Privacy Policy — Chess Defence
Effective date: July 6, 2026 Last updated: July 2026
This Privacy Policy explains how Erdi Acar ("we", "our", "us") collects, uses, discloses and protects personal information in connection with the mobile game Chess Defence (package: com.erdiacar.chessDefence) available on iOS and (in progress) Android. By downloading, installing or using the app you agree to the collection and use of information as described in this policy.
1. Introduction
Provider: Erdi Acar
App name: Chess Defence
Company address: Akat Mahallesi Budin Sokak Bozbey Apt. No:1 Daire:7
Contact email: erdiacar@gmail.com
Purpose: This policy describes what information we collect (including through third‑party SDKs), why we collect it, how we use it, how long we keep it, who we share it with, how we protect it, and the rights available to you under applicable privacy laws (including GDPR and CCPA).
2. Information We Collect
We collect several types of information to provide, maintain and improve the app, enable purchases and ads, provide support, and meet legal obligations.
A. Personal Data (may identify you directly or in combination)
Account information you provide: email address, display name (if you create an account or register).
Contact information you provide to support: email content.
Purchase records: IAP receipts, purchase date, product identifier (used to validate purchases via RevenueCat / App Store / Google Play).
Payment method details: We do not collect full credit card numbers in the app; purchases are processed through the App Store, Google Play, or RevenueCat. We may store transactional metadata (receipt IDs, transaction dates, product IDs).
B. Sensitive Data
We do not collect health, biometric, financial account numbers, racial/ethnic origin, political opinions, religious beliefs, or other special category data. If any sensitive data is ever required in future features, we will disclose it and seek explicit consent as required by law.
C. Usage Data & Technical Data (automatically collected)
Device information: device model, operating system and version, device identifiers (Advertising ID on Android, IDFA on iOS when permitted), language, timezone, screen size.
Log data: IP address, crash reports, session timestamps, app usage and performance metrics, in‑game events (e.g., level starts/completes, purchases, ad interactions).
Analytics identifiers and cookies/local storage used by SDKs for analytics and ads.
Push notification tokens (FCM/APNs) if you opt in to receive push notifications.
D. Data from Third Parties
Advertising identifiers and interest signals supplied by ad networks and analytics services.
If you contact support using an external service, we may retain copies of those communications.
3. How We Use Your Information
We use collected information for the following purposes:
Provide and operate the app and its features (gameplay, progression, saving local state, offline play).
Process purchases, validate transactions and provide receipts (RevenueCat, App Store, Google Play).
Deliver push notifications and messages (only if you opt in).
Serve, measure and improve advertising (personalized ads when permitted).
Analytics and product improvement: understand usage patterns, performance, crashes and to measure key performance indicators.
Customer support and fraud prevention, security and legal compliance.
Personalization of offers and in‑app content (subject to your consent and applicable law).
Communicate important updates, policy changes, and transactional messages.
Legal bases (GDPR): where applicable, processing is based on your consent, performance of a contract, our legitimate interests (improving the app, security, analytics), or compliance with legal obligations.
4. Third‑Party Access / Service Providers
We use third‑party services to operate and improve the app. These providers may collect and process data as described in their own policies:
Firebase (Analytics, Crashlytics, Cloud Messaging) — Google: https://firebase.google.com/support/privacy
Google Analytics — Google: https://policies.google.com/technologies/partner‑sites
Google AdMob (ads / ad serving) — Google: https://support.google.com/admob/answer/6128543
RevenueCat (IAP subscription and purchase validation) — https://www.revenuecat.com/privacy
Supabase (level catalog, push token storage, server data) — https://supabase.com/privacy
Apple App Store / App Store Connect (IAP handling, receipts): https://www.apple.com/legal/privacy/
Google Play (IAP handling): https://policies.google.com/privacy
Other analytics or crash reporting services we may adopt (we will update this policy if we add others).
We share only the minimum data required with these providers; they act as processors and are contractually bound to protect your data.
5. Advertising, Tracking & Personalized Ads
We display rewarded video ads via AdMob and may share device identifiers and limited technical data with ad networks to deliver and measure ads.
Personalized ads: when permitted, we use advertising identifiers (IDFA/Advertising ID) for ad personalization. On iOS, we request AppTrackingTransparency consent when required by Apple. On Android, Advertising ID usage follows Google Play policies.
Opting out: you can opt out of personalized ads by:
- On iOS: Settings → Privacy → Tracking → Disable "Allow Apps to Request to Track" or limit ad tracking (see https://support.apple.com/en‑us/HT205223). - On Android: Settings → Google → Ads → Opt out of Ads Personalization, or reset your Advertising ID (see https://support.google.com/googleplay/answer/140378). - Use Google Ad Settings: https://adssettings.google.com/
We do not sell your personal information for money. Where applicable under CCPA the sharing of identifiers with advertising partners may be treated as a “sale or sharing” by some regulators — if you are a California resident and wish to opt out of sale/sharing for targeted advertising, contact us at erdiacar@gmail.com (see Your Rights).
6. Data Retention
We retain personal information only as long as necessary for the purposes listed above and to comply with legal obligations, resolve disputes and enforce agreements.
Typical retention periods:
Account registration data and purchase records: retained for the life of the account and up to 7 years after account deletion for accounting and legal compliance.
Analytics data (aggregated): retained for up to 24 months; aggregated, non‑personal analytics may be retained longer.
Crash reports and logs: retained for up to 90 days, unless needed longer for debugging/security incidents.
Push tokens: stored until you revoke consent, uninstall the app, or we remove inactive tokens.
Local game saves: stored on your device until you delete the app or the local save (or until you request account deletion where server‑stored data exists).
If you request deletion, we will remove your personal data from live systems within a reasonable time (see Your Rights), subject to retained records required by law.
7. Security
We take reasonable organizational, technical and administrative measures designed to protect your information:
Encryption in transit (TLS) for data sent between the app and our servers or third‑party services.
Access controls and authentication for systems holding personal data.
Use of reputable third‑party providers who maintain industry standard security practices.
Regular security reviews and updates.
No transmission over the internet or storage system can be guaranteed to be 100% secure. We cannot promise that unauthorized access will never occur.
8. Children’s Privacy
Chess Defence is not directed to children under 13. We do not knowingly collect personal data from children under 13.
If you are a parent and believe your child has provided us with personal data without your consent, please contact us at erdiacar@gmail.com. We will take steps to delete such data as required by law.
9. Your Rights (GDPR, CCPA and other jurisdictions)
If you are located in the EU, UK, California or other jurisdictions with privacy rights, you may have the following rights:
A. GDPR (EU/EEA/UK) — subject to local law:
Right of access: request a copy of personal data we hold about you.
Right to rectification: correct inaccurate or incomplete data.
Right to erasure: request deletion of your personal data (subject to exceptions).
Right to restrict processing: request limitation of processing in certain situations.
Right to data portability: request your data in machine‑readable format.
Right to object: object to processing based on our legitimate interests.
Right to withdraw consent: where processing is based on consent.
B. CCPA (California residents) — subject to verification:
Right to know: request disclosure of personal information categories collected, sources, purposes and third parties with whom we shared it.
Right to access: request a copy of personal information we maintain.
Right to delete: request deletion of personal information (with exceptions).
Right to opt-out of sale/sharing: request that we not sell or share personal information for cross‑context behavioral advertising.
Non‑discrimination: you will not be discriminated against for exercising these rights.
How to exercise your rights:
Contact us at erdiacar@gmail.com with “Privacy Request” in the subject and include:
- Your full name, account email, platform (iOS/Android) and a clear description of the request.
We will verify identity to the extent necessary to process requests and will respond within the timeframes required by law (generally within 30 days; may extend where permitted).
Authorized agents: for CCPA requests, we may require verification and a signed authorization.
10. In‑App Purchases, Subscriptions & Billing
The app offers consumable IAPs (gem packs, featured bundles) and may offer subscriptions in future. Purchases are processed via the App Store (iOS), Google Play (Android), and RevenueCat for cross‑platform management.
Subscriptions (if offered): auto‑renew automatically until canceled. Billing and subscription management (cancellation, refund) are handled by the App Store / Google Play. You can cancel a subscription in your account settings with the store where you purchased.
Refunds: subject to the App Store / Google Play refund policies. Our internal refund policy: 14 days; however store/platform refund decisions take precedence.
Restore purchases: a “Restore Purchases” feature is provided for non‑consumable purchases and entitlements where supported by the store; consumables generally cannot be restored.
11. Analytics & Telemetry
We use analytics (Firebase Analytics, Google Analytics) to measure app usage, retention and engagement. These services collect technical and usage data; see their privacy pages (links in Section 4).
You can opt out of analytics by uninstalling the app or disabling analytics features in your device settings where supported; we will honor opt‑out signals where technically feasible.
12. Crash Reporting & Diagnostics
Crash reports and diagnostics (Crashlytics) are used to monitor and fix stability issues. Crash reports may include device identifiers and stack traces, but do not include full personal communications or payment card data.
13. Data Transfers & International Processing
Data may be stored or processed in countries other than your country of residence, including jurisdictions where our service providers operate (for example the United States and the European Economic Area), as described in Section 4.
Where required by applicable law (including GDPR), we rely on appropriate transfer safeguards made available by our providers or by law, such as standard contractual clauses or equivalent mechanisms. Your use of the App may involve such transfers as needed to operate the features and services described in this policy.
We do not control the independent privacy practices of Platform Providers or third-party SDKs beyond the contractual and technical measures reasonably available to us; those parties process data under their own policies linked above.
14. Changes to this Policy
We may update this Privacy Policy from time to time to reflect product, legal, or operational changes. The Effective date / Last updated information at the top will change when we do so.
Where required by law, we will provide additional notice (for example in-app notice). Continued use of the App after an update becomes effective constitutes acceptance of the revised policy, except where mandatory law requires a different form of consent.
15. Contact
For privacy questions, rights requests, or concerns about this policy, contact Erdi Acar at erdiacar@gmail.com, Akat Mahallesi Budin Sokak Bozbey Apt. No:1 Daire:7.
Please include “Privacy Request” in the subject line when exercising access, deletion, or similar rights so we can route and verify your request appropriately.