Privacy Policy

Last updated: May 2, 2026

This Privacy Policy describes how MindFlip ("we", "us", "our") collects, uses, and shares information about you when you use the MindFlip mobile and web applications (the "Service"). We are committed to protecting your privacy and complying with the Personal Information Protection and Electronic Documents Act (PIPEDA), Ontario's privacy laws, and, where applicable, the European Union's General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA).

1. Information We Collect

1.1 Information You Provide

• Account information. When you sign in via Google, Apple, or Facebook, we receive your email address, display name, and a unique account identifier from the provider. You may also choose a username and upload an avatar.
• Game data. Your scores, completed boards, friend connections, in-app purchase records, daily-puzzle plays, and shared-game submissions.
• Communications. If you email us at support@mindflipgame.app, we retain that correspondence to provide support and improve the Service.

1.2 Information Collected Automatically

• Device and connection information. When you use the Service, our servers receive your IP address, user agent (browser or app version), and request timestamps. These are used for security and service operation; they are retained in operational logs for approximately 30 days.
• Crash and error reports. If the app encounters an error, our crash-reporting tool (Sentry) records the error message, stack trace, and the URL, method, and HTTP status of recent network requests. Crash reports are tagged with your account identifier so we can investigate issues affecting you, and with your account tier (guest, registered, or full) so we can prioritize fixes. We automatically redact any authentication tokens or "Bearer" headers from these reports before they leave your device.
• Local storage. The app stores your authentication token, settings, and unsynced game progress on your device using your platform's standard secure storage (iOS Keychain, Android SharedPreferences, browser IndexedDB or localStorage). We do not use marketing or advertising cookies.

2. How We Use Your Information

We use the information we collect to:

• Operate the Service: authenticate you, save your scores, sync your progress across devices, and process in-app purchases.
• Build leaderboards and friend systems. Your participation in leaderboards is controlled by a privacy setting in the app (Public, Friends Only, or Anonymous).
• Provide customer support when you contact us.
• Detect and prevent fraud, abuse, and security incidents.
• Diagnose and fix bugs and crashes.
• Comply with legal obligations.

We do not sell your personal information. We do not use your information for advertising or share it with advertising networks.

3. Legal Basis (PIPEDA and GDPR)

We collect and use your information based on:

• Consent: when you sign in, choose a username, opt into a leaderboard visibility level, or send a friend request, you consent to the related processing.
• Contract performance: to operate your account and process any purchases you make.
• Legitimate interest: to operate, secure, and improve the Service, including fraud prevention.

4. Third Parties We Share Information With

We share information only with service providers who help us operate the Service, and only to the extent necessary. These providers are bound by their own privacy policies and contractual data protection obligations.

• Google Firebase Authentication (Google LLC): handles sign-in via Google, Apple, or Facebook. Firebase Privacy Policy.
• Sentry (Functional Software, Inc.): receives anonymized crash and error reports as described above. Sentry Privacy Policy.
• Apple App Store (Apple Inc.): processes in-app purchases on iOS and validates receipts. Apple Privacy Policy.
• Google Play (Google LLC): processes in-app purchases on Android and validates receipts. Google Privacy Policy.
• Stripe (Stripe, Inc. / Stripe Payments Canada Ltd.): processes web purchases. We do not receive or store your full payment card information. Stripe Privacy Policy.
• UptimeRobot (IIS GmbH): performs external availability checks on our public health endpoints. No user data passes through this provider.
• Fastmail (Fastmail Pty Ltd): hosts our support inbox. Used only when you email us. Fastmail Privacy Policy.

We may also disclose information if required by law, court order, or to protect the rights, property, or safety of MindFlip, our users, or others.

5. International Data Transfers

The service providers listed above may process your information in jurisdictions other than Canada, including the United States and the European Union. These providers are contractually required to provide a level of data protection consistent with applicable Canadian and EU law.

6. Data Retention

• Account data: retained while your account is active. When you delete your account, we delete or anonymize your personal information within 30 days, except where retention is required by law (for example, transaction records for tax purposes).
• Game scores and leaderboard entries: retained until account deletion, then anonymized.
• Crash reports: retained for approximately 90 days.
• Server logs: retained for approximately 30 days.

7. Your Rights

Subject to applicable law, you have the right to:

• Access the personal information we hold about you.
• Correct any inaccurate information.
• Delete your account and associated information.
• Export a portable copy of your data.
• Withdraw consent for processing based on consent.
• Object to or restrict certain processing (GDPR users only).
• Lodge a complaint with the Office of the Privacy Commissioner of Canada or your applicable EU data protection authority.

To exercise any of these rights, email us at support@mindflipgame.app. We will respond within 30 days.

You can also request account deletion directly from within the app (Settings -- Account -- Delete Account) or through the App Store and Google Play account-deletion options provided by those platforms.

8. Children

MindFlip is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we learn we have collected information from a child under 13, we will delete it promptly. In the European Union, this age threshold is 16 (or the lower threshold set by your member state). If you believe a child has provided us with personal information, please contact us at support@mindflipgame.app.

9. Security

We use industry-standard measures to protect your information, including TLS encryption for data in transit and access controls on our servers. However, no system is perfectly secure. We cannot guarantee the absolute security of your information, and you use the Service at your own risk.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top. For material changes, we will provide additional notice (for example, an in-app message or an email if you have provided one). Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

11. Contact Us

For privacy questions, requests, or complaints, contact:

MindFlip
Email: support@mindflipgame.app
Jurisdiction: Ontario, Canada