Privacy Policy

Last updated: October 13, 2025

Welcome to The Unspoken ("we," "our," or "us"). We are committed to protecting your privacy and being transparent about how we handle your data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our mobile application.

            Key Points:
            Turn-Based Mode: Answers stored temporarily (7 days) for multiplayer sync
Solo Mode: Answers are NOT stored anywhere
AI summaries are optional and require your consent
Your data is never sold to third parties
You can delete your data at any time

        

1. Information We Collect

1.1 Information You Provide Directly

Display Name: Optional. When you join a session, you can provide a display name to identify yourself to other players.
Apple ID (Optional): If you choose to use "Sign in with Apple," we receive limited information from Apple (email or private relay email).
Session Preferences: Your game mode preferences (solo/multiplayer, turn-based mode, AI settings).

1.2 Automatically Collected Information

Anonymous User ID: Firebase generates an anonymous user ID when you first use the app.
Device Information: Device model, operating system version, app version (for compatibility and crash reporting).
Session Data: Game state data (which deck selected, current level, join codes) stored temporarily for multiplayer functionality.
Usage Analytics: Screen views, feature usage, session duration (via Firebase Analytics).
Crash Reports: Error logs and crash data (via Firebase Crashlytics) to improve app stability.

1.3 Camera Access

We request camera permission solely for scanning QR codes to join multiplayer sessions. We do not store, transmit, or process any images or video. The camera is used only for real-time QR code recognition, and no photos are saved.

1.4 Conversation Data (Turn-Based Mode Only)

In Turn-Based Mode with AI Features Enabled:

Text Answers: Your written responses to questions are temporarily stored in Firebase
Voice Transcriptions: If you use voice input, the transcribed text is stored (not the audio itself)
Purpose: To synchronize answers between players and generate AI summaries
Retention: Automatically deleted 7 days after the session ends
Solo Mode: In solo mode, answers are NOT stored anywhere

1.5 What We DO NOT Collect

We explicitly DO NOT collect:

Audio or video recordings (only text transcriptions if you use voice input)
Location data
Contacts or address book
Photos or media (beyond QR scanning)
Browsing history or other app usage

2. How We Use Your Information

We use collected information for the following purposes:

Core Functionality: Enable multiplayer sessions, real-time synchronization, and game state management
Authentication: Manage anonymous and Apple ID authentication
Subscription Management: Process in-app purchases and manage subscription status (handled by Apple and RevenueCat)
App Improvement: Analyze usage patterns, fix bugs, and improve performance
Customer Support: Respond to your inquiries and provide technical assistance
Legal Compliance: Comply with legal obligations and enforce our Terms of Service

3. Artificial Intelligence (AI) Features

3.1 AI Session Summaries (Optional)

If you enable "AI Follow-ups" in Turn-Based mode, we use Google's Gemini AI (via Google Cloud) to generate personalized session summaries based on:

The questions asked during your session
Your answers and responses (text only, stored temporarily)
Player names (if provided)
Session metadata (deck type, level progression)

3.2 AI Data Processing

Data Sent to AI: Questions, player names, and your text answers (when AI is enabled)
AI Provider: Google Gemini 1.5 Flash via Firebase Cloud Functions
Processing Location: Google Cloud servers (compliant with GDPR)
Data Retention: Conversation data and AI summaries are deleted 7 days after session ends
Opt-Out: AI features are OFF by default. You must explicitly enable them in Turn-Based mode

3.3 AI and Privacy

Important: When AI features are enabled, your conversation answers are sent to Google's Gemini AI to generate personalized summaries and follow-up questions. This data is:

Processed in real-time and not permanently stored by Google (per their AI service terms)
Used only to generate summaries for your session
Automatically deleted from our database after 7 days
Never used to train AI models or for any other purpose

Solo Mode Privacy: In solo mode (no multiplayer), your answers are never stored or sent anywhere, even with AI enabled.

4. Third-Party Services

We use the following third-party services to operate our app:

4.1 Firebase (Google Cloud)

Services Used: Authentication, Cloud Firestore (database), Analytics, Crashlytics, Cloud Functions
Purpose: User authentication, real-time multiplayer, crash reporting, AI processing
Data Location: Google Cloud servers (US and EU regions)
Privacy Policy: firebase.google.com/support/privacy

4.2 RevenueCat

Purpose: Subscription and in-app purchase management
Data Shared: Anonymous user ID, purchase status, subscription state
Privacy Policy: revenuecat.com/privacy

4.3 Apple Services

Sign in with Apple: Optional authentication (we receive only email or private relay)
StoreKit: In-app purchase processing (Apple handles all payment data)
Privacy Policy: apple.com/legal/privacy

5. Data Storage and Security

5.1 Data Retention

Session Data: Automatically deleted 7 days after session ends
Anonymous Accounts: Retained while app is installed; deleted when app is uninstalled
Apple ID Accounts: Retained until you request account deletion
AI Summaries: Deleted with session data after 7 days
Analytics Data: Aggregated and anonymized after 60 days

5.2 Security Measures

All data transmitted using industry-standard HTTPS/TLS encryption
Firebase security rules restrict data access to authorized users only
Regular security audits and updates
No storage of sensitive payment information (handled by Apple)

6. Your Rights (GDPR & CCPA Compliance)

6.1 European Union (GDPR) Rights

If you are in the European Economic Area (EEA), UK, or Switzerland, you have the following rights:

Right to Access: Request a copy of your personal data
Right to Rectification: Correct inaccurate personal data
Right to Erasure ("Right to be Forgotten"): Request deletion of your data
Right to Restriction: Limit how we process your data
Right to Data Portability: Receive your data in a portable format
Right to Object: Object to processing of your data
Right to Withdraw Consent: Withdraw consent at any time

6.2 California (CCPA/CPRA) Rights

If you are a California resident, you have the right to:

Know what personal information we collect
Know if we sell or share personal information (we don't)
Access your personal information
Delete your personal information
Opt-out of data sales (not applicable as we don't sell data)
Non-discrimination for exercising your rights

6.3 All Users

Regardless of location, you can:

Delete Your Account: Contact us to delete all your data
Opt-Out of Analytics: Disable in app settings (future feature)
Disable AI Features: Turn off AI summaries in game settings
Export Your Data: Request a copy of your data

6.4 How to Exercise Your Rights

To exercise any of these rights, contact us at destangokalp@gmail.com. We will respond within 30 days (or as required by law).

7. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

Consent: When you explicitly agree (e.g., enabling AI features, analytics)
Contract Performance: To provide the app services you've requested
Legitimate Interests: To improve app functionality and prevent fraud
Legal Obligation: To comply with applicable laws and regulations

8. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States. We ensure appropriate safeguards are in place:

Google Cloud (Firebase) complies with EU-U.S. Data Privacy Framework
Standard Contractual Clauses (SCCs) for EU data transfers
All third-party services are GDPR-compliant

9. Children's Privacy

Our app is not directed to children under 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we will delete it.

10. Data Breach Notification

In the unlikely event of a data breach affecting your personal information, we will:

Notify affected users within 72 hours (as required by GDPR)
Notify relevant supervisory authorities
Provide details about the breach and our response
Offer guidance on protective measures

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Significant changes will be communicated via:

In-app notification
Email (if you've provided one)
Updated "Last Modified" date at the top of this policy

Continued use of the app after changes constitutes acceptance of the updated policy.

12. Contact Us & Data Protection Officer

For privacy questions, to exercise your rights, or to contact our Data Protection Officer (DPO):

Email: destangokalp@gmail.com
Developer: Destan Gokalp
App: The Unspoken

EU Representative: [To be assigned if required based on GDPR Article 27]

Supervisory Authority (EU): You have the right to lodge a complaint with your local data protection authority if you believe we have not addressed your concerns.

13. Consent and Acknowledgment

By using The Unspoken, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and processing of your data as described herein. You may withdraw consent at any time by:

Deleting the app
Contacting us to delete your account
Disabling specific features (analytics, AI)