Updated on May 27, 2026
Updated on May 27, 2026
Privacy policy
1. Introduction
Challengers Crease (“we,” “us,” or “our”) operates the Challengers Crease mobile application (the “App”) available on iOS and Android. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you download, install, or use our App.
By using Challengers Crease, you agree to the collection and use of information in accordance with this policy.
In plain language: This document tells you what information we collect when you play Challengers Crease, why we collect it, who we share it with, and what rights you have over it.
2. Information We Collect
2.1 Information You Provide Directly
Account information: Account information: Name, email address, username, and password when you register.
Profile data: Any optional profile details you add (e.g. profile picture, display name, country).
Payment information: Processed by Stripe, Apple In-App Purchase, or Google Play Billing. We do not store your full card number.
Communications: Messages you send us via support channels.
2.2 Information Collected Automatically
Gameplay and usage data: Match history, scores, game modes, session length, in-game decisions, feature interactions, and progression.
Device and technical data: Device type, OS version, unique device identifiers (IDFA/GAID — subject to your consent), IP address, app version, crash logs.
Analytics events: How you navigate the App and engage with features — collected via Firebase Analytics, Mixpanel, and Amplitude.
2.3 Information From Third Parties
Social sign-in: If you sign in via Apple or Google, we receive basic profile info as permitted by those platforms.
Advertising networks: Meta (Facebook) SDK may send us aggregated data about ad interactions, subject to your consent and Meta’s privacy policy.
In plain language: We collect what you type in (email, account details), information about how you play (so we can improve the game), and technical info about your device. Payment details go straight to Stripe or Apple/Google — we never hold your card number.
3. How We Use Your Information
Purpose
Create and manage your account
Deliver gameplay and sync progress
Process in-app purchases
Prevent fraud and maintain security
Improve game design and features
Send transactional emails
Send marketing emails
Measure marketing effectiveness
Comply with legal obligations
Respond to support requests
Data Used
Email, username, password
Account info, gameplay data
Payment info (via processors)
Device data, IP, usage patterns
Anonymised gameplay data
Email address
Email address
Device identifiers (with consent)
As required
Email, account info, device data
Legal Basis (GDPR)
Contract performance
Contract performance
Contract performance
Legitimate interest
Legitimate interest
Contract performance
Consent
Consent
Legal obligation
Contract / Legitimate interest
In plain language: We use your information to run the game, process payments, stop cheating, and improve what we build. We only send marketing emails if you’ve opted in, and you can unsubscribe any time.
4. How We Share Your Information
We do not sell your personal information. We share data only with the following third-party processors as necessary to deliver our services:
Third Party
Stripe
Apple IAP
Google Play Billing
Supabase
Firebase (Google)
Amazon Web Services
Ludimos B.V.
Purpose
Payment processing
iOS payment processing
Android payment processing
Backend & authentication
Auth, analytics, crash reporting
Cloud hosting & infrastructure
Core AI algorithm & gameplay data processing
Data Shared
Payment info, billing address
Transaction data
Transaction data
Account info, gameplay data
Account IDs, device data
All app data (encrypted)
Gameplay data, activity data, coaching info, usage patterns, device data
Privacy Policy
stripe.com/privacy
apple.com/legal/privacy
policies.google.com/privacy
supabase.com/privacy
firebase.google.com/support/privacy
aws.amazon.com/privacy
ludimos.com/privacy-policy
We may also disclose your information where required by law, to enforce our Terms of Service, or to protect the safety of our users or the public. If we are involved in a merger or acquisition, your information may be transferred as part of that transaction — we will notify you before your data becomes subject to a different privacy policy.
In plain language: We use outside companies to run parts of our service. We only give them the data they need to do their job. We don’t sell your data to anyone.
5. Cookies and Tracking Technologies
As a mobile app, Challengers Crease does not use browser cookies. However, we and our partners use equivalent mobile tracking technologies:
Mobile advertising identifiers: Mobile advertising identifiers: IDFA (iOS) and GAID (Android) for advertising attribution. You can reset or limit these in your device settings:
iOS: Settings → Privacy & Security → Tracking
Android: Settings → Google → Ads
In-app analytics SDKs: Firebase, Mixpanel, and Amplitude use persistent device identifiers and session tokens to track usage patterns.
Meta SDK: Used to measure ad effectiveness. Data processed in accordance with Meta’s Privacy Policy.
You can opt out of interest-based advertising at any time through your device settings or by contacting us at the address in Section 13.
In plain language: We don’t use cookies (it’s an app, not a website), but similar technology tracks how you use the app and how you found us. You can turn this off in your phone’s settings.
6. Data Retention
Data Type
Account information
Gameplay and progress data
Payment transaction records
Marketing email list
Analytics data
Crash logs and error reports
Support correspondence
Retention Period
Duration + 30 days after deletion
Duration + 30 days after deletion
7 years
Until unsubscribe or deletion request
24 months (anonymised after 12 months)
90 days
24 months
Reason
Service delivery; account recovery
Core service; exportable before deletion
Tax and legal compliance
Ongoing consent
Product improvement
Debugging and stability
Quality assurance
When you delete your account, we begin the deletion process immediately. Some data may be retained in backup systems for up to 90 days before permanent deletion.
In plain language: We keep your account data while you play, plus a short window after you leave in case you change your mind. Payment records stay longer because the law requires it. Everything else gets deleted or anonymised within 2 years.
7. Your Rights (All Users)
Regardless of where you live, you have the right to:
Access: Access your personal data — request a copy of what we hold about you.
Correct: Correct inaccurate data — ask us to fix errors in your information.
Delete: Delete your account and associated data — request erasure of your personal information.
Export: Export your data — receive a copy of your gameplay and account data in a portable format.
Withdraw consent: Withdraw consent for marketing communications — unsubscribe via the link in any email or by contacting us.
To exercise any of these rights, email matthewmcgregor283@gmail.com with the subject line “Privacy Request.” We will respond within 30 days.
In plain language: You’re in control. You can see your data, fix it, download it, or delete it. Just email us.
8. Your Rights Under GDPR (EU / EEA Users)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR).
Legal Bases for Processing
Contract performance: Processing your account, delivering gameplay, handling payments.
Legitimate interests: Fraud prevention, security, product improvement (where our interests do not override your rights).
Consent: Marketing emails, advertising tracking, non-essential analytics.
Legal obligation: Retaining financial records as required by law.
Additional GDPR Rights
Right to restrict processing — ask us to pause processing your data while a dispute is resolved.
Right to object — object to processing based on legitimate interests.
Right to lodge a complaint — contact your national data protection authority (e.g. ICO in the UK, CNIL in France).
International Data Transfers
Your data may be transferred to and processed in countries outside the EEA, including the United States (where AWS, Firebase, Stripe, and others operate). Such transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent safeguards.
Data Protection Contact
For GDPR-related enquiries: matthewmcgregor283@gmail.com — Subject: “GDPR Request”
In plain language: If you’re in the EU, you have extra rights under GDPR. We have a legal reason for every bit of data we process. Your data may move to US servers — it’s protected by legal agreements. Email us if you have questions.
9. Your Rights Under CCPA (California Residents)
If you are a California resident, the California Consumer Privacy Act (CCPA) grants you the following rights:
Right to Know: Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you in the past 12 months.
Right to Delete: Right to Delete: Request deletion of personal information we hold about you, subject to certain exceptions.
Right to Opt-Out: Right to Opt-Out of Sale: We do not sell personal information. However, sharing data with advertising partners (Meta) may constitute a “sale” under CCPA. To opt out, contact us or adjust your device’s advertising settings.
Right to Non-Discrimination: Right to Non-Discrimination: We will not discriminate against you for exercising any CCPA rights.
Categories of personal information collected in the past 12 months:
Category
Identifiers
Commercial information
Internet/network activity
Geolocation data
Inferences
Examples
Name, email address, device ID, IP address
Purchase history, transaction records
Gameplay events, app usage data
Approximate location derived from IP address
Gameplay preferences, skill level
To submit a CCPA request: matthewmcgregor283@gmail.com — Subject: “CCPA Request”
We will verify your identity before processing requests. Authorised agents may submit requests with written permission.
In plain language: California law gives you specific rights over your data. We don’t sell it. You can ask what we have, ask us to delete it, and we can’t punish you for asking.
10. Australian Privacy Act
If you are located in Australia, we handle your personal information in accordance with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs).
You have the right to access and correct personal information we hold about you. If you believe we have breached the APPs, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
Contact us first at matthewmcgregor283@gmail.com — we aim to resolve complaints within 30 days.
11. Children’s Privacy
Challengers Crease is not directed at children under the age of 13 (or under 16 in the EU). We do not knowingly collect personal information from children under these ages.
If you are a parent or guardian and believe your child has provided us with personal information, contact us at matthewmcgregor283@gmail.com and we will delete that information promptly.
In plain language: The app is for adults and older teens. If a child has accidentally created an account, email us and we’ll remove everything immediately.
12. Security
We protect your data using:
Encryption in transit (TLS 1.2+) for all data transmitted between the App and our servers.
Encryption at rest (AES-256) for data stored on AWS infrastructure.
Role-based access controls limiting which team members can access personal data.
Regular security reviews and dependency auditing.
Supabase Row-Level Security (RLS) policies to prevent cross-account data access.
No system is completely secure. In the event of a data breach affecting your personal information, we will notify affected users and relevant authorities within 72 hours as required by applicable law (GDPR Article 33; Australian NDB Scheme).
In plain language: We use industry-standard security. If something goes wrong, we’ll tell you within 72 hours.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
Post the updated policy in the App and on our website.
Update the “Last Updated” date at the top.
Notify you via email or in-app notification if the changes are significant.
Continued use of the App after changes are posted constitutes your acceptance of the revised policy.
14. Contact Us
For any privacy-related questions, requests, or complaints:
Email: rswallace@challengerscrease.com
Subject line: “Privacy Request” (or “GDPR Request” / “CCPA Request” as applicable)
We aim to respond to all requests within 30 days.
This privacy policy was designed to address requirements of the GDPR, CCPA, and Australian Privacy Act. It is not a substitute for legal advice. Consult a qualified privacy attorney before publishing.
1. Introduction
Challengers Crease (“we,” “us,” or “our”) operates the Challengers Crease mobile application (the “App”) available on iOS and Android. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you download, install, or use our App.
By using Challengers Crease, you agree to the collection and use of information in accordance with this policy.
In plain language: This document tells you what information we collect when you play Challengers Crease, why we collect it, who we share it with, and what rights you have over it.
2. Information We Collect
2.1 Information You Provide Directly
Account information: Account information: Name, email address, username, and password when you register.
Profile data: Any optional profile details you add (e.g. profile picture, display name, country).
Payment information: Processed by Stripe, Apple In-App Purchase, or Google Play Billing. We do not store your full card number.
Communications: Messages you send us via support channels.
2.2 Information Collected Automatically
Gameplay and usage data: Match history, scores, game modes, session length, in-game decisions, feature interactions, and progression.
Device and technical data: Device type, OS version, unique device identifiers (IDFA/GAID — subject to your consent), IP address, app version, crash logs.
Analytics events: How you navigate the App and engage with features — collected via Firebase Analytics, Mixpanel, and Amplitude.
2.3 Information From Third Parties
Social sign-in: If you sign in via Apple or Google, we receive basic profile info as permitted by those platforms.
Advertising networks: Meta (Facebook) SDK may send us aggregated data about ad interactions, subject to your consent and Meta’s privacy policy.
In plain language: We collect what you type in (email, account details), information about how you play (so we can improve the game), and technical info about your device. Payment details go straight to Stripe or Apple/Google — we never hold your card number.
3. How We Use Your Information
Purpose
Create and manage your account
Deliver gameplay and sync progress
Process in-app purchases
Prevent fraud and maintain security
Improve game design and features
Send transactional emails
Send marketing emails
Measure marketing effectiveness
Comply with legal obligations
Respond to support requests
Data Used
Email, username, password
Account info, gameplay data
Payment info (via processors)
Device data, IP, usage patterns
Anonymised gameplay data
Email address
Email address
Device identifiers (with consent)
As required
Email, account info, device data
Legal Basis (GDPR)
Contract performance
Contract performance
Contract performance
Legitimate interest
Legitimate interest
Contract performance
Consent
Consent
Legal obligation
Contract / Legitimate interest
In plain language: We use your information to run the game, process payments, stop cheating, and improve what we build. We only send marketing emails if you’ve opted in, and you can unsubscribe any time.
4. How We Share Your Information
We do not sell your personal information. We share data only with the following third-party processors as necessary to deliver our services:
Third Party
Stripe
Apple IAP
Google Play Billing
Supabase
Firebase (Google)
Amazon Web Services
Ludimos B.V.
Purpose
Payment processing
iOS payment processing
Android payment processing
Backend & authentication
Auth, analytics, crash reporting
Cloud hosting & infrastructure
Core AI algorithm & gameplay data processing
Data Shared
Payment info, billing address
Transaction data
Transaction data
Account info, gameplay data
Account IDs, device data
All app data (encrypted)
Gameplay data, activity data, coaching info, usage patterns, device data
Privacy Policy
stripe.com/privacy
apple.com/legal/privacy
policies.google.com/privacy
supabase.com/privacy
firebase.google.com/support/privacy
aws.amazon.com/privacy
ludimos.com/privacy-policy
We may also disclose your information where required by law, to enforce our Terms of Service, or to protect the safety of our users or the public. If we are involved in a merger or acquisition, your information may be transferred as part of that transaction — we will notify you before your data becomes subject to a different privacy policy.
In plain language: We use outside companies to run parts of our service. We only give them the data they need to do their job. We don’t sell your data to anyone.
5. Cookies and Tracking Technologies
As a mobile app, Challengers Crease does not use browser cookies. However, we and our partners use equivalent mobile tracking technologies:
Mobile advertising identifiers: Mobile advertising identifiers: IDFA (iOS) and GAID (Android) for advertising attribution. You can reset or limit these in your device settings:
iOS: Settings → Privacy & Security → Tracking
Android: Settings → Google → Ads
In-app analytics SDKs: Firebase, Mixpanel, and Amplitude use persistent device identifiers and session tokens to track usage patterns.
Meta SDK: Used to measure ad effectiveness. Data processed in accordance with Meta’s Privacy Policy.
You can opt out of interest-based advertising at any time through your device settings or by contacting us at the address in Section 13.
In plain language: We don’t use cookies (it’s an app, not a website), but similar technology tracks how you use the app and how you found us. You can turn this off in your phone’s settings.
6. Data Retention
Data Type
Account information
Gameplay and progress data
Payment transaction records
Marketing email list
Analytics data
Crash logs and error reports
Support correspondence
Retention Period
Duration + 30 days after deletion
Duration + 30 days after deletion
7 years
Until unsubscribe or deletion request
24 months (anonymised after 12 months)
90 days
24 months
Reason
Service delivery; account recovery
Core service; exportable before deletion
Tax and legal compliance
Ongoing consent
Product improvement
Debugging and stability
Quality assurance
When you delete your account, we begin the deletion process immediately. Some data may be retained in backup systems for up to 90 days before permanent deletion.
In plain language: We keep your account data while you play, plus a short window after you leave in case you change your mind. Payment records stay longer because the law requires it. Everything else gets deleted or anonymised within 2 years.
7. Your Rights (All Users)
Regardless of where you live, you have the right to:
Access: Access your personal data — request a copy of what we hold about you.
Correct: Correct inaccurate data — ask us to fix errors in your information.
Delete: Delete your account and associated data — request erasure of your personal information.
Export: Export your data — receive a copy of your gameplay and account data in a portable format.
Withdraw consent: Withdraw consent for marketing communications — unsubscribe via the link in any email or by contacting us.
To exercise any of these rights, email matthewmcgregor283@gmail.com with the subject line “Privacy Request.” We will respond within 30 days.
In plain language: You’re in control. You can see your data, fix it, download it, or delete it. Just email us.
8. Your Rights Under GDPR (EU / EEA Users)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR).
Legal Bases for Processing
Contract performance: Processing your account, delivering gameplay, handling payments.
Legitimate interests: Fraud prevention, security, product improvement (where our interests do not override your rights).
Consent: Marketing emails, advertising tracking, non-essential analytics.
Legal obligation: Retaining financial records as required by law.
Additional GDPR Rights
Right to restrict processing — ask us to pause processing your data while a dispute is resolved.
Right to object — object to processing based on legitimate interests.
Right to lodge a complaint — contact your national data protection authority (e.g. ICO in the UK, CNIL in France).
International Data Transfers
Your data may be transferred to and processed in countries outside the EEA, including the United States (where AWS, Firebase, Stripe, and others operate). Such transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent safeguards.
Data Protection Contact
For GDPR-related enquiries: matthewmcgregor283@gmail.com — Subject: “GDPR Request”
In plain language: If you’re in the EU, you have extra rights under GDPR. We have a legal reason for every bit of data we process. Your data may move to US servers — it’s protected by legal agreements. Email us if you have questions.
9. Your Rights Under CCPA (California Residents)
If you are a California resident, the California Consumer Privacy Act (CCPA) grants you the following rights:
Right to Know: Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you in the past 12 months.
Right to Delete: Right to Delete: Request deletion of personal information we hold about you, subject to certain exceptions.
Right to Opt-Out: Right to Opt-Out of Sale: We do not sell personal information. However, sharing data with advertising partners (Meta) may constitute a “sale” under CCPA. To opt out, contact us or adjust your device’s advertising settings.
Right to Non-Discrimination: Right to Non-Discrimination: We will not discriminate against you for exercising any CCPA rights.
Categories of personal information collected in the past 12 months:
Category
Identifiers
Commercial information
Internet/network activity
Geolocation data
Inferences
Examples
Name, email address, device ID, IP address
Purchase history, transaction records
Gameplay events, app usage data
Approximate location derived from IP address
Gameplay preferences, skill level
To submit a CCPA request: matthewmcgregor283@gmail.com — Subject: “CCPA Request”
We will verify your identity before processing requests. Authorised agents may submit requests with written permission.
In plain language: California law gives you specific rights over your data. We don’t sell it. You can ask what we have, ask us to delete it, and we can’t punish you for asking.
10. Australian Privacy Act
If you are located in Australia, we handle your personal information in accordance with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs).
You have the right to access and correct personal information we hold about you. If you believe we have breached the APPs, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
Contact us first at matthewmcgregor283@gmail.com — we aim to resolve complaints within 30 days.
11. Children’s Privacy
Challengers Crease is not directed at children under the age of 13 (or under 16 in the EU). We do not knowingly collect personal information from children under these ages.
If you are a parent or guardian and believe your child has provided us with personal information, contact us at matthewmcgregor283@gmail.com and we will delete that information promptly.
In plain language: The app is for adults and older teens. If a child has accidentally created an account, email us and we’ll remove everything immediately.
12. Security
We protect your data using:
Encryption in transit (TLS 1.2+) for all data transmitted between the App and our servers.
Encryption at rest (AES-256) for data stored on AWS infrastructure.
Role-based access controls limiting which team members can access personal data.
Regular security reviews and dependency auditing.
Supabase Row-Level Security (RLS) policies to prevent cross-account data access.
No system is completely secure. In the event of a data breach affecting your personal information, we will notify affected users and relevant authorities within 72 hours as required by applicable law (GDPR Article 33; Australian NDB Scheme).
In plain language: We use industry-standard security. If something goes wrong, we’ll tell you within 72 hours.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
Post the updated policy in the App and on our website.
Update the “Last Updated” date at the top.
Notify you via email or in-app notification if the changes are significant.
Continued use of the App after changes are posted constitutes your acceptance of the revised policy.
14. Contact Us
For any privacy-related questions, requests, or complaints:
Email: rswallace@challengerscrease.com
Subject line: “Privacy Request” (or “GDPR Request” / “CCPA Request” as applicable)
We aim to respond to all requests within 30 days.
This privacy policy was designed to address requirements of the GDPR, CCPA, and Australian Privacy Act. It is not a substitute for legal advice. Consult a qualified privacy attorney before publishing.