Privacy Policy
This Privacy Policy explains what personal data the Pip King — Backgammon mobile app ("Pip King", "we", "us", "our") collects when you use the app, why we collect it, who we share it with, and the choices you have. It covers the iOS and Android versions of the app, distributed through the Apple App Store and Google Play Store.
The app is operated by Hezi Hengel, an independent developer. Contact: hezihengel@gmail.com.
1. The data we collect
| Category | Examples | Why |
|---|---|---|
| Account identifiers | Firebase user ID (UID), email address, display name, profile photo URL, country flag | To create and authenticate your account, sync progress across devices, and show you on the leaderboard |
| Sign-in provider data | Information returned by Google Sign-In, Sign in with Apple, or Facebook Login when you choose to link an account | To verify your identity through the provider you chose; we never receive your password |
| Gameplay data | ELO rating, coin balance, diamond balance, items owned and equipped, daily streak, win/loss record, friends list, completed match history, tournament participation | To run the game: matchmaking, leaderboards, tournaments, the shop, daily rewards, and the battle pass |
| Push token | Expo push token (a random opaque string) | To send game-related notifications: friend challenges, tournament results, milestone rewards. You can disable these in your OS settings |
| Purchase data | RevenueCat user ID, list of active entitlements, purchase receipts (handled by RevenueCat / Apple / Google) | To unlock the items you bought and restore them when you reinstall |
| Advertising identifier | IDFA (iOS) or AAID (Android), with your consent only | To show ads. We use Google AdMob. On iOS we ask for permission via Apple's App Tracking Transparency prompt; in the EEA/UK we ask via the Google UMP consent form |
| Diagnostic data | Crash reports, device model, OS version, app version | To find and fix bugs (Firebase Crashlytics) |
| Local cache | Settings, audio preferences, language, onboarding state | Stored on your device only (AsyncStorage). Not sent to our servers |
We do not collect: precise location, contacts, photos from your device, microphone, biometric identifiers, or health data.
2. AI opponents — important disclosure
Pip King uses AI bots when human opponents are not immediately available.
This applies to all matchmaking modes, including coin-stake matches. When you tap "Play" and the app cannot find a real human opponent within a short waiting window, you will be matched with a computer-controlled (bot) opponent. Bots use names, country flags, and avatars drawn from a curated pool — they are not real users.
Why we do this: a backgammon match needs an opponent within a few seconds, and at certain hours and ELO bands the live player pool is too thin to fill every queue.
What this means for you: coin stakes in bot matches behave identically to coin stakes in human matches — the same coins go in, the same coins come out based on the result. No real money is involved in any in-app match. The only currencies in play are virtual coins and diamonds that have no real-world value and cannot be redeemed, traded, or cashed out, regardless of who or what you played against.
Online private rooms (rooms you create or join with a friend by code) and live tournaments with named brackets are always human-only.
3. How we use the data
- To run the game (matches, leaderboards, tournaments, shop, daily rewards, battle pass)
- To save your progress and restore it on a new device
- To detect cheating and abuse, and to enforce our rules
- To process in-app purchases and restore them when you reinstall
- To show advertising (with your consent where required by law)
- To send you push notifications about friend activity, tournament results, and milestone rewards
- To diagnose crashes and improve stability
- To respond to your support requests
Legal basis (GDPR / UK GDPR): performance of our agreement with you (running the game), our legitimate interest in keeping the game fair and stable, your consent for advertising and personalised ads, and compliance with legal obligations.
4. Who we share it with
We use the following service providers ("processors"):
- Google Firebase (Authentication, Firestore database, Cloud Functions, Crashlytics, Cloud Messaging) — Google LLC. Stores your account, gameplay, and crash data.
- RevenueCat — for purchase verification and entitlement management.
- Google AdMob — for serving ads. May process your advertising identifier if you have given consent.
- Expo Push Notification Service — for delivering notifications.
- Apple App Store / Google Play / Facebook Login — when you sign in via these providers, they handle the authentication and pass us the data described above.
We do not sell or rent your personal data. We do not share identifiable data with marketers, data brokers, or third-party analytics services beyond the processors listed above.
5. International transfers
Our processors operate globally, including in the United States. Data may be transferred outside the EEA, UK, and Israel. Where the law requires it, transfers are protected by Standard Contractual Clauses or equivalent safeguards published by the receiving processor.
6. How long we keep it
- Account and gameplay data — for as long as your account exists. If you delete the account, the data is removed within 30 days (see Section 8).
- Crash logs — up to 90 days, then automatically deleted.
- Purchase receipts — retained for as long as required by tax and consumer-protection laws (typically 7 years).
7. Children
Pip King is rated for users aged 4+ on the App Store and Everyone on Google Play. The app does not knowingly collect personal information from children under 13 (or under 16 in the EEA/UK) without verifiable parental consent. If you believe a child has signed up without consent, please email us and we will delete the account.
8. Your rights
You have the right to:
- Access the personal data we hold about you
- Correct data that is wrong or out of date
- Delete your account and the data attached to it — see /delete-account or use the in-app option (Settings → Account → Delete Account)
- Withdraw consent for advertising and notifications at any time, in your device settings
- Object to processing based on legitimate interest
- Data portability — export your data in a machine-readable form
- Lodge a complaint with your data-protection authority
To exercise any of these rights, email hezihengel@gmail.com. We respond within 30 days.
9. Security
We rely on industry-standard security practices provided by Google Firebase, including encryption in transit (TLS) and encryption at rest, scoped Firestore security rules, and server-side authority over coin/diamond balances and game results. No system is perfectly secure: we will notify affected users without undue delay if a breach occurs that affects your data.
10. Changes to this policy
We may update this policy when the app changes or the law changes. The "Effective" date at the top will move forward and we will surface a notice in the app for material changes. Continued use after the change means you accept the updated policy.
11. Contact
Questions, complaints, or rights requests:
Hezi Hengel
Email: hezihengel@gmail.com