Privacy Policy
9×16 — Expanding Tic-Tac-Toe
1. Introduction
This Privacy Policy explains how TE and CO, LDA ("we", "us", "our") handles information in connection with the mobile application 9×16 — Expanding Tic-Tac-Toe (the "App"), available on the Apple App Store and Google Play.
The App is a single-player, offline-first tic-tac-toe game. It is designed to collect as little information as possible. This document describes what is collected, why, and what choices you have.
2. Information We Collect and Use
We collect two narrow categories of data:
a) Crash diagnostics (automatic)
When the App crashes or encounters a fatal error, we receive a crash report through Firebase Crashlytics. These reports include:
- Device model and operating system version
- App version and build identifier
- The technical stack trace of the error
- A Crashlytics-generated installation identifier
Crash reports do not include your name, email, contacts, photos, location, or the contents of your game. We use them solely to diagnose and fix bugs.
b) Anonymous account identifier (automatic)
On first launch, the App creates an anonymous Firebase Authentication account. This produces a randomly generated user ID (UID) that is not linked to your name, email, or any personal identifier. It exists so that, in the future, your progress can be preserved across devices if you choose to link a real account. Anonymous sign-in failure is silent — the App continues to work without it.
c) Optional account linking (only if you tap it)
If you choose to link your anonymous account to Sign in with Apple (iOS) or Google Sign-In (Android), additional information is shared with us by the provider:
- Sign in with Apple: your email address. We request only the email scope.
- Google Sign-In: the email address and basic profile (name) associated with the Google account you select.
This step is entirely optional. The App is fully playable without linking any account.
3. What We Do Not Collect
For clarity, the App does not:
- Show ads or integrate any advertising SDK
- Run analytics or behavioural tracking (Firebase Analytics is not enabled)
- Access your location, camera, microphone, photo library, contacts, or calendar
- Sell, rent, or share your data with data brokers
- Use cross-app tracking identifiers (IDFA, AAID) for ad targeting
4. Data Stored Locally on Your Device
The following is stored locally via the device's standard preferences storage and never transmitted to us:
- Game statistics: current board size, maximum board reached, win/loss/draw counts, streak, score
- Theme preference (light, dark, or system)
- A flag indicating whether multiplayer has been unlocked (reserved for future use)
This data is deleted automatically when you uninstall the App.
5. Third-Party Services
The App relies on the following third-party services. Each operates under its own privacy policy:
- Google Firebase (Crashlytics, Authentication) — policies.google.com/privacy and firebase.google.com/support/privacy
- Apple — Sign in with Apple (iOS only, optional) — apple.com/legal/privacy
- Google Sign-In (Android only, optional) — policies.google.com/privacy
- Google Fonts — used to render the App's typography. When fonts are fetched, Google may record your device's IP address. See policies.google.com/privacy.
6. Data Retention
- Crash reports are retained by Firebase Crashlytics for up to 90 days per Google's default policy.
- Anonymous UIDs and linked account data are retained as long as your account exists. You can request deletion at any time (see Section 8).
- Local device data is removed when you uninstall the App.
7. Children's Privacy
The App is not directed to children under 13 (or under 16 in the European Economic Area). We do not knowingly collect personal information from children. If you believe a child has provided us with information, please contact us and we will delete the corresponding data.
8. Your Rights
Depending on your jurisdiction (including under the EU GDPR and California's CCPA), you may have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data
- Object to or restrict certain processing
- Request a portable copy of your data
To exercise any of these rights, email us at gdev@curiosophy.io. We will respond within a reasonable timeframe, typically 30 days.
9. Security
All data in transit between the App and Firebase is encrypted via HTTPS/TLS. While we take reasonable administrative and technical measures to protect your data, no system is perfectly secure, and we cannot guarantee absolute security.
10. International Data Transfers
Firebase services are operated by Google and may process data in the United States and other countries. By using the App, you understand that your data may be transferred to and processed in jurisdictions with different data protection laws than your own. Google relies on Standard Contractual Clauses and other lawful transfer mechanisms where required.
11. Changes to This Policy
We may update this Privacy Policy from time to time — for example, when we add new features or update SDKs. When we make material changes, we will update the "Effective date" at the top and, where appropriate, notify you through the App or the relevant store listing. Continued use of the App after a change constitutes acceptance of the updated policy.
12. Contact Us
TE and CO, LDA
Email: gdev@curiosophy.io
We aim to respond to privacy-related inquiries within 30 days.