-app purchases, subscriptions, and purchase verification
• Apple App Store / Google Play Store: For processing payments

Communication Services

• Expo Push Notifications: For delivering push notifications to your device
• Mailgun: For sending transactional emails (verification codes, password resets)

Security & Analytics

• Google reCAPTCHA v3: For bot protection during account registration
• Google AdMob: For serving advertisements to free users
• Firebase/Google Analytics: For app analytics and crash reporting

Infrastructure

• Supabase: For database storage and real-time features
• Vercel: For hosting our backend services

5. Data Sharing

We do not sell your personal information. We may share data with:

• Third-party service providers listed above, solely to provide our services
• Other users: Your username, display name, avatar, and game statistics are visible on leaderboards and to friends
• Legal authorities: When required by law or to protect our rights

6. Advertising and Tracking

We use Google AdMob to display advertisements in our app. AdMob may use device identifiers and location data to serve personalized ads.

iOS Users: You will be prompted with Apple's App Tracking Transparency (ATT) dialog. You can choose to allow or deny tracking for personalized advertising.

EU/EEA Users: We comply with GDPR requirements. You can manage your consent preferences through our in-app settings.

Opt-out Options:

• iOS: Settings > Privacy > Tracking
• Android: Settings > Google > Ads > Opt out of Ads Personalization

Premium Users: Subscribers enjoy an ad-free experience.

7. Push Notifications

We send push notifications for:

• Daily song challenges
• Multiplayer game invitations
• Streak reminders
• Friend requests

You can manage notification preferences in the app settings or disable them entirely through your device settings.

8. Data Security

We implement appropriate security measures to protect your data:

• Passwords are hashed using bcrypt with secure salt rounds
• JWT tokens for secure authentication with 7-day expiration
• Encrypted data transmission (HTTPS/TLS)
• Secure server infrastructure with rate limiting
• Device token verification to prevent unauthorized access
• reCAPTCHA protection against automated attacks

9. Your Rights

You have the right to:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate data
• Deletion: Request deletion of your account and data
• Export: Export your data in a portable format
• Opt-out: Disable personalized advertising
• Withdraw consent: Revoke permissions at any time

To exercise these rights, use the account deletion feature in the app or contact us at guessongapp@gmail.com.

10. GDPR Rights (EU/EEA Users)

If you are in the EU/EEA, you have additional rights under GDPR:

• Right to be informed
• Right of access
• Right to rectification
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object
• Rights related to automated decision making

You may also lodge a complaint with your local data protection authority.

11. Children's Privacy

Our app is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected data from a child under 13, please contact us immediately and we will delete the information.

12. Data Retention

We retain your data for as long as your account is active. Upon account deletion:

• Personal data is deleted within 30 days
• Anonymized game statistics may be retained for analytics
• Purchase records are retained as required by law

13. International Data Transfers

Your data may be transferred to and processed in countries other than your own (including the United States). We ensure appropriate safeguards are in place for such transfers, including standard contractual clauses where required.

14. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes through the app or via email. Continued use of the app after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have any questions about this privacy policy or wish to exercise your rights, please contact us at:

Email: guessongapp@gmail.com

We will respond to your request within 30 days.