Privacy Policy

Last updated: June 22, 2026

Sudrawku ("the App") is a mobile Sudoku game developed by Lucas Merlin. This policy explains what data we collect, how we use it, and your rights regarding that data.

1. Data We Collect

When you create an account or use the App, we may collect:

• Account information - email address, username, and password (stored as a secure bcrypt hash, never in plain text).
• Google Sign-In data - if you sign in with Google, we receive from Google your account's unique identifier, email address, name, and (if available) profile photo. We use these to create or link your account; no password is stored for Google-only accounts.
• Profile picture - if you choose to upload an avatar, it is stored on Cloudflare R2.
• Game statistics - puzzles played, puzzles won, best completion time, current streak, and daily puzzle completion records (date, time, mistakes).
• Notification preferences - whether notifications are enabled, preferred reminder hour, your timezone (UTC offset), and app language.
• Push notification token - if you enable notifications, your Expo push token is stored to send you daily reminders.
• Social & multiplayer data - friend list, friend requests, multiplayer session participation, scores, and errors.
• Account timestamps - account creation date and last update date.

2. How We Use Your Data

• Authenticate you and manage your account.
• Display your profile and game statistics.
• Enable multiplayer sessions and friend features.
• Show daily puzzle leaderboards among your friends.
• Send daily puzzle reminders at your preferred time (only if you opt in).

3. Advertising (Google AdMob)

The App uses Google AdMob to display ads. AdMob may collect and process certain data, including:

• Advertising identifiers (e.g., Android Advertising ID).
• Device information (model, OS version, screen size).
• Approximate location (IP-based).

Before showing personalized ads, the App requests your consent via a GDPR-compliant consent form (Google UMP). For more details, see Google's Privacy Policy.

4. Data Storage & Security

Our backend API is hosted on Microsoft Azure servers, and our PostgreSQL database is hosted on Alwaysdata. Passwords are hashed with bcrypt. Communication between the App and our servers uses HTTPS. Authentication tokens (JWT) are automatically revoked when you log out or delete your account. We take reasonable measures to protect your data, but no system is 100% secure.

5. Data Sharing

We do not sell, rent, or trade your personal data to third parties. Data is only shared with:

• Google Sign-In - if you choose to sign in with Google, authentication is handled by Google and we receive the account data described in Section 1. See Google's Privacy Policy.
• Google AdMob - for serving ads (see Section 3).
• Cloudflare R2 - for avatar image storage.
• Microsoft Azure - for API hosting.
• Alwaysdata - for database hosting.

6. Data Retention

Your data is retained for as long as your account exists. If you delete your account, all associated data (profile, statistics, daily completion records, friendships, multiplayer sessions) is permanently deleted from our database. Previously uploaded avatar images may remain in cloud storage for a short period before being cleaned up. This action is irreversible.

7. Your Rights

In accordance with GDPR (Article 17) and applicable privacy laws, you have the right to:

• Access your personal data at any time from the App.
• Delete your account and all associated data from Settings > Delete Account.
• Withdraw consent for personalized advertising. You can manage your advertising preferences at any time through the App's Settings > Legal > Ad Preferences.

8. Children's Privacy

The App is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us so we can remove it.

9. Changes to This Policy

We may update this policy from time to time. Changes will be reflected on this page with an updated "Last updated" date. Continued use of the App after changes constitutes acceptance.

10. Contact