DoopleDeck

Privacy Policy

Effective date: 1 June 2026

DoopleDeck is a mobile card game developed by an independent developer based in the United Kingdom. This policy explains what data the app collects, why, and how it is handled. The short version: I collect very little, I don't sell anything, and there are no ads.

1. What I Collect

DataPurpose
Anonymous user IDCreated automatically by Firebase Authentication. No email, password, or personal identity is required. Your account is tied to your device.
Display nameA name you choose, shown to other players in lobbies, leaderboards, and friend lists. You can change it at any time in Settings.
AvatarEither a pre-made character you select, or a photo you upload from your device. Stored securely in Firebase Storage.
Friend codeA unique code (e.g. PUB-XXXX) so other players can add you as a friend. Generated automatically.
Gameplay dataGame results, scores, achievements, XP, win streaks, chip balances, and match history. Used to track your progress and populate leaderboards.
Bug reportsWhen you submit a bug report, the app attaches your user ID, display name, device model, operating system version, and app version. This helps me diagnose issues.

2. What I Don't Collect

I do not collect your real name, email address, phone number, location, contacts, browsing history, or any payment information. The app contains no advertising, no analytics SDKs beyond Firebase, and no third-party trackers.

3. How Your Data Is Used

Your data is used solely to make the app work: signing you in, saving your progress, matching you with friends, displaying leaderboards, and processing bug reports. I do not sell, rent, or share your data with any third party for marketing or advertising purposes.

4. Third-Party Services

Firebase (Google)

The app uses Firebase for authentication, database storage (Firestore and Realtime Database), and file storage (Firebase Storage for avatar photos). Firebase processes data on servers located in the EU and/or US. Google's privacy policy applies to their infrastructure: policies.google.com/privacy

If push notifications are added in a future update, Firebase Cloud Messaging will be used. This would require a device token — you would be asked for permission before notifications are enabled.

5. Data Retention

Your profile, game history, and achievements are kept for as long as your account exists. Bug reports are retained until the reported issue is resolved, then deleted. If you delete your account (Settings → Account → Delete Account), your profile document and authentication record are permanently removed. Achievement and match history subcollections may remain as orphaned data but are inaccessible without your authentication token.

6. Account Deletion

You can delete your account at any time from within the app: Settings → Account → Delete Account. This is a two-step confirmation process. Deletion removes your Firestore profile and Firebase Authentication record. Because authentication is anonymous, this action is permanent and irreversible — there is no way to recover a deleted account.

7. Children's Privacy

DoopleDeck is not directed at children under the age of 13. I do not knowingly collect personal information from children. The app uses anonymous authentication with no age verification. If you believe a child under 13 has provided data through the app, please contact me and I will take steps to remove it.

8. Your Rights (UK GDPR)

Under UK data protection law, you have the right to access, correct, or delete the personal data I hold about you. Because the app uses anonymous authentication, the data I hold is limited to what's described above and is not linked to your real-world identity unless you choose to upload a recognisable photo or use your real name as your display name.

To exercise any of these rights, contact me using the details below. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

9. Data Security

All data is transmitted over HTTPS. Database access is controlled by Firebase Security Rules, ensuring players can only read and write their own data. Avatar images are stored in Firebase Storage with access rules tied to the authenticated user.

10. Changes to This Policy

If this policy is updated, the revised version will be posted at this URL with a new effective date. Continued use of the app after changes are posted constitutes acceptance of the updated policy.

11. Contact

If you have questions about this privacy policy or your data, contact me at:

Email: dacoo32@outlook.com