This Privacy Policy explains how The Postbox Game ("the App", "we", "us") collects, uses, and protects your personal data when you use our mobile application. We are committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who We Are
The Postbox Game is an independent mobile game. For data protection enquiries, contact us at: richard@agilepixel.io.
2. Data We Collect
- Account information: When you register or sign in with Google, we receive your email address and display name. When you register with email/password, we store your email address and chosen display name.
- Location data: With your permission, we collect your precise GPS location to identify nearby postboxes and validate claims. Location is used only during active gameplay and is not stored permanently.
- Gameplay data: Postbox claims you make (postbox ID, timestamp, points awarded), your running scores, streaks, and leaderboard entries (display name and points only).
- Friends list: User IDs of friends you choose to add within the App.
- Crash and performance data: Anonymous crash reports and performance traces collected by Firebase Crashlytics and Firebase Performance Monitoring to help us fix bugs and improve the App.
- Analytics: Anonymous usage events (screens visited, features used) collected by Firebase Analytics to understand how the App is used.
3. How We Use Your Data
- To operate the App and provide gameplay features (claims, leaderboards, friends).
- To display your scores and display name on leaderboards and to friends.
- To improve the App by analysing crash reports, performance data, and aggregated usage statistics.
- To associate your gameplay history with your account so it persists across devices.
4. Legal Basis for Processing
We process your personal data on the following legal bases under UK GDPR:
- Contract: Processing your account and gameplay data is necessary to provide the service you signed up for.
- Legitimate interests: Crash reporting and performance monitoring to maintain a working and safe app.
- Consent: Location access, which you can grant or revoke at any time in your device settings.
5. Data Sharing
We do not sell your personal data. We share data only with the following service providers, who process it on our behalf:
- Google Firebase (Authentication, Firestore database, Cloud Functions, Crashlytics, Performance Monitoring, Analytics) – processed within Google's infrastructure. See Google's Privacy Policy.
Your display name and score are visible to other users on leaderboards and to friends you add in the App.
6. Data Retention
- Account data is retained for as long as your account exists.
- Leaderboard entries are retained for the relevant period (daily / weekly / monthly) then overwritten.
- Crash and analytics data is retained per Firebase's default retention periods (90 days for Crashlytics; configurable for Analytics).
7. Your Rights
Under UK GDPR you have the right to:
- Access the personal data we hold about you.
- Rectification of inaccurate data (e.g. update your display name in the App).
- Erasure ("right to be forgotten") – contact us to delete your account and associated data.
- Restriction or objection to certain processing.
- Data portability for data you provided to us.
- Withdraw consent for location access at any time via your device settings.
To exercise any right, contact us at richard@agilepixel.io. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).
8. Location Data
The App requests access to your device's precise location (while the app is in use) to find nearby postboxes. We do not track your location in the background, share it with third parties, or store it beyond the duration of an active claim check.
9. Children
The App is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, contact us and we will delete it.
10. Security
All data is transmitted over HTTPS and stored in Google Firebase's encrypted infrastructure. Access to Firestore is restricted by server-side security rules; users can only read and write data they are authorised to access.
11. Changes to This Policy
We may update this policy occasionally. Material changes will be notified within the App. The "last updated" date at the top of this page will always reflect the current version.
12. Contact
For any privacy-related questions or requests: richard@agilepixel.io