Privacy Policy — Hexia

1. Who this policy applies to

This policy applies to the Hexia mobile game ("Hexia", "the game", "we", "us") published by Simon Schaumuller. It describes how data is handled when you use the game on Android or iOS.

It does not cover the privacy practices of Google, Apple, or other third parties whose services are integrated into the game. Those are covered by their own privacy policies, linked in section 4.

2. What data is involved

2.1 Data we handle directly

Stored on your device (in the game's local save file, which is not encrypted but is protected by your phone's sandbox):

• Your personal best scores for each game mode
• Lifetime statistics per game mode (games played, total score, full clears, etc.)
• Achievements you have unlocked
• Your settings: chosen palette, theme mode, audio mute toggles, locale
• Daily challenge history (dates played, streaks, best daily score)
• In-progress game state if you close the app mid-session, so the game can resume
• If you sign in to Google Play Games or Apple Game Center, your platform player ID is cached locally so the game can detect if you sign in with a different account later

Stored in the cloud (via Google Play Games Snapshots on Android, or Apple Game Center / GKSavedGame on iOS — these are services provided by Google and Apple, tied to your own Google or Apple account, not to any account held by us):

• Your per-mode lifetime stats and personal bests, synced so you can resume on a new device

We do not receive, read, or store any of the cloud-save data on our own servers. We have no servers.

2.2 Data handled by Google AdMob (ads)

The Google Mobile Ads SDK is used to show rewarded ads (when you choose to watch one to revive or extend a timed game) and interstitial ads (occasionally between games). When you see an ad, Google may collect:

• Your device's advertising identifier (Google Advertising ID on Android, Apple IDFA on iOS) — subject to your consent choices (see section 7)
• Non-precise location inferred from IP address (country/region)
• Device type, OS version, language, and similar device information
• Interaction with the ad (impressions, clicks)

Google processes this data as the data controller for advertising purposes. See the Google Privacy Policy and the Google Mobile Ads SDK data disclosure.

2.3 Data handled by Firebase Analytics (gameplay events)

Firebase Analytics receives anonymous events describing how you play, so we can understand which modes are popular, where players get stuck, and whether new features are working. Events sent include:

• When the app launches, when a game starts, and when a game ends
• Game mode, score, number of pieces placed, combo counts, chain metrics, session duration, whether a new personal best was reached
• Revive and time-extension offers shown, accepted, or expired, and whether an ad was watched
• Achievement unlocks
• Session resumes after closing the app mid-game

Each event includes a 12-character session identifier, which is generated from the current time when the app starts and is regenerated every time you launch the game. It is not tied to your identity, your device, or any other session. We do not set a persistent user ID in Firebase Analytics.

Firebase Analytics also automatically assigns your app installation a Firebase app instance ID, which persists for the life of the installation. This is used by Google for aggregate reporting. We do not use it to identify you.

Data is retained by Google per the standard Firebase Analytics retention schedule. See the Firebase privacy information for current retention details.

2.4 Data handled by Firebase Crashlytics (crash reporting)

When the app crashes, Firebase Crashlytics sends a crash report to Google so we can diagnose and fix the bug. The report includes:

• A stack trace of the crash
• Device model, OS version, and free memory at the time of the crash
• Breadcrumbs — short log messages written by the game in the minutes before the crash (e.g., "Session started: Breeze", "Revive offered")
• Custom keys describing your current game state (active mode, current score, daily challenge flag)
• The same regenerated-per-launch session identifier used by Firebase Analytics

Crash reports are retained by Google per the standard Firebase Crashlytics retention schedule. See the Firebase Crashlytics data handling docs for current retention details.

2.5 Data handled by Google Play Games Services (Android)

If you sign in to Google Play Games on Android, the following data is handled by Google:

• Your Google Play Games player ID, display name, and avatar image (read by the game for use in the leaderboard and achievement screens)
• Scores you submit to leaderboards, which are publicly visible to other players
• Achievements you unlock, which are visible on your Google Play Games profile
• Your lifetime stats and personal bests, synced via Google Play Games Snapshots (stored in your own Google Drive, in a space managed by Google Play Games)

See the Google Play Games Services privacy notice and your Google Play Games profile settings for controls.

2.6 Data handled by Apple Game Center (iOS)

If you sign in to Game Center on iOS, the following data is handled by Apple:

• Your Game Center player ID, display name, and avatar image
• Scores you submit to leaderboards, which are publicly visible to other players
• Achievements you unlock, visible on your Game Center profile
• Your lifetime stats and personal bests, synced via Apple GKSavedGame (stored in your own iCloud account, in a container managed by Apple Game Center)

See the Apple Privacy Policy and Game Center controls in iOS Settings.

3. Why we collect each type of data

4. Third parties involved

We do not sell personal data to anyone. The third parties listed below independently process data as described in their own policies. When you use Hexia, you are also using their services.

• Google Ireland Limited / Google LLC — AdMob, Firebase Analytics, Firebase Crashlytics, Google Play Games Services. Google Privacy Policy.
• Apple Inc. — Game Center, GKSavedGame / iCloud storage (iOS only). Apple Privacy Policy.

We have no other third-party recipients. We do not have our own backend server.

5. International transfers

Google and Apple process data on servers located in the United States and other countries. Data transfers from the EEA/UK to those countries rely on the Standard Contractual Clauses, Google's and Apple's participation in the EU–US Data Privacy Framework, or other lawful transfer mechanisms maintained by those providers. See Google's and Apple's privacy policies for details.

6. How long data is kept

We do not have our own copy of any of this data.

7. Consent and tracking

7.1 EEA / UK users (GDPR)

The first time you launch Hexia in the EEA or UK, Google's User Messaging Platform (UMP) will display a consent form allowing you to accept or reject personalised advertising and related processing. Your choice is remembered by the UMP SDK on your device.

Your consent choice is also forwarded to Firebase Analytics via Google's Consent Mode integration, so that anonymous event collection respects your preference.

To change your consent choice, clear Hexia's app data or reinstall. The consent form will reappear on next launch.

7.2 iOS users (App Tracking Transparency)

On iOS 14.5 and later, iOS will show you an Apple "App Tracking Transparency" prompt asking whether Hexia (through its AdMob integration) may access your advertising identifier (IDFA) for personalised advertising. You can change this later in iOS Settings → Privacy & Security → Tracking.

If you decline, ads will still be shown but not personalised.

7.3 Non-EEA users

For users outside the EEA/UK, ads and anonymous analytics are enabled by default, consistent with typical mobile game practice. You can limit ad personalisation using your device's built-in controls (Android: Settings → Privacy → Ads; iOS: Settings → Privacy → Apple Advertising).

8. Your rights

Depending on where you live, you may have the following rights under laws such as the UK GDPR, EU GDPR, or similar regulations:

• Access — ask what data is held about you
• Rectification — correct inaccurate data
• Erasure — request deletion of your data ("right to be forgotten")
• Restriction — ask us to limit processing
• Portability — receive your data in a machine-readable format
• Objection — object to processing based on legitimate interest
• Withdraw consent — at any time, for anything based on consent

Because Hexia does not identify you, in most cases there is no data held by us that could be linked back to you individually. Practically:

• To delete your local save, uninstall Hexia or clear app data in your device settings.
• To delete your cloud save, open Google Play Games (Android) or Game Center (iOS) and remove Hexia's saved data via your platform account controls.
• To reduce or reset AdMob advertising data, decline personalised ads via the UMP consent form (EEA/UK users), or use your device's advertising-ID and ad-tracking controls (Android: Settings → Privacy → Ads; iOS: Settings → Privacy & Security → Tracking, and Settings → Privacy → Apple Advertising).
• To delete Firebase Analytics / Crashlytics data, because the data is linked only to Firebase's own internal installation ID — which the game does not expose to you — we cannot locate and delete your specific records on request. This is a genuine technical limitation, not a policy choice. The only practical path is to uninstall Hexia or clear its app data, which stops all future collection immediately; existing records will age out under Google's retention policies and will not be regenerated.
• To exercise any other right, contact us at games@wemakesoftware.net. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority.

9. Children and age suitability

The content of Hexia is suitable for all ages. It is a hexagonal puzzle game with no violence, profanity, gambling mechanics, scary imagery, or other mature content. Store-listing age ratings (such as PEGI 3, ESRB Everyone, Google Play Everyone, Apple 4+) reflect this.

However, Hexia is not specifically directed to children under 13. It uses Google AdMob and Firebase in the same way a general-audience mobile app does. We have not enabled Google's or Apple's child-directed SDK modes, and we have not implemented the additional privacy workflows — such as verifiable parental consent — that would be required to target children under 13 under COPPA, GDPR-K, or equivalent regulations.

We do not knowingly collect data from children under 13. If you are a parent or guardian and believe your child has used Hexia and data has been collected, contact us at the email below and we will take appropriate steps, including deleting data where reasonably possible.

10. Security

• Data transmitted to Google, Apple, and their services is sent over HTTPS/TLS.
• The local save file is not encrypted at rest, but is protected by your device's built-in app sandbox and (on modern Android and iOS) device-level storage encryption.
• We do not run any servers, so there is no server-side infrastructure that could be breached at our end.
• We do not store credentials, payment information, or any authentication tokens in the app.

No system can be fully secure. If a security incident affecting your data occurs at Google, Apple, or us, we will comply with applicable breach-notification law.

11. Changes to this policy

We may update this policy from time to time. When we do:

• The "Effective date" and "Last updated" at the top of this page will change.
• The updated policy will be published at the same URL where you are reading this.
• Material changes will be flagged inside the game the next time you launch it, where reasonably practicable.

Historical versions can be provided on request.

12. Contact

For privacy questions, data requests, or anything else about this policy:

Email: games@wemakesoftware.net
Developer: Simon Schaumuller