Privacy Policy

Effective Date: 2025-10-20

This Privacy Policy describes how doodleX collects, uses, discloses, and safeguards personal information when you use the doodleX mobile and web applications, websites, and related services (collectively, the “Services”). By using the Services, you agree to this Policy.

Scope

This Policy applies to users worldwide. Additional notices may apply based on your region (e.g., EEA/UK under GDPR, California under CCPA/CPRA). Where local laws provide stronger protections, we will follow those laws.

Information We Collect

• Account and Profile Data: username, display name, avatar, email (if you register or sign in), password (hashed), and player preferences. [If social login is enabled, we receive profile basics permitted by your provider.]
• Gameplay and Content: room IDs, game events, drawing strokes and guesses, chat messages, scores, friends/invites, and moderation flags consistent with community guidelines.
• Technical and Device Data: app version, OS version, device model, unique device identifiers, IP address, language, time zone, crash logs, performance metrics.
• Usage and Analytics: session timestamps, features used, in-app interactions, referral sources, engagement and retention metrics.
• Payments and Purchases: transaction IDs, product SKUs, timestamps, and non-sensitive billing metadata via app store processors; we do not receive full card data.
• Support and Communications: messages sent to support, bug reports, email communications, feedback forms.
• Cookies and Similar Technologies (web): session cookies, authentication tokens, analytics cookies, and local storage necessary for functionality and measurement.

Sources of Information

• Directly from you when you create an account, play, communicate, or make purchases.
• Automatically from your device when you access the Services.
• From third parties: analytics providers, crash reporters, ad networks (if enabled), and payment processors.

How We Use Information

• Provide and operate the Services: matchmaking, rooms, WebSocket gameplay, leaderboards, moderation, and social features.
• Improve performance, stability, and safety: debugging, crash analysis, anti-cheat, and abuse prevention.
• Personalize experience: saved preferences, language, recommended rooms, and content.
• Communications: service updates, security alerts, policy changes, and—with consent or where permitted—marketing messages.
• Analytics and Research: usage metrics, A/B testing, product decisions.
• Compliance: legal obligations, dispute resolution, enforcement of Terms.

Legal Bases for Processing (EEA/UK)

• Contract: to deliver core functionality you request.
• Legitimate Interests: security, fraud prevention, analytics, service improvement, and customer support (balanced against your rights).
• Consent: where required for marketing, certain cookies, or personalized ads.
• Legal Obligation: to comply with applicable laws.

Sharing and Disclosure

• Service Providers (Processors): hosting (e.g., cloud VPS), content delivery, analytics (e.g., privacy-focused analytics or [provider]), crash reporting (e.g., [provider]), email delivery, moderation tools. Providers are bound by contracts and process data on our instructions.
• Payment Partners: app stores or payment gateways process your payments and share transaction confirmations with us.
• Advertising Partners (if enabled): ad networks may receive device identifiers and performance metrics; you can opt out or withdraw consent where required.
• Legal and Safety: to comply with law, enforce our Terms, or protect rights, property, and safety of users or the public.
• Business Transfers: in mergers, acquisitions, or asset sales, subject to this Policy’s protections.

International Transfers

We may process and store your information in countries outside your own. When transferring personal data internationally, we implement appropriate safeguards (e.g., Standard Contractual Clauses) as required by law.

Data Retention

• Account data: retained while your account is active and for a reasonable period thereafter for backup, auditing, legal, and fraud-prevention purposes.
• Gameplay logs: retained for operational, anti-abuse, and analytics needs on a time-limited basis.
• Crash and analytics data: retained per our analytics/crash tools’ configured windows.
• Support communications: retained as necessary to support you and maintain records.

Security

We apply administrative, technical, and organizational measures appropriate to the risk, including access controls, encryption in transit, network security, and monitoring. No system is 100% secure; promptly notify us of any suspected security incident.

Your Rights

• Access/Portability: request a copy of your personal data.
• Rectification: correct inaccurate or incomplete data.
• Deletion: request deletion where legally permitted.
• Restriction/Objection: restrict or object to certain processing, including direct marketing.
• Consent Withdrawal: withdraw consent at any time (does not affect prior lawful processing).
• Complaint: you may complain to your local data protection authority.

Submit requests via the contact details below. We may need to verify your identity.

California Privacy Notice (CCPA/CPRA)

• Categories collected: identifiers (e.g., username, device IDs), internet/network activity, geolocation (approximate), in-app purchase data, and inferences for personalization.
• Sources: as described above.
• Business/Commercial purposes: as described above.
• Sharing/Selling: we do not “sell” personal information for money. If we use ad networks or cross-context behavioral advertising, that may be a “share” under CPRA; you can opt out via in-app settings or by contacting us.
• Your rights: know, delete, correct, opt-out of sharing/sale, non-discrimination for exercising rights.

Children’s Privacy

The Services are not directed to children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children under this age. If you believe a child has provided personal information, contact us for deletion.

Cookies and Tracking Technologies

We use essential cookies for authentication and security. With consent where required, we may use analytics cookies for measuring usage and improving features. On web, you can manage preferences via browser settings and any provided cookie banner.

User-Generated Content and Moderation

Drawings, guesses, usernames, and chat may be visible to other players in your room. We may use automated and manual review to enforce community guidelines and prevent abuse.

Third-Party Links and Integrations

Our Services may link to third-party sites or include SDKs (e.g., analytics, crash reporting, ads). Their practices are governed by their policies. Review their privacy policies before use.

Data Controller

[Company/Developer Legal Name], [Registered Address], [Country]. If operating as a sole developer, include a valid business contact and jurisdiction details appropriate for app stores.

Contact Us

Email: [ahmed.nader1994@gmail.com]

Postal: [Address Line 1], [City], [Postal Code], [Country]

Changes to This Policy

We may update this Policy to reflect changes to our practices or legal requirements. We will post updates here and revise the “Effective Date.” Material changes may be communicated in-app or via email where appropriate.

Region-Specific Addenda

We may provide addenda for specific jurisdictions (e.g., EEA/UK, California, Brazil). If an addendum conflicts with this Policy, the addendum controls for residents of that region.