Privacy Policy
Protecting your personal data is important to us. This Privacy Policy explains what data we collect when you use the Dartist app, how we use it, and what rights you have.
1. Data Controller
2. Overview of Data Processing
Dartist is a darts scoring app supporting various game modes. The app works completely offline - an internet connection is only required for optional features like cloud sync, user accounts, and in-app purchases.
Important: Analytics and crash reports are only collected with your explicit consent (opt-in). You can use the app fully without disclosing any personal data.
3. Legal Basis
We process your data based on the following legal grounds under GDPR:
- Art. 6(1)(a) GDPR (Consent): For analytics, crash reports, and ad tracking
- Art. 6(1)(b) GDPR (Contract Performance): For user accounts, in-app purchases, and cloud sync
- Art. 6(1)(f) GDPR (Legitimate Interest): For fraud detection and security measures
4. What Data We Collect
4.1 Account Data (Optional)
When you create an account, we collect:
- Email address - When registering via email
- Name and profile picture - When signing in via Google or Apple (only if you share them)
- Firebase User ID - Unique identifier for your account
- Gamertag - Self-chosen player name
4.2 Game Statistics
For the core functionality, we store locally:
- Game history and results (X-01, Cricket, Around the World, Bob's 27, Challenge, Checkout)
- Player names and settings
- Statistics and high scores
This data is stored only locally on your device unless you enable cloud sync (Pro users only).
4.3 Purchase Data
For in-app purchases (Pro subscription), we process:
- Transaction IDs
- Purchase date and product
- Subscription status
Payment processing is handled exclusively by Apple (App Store) or Google (Play Store). We do not receive payment details like credit card numbers.
4.4 Usage Data (Consent Required)
If you enable analytics, we track the following events:
- App launches, screen views, and usage duration
- Game events (game started, finished, resumed) including game mode, player count, and duration
- Feature interactions (shop visits, statistics views)
- Settings changes (theme, language, commentary preferences)
- Successful and failed purchases
- Referral code usage
- Sync errors
All analytics events are anonymized and cannot be used to identify individual users. No game scores, player names, or personal gameplay details are transmitted.
4.5 Device Data (Consent Required)
With crash reports enabled, we collect:
- Device type and operating system version
- App version
- Crash logs and error reports
Privacy Filtering: Before crash reports are sent to Firebase Crashlytics, personal data such as email addresses and phone numbers are automatically removed from the logs and replaced with placeholders (e.g., "[EMAIL_REDACTED]").
4.6 Referral System
If you participate in the referral program:
- Your personal referral code
- Number of successful referrals
- Qualification status (games played)
IP Anonymization: For fraud detection, IP addresses are captured during referral actions but are never stored in plain text. Instead, a one-way cryptographic hash (SHA-256) with a static salt is created. This allows detection of suspicious patterns (e.g., multiple registrations from the same network) without storing the original IP address. The hash cannot be reversed to recover the original IP. Referral logs including IP hashes are automatically deleted after 90 days.
4.7 Multiplayer Data
If you use multiplayer features, we process:
- Room membership (which game room you are in)
- Connection status (heartbeat timestamps for detecting disconnections)
- Turn data (game actions within a multiplayer session)
This data is stored temporarily in Firebase Realtime Database and is deleted when the game room is closed.
5. Third-Party Services
5.1 Firebase (Google)
We use Firebase for:
| Service | Purpose | Consent Required |
|---|---|---|
| Firebase Authentication | Manage user accounts | No (when creating account) |
| Firebase Analytics | Usage statistics | Yes (opt-in) |
| Firebase Crashlytics | Crash reports | Yes (opt-in) |
| Cloud Firestore | Cloud synchronization | No (when using) |
| Firebase Cloud Functions | Server-side validation (referrals, account deletion) | No (when using) |
| Firebase Storage | Cloud data storage | No (when using) |
| Firebase Realtime Database | Multiplayer game rooms | No (when using) |
| Firebase Remote Config | Feature flags and app configuration | No (automatic) |
Firebase Privacy Policy: https://firebase.google.com/support/privacy
5.2 RevenueCat
For managing in-app purchases, we use RevenueCat as a data processor:
- Receipt verification
- Subscription management
- Entitlement synchronization
Data Transfer: When you sign in, your Firebase User ID is transmitted to RevenueCat to associate purchases with your account. No email addresses or passwords are transferred.
Privacy Policy: https://www.revenuecat.com/privacy
5.3 Google AdMob
Free users see advertisements from Google AdMob. The following may be collected:
- Device identifiers (IDFA/GAID - only with consent on iOS)
- Ad interactions
- Approximate location (city level)
Pro users do not see advertisements.
Privacy Policy: https://policies.google.com/privacy
5.4 Apple Sign-In / Google Sign-In
When using these sign-in services, your name and email address (depending on your settings) are transmitted.
6. iOS App Tracking Transparency (ATT)
On iOS devices (iOS 14.5 and later), we ask for your permission before using advertising identifiers (IDFA) for personalized ads. You can revoke this consent at any time in your iOS Settings.
7. Data Storage
7.1 Local Storage
Game statistics, settings, and game history are stored locally on your device (Hive database). This data does not leave your device unless you enable cloud sync.
7.2 Cloud Storage
If you create an account and are a Pro user, your data is stored on Google Firebase servers (Cloud Firestore). Servers are located in the EU and USA.
7.3 Data Transfers to Third Countries
Data may be transferred to the USA (Firebase, RevenueCat). Transfers are based on:
- EU Standard Contractual Clauses
- EU Commission Adequacy Decision (Data Privacy Framework)
8. Your Rights
Under GDPR, you have the following rights:
8.1 Right of Access (Art. 15 GDPR)
You can request information about the personal data we process about you.
8.2 Right to Rectification (Art. 16 GDPR)
You can request correction of inaccurate data.
8.3 Right to Erasure (Art. 17 GDPR)
You can request deletion of your data. In the app, you can completely delete your account under: Settings → Account → Delete Account. This permanently deletes all cloud data.
8.4 Right to Restriction (Art. 18 GDPR)
You can request restriction of processing.
8.5 Right to Data Portability (Art. 20 GDPR)
You can receive your data in a structured format. In the app, go to Settings → Privacy → Export Data to download all data stored about you as a machine-readable JSON file. The export includes:
- All local game records and statistics
- Settings and preferences
- Purchase history
- Referral data
- Consent preferences
- Cloud data (if account exists)
8.6 Right to Object (Art. 21 GDPR)
You can object to processing of your data.
8.7 Withdrawal of Consent
You can withdraw consent at any time:
- Analytics/Crashlytics: In the app under Settings → Privacy
- iOS Tracking: In iOS System Settings under Privacy → Tracking
8.8 Right to Complain
You have the right to lodge a complaint with a data protection supervisory authority.
9. Data Security
We implement technical and organizational measures to protect your data:
- Encrypted data transmission (TLS/SSL)
- Secure authentication via Firebase
- No password storage in the app
- Rate limiting to prevent abuse
- Server-side purchase validation
- Local Encryption: Sensitive data such as purchase information and settings are encrypted locally using AES-256. Encryption keys are securely stored in iOS Keychain or Android Keystore.
- IP address anonymization through cryptographic hashing
- Automatic PII filtering before error report transmission
10. Retention Periods
| Data Type | Retention Period |
|---|---|
| Account data | Until account deletion |
| Game statistics (local) | Until app uninstall or manual deletion |
| Game statistics (cloud) | Until account deletion |
| Analytics data | 2-14 months (Firebase default settings) |
| Purchase data | 10 years (legal retention requirement) |
| Referral logs | 90 days (automatic deletion) |
| IP hashes (fraud detection) | 90 days (deleted with referral logs) |
11. Children
The app is not directed at children under 16 years of age. We do not knowingly collect personal data from children under 16. If we learn that we have collected data from a child under 16, we will delete it immediately.
12. Additional Rights for California Residents (CCPA)
If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA):
- Right to Know: You can request information about what personal data we have collected about you.
- Right to Delete: You can request deletion of your personal data (already available via account deletion).
- Right to Opt-Out ("Do Not Sell My Personal Information"): We do not sell personal data to third parties. Data sharing with third-party services (Firebase, RevenueCat, AdMob) is solely for providing app functionality and does not constitute a "sale" under CCPA.
- Right to Non-Discrimination: You will not be discriminated against for exercising your CCPA rights.
To exercise your CCPA rights, contact us at the email address provided below.
13. Changes to This Privacy Policy
We reserve the right to update this Privacy Policy as needed. We will notify you of significant changes within the app. The current version is always available on this page.
14. Contact
For questions about data protection or to exercise your rights, contact us: