Privacy Policy

1. Introduction

Don't Touch Red ("we", "us", or "our") is a hyper-casual Android game developed and published by an independent developer. This Privacy Policy explains what data we collect, why we collect it, how it is used, and your rights regarding that data when you use our app (com.donttouchred.game).

By using Don't Touch Red, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please do not use the app.

2. Data Controller / Data Fiduciary

The data controller (under GDPR) and Data Fiduciary (under India's DPDP Act, 2023) for Don't Touch Red is an independent developer based in India. For all privacy-related inquiries, contact: privacy@donttouchred.com. We will respond to verifiable requests within 30 days.

3. Information We Collect

We collect the following categories of data to operate and improve the game:

• Gameplay data: Level progress, scores, game session duration, in-game events (e.g., level start, death, level complete), and daily challenge results. Collected via Google Firebase Analytics and GameAnalytics.
• Device metadata: Device model, OS version, app version, country/region, network connection type, and screen resolution. Collected by Firebase Analytics and GameAnalytics to segment analytics by platform.
• Anonymous user ID: A persistent pseudonymous user ID generated by Firebase Authentication (anonymous sign-in). This ID is used to link your leaderboard entries and in-game progress (coin balances, unlocked themes) across sessions. It does not contain your name, email, or any directly identifying information, but it does persist and is associated with your game data in our database.
• Leaderboard data: The display name and score you voluntarily submit when entering the global leaderboard. Stored in Google Firestore and publicly visible to other players.
• Progress data: Your coin balance and unlocked themes, stored in Google Firestore under your anonymous user ID.
• Google Play Games Services data: If you connect Google Play Games Services (GPGS), your GPGS player ID and display name are used for achievements and leaderboard integration, subject to Google's Privacy Policy.
• Crash reports: Crash logs, stack traces, device model, OS version, app version, and a Crashlytics installation UUID — a persistent device-level identifier used solely to group crash reports from the same device. Collected automatically via Firebase Crashlytics.
• Remote configuration data: Device metadata used by Firebase Remote Config to evaluate feature flag conditions (e.g., ad frequency, game speed parameters). No personal data is stored as a result of Remote Config evaluation.
• Advertising data: Google AdMob collects the Android Advertising ID (GAID) and usage data to serve advertisements. If you provide consent via the in-app consent dialog (for users in the EEA/UK), personalized ads may be served using your advertising ID. Without consent, only non-personalized ads are served. See Google's Privacy Policy for details on AdMob data practices.
• GameAnalytics SDK data: In addition to gameplay events, the GameAnalytics SDK collects device hardware fingerprint, manufacturer, OS version, app version, session count, and network type to power analytics segmentation.

4. How We Use Your Information

• To operate the game and maintain your progress across sessions
• To display and maintain global leaderboard rankings
• To diagnose crashes and fix bugs (Crashlytics)
• To understand how players interact with the game and improve future updates (Firebase Analytics, GameAnalytics)
• To serve advertisements and fund the free game (AdMob)
• To dynamically configure game parameters without app updates (Remote Config)

We use third-party advertising companies to serve ads when you use our app. These companies may use information about your use of this and other apps and websites to provide advertisements about goods and services of interest to you.

5. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, we process your data on the following legal bases:

• Legitimate interest (Article 6(1)(f)): Gameplay analytics, crash reporting, remote configuration, and leaderboard operation. We have assessed that these processing activities are necessary to operate and improve the game and do not override your fundamental rights.
• Consent (Article 6(1)(a)): Personalized advertising via Google AdMob. You will be shown an in-app consent dialog (powered by Google's User Messaging Platform) before any personalized ads are served. You may withdraw consent at any time by contacting us or through the in-app settings if available.
• Contract (Article 6(1)(b)): Storing your purchase records and unlocked content so that paid items are available to you.

6. US State Privacy Rights

The following additional disclosures apply to residents of California and other US states with comprehensive consumer privacy laws (including Colorado, Connecticut, Virginia, Montana, Oregon, Delaware, New Hampshire, New Jersey, and others). If your state's law applies to us, you have the rights listed below.

Categories of personal information we collect (using California CPRA categories):

• Identifiers: Android Advertising ID (GAID), Firebase anonymous user ID, IP address, device model and OS version.
• Internet or other electronic network activity: Gameplay events, session duration, level progress, daily challenge results, crash logs, app version.
• Inferences: Behavioral profiles derived from the above, used by our advertising partners for ad targeting.

Sale and sharing of personal information: We do not sell personal information for money. However, we share the Android Advertising ID (GAID) and related device and usage data with Google AdMob to serve targeted advertisements. This constitutes "sharing" of personal information for cross-context behavioral advertising under California law, and "targeted advertising" under other state laws. We share data with the following categories of third parties:

• Advertising networks (Google LLC / AdMob): for cross-context behavioral advertising
• Analytics providers (Google Firebase Analytics, GameAnalytics): for usage analytics — these are service providers and do not use your data for their own purposes
• Crash reporting (Firebase Crashlytics): for app stability diagnostics — service provider only
• Cloud infrastructure (Google Firebase): for leaderboard and progress data storage — service provider only

We do not knowingly sell or share personal information of consumers under 18 years of age.

Your US privacy rights: Depending on your state, you have some or all of the following rights:

• Right to know / access: Request a copy of the categories and specific pieces of personal information we hold about you.
• Right to delete: Request deletion of your personal information, subject to certain exceptions.
• Right to correct: Request correction of inaccurate personal information we hold about you.
• Right to portability: Receive your data in a machine-readable format.
• Right to opt out of sale or sharing: Opt out of the sharing of your personal information for cross-context behavioral advertising (see below).
• Right to opt out of profiling: Opt out of automated decision-making that produces legal or similarly significant effects (applies in Colorado, Connecticut, Virginia, Minnesota, and others).
• Right to non-discrimination (California): We will not deny service, charge you a different price, or provide a lower quality of service because you exercised your privacy rights.

How to opt out of targeted advertising: Tap the "Privacy Choices" button in the app's Settings screen at any time. This opens Google's privacy options form and lets you opt out of personalized advertising. You can also opt out via Android device settings: Settings → Google → Ads → Opt Out of Ads Personalization or by deleting your Advertising ID. When you opt out, we disable personalized advertising and restrict how Google processes your data. We honor Global Privacy Control (GPC) signals where technically feasible.

How to submit a privacy request: Email privacy@donttouchred.com. We will respond within 45 days. We may extend by an additional 45 days for complex requests and will notify you if that is necessary.

Appeals: If we deny your request, you may appeal by emailing privacy@donttouchred.com with the subject line "Privacy Request Appeal." We will respond within 45 days. If your appeal is unsuccessful, you may contact your state attorney general's office.

7. India — Digital Personal Data Protection Act, 2023

The following applies to users located in India. Under the Digital Personal Data Protection Act, 2023 (DPDP Act), the developer acts as the Data Fiduciary responsible for processing your personal data.

Your rights under the DPDP Act:

• Right to access information (Section 11): Request a summary of the personal data we hold about you and the purposes for which it is being processed.
• Right to correction and erasure (Section 12): Request correction of inaccurate or incomplete personal data, or erasure of data that is no longer needed for the purpose for which it was collected.
• Right to nominate (Section 13): Nominate another individual to exercise your data protection rights on your behalf in the event of your death or incapacity.
• Right to grievance redressal (Section 14): File a complaint with our Grievance Officer. If not resolved to your satisfaction, you may escalate to the Data Protection Board of India.

Grievance Officer: Calvin Iyer — privacy@donttouchred.com. Complaints will be acknowledged within 48 hours and resolved within 30 days.

Data Protection Board: If your complaint is not resolved satisfactorily, you may escalate it to the Data Protection Board of India once constituted. Details will be published at the Ministry of Electronics and Information Technology website (meity.gov.in).

Consent and withdrawal: Where we process your data on the basis of consent, you may withdraw that consent at any time by contacting us at privacy@donttouchred.com. Withdrawal does not affect the lawfulness of processing before withdrawal, but may limit certain features (e.g., the global leaderboard).

How to submit a request: Email privacy@donttouchred.com with subject line "DPDP Request — [Right]" (e.g., "DPDP Request — Erasure"). We will respond within 30 days.

8. Third-Party Services

Don't Touch Red integrates the following third-party services, each governed by their own privacy policies and data processing terms:

• Google Firebase (Firestore, Analytics, Crashlytics, Authentication, Remote Config) — Firebase Privacy & Security
• Google AdMob (in-app advertising) — AdMob Privacy
• Google Play Games Services (achievements, GPGS leaderboards) — Google Privacy Policy
• GameAnalytics (gameplay analytics) — GameAnalytics Privacy Policy

9. International Data Transfers

Don't Touch Red is operated by an independent developer based in India. The third-party services we use (Google Firebase, AdMob, GameAnalytics) transfer and process data on servers located in the United States and other countries. If you are located in the EEA or UK, these transfers are conducted under Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms as established by each provider. If you are located in India, your data may be transferred internationally to countries where our third-party service providers operate; such transfers are subject to Section 16 of the Digital Personal Data Protection Act, 2023 and applicable rules. By using the app, you acknowledge that your data may be transferred to and processed in countries outside your jurisdiction.

10. Advertising and Your Choices

Don't Touch Red displays ads via Google AdMob. You have the following choices:

• Consent for personalized ads (EEA/UK): You will be shown a consent dialog on first launch. You may withdraw consent by contacting us at privacy@donttouchred.com.
• Privacy Choices (US residents): Tap the "Privacy Choices" button in the app's Settings screen to opt out of targeted advertising. See Section 6 for full details on your US state privacy rights.
• Google Ad Settings: You can manage Google's use of your advertising ID at adssettings.google.com.
• Opt out via Android settings: Go to Settings → Google → Ads → Delete advertising ID to reset or delete your advertising ID.

11. Data Retention

Leaderboard entries and progress data are retained indefinitely to maintain game continuity and historical rankings. You may request deletion at any time by contacting us. Firebase Analytics data is retained for up to 14 months per Google's default retention settings. Crashlytics data is retained for 90 days. GameAnalytics data is retained per their policy (up to 24 months for aggregated data).

12. Children's Privacy

Don't Touch Red is not directed to anyone under the age of 18. We do not knowingly collect personal information from users under 18. We have not enabled child-directed ad treatment in our ad configuration, as the game is intended for users aged 18 and above. If you are a parent or guardian and believe your child has provided us with data, please contact us immediately at privacy@donttouchred.com and we will delete that data promptly.

Under the Digital Personal Data Protection Act, 2023, users in India under the age of 18 are considered children. Since this app requires users to be 18 or older, users under 18 are not permitted to use this app regardless of location.

13. Data Sharing

We do not sell, rent, or trade your personal data to third parties. Data is shared only with the third-party service providers listed in Section 8 above, as necessary to operate the game, and as required by applicable law. Leaderboard display names and scores are publicly visible to all players of the game.

14. Your Rights

If you are in the EEA or UK, you have the following rights under GDPR:

• Access (Art. 15 GDPR): Request a copy of the data we hold about you.
• Rectification (Art. 16 GDPR): Request correction of inaccurate data.
• Erasure (Art. 17 GDPR): Request deletion of your data ("right to be forgotten").
• Restriction (Art. 18 GDPR): Request that we restrict processing of your data in certain circumstances.
• Data portability (Art. 20 GDPR): Request your data in a machine-readable format.
• Objection (Art. 21 GDPR): Object to processing based on legitimate interest.
• Withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
• Supervisory authority: If you are in the EEA, you have the right to lodge a complaint with your local data protection authority.

If you are a resident of California or another US state with a comprehensive privacy law, see Section 6 for your full rights and how to exercise them.

If you are located in India, see Section 7 for your rights under the Digital Personal Data Protection Act, 2023.

To exercise any of these rights, contact us at privacy@donttouchred.com. We will respond within 30 days (EEA/UK and India/DPDP) or 45 days (US state requests).

15. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. For material changes, we will make reasonable efforts to notify users. Continued use of the app after changes constitutes acceptance of the revised policy.

16. Contact

For privacy-related questions, data access requests, or data deletion requests, contact us at: privacy@donttouchred.com