← Back to Home

GridBurst — Privacy Policy

Effective date: 2026-05-23 | Version: 2.1

This Privacy Policy ("Policy") describes how the publisher of the GridBurst mobile application ("App", "Service", "we", "us", "our") collects, uses, discloses, retains, and protects information in connection with your use of the App. This Policy forms part of, and is incorporated by reference into, the GridBurst Terms of Service ("Terms"). Capitalized terms used but not defined here have the meanings given in the Terms.

This Policy is designed to comply, to the maximum extent applicable, with:

• the European Union General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR");
• the United Kingdom General Data Protection Regulation and Data Protection Act 2018 ("UK GDPR");
• the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 ("CCPA/CPRA");
• the Virginia Consumer Data Protection Act, Colorado Privacy Act, Connecticut Data Privacy Act, Utah Consumer Privacy Act, Texas Data Privacy and Security Act, and other U.S. state privacy laws as enacted;
• Brazil's Lei Geral de Proteção de Dados (Law No. 13.709/2018) ("LGPD");
• Canada's Personal Information Protection and Electronic Documents Act ("PIPEDA") and Quebec Law 25;
• Australia's Privacy Act 1988 (Cth);
• the U.S. Children's Online Privacy Protection Act ("COPPA");
• the Apple App Store Review Guidelines (including App Tracking Transparency); and
• the Google Play Developer Program Policies (including the Data Safety section).

BY DOWNLOADING, INSTALLING, OR USING THE APP YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS POLICY. If you do not agree, do not use the App and uninstall it from your device.

1. Data Controller and Contact

The data controller (GDPR/UK GDPR) and "business" (CCPA/CPRA) responsible for processing personal data described in this Policy is the publisher identified in Section 22 of the Terms ("Publisher"). The Publisher alone determines the purposes and means of processing.

The persons who originally conceived, designed, and developed the App (the "Creator" and, with their respective affiliates, employees, contractors, and licensors, the "Developer Parties") are not data controllers, joint controllers, processors, or sub-processors of personal data described in this Policy and have no role in determining the purposes and means of processing. The Developer Parties do not receive personal data about you in identifiable form. Any data-subject request or complaint must be directed to the Publisher.

For all privacy questions, data-subject requests, or complaints:

Email: [email protected]

EU/EEA users may contact the Publisher at the same address as our representative point of contact for GDPR purposes. We will respond within statutory timeframes (typically 30 days under GDPR/UK GDPR, 45 days under CCPA/CPRA, subject to permitted extensions).

2. Scope

This Policy applies to data processed in connection with the App and the optional online features it offers (such as a leaderboard service or rewarded video advertisements). It does not apply to:

• the Apple App Store, Google Play Store, Apple Game Center, Google Play Games, Apple iCloud, or Google Drive — each is governed by its operator's own privacy policy;
• third-party websites linked from the App; or
• advertising networks beyond Google AdMob.

We are not responsible for the privacy practices of any third party.

3. Categories of Data

We collect only the data described in this Section. We do not collect any other category of personal data.

3.1 Data stored locally on your device only

The following data is written to local storage on your device (e.g., localStorage, app sandbox files) and is never transmitted to us except as described in Section 3.2:

• game progress, current grid state, score, level, combo streak;
• high scores, lifetime statistics, achievement progress and unlock state;
• Daily Challenge best score, streak, and history;
• settings and preferences (sound, haptics, theme, classic-timer toggle);
• install timestamp, welcome-window state, daily try counter;
• In-App Purchase entitlement flags (e.g., whether Daily Plus is active);
• Terms of Service version and acceptance timestamp; and
• locally-generated random identifiers (UUID) used solely on-device.

This data persists until you uninstall the App or clear its data via your operating system.

3.2 Data submitted to our servers (only if you opt into online features)

If — and only if — you opt into an online feature (such as the online leaderboard or cross-device sync), the following may be transmitted to our servers:

• an opaque, App-scoped player identifier provided by your platform (Apple Game Center gamePlayerID or Google Play Games playerID), which is anonymous, scoped to this App only, and does not expose your real name, email, or platform account ID;
• if a platform identifier is unavailable, a random UUID generated on your device;
• numeric score values and submission timestamps;
• App version, platform (iOS / Android / iPadOS), and a coarse country code derived from your IP address at request time (the IP address itself is not stored beyond the duration of the request and standard server logs);
• the Terms version and acceptance timestamp, for legal compliance.

You may decline to opt into online features at any time. Declining does not affect single-player functionality.

3.3 Data received from your platform

• In-App Purchase receipts are issued by Apple or Google for purchase validation and entitlement grants. Receipts are processed transiently and may be cached locally; we do not store payment card numbers, billing addresses, or other payment instruments.
• If you opt into Apple Game Center or Google Play Games, the platform may share your opaque player identifier and, with your separate consent given to the platform, a display name. Where displayed (e.g., on leaderboards), display names are presented as supplied by the platform and not stored on our servers.

3.4 Data processed by Google AdMob (advertising)

When you voluntarily tap a "Watch ad" button to earn an in-game retry, the App requests a rewarded video advertisement from Google AdMob (operated by Google LLC and/or its affiliates). To serve, measure, and report on that advertisement, AdMob may collect or process:

• a device-specific advertising identifier (IDFA on iOS, AAID on Android), only where allowed by the operating system and only with your consent (on iOS, this requires you to grant the App Tracking Transparency prompt; on Android, the AAID is governed by your Google Account settings);
• coarse, non-precise location inferred from your IP address (city or region level);
• general device and network diagnostics (device model, OS version, language, connection type);
• ad-interaction events (whether the ad was viewed to completion, clicked, or closed); and
• a consent signal generated by the in-app GDPR/CCPA consent dialog presented to applicable users before the first ad request.

AdMob's processing is governed by Google's privacy policy and policies for advertising:

• https://policies.google.com/privacy
• https://policies.google.com/technologies/ads
• https://support.google.com/admob/answer/6128543

We display only rewarded video advertisements, only when you voluntarily request them. We do not display banner ads, interstitial ads, native ads, or unsolicited advertisements of any kind. We do not use AdMob's audience-segmentation or remarketing features.

3.5 Telemetry, analytics, and diagnostics

The App may, now or in future versions, collect telemetry, analytics, performance, and crash-reporting data ("Telemetry") to understand how the App is installed, opened, used, and closed; to measure feature engagement, session length, and retention; to identify crashes, errors, and performance issues; to detect fraud and abuse; to measure monetization effectiveness; to run A/B tests; to operate, secure, and improve the App; and to comply with legal or platform requirements.

Categories of Telemetry that may be collected:

• App version and build, operating-system name and version, device model, language, region, screen size and orientation, free memory and storage, connection type.
• App lifecycle events (install, first launch, open, foreground, background, close, crash, force-quit) and timestamps.
• Feature events (mode selected, game started or ended, score, IAP screen viewed, button tapped, ad requested, ad watched, setting changed).
• Error reports and crash stack traces (which may incidentally include filenames and code symbols but exclude content data and personal identifiers we do not collect).
• Request and response timings for online features (leaderboards, ad fetch).
• A randomly-generated opaque "installation identifier" used solely to deduplicate events; not linked to your real identity.

Categories of Telemetry that are NOT collected: the content of any communications, real name, email address, phone number, postal address, payment-instrument data, precise geolocation, contacts, photos, calendar, microphone or camera content, or any data the App has not been granted permission to access.

Third-party processors that may handle Telemetry on the Publisher's behalf (each acting as a processor under the Publisher's documented instructions): Apple App Analytics, Google Play Console reporting, Firebase, Google Analytics for Firebase, Sentry, Crashlytics, AppsFlyer, Adjust, Mixpanel, Amplitude, PostHog, or a successor service. The specific set of providers in use at any given time may change; the current set is available on request at [email protected] and, where required by platform policy, is also disclosed in the App Store "Privacy Nutrition Label" and the Google Play "Data Safety" form for the App.

Legal basis (GDPR/UK GDPR): Where Telemetry is strictly necessary to provide the Service or to detect fraud or security incidents, the Publisher relies on legitimate interests (Art. 6(1)(f)) and on performance of a contract (Art. 6(1)(b)). Where applicable law requires consent (for example, where Telemetry involves access to information stored on your device beyond what is strictly necessary, or where it relies on a device identifier subject to ATT/UMP), the Publisher will request your consent through an in-App dialog or platform consent framework before collecting that Telemetry, and you may withdraw consent at any time from the App's settings.

No sale; no behavioral-advertising profiles. Telemetry is not "sold" or "shared" for cross-context behavioral advertising as those terms are defined under the CCPA/CPRA and similar laws.

Aggregation and de-identification. The Publisher may create aggregated or de-identified data from Telemetry and may use, retain, and disclose such data without restriction for any lawful purpose.

Developer Parties. The Developer Parties do not receive Telemetry in identifiable form, do not determine the purposes and means of its processing, and have no obligation or liability in respect of it (see Section 1 and the Terms).

3.6 Data we do not collect

We do not collect or process:

• your real name, email address (other than where you choose to contact us), phone number, postal address, or government identifier;
• payment card data, bank-account data, or other payment-instrument data (handled exclusively by Apple or Google);
• biometric data, health data, sexual-orientation data, religious-belief data, racial or ethnic data, political-opinion data, or trade-union membership;
• precise or approximate geolocation (we do not request location permission);
• access to your contacts, photos, calendar, microphone, camera, SMS, call log, or files outside the App sandbox;
• browsing history outside the App;
• behavioral analytics, in-app event tracking, session replay, heat maps, or third-party SDK telemetry beyond what is strictly necessary for AdMob to serve a requested ad.

4. Purposes and Lawful Bases for Processing

We process data only for the purposes and on the lawful bases set out in our Terms and Privacy documentation. Key purposes include:

• Provide the App's single-player functionality
• Validate and grant In-App Purchase entitlements
• Operate the optional online leaderboard
• Maintain leaderboard integrity and detect fraud
• Serve voluntary rewarded advertisements
• Understand how the App is used and improve it
• Comply with law and respond to lawful requests

We do not engage in any form of automated decision-making (including profiling) that produces legal or similarly significant effects on you.

5. Sale and Sharing of Personal Information

We do not "sell" personal information for monetary or other valuable consideration, and we do not "share" personal information for cross-context behavioral advertising, as those terms are defined under the CCPA/CPRA and similar U.S. state laws.

6. Recipients and Disclosures

We may disclose data to:

• Service providers / processors acting on our documented instructions
• Google LLC (AdMob) for ad-serving purposes
• Apple Inc. and Google LLC as platform operators
• Competent authorities where required by valid legal process
• A successor entity in connection with a merger, acquisition, or sale of assets

We do not sell or rent data to advertisers, data brokers, or third parties for marketing.

7. International Data Transfers

The App is offered globally. If you access the App from outside the country where our servers are located, your data may be transferred to, stored in, and processed in another country whose data-protection laws may differ from those of your country of residence.

Where personal data of EU/EEA, UK, or Swiss users is transferred to a country not covered by an adequacy decision, we rely on appropriate safeguards — including the European Commission's Standard Contractual Clauses (2021/914), the UK International Data Transfer Addendum, and supplementary technical and organizational measures — to protect your data. A copy of the relevant safeguards may be requested at [email protected].

8. Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected. Retention periods include:

• Local on-device data: Until you uninstall the App or clear its data
• Online leaderboard scores: While the service operates
• Telemetry events: Up to 25 months
• Crash reports: Up to 90 days for raw data
• IAP entitlement records: Duration plus 7 years
• Terms acceptance records: Duration plus 3 years

9. Your Rights

Subject to applicable law and to verification of your identity, you may exercise the following rights with respect to personal data we process about you:

• Right of access — confirmation of whether we process data about you and, if so, a copy of that data
• Right to rectification — correction of inaccurate or incomplete data
• Right to erasure — deletion of data, subject to legal-retention exceptions
• Right to restriction — limit how we process data while a dispute is resolved
• Right to data portability — receipt of data in a structured, commonly used format
• Right to object — object to processing based on legitimate interests
• Right to withdraw consent — at any time, where processing is based on consent
• Right to lodge a complaint with your supervisory authority

California / CPRA residents additionally have:

• the right to know what personal information is collected
• the right to delete personal information
• the right to correct inaccurate information
• the right to opt out of "sale" or "sharing" (we do neither)
• the right to non-discrimination for exercising your privacy rights

To exercise any right, contact [email protected] and include sufficient information to verify your identity. For locally-stored data, you may exercise your right to erasure by uninstalling the App.

10. Children's Privacy

The App is not directed to children under the age of 13 (or under the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children below the applicable age without verifiable parental consent.

If you are a parent or guardian and believe that a child under the applicable age has provided personal information to us, contact [email protected] and we will delete the data promptly.

11. Security

We implement appropriate technical and organizational measures designed to protect personal data against unauthorized access, including:

• Transport Layer Security (HTTPS / TLS) for all transmissions
• Access controls on server-side systems
• Segregation of production and non-production environments
• Routine application of security patches
• Minimization of data collected and retained

No security measure is impenetrable. You are responsible for keeping your device secure.

12. Data Breach Notification

In the event of a personal-data breach likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority without undue delay and, where feasible, within 72 hours. Where a high risk is determined, we will also notify affected users without undue delay.

13. Cookies and Similar Technologies

The App does not use HTTP cookies. The App does use the device's local storage (localStorage) solely to persist the data described in Section 3.1. These technologies are strictly necessary for the App to function and are not used for tracking across services.

14. Third-Party Services

Third-party services used by the App include Apple App Store, Google Play, and Google AdMob, each governed by their own privacy policies. We encourage you to review them.

15. App Tracking Transparency (iOS)

On iOS, before AdMob can access the IDFA advertising identifier, the operating system will present an App Tracking Transparency prompt. If you decline, the App continues to function and rewarded ads continue to be served on a non-personalized basis.

16. EU/UK/EEA Consent for Ads

For users in the EU, EEA, and UK, the first time you request a rewarded video advertisement the App will present a consent dialog explaining AdMob's purposes. You may change your choice at any time from the App's settings screen.

17. Service Discontinuation

If we discontinue any online service, we will notify users in advance, preserve locally-stored data, and comply with legal data deletion obligations.

18. Changes to This Policy

We may amend this Policy from time to time. The "Effective date" and "Version" at the top will reflect the latest revision. Material changes will be brought to your attention via the App on next launch. Your continued use of the App after a change takes effect constitutes acceptance of the revised Policy.

Contact Us

For all privacy questions, requests, and complaints:

Email: [email protected]

EU/EEA users who wish to lodge a complaint may contact their local supervisory authority at https://edpb.europa.eu/about-edpb/about-edpb/members_en

This Privacy Policy is incorporated by reference into the GridBurst Terms of Service. By accepting the Terms, you also accept this Policy.