Privacy Policy for Kracked

Effective date: [INSERT DATE]

1. Introduction

Welcome to Kracked ("Kracked," "we," "our," or "us"). Kracked is a puzzle and game mobile application operated in the United States by its operators, Aakash Gnanakumar and Arjun Ponnala ("the Operators"). This Privacy Policy explains—in plain but formal language—what personal data we collect, why we collect it, how we use it, how long we keep it, and the safeguards in place to protect it. By accessing or using Kracked, you acknowledge that you have read and understood this Policy.

IMPORTANT: This Policy does not create any legal obligations on our part beyond those required by applicable law. We make no warranties or representations regarding our data practices, and you use Kracked at your own risk.

2. What Information We Collect and Why

Authentication Information:

  • Email Address – We collect your email address when you sign in using Google Sign-In. Your email is used solely for (a) account authentication and identification, (b) account recovery, and (c) sending important service-related communications. Your email is stored securely and is never visible to other users.
  • User ID (Firebase UID) – When you create an account, Firebase generates a unique alphanumeric identifier. This User ID is used to associate your account with your activity, content, and preferences. It is not publicly visible but is used internally to manage your account.

Profile Information:

  • Username – You may select a unique username that will be displayed publicly with your games, comments, and profile. Usernames must comply with our Community Guidelines and Terms of Service.
  • Profile Picture – If you choose to use a profile picture (which may be imported from your Google account), it will be displayed publicly on your profile and with your content. You may change or remove your profile picture at any time.

Game Activity Data:

  • Game History – We record every game you play, including:
    • Games completed (with completion time, attempts, and timestamps);
    • Games skipped (with timestamps);
    • Games attempted but not completed (with timestamps);
    • Your performance statistics (average time per game, streaks, total games played).
  • Game Preferences – We store precomputed game recommendations based on your activity to personalize your experience.
  • Purpose: This data enables us to (a) track your progress and statistics, (b) provide personalized game recommendations, (c) display your game history, and (d) improve our game algorithms and user experience.

User-Generated Content:

  • Games and Puzzles – If you create games or puzzles, we store the game data, including questions, answers, difficulty levels, and metadata. User-generated games become part of Kracked's content library and may be played by other users.
  • Comments – When you comment on games, we store your comment text, username, profile picture, and timestamp. Comments are publicly visible.
  • Purpose: This content enables social interaction and community engagement on Kracked.

Social Interaction Data:

  • Following/Followers – We store relationships between users who follow each other, including User IDs and timestamps. This enables you to see games from users you follow and allows others to see your games.
  • Likes – We record when you like games or comments, including the User ID of the liker and the liked content. Like counts are publicly visible, but individual like associations are stored internally.
  • Blocking – If you block another user, we store the relationship between your User ID and the blocked user's User ID to prevent further interaction.
  • Purpose: This data enables social features, content discovery, and user safety.

Communication Data:

  • Direct Messages – If you send or receive direct messages through Kracked, we store message content, sender and recipient User IDs, timestamps, and conversation metadata. Messages are private between participants.
  • Notifications – We store in-app notifications, including notification type (follow, like, comment, etc.), sender User ID, related content, and read status.
  • Purpose: This data enables communication between users and keeps you informed of activity related to your content.

Push Notification Data:

  • FCM Token – If you opt in to push notifications, we store a Firebase Cloud Messaging (FCM) token associated with your device. This token is used solely to deliver push notifications to your device. You may opt out at any time, and we will remove your FCM token.
  • Purpose: To send you push notifications about activity on your games, comments, or profile.

Analytics and Performance Data:

  • Usage Statistics – We collect aggregate, anonymized data about how users interact with Kracked, including feature usage, game completion rates, and performance metrics. This data cannot be traced back to individual users.
  • Device Information – We may collect basic device information (device type, operating system version) to ensure compatibility and improve performance. This information is anonymized and aggregated.
  • Purpose: To understand how Kracked is used, identify bugs, improve performance, and develop new features.

What We Do NOT Collect:

We do not collect:

  • Precise geolocation data;
  • Contact lists or address books;
  • Payment or financial information (Kracked is currently free);
  • Biometric data;
  • Health or fitness data;
  • Advertising identifiers for third-party advertising (we do not serve ads);
  • Data from users under 13 years of age (we do not knowingly collect data from children).

3. How We Use Your Information

Service Operation:

  • Authentication & Account Management – Email addresses and User IDs enable account creation, login, and account recovery.
  • Game Functionality – Game history and preferences enable personalized game recommendations, progress tracking, and statistics display.
  • Social Features – Following, likes, comments, and messages enable social interaction and content discovery.

Safety & Moderation:

  • Content Moderation – We use User IDs, usernames, and content to enforce our Community Guidelines, respond to abuse reports, and take action against violations.
  • Blocking – Blocking data prevents unwanted interactions between users.

Service Improvement:

  • Analytics – Aggregate, anonymized data helps us understand usage patterns, identify popular features, and improve game quality.
  • Bug Fixes – Error logs and performance data help us identify and fix technical issues.

Legal Compliance:

  • Legal Process – We may disclose information when required by valid legal process (e.g., court order, subpoena, or search warrant) and will attempt to notify you unless prohibited by law.

We do NOT:

  • Sell your personal data to third parties;
  • Use your data for third-party advertising;
  • Share your personal data with data brokers;
  • Use your data for purposes unrelated to Kracked's operation.

4. Data Retention

Account Data:

  • Email, User ID, Username, Profile Picture – Retained until you delete your account. We do not automatically delete accounts for inactivity, but we reserve the right to delete inactive accounts after extended periods.

Game History:

  • Game Activity Data – Retained until you delete your account. Upon account deletion, all game history is permanently erased.

User-Generated Content:

  • Games You Create – User-generated games are permanently deleted when you delete your account, as detailed in our Terms of Service.
  • Comments – Comments are retained until you delete your account or we remove them for violations. Upon account deletion, all your comments are permanently erased.
  • Messages – Direct messages are retained until you delete your account or the conversation is deleted by all participants.

Social Data:

  • Following/Followers, Likes, Blocking – Retained until you delete your account or remove the relationship (e.g., unfollow, unlike, unblock). Upon account deletion, all social relationships are permanently erased.

Push Notification Data:

  • FCM Tokens – Retained until you opt out of push notifications or delete your account. You may opt out at any time through your profile settings.

Analytics Data:

  • Aggregate, Anonymized Data – Retained indefinitely for service improvement purposes. This data cannot be traced back to individual users.

Backup Data:

  • Data may exist in encrypted backups for a limited period after deletion. Backup data is automatically purged according to our retention schedule, typically within 30-90 days.

Legal Holds:

  • We may retain certain data longer if required by law, legal process, or to protect our rights or the rights of others.

5. Where Your Data Is Processed and Stored

Primary Storage:

All data is processed and stored exclusively in the United States using Google Firebase services (Firestore, Authentication, Cloud Messaging). Firebase is operated by Google LLC, a U.S. company subject to U.S. laws.

Data Transfers:

  • We do not intentionally transfer personal data outside U.S. borders;
  • Firebase may replicate data across multiple U.S. data centers for redundancy and performance;
  • If you access Kracked from outside the United States, your data will still be stored in the United States.

Third-Party Services:

  • Google Firebase – Provides infrastructure, authentication, database, and messaging services. Google's privacy practices are governed by their own privacy policies.
  • Google Sign-In – Handles authentication. Google's privacy practices are governed by their own privacy policies.

IMPORTANT DISCLAIMER: We rely on third-party services (including Google Firebase) for data storage and processing. We are not responsible for, and disclaim all liability for, any data breaches, security incidents, data loss, or unauthorized access that occurs on third-party systems, including Firebase. You acknowledge that data storage and security are handled by third parties, and we have no control over their security practices beyond what they provide through their services.

6. How We Share Information

Service Providers:

  • Google Firebase (United States) – Receives all user data as our infrastructure provider. Firebase processes data under their own terms of service and privacy policy. We have no control over Firebase's data practices beyond their standard service agreements.
  • Google Sign-In (United States) – Receives authentication requests and returns authentication tokens. Google's privacy practices are governed by their own privacy policies.

Legal Authorities:

  • We may disclose information when required by valid legal process (e.g., court order, subpoena, search warrant, or other legal requirement). We will attempt to notify you of such requests unless prohibited by law or court order.

Business Transfers:

  • In the event of a merger, acquisition, sale of assets, or bankruptcy, your data may be transferred to the acquiring entity. We will notify you of such transfers if required by law.

With Your Consent:

  • We may share information with third parties if you explicitly consent to such sharing.

We NEVER:

  • Sell your personal data to advertisers, marketers, or data brokers;
  • Share your personal data with third parties for their own marketing purposes;
  • Share your personal data with other users except as necessary for Kracked's social features (e.g., displaying your username with your games or comments).

7. Security Measures

Third-Party Infrastructure:

All data is handled by Google Firebase, which means Firebase is in sole control of data security, encryption, access controls, backup procedures, and data loss prevention. Kracked and the Operators are not responsible for, and disclaim all liability for, any security incidents, data breaches, unauthorized access, data loss, theft, corruption, or other security failures that occur on Firebase's systems or through Firebase's services.

Our Limited Security Measures:

  • Access to Firebase projects is restricted to the Operators through Google Cloud Identity and Access Management (IAM) with multi-factor authentication;
  • Firestore security rules limit read/write operations to authenticated sessions and enforce user-level data isolation;
  • We do not implement custom encryption algorithms or bespoke protection layers beyond those supplied by Google Firebase.

No Security Guarantees:

  • We make no warranties or representations regarding the security of your data;
  • No method of transmission over the Internet or electronic storage is 100% secure;
  • We cannot guarantee absolute security and disclaim all liability for security breaches;
  • You use Kracked and transmit data at your own risk.

Your Responsibility:

  • You are responsible for maintaining the security of your account credentials;
  • You are responsible for all activity that occurs under your account;
  • You must immediately notify us of any unauthorized access to your account.

8. Your Privacy Choices and Rights

Account Management:

  • Update Information – You may update your username, profile picture, and notification preferences at any time through your profile settings.
  • Delete Account – You may delete your account at any time through the in-app settings. Upon account deletion:
    • All personal data (email, User ID, username, profile picture) is permanently erased;
    • All user-generated content (games, comments, messages) is permanently deleted;
    • All game history and statistics are permanently erased;
    • All social relationships (following, followers, likes, blocks) are removed;
    • Your FCM token is removed;
    • Deletion is permanent and cannot be undone.

Push Notifications:

  • Opt-In – You may opt in to push notifications through your profile settings or when prompted in-app.
  • Opt-Out – You may opt out of push notifications at any time through your profile settings. Opting out will remove your FCM token.

Content Control:

  • Delete Comments – You may delete your own comments at any time (subject to technical limitations).
  • Delete Games – User-generated games may be deleted, but deletion may affect other users who have played or liked your games.
  • Unfollow/Unblock – You may unfollow or unblock users at any time.

U.S. Privacy Rights:

Because Kracked operates solely in the United States, our primary legal obligations arise under U.S. federal and state privacy laws. Regardless of your state, we voluntarily honor the following rights to the extent required by applicable law:

  • Access – You may request a copy of the personal data we hold about you.
  • Correction – You may request correction of inaccurate or incomplete data.
  • Deletion – You may request deletion of your personal data (subject to legal retention requirements).
  • Opt-Out – You may opt out of certain data processing activities, such as push notifications.

California Residents (CCPA/CPRA):

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know – You may request information about the categories of personal information we collect, use, and disclose.
  • Right to Delete – You may request deletion of your personal information (subject to exceptions).
  • Right to Correct – You may request correction of inaccurate personal information.
  • Right to Opt-Out – You may opt out of the "sale" or "sharing" of personal information (Kracked does not sell or share personal information as defined by California law).
  • Right to Non-Discrimination – We will not discriminate against you for exercising your privacy rights.

Exercising Your Rights:

To exercise any of these rights, please contact us at [INSERT EMAIL ADDRESS]. We will respond within 30 days (or as required by applicable law). We may require verification of your identity before processing requests.

Limitations:

  • We may retain certain data if required by law, legal process, or to protect our rights;
  • Some data may exist in backups for a limited period after deletion;
  • We may charge a reasonable fee for excessive or repetitive requests.

9. Children's Privacy

Kracked is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us immediately so we can delete such information.

If we discover that we have collected personal information from a child under 13, we will delete that information promptly.

COPPA Compliance:

We comply with the Children's Online Privacy Protection Act (COPPA). If you are between 13 and 17 years of age, you represent that you have obtained parental or guardian consent to use Kracked and that your parent or guardian has reviewed and agreed to our Terms of Service and Privacy Policy.

10. Third-Party Links and Services

Kracked may contain links to third-party websites or integrate with third-party services (e.g., Google Sign-In, Firebase). We are not responsible for:

  • The privacy practices of third-party websites or services;
  • The content, accuracy, or security of third-party websites or services;
  • Any data collection, use, or disclosure by third parties.

Your interactions with third parties are solely between you and the third party. We encourage you to review third-party privacy policies before providing them with your information.

11. International Users

Kracked is operated in the United States and is intended for users in the United States. If you access Kracked from outside the United States:

  • Your data will be transferred to and stored in the United States;
  • U.S. laws, including privacy laws, will apply to your data;
  • You consent to the transfer of your data to the United States;
  • You acknowledge that data protection laws in your country may differ from U.S. laws.

12. Changes to This Policy

We may update this Privacy Policy from time to time for operational, legal, or regulatory reasons. If we make material changes, we will:

  • Post the updated Policy in-app and on our website;
  • Update the "Effective date" at the top of this Policy;
  • Display a prominent notice the next time you open or bring Kracked to the foreground, on the day the new Policy takes effect;
  • In some cases, notify you by email.

Continued Use:

Your continued use of Kracked after the effective date of the revised Policy constitutes your acceptance of the revised Policy. If you do not agree to the revised Policy, you must stop using Kracked and delete your account.

Material Changes:

Material changes include, but are not limited to:

  • Changes to the types of data we collect;
  • Changes to how we use or share data;
  • Changes to your privacy rights or how to exercise them;
  • Changes to data retention periods.

13. Disclaimer of Warranties and Limitation of Liability

NO WARRANTIES:

WE MAKE NO WARRANTIES OR REPRESENTATIONS REGARDING:

  • The security of your personal data;
  • The accuracy, completeness, or reliability of our data practices;
  • Our ability to prevent unauthorized access, data breaches, or data loss;
  • The performance or availability of third-party services (including Firebase);
  • Our compliance with any specific privacy laws or regulations beyond what is required by applicable U.S. law.

LIMITATION OF LIABILITY:

TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, WE SHALL NOT BE LIABLE FOR:

  • Any unauthorized access to, use of, or disclosure of your personal data;
  • Any data breaches, security incidents, or data loss, whether caused by us, third-party services (including Firebase), or other factors;
  • Any loss or corruption of your data;
  • Any failure to delete your data within specified timeframes;
  • Any violation of this Privacy Policy or applicable privacy laws;
  • Any indirect, incidental, special, consequential, or punitive damages arising from our data practices.

OUR TOTAL LIABILITY FOR ALL CLAIMS ARISING OUT OF OR RELATING TO THIS PRIVACY POLICY OR OUR DATA PRACTICES SHALL NOT EXCEED TEN U.S. DOLLARS ($10.00).

YOUR USE:

YOU USE KRACKED AND PROVIDE US WITH YOUR PERSONAL DATA AT YOUR SOLE RISK. YOU ACKNOWLEDGE THAT DATA STORAGE AND SECURITY ARE HANDLED BY THIRD-PARTY SERVICES (INCLUDING FIREBASE), AND WE HAVE NO CONTROL OVER THEIR SECURITY PRACTICES BEYOND WHAT THEY PROVIDE THROUGH THEIR SERVICES.

14. Contact Information

Operators: Aakash Gnanakumar and Arjun Ponnala
Service: Kracked
Email: [INSERT EMAIL ADDRESS]
Website: [INSERT WEBSITE URL, IF APPLICABLE]

For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at the email address above. We aim to respond within 30 days.

By using Kracked, you acknowledge that you have read, understood, and agree to this Privacy Policy. If you do not agree, do not use Kracked.