Privacy Policy
Effective: April 29, 2026 · Last updated: April 29, 2026
ArrowDrift is a minimal puzzle game built by Stacktree Labs. We try to collect as little as possible, and we don't sell your data. This page explains exactly what we collect, why, and how to delete it.
Contents
1. Who we are
ArrowDrift is operated by Stacktree Labs
("we", "us", "our"). We are the data controller for the personal
information described in this policy. The app is currently published on
Google Play under the package
com.stacktree.arrowdrift.
2. What we collect
ArrowDrift uses an anonymous-first design — you can play the whole game without creating an account, and most data we hold is tied to a randomly-generated identifier rather than to your name or email. Here's the full list:
Data you provide
| Data | When | Why |
|---|---|---|
| Display name (3–20 characters) |
Auto-generated as Player#### on first launch; you can
change it from the Profile screen.
|
Shown on the daily-challenge leaderboard and on your profile. |
| Avatar palette choice (0–3) | Set in Settings. | Visual customisation. Stored as a single integer. |
Data the app generates while you play
| Data | What it is |
|---|---|
| Anonymous user ID | A random UUID assigned by Supabase. Used to associate your gameplay with your device. |
| Level completion records (level_bests) | Per-level best moves and best time. One row per level you finish. |
| Daily Challenge submissions (daily_scores) | Date, time taken, hearts lost, moves used. |
| Rating & tier | An ELO-style rating updated after each daily submission, plus a tier (Bronze, Silver, Gold, Platinum, Diamond, Master). |
| Streak data | Current daily-challenge streak length and last-completion date. |
| Country code | Two-letter country derived automatically by Supabase from your IP address. Used to attribute leaderboard entries by country. |
Data the app collects automatically
| Data | Source | Purpose |
|---|---|---|
| Crash diagnostics — stack traces, device model, OS version, app version | Firebase Crashlytics | Diagnose and fix crashes. |
| App interaction events — screens opened, levels started/completed, sign-in attempts, ad views, in-app purchase events | Firebase Analytics | Understand which parts of the game are working and where players run into trouble. |
| Mobile advertising ID, IP address, language, country | Firebase + Google AdMob | Standard mobile-attribution data, used in aggregate. |
Data we do NOT collect
- Your real name, postal address, phone number, or date of birth.
- Your email address (unless you sign in with Google Play Games — see §4).
- Your contacts, calendar, photos, microphone, or precise location.
- The contents of any other apps, your browsing history, or any data outside ArrowDrift.
3. How we use it
- Run the game. Save your progress, sync it across devices when you sign in, and rank your daily-challenge times.
- Improve the game. Aggregate analytics tell us which levels are too hard, which tutorials are confusing, where players drop off.
- Fix bugs. Crash reports help us reproduce and patch issues.
- Show ads (in some builds). When ads are enabled, we serve banners and reward-based video via Google AdMob.
- Process purchases. When you buy hints, streak freezers, or remove ads, Google Play Billing handles the transaction. We never see your card details.
We do not sell your personal information, and we do not share it with third parties for their own marketing purposes.
4. Third-party services
The following services receive data on our behalf or as independent controllers:
Supabase
Our backend database and authentication provider. Stores your anonymous user ID, profile, level bests, and daily scores. Supabase privacy policy →
Firebase Analytics & Firebase Crashlytics (Google)
Used for product analytics and crash reporting. We send the Supabase anonymous user UUID so we can correlate events to a single user, but we do not send your display name, country, or any other identifying data to Firebase beyond what its SDK collects automatically. Firebase data handling →
Google Play Games Services (PGS v2)
If you tap "Sign in with Google" in the app, Google Play Games gives us a short-lived authorisation code that we use only as proof of identity to link your in-app account to your Google account. We do not read your achievements, friends list, or saved-game data. We receive only your stable Play Games player ID and your gamer tag. Google privacy policy →
Google AdMob
Serves banner and rewarded ads when ads are enabled in your build. AdMob may use your mobile advertising ID for personalised advertising, subject to its own policy and your device-level "Limit Ad Tracking" / "Reset Advertising ID" controls. AdMob ads policy →
Google Play Billing
Processes in-app purchases. Card details, billing address, and transaction history live with Google — we only receive the product ID and a confirmation that the purchase succeeded. Google Play terms →
5. Children
ArrowDrift is rated for everyone (PEGI 3 / ESRB E) but is not directed specifically at children under 13 (or under 16 in certain regions). We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will delete it.
6. Data retention & deletion
Your gameplay data is retained for as long as your account is active. You can delete everything at any time:
- In-app: Profile screen → Delete Account. This permanently deletes your profile, level records, daily scores, and rating from our servers. The action cannot be undone.
- By email: Send a deletion request to the address in §11 from the same email associated with your Google sign-in (or provide your in-app display name + a recent leaderboard timestamp so we can verify ownership). We respond within 30 days.
Anonymous accounts that have not been opened for 24 months may be automatically deleted to keep the database clean. Crash reports and analytics events may be retained by Google for up to 14 months under their default retention settings.
7. Your rights
Depending on where you live, you may have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data (you can edit your display name in-app).
- Delete your data (see §6).
- Object to or restrict certain types of processing.
- Receive a copy of your data in a portable format.
- Withdraw consent for analytics where consent is the legal basis.
- Lodge a complaint with your local data-protection authority.
To exercise any of these rights, contact us at the address in §11. We do not charge a fee unless requests are excessive or manifestly unfounded.
California residents (CCPA / CPRA): we do not "sell" or "share" personal information as those terms are defined under California law, and we have not done so in the past 12 months. You have the rights described above plus the right not to be discriminated against for exercising them.
8. Security
All traffic between the app and our servers is encrypted with TLS. Passwords are not used (we rely on Google for sign-in, and Google handles authentication). Backend access is restricted to named members of the Stacktree Labs team. We cannot guarantee absolute security on the public internet, but we do our best.
9. International data transfers
Our infrastructure is hosted in regions managed by Supabase and Google Cloud. If you access ArrowDrift from outside those regions, your data may be transferred to and processed in countries with different data-protection laws than your own. We rely on standard contractual clauses where required.
10. Changes to this policy
If we change this policy, we'll update the "Last updated" date at the top and, for material changes, surface a notice in the app on the next launch. Continued use of the app after a change constitutes acceptance of the updated policy.
11. Contact
Questions, concerns, or data requests:
Stacktree Labs
Email: musaamab@gmail.com
Subject line: ArrowDrift Privacy