Privacy Policy for Pass the Bomb
This Privacy Policy describes how Pass the Bomb ("the App", "we", "us", or "our") handles information when you use the App on Android or iOS. The App is provided by Sotiris Pallis, an individual developer based in Greece, European Union.
If you have any questions about this policy or your data, you can contact us at contact@spallis.dev.
1. Summary
Pass the Bomb is a local, single-device party game. We designed it to need as little of your data as possible:
- We do not require you to create an account.
- We do not ask for your name, email, phone number, or address.
- We do not show advertising.
- We do not sell your data.
- All gameplay (modes, timers, results) runs entirely on your device.
The only information that ever leaves your device is:
- Purchase and subscription data, handled by Apple, Google, and our subscription provider (RevenueCat), so we can deliver the features you paid for.
- Anonymous product analytics, sent to PostHog, so we can understand how the App is used in aggregate and improve it.
The sections below explain this in detail.
2. Information we collect
2.1 Information you provide
The App does not have user accounts, login, or profile creation. We do not knowingly collect any information that you actively provide.
2.2 Information collected automatically
When you use the App, the following information may be processed:
Subscription / purchase data
When you start, restore, or manage a subscription, the App communicates with the Apple App Store or Google Play Store, and with our subscription processor RevenueCat. The following may be processed:
- Anonymous customer identifier generated by RevenueCat
- Purchase token / receipt issued by Apple or Google
- The product purchased, purchase date, renewal date, and current entitlement status
- Country/store associated with the purchase
- Platform (iOS or Android) and app version
We need this information to grant you access to the features you paid for, to support restore-purchases, and to detect refunds or cancellations.
Anonymous usage analytics (PostHog)
The App sends anonymous product analytics events to PostHog. These events are not linked to your real identity. They typically include:
- A pseudonymous, randomly-generated device identifier (created by the App)
- Screen views, button taps, and game mode selections
- Approximate timing/length of sessions and rounds
- App version, operating system, device model, language, country (derived from device locale, not GPS)
- Error and crash information
We do not send your name, email, phone number, IP address (PostHog is configured to discard IP), advertising ID (IDFA/AAID), precise location, contacts, photos, microphone audio, or any gameplay content you create.
2.3 Information stored only on your device
Some data stays on your device and is never uploaded to us:
- Your settings (sound, haptics, theme, language)
- Cached state required to run the game
- Any local preferences saved between sessions
You can clear this at any time by uninstalling the App or clearing the App's data from your device's settings.
3. How we use information
We use the limited information described above only to:
- Provide the App and its features
- Deliver, restore, and manage subscriptions
- Diagnose crashes and fix bugs
- Understand which game modes and features are used, in aggregate, to improve the App
- Comply with legal obligations (for example, tax and consumer-protection rules around purchases)
We do not use your data to build a personal profile, to target advertising, or for automated decision-making with legal effects.
4. Legal bases for processing (GDPR)
Because we are based in the European Union, the General Data Protection Regulation (GDPR) applies. We rely on the following legal bases under Article 6 GDPR:
- Performance of a contract (Art. 6(1)(b)) — processing subscription and purchase data so we can deliver the paid features you requested.
- Legitimate interests (Art. 6(1)(f)) — sending anonymous analytics events to understand and improve the App. Because these events are not linked to your identity and do not include identifiers like IP or advertising ID, the impact on your privacy is minimal. You can object to this processing at any time using the contact details below.
- Legal obligation (Art. 6(1)(c)) — keeping limited records related to purchases for tax and accounting purposes.
5. Third-party services
We rely on the following service providers. They process some data on our behalf as described above.
RevenueCat
RevenueCat manages in-app subscriptions across Apple and Google. They receive the purchase data described in section 2.2. See their privacy policy: https://www.revenuecat.com/privacy/
PostHog
PostHog provides product analytics. They receive the anonymous events described in section 2.2. See their privacy policy: https://posthog.com/privacy
Apple App Store and Google Play
When you install the App or make a purchase, Apple or Google process information according to their own privacy policies, which we do not control:
6. International data transfers
RevenueCat and PostHog may process data on servers located outside the European Economic Area (EEA), including in the United States. When data is transferred outside the EEA, we rely on appropriate safeguards such as the Standard Contractual Clauses approved by the European Commission, and on the providers' own compliance frameworks.
7. Data retention
- Subscription data is retained for as long as your subscription is active, plus the period required by applicable tax and consumer-protection law (typically up to a few years).
- Anonymous analytics events are retained by PostHog according to our configured retention period and their internal policies. Because the events are not linked to your identity, they cannot be tied back to you personally.
- On-device data is retained until you uninstall the App or clear its data.
8. Your rights
If the GDPR applies to you, you have the following rights:
- Right of access — ask whether we hold data about you and request a copy.
- Right to rectification — ask us to correct inaccurate data.
- Right to erasure ("right to be forgotten") — ask us to delete data we hold about you.
- Right to restriction — ask us to limit how we use your data.
- Right to data portability — ask for your data in a machine-readable format.
- Right to object — object to processing based on legitimate interests, including analytics.
- Right to withdraw consent — where we rely on consent, you can withdraw it at any time.
Because the App does not collect direct identifiers like email, we may not be able to locate analytics events that relate to a specific person. For subscription-related requests, we can usually locate data using the RevenueCat customer ID, the App Store / Google Play transaction ID, or the email associated with your Apple or Google account.
To exercise any of these rights, email pallis.sotiris@gmail.com.
You also have the right to lodge a complaint with a data protection supervisory authority. In Greece, this is the Hellenic Data Protection Authority (Αρχή Προστασίας Δεδομένων Προσωπικού Χαρακτήρα), https://www.dpa.gr.
9. Children's privacy
The App is intended for a general audience and is not directed at children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided personal information through the App, please contact us and we will take appropriate steps to delete it.
10. Security
We take reasonable technical and organizational measures to protect the limited information we process, including encrypted connections (HTTPS/TLS) between the App and our service providers. No method of transmission or storage is perfectly secure, but the small scope of data we handle reduces risk substantially.
11. Changes to this policy
We may update this Privacy Policy from time to time, for example when we add features, change service providers, or in response to legal changes. When we do, we will update the "Last updated" date at the top of this page. If the changes are significant, we will make a reasonable effort to highlight them in the App or on this page.
12. Contact
If you have questions, requests, or complaints about this Privacy Policy or your data, contact:
Sotiris Pallis
Email: contact@spallis.dev
Country: Greece (European Union)
