PRIVACY POLICY

Last updated: May 28, 2026

This Privacy Policy describes how Carrom ("we", "our", "the app") collects, uses, and protects your information when you use our mobile application.

1. Information We Collect

Carrom collects the following data to provide and improve our gaming experience, including online multiplayer features:

• Firebase Authentication: An anonymous user ID is assigned automatically. If you choose to link your account via Apple Sign-In or Google Sign-In, we also receive your email address and display name from that provider.
• Cloud Firestore (Online Profile): Display name, avatar selection, ELO rating, tier/rank, online match history (wins/losses), friend list, friend codes, blocked users list, and referral status — stored on Google Cloud servers to enable online multiplayer features.
• Local Game Data: Game progress, coins, settings, achievements, and daily challenge state — stored locally on your device via SharedPreferences.
• Firebase Analytics: Anonymous usage data including gameplay sessions, feature usage, and in-game events. This data is not linked to your identity.
• Firebase Crashlytics: Crash reports and device information (OS version, device model) used to diagnose and fix app stability issues.
• Cloud Functions: Server-side processing of profile updates, matchmaking, and match result validation.

2. How We Use Information

• To authenticate you and maintain your online profile across devices
• To enable online multiplayer matchmaking, ELO ranking, and leaderboards
• To manage your friend list and social features
• To save your local game progress on your device
• To understand how players use the game and improve the experience
• To identify and fix crashes and bugs
• To prevent cheating and enforce fair play in online matches

3. Third-Party Services

We use the following third-party services that may collect or process data:

• Google Firebase (Authentication, Cloud Firestore, Analytics, Crashlytics, Cloud Functions) — Privacy Policy
• Apple Sign-In (optional account linking) — Privacy Policy
• Google Sign-In (optional account linking) — Privacy Policy

These services may collect device identifiers and usage data subject to their own privacy policies. We do not sell your data to any third party.

4. Data Storage & Security

• Local data (game progress, settings) is stored on your device via SharedPreferences and is removed when you uninstall the app.
• Online profile data (display name, ELO, match history, friends) is stored in Google Cloud Firestore and is encrypted in transit (TLS) and at rest.
• Authentication data is managed by Firebase Authentication and stored securely by Google.

We implement industry-standard security measures and rely on Google Firebase's infrastructure, which is compliant with ISO 27001, SOC 1, SOC 2, and SOC 3.

5. Account Creation & Authentication

Online multiplayer features require an account. When you first use online features, an anonymous Firebase account is created automatically — no personal information is required. You may optionally link your account to Apple ID or Google to preserve your progress across devices. Linking your account will associate your email address with your game profile.

Single-player modes (vs AI, Local 2-Player, Freestyle, Trick Shots, Career) do not require an account and can be used without any data being sent to our servers.

6. Online Features & Multiplayer Data

When you use online multiplayer, the following data is stored in Cloud Firestore and may be visible to other players:

• Display name and avatar
• ELO rating and tier/rank
• Win/loss record
• Friend list (friend codes you have added)

Your email address and authentication credentials are never visible to other players.

7. Children's Privacy

Carrom is rated 9+ due to online multiplayer features that allow interaction with strangers. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided personal information to us, please contact us at support@carromgame.app and we will delete the data promptly. Single-player modes do not require any account creation or personal data.

8. Data Retention

• Local game data: Retained on your device until you uninstall the app.
• Online profile (Firestore): Retained until you delete your account. You can delete your account from within the app at Settings > Delete Account.
• Firebase Analytics: 14 months (Google's default retention period).
• Firebase Crashlytics: 90 days.
• Firebase Authentication records: Retained until account deletion is requested.

9. Your Rights (Including Account Deletion)

• You can delete your account and all associated online data directly within the app: Settings > Delete Account. This permanently removes your profile, match history, friends, and authentication record from our servers.
• You can delete local game data by uninstalling the app.
• Note: Anonymous analytics data (retained for 14 months) and crash report data (retained for 90 days) are not individually deletable but expire automatically per the retention periods described in Section 8. This data is not linked to your identity.
• You can request a copy of your data or ask questions about your data by contacting support@carromgame.app.
• You can unlink Apple or Google Sign-In from within the app settings at any time.

10. GDPR Compliance (EU Users)

If you are in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation:

• Right of access: Request a copy of the personal data we hold about you.
• Right to rectification: Update or correct your display name and profile.
• Right to erasure: Delete your account and all associated data via Settings > Delete Account, or by contacting us.
• Right to data portability: Request your data in a machine-readable format.
• Right to object: Opt out of analytics data collection via your device's privacy settings.

Our legal basis for processing your data is: (a) performance of a contract (to provide online gameplay), and (b) legitimate interests (to improve app stability and experience via analytics and crash reports). Firebase implements Standard Contractual Clauses for international data transfers from the EEA.

11. CCPA Compliance (California Users)

Under the California Consumer Privacy Act, California residents have the right to:

• Know what personal data we collect and how it is used.
• Request deletion of your personal data (via in-app account deletion or by contacting us).
• Opt out of the sale of personal information. We do not sell your personal information.
• Non-discrimination for exercising your privacy rights.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via an in-app notice or an app update. The "Last updated" date at the top of this page indicates the most recent revision. Continued use of the app after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or want to request account or data deletion, contact us at:

Email: support@carromgame.app