Nice Guess ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our mobile trivia game.
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Nickname β Your public display name (required)
- Password β Stored securely using bcrypt encryption (required)
- Email β Only if you choose to add it (optional, see below)
- Language preference β Your selected interface language
1.2 Email Address (Optional)
You may optionally link an email address to your account. This is entirely voluntary and can be done at any time in Settings.
What email is used for:
- Password recovery β reset your password if forgotten
- Support communication β contact us about your account
What email is NOT used for:
- Marketing or promotional emails
- Sharing with third parties (except for password reset delivery)
- Advertising or profiling
Your control: You can add, change, or remove your email at any time in Settings β Account. Removing email does not delete your account.
1.3 Third-Party Sign-In (OAuth)
If you choose to sign in with Google, Apple, or Telegram, we receive:
- Name or display name β used as your initial nickname (you can change it)
- Email address β used for account identification and password recovery
- Provider user ID β a unique identifier to link your account
We do not receive your password from these providers. We do not post to your social accounts or access any data beyond what is listed above.
1.4 Push Notifications
If you enable push notifications, we collect:
- Device push token β a unique identifier issued by Apple (APNs) or Google (FCM) to deliver notifications to your device
Push tokens are used solely to notify you about game events (your turn, friend challenges, match results). You can disable notifications at any time in your device Settings.
1.5 Game Data
We automatically collect gameplay information:
- Match history (wins, losses, draws)
- Performance statistics by category
- Rating score (ELO-based)
- Achievements and unlocked avatars
- Friend connections
1.6 Invite System
When you invite friends via the app:
- We create a one-way hash of phone numbers using SHA-256
- Actual phone numbers are never transmitted to our servers
- Hashes are used solely to track invitation status
- Contact names and other details stay on your device
1.7 Crash Reporting & Diagnostics
To improve app stability, we use Sentry (a third-party error monitoring service) to collect:
- Crash logs β stack traces and error messages when the app crashes or encounters an error
- Device information β device model, OS version, app version
- User ID β to correlate errors with accounts (no email or nickname is sent)
Crash data is collected only in production (not during development). It is used solely to identify and fix bugs. Sentry processes data in the EU (Frankfurt). See Sentry's Privacy Policy.
What We Do NOT Collect
- Phone numbers (only hashes for invites)
- Contact lists
- Location data
- Device identifiers for advertising
- Browsing history
2. How We Use Your Information
| Data | Purpose |
|---|---|
| Nickname | Display in games, leaderboards, friend lists |
| Email (optional) | Password recovery, support communication |
| OAuth data (name, email, provider ID) | Account creation, identification, password recovery |
| Game statistics | Matchmaking, leaderboards, achievements |
| Push notification token | Deliver game notifications (your turn, challenges) |
| Phone hashes | Track invite status (sent/accepted) |
| Crash logs & device info | Identify and fix bugs, improve stability |
| Language | Show interface and questions in your language |
3. Data Storage and Security
3.1 Where We Store Data
- Server location: Hetzner Cloud, Germany (EU)
- Database: PostgreSQL with encryption at rest
- Passwords: bcrypt hashing (never stored in plain text)
3.2 Security Measures
- HTTPS/TLS encryption for all data transmission
- JWT tokens with 7-day expiration
- Rate limiting on authentication endpoints
- Account lockout after 5 failed login attempts
- CAPTCHA protection against automated attacks
4. Data Sharing
We do not sell your personal data.
We may share data only in these cases:
- With other players: Your nickname, avatar, and game statistics are visible to opponents and friends
- Legal requirements: If required by law or valid legal process
- Service providers:
- Email delivery services (for OTP codes) β they receive only your email address
- Sentry (crash reporting) β receives crash logs, device info, and anonymized user ID
- Expo Push Service / APNs / FCM β receives device push tokens to deliver notifications
5. Legal Basis for Processing (GDPR Art. 6)
We process your data based on the following legal grounds:
| Data | Legal Basis |
|---|---|
| Account data (nickname, password) | Contract performance β Art. 6(1)(b) GDPR |
| Game statistics, achievements | Contract performance β Art. 6(1)(b) GDPR |
| Email (optional) | Consent β Art. 6(1)(a) GDPR |
| OAuth sign-in data | Contract performance β Art. 6(1)(b) GDPR |
| Push notification tokens | Consent β Art. 6(1)(a) GDPR |
| Crash logs, device info (Sentry) | Legitimate interest β Art. 6(1)(f) GDPR |
| Security logs, rate limiting | Legitimate interest β Art. 6(1)(f) GDPR |
| Invite phone hashes | Consent β Art. 6(1)(a) GDPR |
6. Your Rights (GDPR)
As a data subject in the EU, you have the following rights:
- Access (Art. 15): Request a copy of your data by contacting us
- Correction (Art. 16): Update your avatar, language, and email in the app Settings
- Deletion (Art. 17): Delete your account in Profile β Settings β Delete Account
- Data Portability (Art. 20): Request your data in machine-readable format
- Objection (Art. 21): Object to processing based on legitimate interest
- Withdraw Consent (Art. 7): Withdraw consent at any time β for email, go to Settings β Account β Remove email
To exercise these rights, contact us at support@niceguess.app
California Residents (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act:
- Right to Know: Request what personal information we collect and how it's used
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: We do not sell personal information, so this right does not apply
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority. For users in Germany, the relevant authorities are the state data protection commissioners (Landesdatenschutzbeauftragte). A list is available at: www.bfdi.bund.de
7. International Data Transfers
Your core data stays in the EU. Our servers are located in Germany (Hetzner Cloud, Nuremberg). Your account data, game statistics, and email are processed and stored exclusively within the EU.
Some data is shared with third-party services that may process it outside the EEA:
- Sentry (crash reporting) β EU data centre (Frankfurt)
- Apple Push Notification service / Firebase Cloud Messaging β device push tokens are processed by Apple (US) and Google (US) under Standard Contractual Clauses
- Google / Apple / Telegram β OAuth authentication data is processed by the respective provider
8. Data Retention
- Active accounts: Data retained while account exists
- Email: Retained until you remove it or delete your account
- Deleted accounts: All data (including email) removed within 30 days
- Game history: Anonymized after account deletion
- Invite hashes: Deleted after 90 days
- Push tokens: Deleted when notifications are disabled or account is deleted
- Crash logs (Sentry): Automatically deleted after 90 days
9. Children's Privacy
Nice Guess is intended for users 16 years of age or older.
We do not knowingly collect personal information from children under 16. If you believe a child under 16 has provided us with personal information, please contact us at support@niceguess.app and we will delete it.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by:
- Posting a notice in the app
- Updating the "Last updated" date above
Continued use of Nice Guess after changes constitutes acceptance of the updated policy.
11. Contact Us
If you have questions about this Privacy Policy or your data, contact us:
- Email: support@niceguess.app