Legal

Privacy Policy

Effective April 20, 2026

This Privacy Policy describes how Spotted Bingo (“Spotted Bingo,” “we,” “us”) collects, uses, and shares information when you use our iOS application and related services (collectively, the “Service”). By using the Service, you agree to the practices described here.

1. Information We Collect

1.1 Information you provide

• Account information: email address and password if you sign up with email; display name and avatar if you add them.
• Third-party sign-in: if you sign in with Apple or Google, we receive a limited identifier and the email address you choose to share.
• Content you create: boards, squares, descriptions, game results, and any images you upload as proof of a marked square.

1.2 Information collected automatically

• Device and usage data: device model, operating system, app version, language, crash reports, and basic interaction events (e.g. screens visited, features used).
• Push notification token: if you grant permission, we store an Apple Push Notification Service (APNs) token so we can notify you about game events.
• Advertising identifier (IDFA): only if you grant permission via Apple’s App Tracking Transparency prompt. You can revoke this at any time in iOS Settings.

1.3 Information from third parties

• Subscription status: RevenueCat tells us whether your in-app purchase is active so we can unlock Pro features.
• Anonymous play: if you play without signing up, we generate a device-scoped identifier so your boards and game history stay tied to your session. This identifier is not linked to your real-world identity.

2. How We Use Information

• To operate the Service: create accounts, sync boards across devices, run multiplayer games, deliver push notifications, and process subscriptions.
• To generate AI square suggestions when you request them (your topic prompt is sent to our AI provider; see Section 4).
• To show ads to free-tier users via Google AdMob. Pro subscribers see no ads.
• To improve the Service: diagnose crashes, fix bugs, understand feature usage, and plan improvements.
• To enforce our Terms of Service and protect against fraud, abuse, or security incidents.
• To comply with legal obligations.

3. Proof Photos

When you upload a photo as proof of a marked square, it is stored on our object storage provider (Cloudflare R2) and served via signed URLs only to participants of the relevant game. Proof photos are automatically deleted after 30 days.

4. Third-Party Services

The Service relies on the following providers, each with its own privacy policy:

• Supabase — authentication and database. supabase.com/privacy
• Cloudflare R2 — proof photo storage. cloudflare.com/privacypolicy
• Apple — Sign in with Apple, push notifications, and in-app purchases. apple.com/legal/privacy
• Google — Google Sign-In and AdMob advertising. policies.google.com/privacy
• RevenueCat — subscription management. revenuecat.com/privacy
• OpenAI — AI square suggestions. Topic prompts you submit are sent to OpenAI for processing. openai.com/policies/privacy-policy
• Expo — push notification delivery and app updates. expo.dev/privacy

5. Sharing and Disclosure

We do not sell your personal information. We share information only:

• With service providers listed above, under contract.
• With other game participants, for content you intentionally share (e.g. boards you publish, proof photos in a game you joined, your display name).
• When required by law, subpoena, or to protect the safety of users or the public.
• As part of a merger, acquisition, or sale of assets, subject to this policy.

6. Your Choices

• Account deletion: you can delete your account from the Profile tab. This permanently removes your boards, games, and proof photos.
• Push notifications: manage permission in iOS Settings › Notifications › Spotted Bingo.
• Tracking: revoke App Tracking Transparency permission in iOS Settings › Privacy & Security › Tracking.
• Marketing email: we do not currently send marketing email. If this changes, opt-out instructions will be included.

7. Children’s Privacy

Spotted Bingo is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us at support@kenparsolutions.com and we will delete it.

8. Data Retention

We retain account and board data for as long as your account is active. Proof photos are auto-deleted after 30 days. Deleted accounts and their content are removed from our active systems within 30 days (backups may retain data for up to 90 days before rotation).

9. Security

We use industry-standard safeguards, including TLS in transit, Supabase Row-Level Security, and signed URLs for photo access. No system is perfectly secure; please use a strong password and keep your device up to date.

10. International Users

The Service is operated from the United States. If you use the Service from outside the US, your information will be processed in the US, which may have different data protection rules than your jurisdiction.

11. Your Rights (EEA, UK, California)

Depending on where you live, you may have rights to access, correct, delete, or port your personal information, or to object to or restrict certain processing. To exercise these rights, email us at support@kenparsolutions.com. We will respond within the timeframe required by applicable law.

12. Changes to This Policy

We may update this Privacy Policy. When we do, we will revise the effective date above and, for material changes, notify you in the app or by email.

13. Contact

Questions? Email support@kenparsolutions.com.

Note for Chase: this is a drafted starting point, not final legal copy. Before launch, have an attorney review — pay special attention to your legal entity name, state of formation, any CCPA/CPRA “Do Not Sell” disclosures, GDPR representative if targeting the EU, and App Store privacy nutrition label alignment.