Privacy
Privacy policy
Last updated: 2026-06-18.
What we collect
By default Arrows Rhythm uses anonymous Firebase Auth — no name, email, or phone is collected. If you choose to link an account (Sign in with Apple on iOS, Google Sign-In on Android) so your purchases and progress survive a reinstall or transfer to another device, that provider returns a stable user identifier to Firebase Auth. We never see your password. The account email the provider returns — your Google account email, or Apple's "Hide My Email" relay address if you use it — is stored alongside the anonymous uid, as is the display name the provider supplies (your Google profile name, or the name Apple shares on first sign-in). Below is the full list of data the app reads or sends off-device, mapped to the categories Google Play uses on the store listing's Data safety panel.
- App activity / game progress. The level you're on, which levels you've solved, daily-challenge solve state, your hint / heart balance, and your ArrowCoin wallet balance. Stored in Firebase Firestore so progress survives a reinstall.
- Device or other identifiers. A Firebase install id is generated on first launch and used as the database key for your progress row. It is not an advertising id, MAC address, IMEI, or anything tied to your real identity — it changes if you uninstall and reinstall the app. Google's AdMob SDK also accesses the device id for ad serving inside Zen mode (non-personalised mode only — no IDFA / advertising id is used for cross-app behavioural targeting).
- Crash logs & diagnostics. Firebase Crashlytics reports stack traces and basic device metadata (OS version, model, free memory) when the app crashes. We never attach PII to these reports.
- Purchase history. When you make an in-app purchase, Apple or Google sends a purchase token to RevenueCat (see "Sub-processors" below). Purchases include: Level Unlock (levels 206+), Zen No-Ad, three ArrowCoin packs (small / medium / large — each purchasable multiple times), and the Full Pass bundle (one-shot bonus). We never see your card details, billing address, or store account.
We don't collect contacts, photos, location, microphone or camera input, messages, calendar, health/fitness data, or files outside the app's sandbox.
Advertising in Zen mode
Arrows Rhythm shows a single non-personalised AdMob sticky banner at the bottom of the Zen mode board. This banner is the only ad surface in the app — Regular and Daily modes are fully ad-free. The banner is hidden for players who own the Zen No-Ad or Full Pass in-app purchase.
The AdMob SDK operates in non-personalised mode: it does not request the App Tracking Transparency permission (iOS) or use the advertising id for cross-app behavioural targeting. Ads are contextual only. See Google's advertising policies.
Account linking (optional)
Account linking is entirely optional. The default state is anonymous gameplay — you never see a sign-in screen unless you choose to visit Settings and tap "Link account."
What it does. Linking lets you transfer your purchases (Level Unlock, Zen No-Ad, Full Pass) and progress to a new device or recover them after a reinstall. On iOS you use Sign in with Apple; on Android you use Google Sign-In. In both cases, the provider verifies your identity and returns a stable identifier to Firebase Auth, which links it to your existing anonymous uid so that your Firestore progress tree and RevenueCat entitlement tree follow you to the new device.
What is stored. Your Firebase Auth uid linked to the
Apple or Google identifier, plus the account email the provider returns — your
Google account email, or the Apple-relay @privaterelay.appleid.com
address if you use Apple's Hide My Email. The display name the provider supplies
(your Google profile name, or the name Apple shares on first sign-in) is also
stored if provided.
What is NOT stored. We never store passwords, social-graph data, contacts, or any information from your Apple or Google account beyond what is described above.
Signing out. You can sign out from Settings at any time. Signing out returns the current device to anonymous mode with the same uid intact — your progress and purchases remain on the device. It does not delete any data from our servers; use the data deletion process below for that.
ArrowCoins
ArrowCoins are the in-game soft currency. Your balance is stored in Firebase Firestore as part of your anonymous progress record. Coins are earned through gameplay (beating the rhythm, clearing levels) and can be topped up via consumable in-app purchases. They have no cash value and cannot be transferred or cashed out.
How the data is used
- App functionality — sync progress and ArrowCoin balance across reinstalls, grant purchased entitlements.
- Analytics — aggregate crash and stability metrics so we can fix bugs.
- Account management — RevenueCat uses your anonymous id to remember which device owns each entitlement.
- Account linking — when you sign in with Apple or Google, the linked identifier is stored against your Firebase Auth uid so a future device can recover your purchases and progress.
- Third-party advertising — AdMob serves a non-personalised banner in Zen mode (Device ID, non-personalised context only).
We do not use your data for personalised advertising, profiling, or selling to advertisers. We do not sell your data.
Encryption in transit
All traffic between the app and our sub-processors uses HTTPS / TLS. No data is sent over plaintext HTTP.
Sub-processors
Arrows Rhythm uses the following third parties to run the service. Each is bound by its own privacy policy; we share only the data described above.
- Google (Firebase Firestore, Authentication, Crashlytics, Analytics, AdMob). Hosts progress data (including ArrowCoin balance), manages the anonymous Firebase Auth uid and provider sign-in (Google Sign-In on Android, Apple OAuth token verification), receives crash reports, and serves the Zen mode ad banner (non-personalised). See Firebase data & privacy and Google Privacy Policy.
- Apple (Sign in with Apple). On iOS, Apple verifies the
identity token when you link an account and may relay an
@privaterelay.appleid.comemail address. Apple's handling of your Apple ID and relay email is governed by Apple's Privacy Policy. - RevenueCat. Verifies in-app purchases (Level Unlock, Zen No-Ad, three ArrowCoin packs, Full Pass) across devices. Receives the anonymous install id and the store-supplied purchase token — never your card or billing details. See RevenueCat privacy policy.
- Apple / Google (App Store, Play Store). Process the actual transactions. Their privacy policies cover that flow.
Retention
Progress data (including ArrowCoin balance) is kept indefinitely while you use the app — that's what makes the reinstall-and-continue flow work. If you ask us to delete it (see below) we remove it immediately. Crash logs are kept by Firebase Crashlytics for up to 90 days, after which Google deletes them automatically.
Your rights & data deletion
To request deletion of the data we hold (your progress row keyed by your anonymous install id, and any linked provider identifier), email support@swtlm.com with the subject line "Arrows Rhythm data deletion request" from any device. Include the install id if you can find it (Settings → About → Install id); otherwise we will guide you through fetching it. We confirm deletion within 30 days. Deleting your data also unlinks any provider account (Apple or Google) associated with your uid.
You can also sign out from Settings to return to anonymous mode on that device without deleting any data.
If you live in the EU/EEA, the UK, or California you also have the right to access, correct, or restrict processing of any data we hold, and to lodge a complaint with your supervisory authority. Send any of those requests to the same address above.
Children's privacy
Arrows Rhythm is rated 4+ on the App Store and Everyone on Google Play. Although the app is suitable for all ages, it is not directed specifically at children under 13 and is not enrolled in Apple's Kids category or Google Play Families. We do not knowingly collect personal information from children under 13. If you believe a child has provided information through the app, contact us and we will delete it.
Notifications
Notifications are off by default. If you opt in to the daily reminder or promotional notifications inside Settings, the device subscribes to a topic-based Firebase Cloud Messaging channel. We never store device-level push tokens server-side.
Changes to this policy
We may revise this policy as the app evolves. Material changes — new sub-processors, new data categories, new sharing — will be reflected here with an updated "last updated" date above. Continued use of the app after a change constitutes acceptance of the revised policy.
This website
This landing page uses Google Analytics 4 (GA4) to measure aggregate visitor
behaviour — pages visited, session count, and referral source. Analytics
cookies (_ga, _ga_*) are set only after you accept
via the cookie banner on first visit. No marketing cookies, ad-targeting
cookies, or tracking pixels are set beyond Google Analytics. You can withdraw
consent at any time by clearing your browser's local storage for this site
(the key is ga_consent_arrows-puzzle-game).
Contact
Questions: support@swtlm.com.