Legal & Privacy

Privacy Policy

How Nonogram Odyssey collects, uses, and protects your information — transparently and responsibly.

Google Play GDPR CCPA COPPA TLS Encrypted
Contents
1.Overview 2.Information We Collect 3.How We Use Your Data 4.Sharing & Disclosure 5.Third-Party Services 6.Advertising 7.Data Retention 8.Data Security 9.Your Rights & Choices 10.GDPR — EU/EEA Users 11.CCPA — California Users 12.Children's Privacy 13.International Transfers 14.Changes to This Policy 15.Contact Us
Effective: February 3, 2025 | Last updated: March 31, 2026 | Applies to: App & Website
Welcome to Nonogram Odyssey (“we”, “us”, or “our”). We are committed to protecting your privacy. This Privacy Policy explains what data we collect, why we collect it, how we use it, who we share it with, and your rights regarding that data. By using our app or website, you agree to the practices described here.
1

Overview

Nonogram Odyssey is a logic puzzle game available on Android (Google Play) and at nonogramodyssey.com. This policy covers:

  • The mobile application distributed on Google Play
  • The website at nonogramodyssey.com
  • Any related features, services, or communications
Our core commitment: We collect only the minimum data necessary to operate and improve the service. We never sell your personal information to third parties for their own marketing purposes.
2

Information We Collect

2.1 Information You Provide
Data TypeExamplesWhen Collected
Account InformationUsername, email address, password (hashed — never plain text)When you register
Profile DetailsDisplay name, optional avatar imageWhen you customise your profile
Support CommunicationsEmails and attachments you send usWhen you contact support
Purchase RecordsTransaction ID, receipt (payment processing is handled entirely by Google Play — we never see card details)When you make a purchase
2.2 Collected Automatically
Data TypeExamplesPurpose
Gameplay DataPuzzle progress, scores, completion times, streaks, difficulty preferencesCross-device sync, leaderboards
Device InformationModel, OS version, screen resolution, languageCompatibility & bug fixing
Usage AnalyticsFeatures used, session duration, app version, navigation flowsProduct improvement
Crash ReportsStack traces, device state at crash time (Crashlytics)Stability & bug resolution
Advertising IDAndroid Advertising ID (GAID) — resettable, non-permanentAd personalisation (with consent where required)
Network SignalsIP address, country/region (approximate, not GPS), connection typeSecurity, fraud prevention
Log DataTimestamps, HTTP request logs, API response codesDebugging, fraud detection
Guest / Offline Play: If you play without an account, all gameplay data is stored locally on your device. We do not receive it unless you sign in.
3

How We Use Your Information

We use collected data for the following purposes:

  • Operate & deliver the service — run the game, sync progress, manage accounts
  • Personalise your experience — remember preferences, suggest difficulty levels, restore purchases
  • Process transactions — verify and restore in-app purchases via Google Play
  • Send service communications — account confirmations, password resets, important policy updates
  • Customer support — respond to inquiries and troubleshoot issues
  • Analytics & improvement — understand feature adoption, fix bugs, prioritise new features
  • Advertising — serve relevant ads through third-party ad networks (see Section 6)
  • Security & fraud prevention — detect abuse, protect accounts, enforce our Terms
  • Legal compliance — meet legal obligations and respond to lawful requests
4

Sharing & Disclosure

We do not sell your personal information. We share data only in these limited circumstances:

  • Service providers — cloud hosting, analytics, crash reporting — under binding data processing agreements
  • Advertising partners — ad SDK providers that serve ads in the app (see Section 5)
  • Legal requirements — when required by law, court order, or to protect user safety
  • Business transfers — in a merger or acquisition, with advance notice before any policy change
  • With your consent — for any other purpose, only with your explicit permission
Leaderboard data: Your username and score are visible to other players if you join a leaderboard. We recommend using a pseudonym to protect your identity.
5

Third-Party Services

We integrate the following SDKs and platforms. Each has its own privacy policy:

Google Play Services

Core Android platform services: app licensing, billing, and authentication.

policies.google.com/privacy
Firebase (Google LLC)

Authentication, Firestore database, Crashlytics crash reporting, Remote Config, and Performance Monitoring.

firebase.google.com/support/privacy
Google AdMob (Google LLC)

Advertising SDK. May collect the Android Advertising ID to serve ads. Opt out in Android Settings → Google → Ads.

AdMob Privacy FAQ
Google Analytics for Firebase

Anonymised usage analytics. Aggregated data that does not identify individuals when used alone.

policies.google.com/privacy
6

Advertising

The free version of Nonogram Odyssey is ad-supported via Google AdMob:

  • AdMob may show banner, interstitial, and rewarded video ads during gameplay.
  • AdMob may use your Android Advertising ID (GAID) to serve personalised ads.
  • Opt out: Android 12+ → Settings → Google → Ads → Delete advertising ID. Older Android → Opt out of Ads Personalization.
  • You may still see contextual (non-personalised) ads after opting out.
  • Purchasing the ad-free upgrade removes all ads and disables ad-SDK collection for your account.
EU / UK Consent (UMP): We display a Google User Messaging Platform consent dialog before loading personalised ads for EEA and UK users, in line with the IAB TCF. You can change consent preferences any time in app settings.
7

Data Retention

Data CategoryRetention Period
Account & profile dataUntil account deletion, plus up to 30 days for backup purge
Gameplay progress & scoresLifetime of account; anonymised data may persist for leaderboard history
Analytics dataUp to 14 months (Firebase default), then auto-deleted
Crash & performance logs90 days
Support communications3 years after ticket closure
Purchase records7 years (financial / tax compliance)
Security & fraud logs12 months

After the retention period, data is permanently deleted or irreversibly anonymised.

8

Data Security

  • Encryption in transit — all app-to-server communication uses HTTPS / TLS 1.2+
  • Encryption at rest — sensitive data is encrypted at rest on Firebase infrastructure (AES-256)
  • Password security — passwords are never stored in plain text; Firebase Authentication manages secure hashing
  • Least-privilege access — only authorised systems and personnel can access production data
  • Regular audits — we periodically review Firestore security rules, dependencies, and configurations
  • Incident response — in the event of a breach, affected users will be notified as required by law
No internet transmission or electronic storage method is 100% secure. If you suspect unauthorised access to your account, contact us immediately.
9

Your Rights & Choices

Regardless of your location, you have the following rights over your personal data:

Access

Request a copy of the data we hold about you.

Correction

Ask us to fix inaccurate or incomplete information.

Deletion

Request deletion of your account and personal data.

Restriction

Ask us to limit processing in certain circumstances.

Portability

Receive your data in a machine-readable format.

Objection

Object to processing based on legitimate interests.

Email support@nonogramodyssey.com to exercise any right. We respond within 30 days. Identity verification may be required.

Account Deletion

You can request full deletion of your account and personal data at any time. See our dedicated Account Deletion page for step-by-step instructions, a full list of what gets deleted, what is retained and why, and the exact timeline. Once verified, deletion is completed within 30 days.

10

GDPR — EU / EEA & UK Users

Additional rights and protections apply under the GDPR and UK GDPR if you are in the EU, EEA, or United Kingdom.

Legal Bases for Processing
  • Contractual necessity (Art. 6(1)(b)) — account creation, game operation, purchase processing
  • Legitimate interests (Art. 6(1)(f)) — analytics, security, fraud prevention, leaderboards
  • Consent (Art. 6(1)(a)) — personalised advertising; non-essential tracking
  • Legal obligation (Art. 6(1)(c)) — tax records; responding to lawful authority requests
Right to Lodge a Complaint

You may complain to your national supervisory authority. EU: edpb.europa.eu. UK: ico.org.uk.

11

CCPA — California Residents

California residents have specific rights under the CCPA as amended by the CPRA:

  • Right to Know — request disclosure of categories and specific pieces of personal information collected, used, or disclosed
  • Right to Delete — request deletion of personal information we collected (subject to exceptions)
  • Right to Correct — request correction of inaccurate personal information
  • Right to Opt-Out of Sale/Sharing — we do not sell data; we do share identifiers with ad partners for behavioural advertising. Opt out via device ad settings or by contacting us
  • Right to Limit Sensitive PI Use — we do not use sensitive personal information beyond what is necessary to provide the service
  • Right to Non-Discrimination — we will not penalise you for exercising these rights

Submit requests to support@nonogramodyssey.com with subject "California Privacy Request". We respond within 45 days.

12

Children's Privacy

Nonogram Odyssey is not directed at children under 13 (or under 16 in the EEA). We do not knowingly collect personal information from children below these ages.

  • The app carries a general audience rating on Google Play and does not target children as its primary audience.
  • We do not knowingly serve personalised advertisements to users under 13.
  • If you are a parent or guardian and believe your child provided personal information without consent, email support@nonogramodyssey.com and we will delete it within 14 days.
COPPA Compliance: We comply with the Children's Online Privacy Protection Act. We do not knowingly collect data from children under 13 in the United States without verifiable parental consent.
13

International Data Transfers

Your data may be stored and processed in countries other than your own — including the United States, where Google / Firebase maintain data centres.

For transfers from the EEA or UK to countries without an adequacy decision, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • UK International Data Transfer Agreements (IDTAs) for UK transfers
  • Transfers to providers certified under recognised adequacy frameworks
14

Changes to This Policy

When we make material changes, we will:

  • Update the "Last updated" date at the top of this page
  • Display an in-app notification on next launch
  • Send an email notification to registered users for significant changes

Continued use after the effective date constitutes acceptance. If you disagree, stop using the app and request account deletion.

15

Contact Us

For privacy questions, concerns, or data requests, please contact us. We respond within 30 days.

Privacy & Data Requests

Include your registered email and a clear description so we can assist you efficiently.

support@nonogramodyssey.com