Privacy

Privacy policy

Last updated: 2026-05-15.

What we collect

Arrows is designed to work without personal information. You don't create an account and we never ask for your name, email, address, or phone number. Below is the full list of data the app reads or sends off-device, mapped to the categories Google Play uses on the store listing's Data safety panel.

• App activity / game progress. The level you're on, which levels you've solved, daily-challenge solve state, and your hint / heart balance. Stored in Firebase Firestore so progress survives a reinstall.
• Device or other identifiers. A Firebase install id is generated on first launch and used as the database key for your progress row. It is not an advertising id, MAC address, IMEI, or anything tied to your real identity — it changes if you uninstall and reinstall the app.
• Crash logs & diagnostics. Firebase Crashlytics reports stack traces and basic device metadata (OS version, model, free memory) when the app crashes. We never attach PII to these reports.
• Purchase history. When you buy the one-time unlock, Apple or Google sends a purchase token to RevenueCat (see "Sub-processors" below). We never see your card details, billing address, or store account.

We don't collect contacts, photos, location, microphone or camera input, messages, calendar, health/fitness data, files outside the app's sandbox, or browsing history. The app ships no advertising SDKs.

How the data is used

• App functionality — sync progress across reinstalls, grant the paid unlock.
• Analytics — aggregate crash and stability metrics so we can fix bugs.
• Account management — RevenueCat uses your anonymous id to remember which device owns the unlock.

We do not use your data for advertising, profiling, or personalised content. We do not sell your data.

Encryption in transit

All traffic between the app and our sub-processors uses HTTPS / TLS. No data is sent over plaintext HTTP.

Sub-processors

Arrows uses the following third parties to run the service. Each is bound by its own privacy policy; we share only the data described above.

• Google (Firebase Firestore, Authentication, Crashlytics, Cloud Messaging, Analytics). Hosts progress data, generates the anonymous install id, receives crash reports. See Firebase data & privacy.
• RevenueCat. Verifies the one-time unlock across devices. Receives the anonymous install id and the store-supplied purchase token — never your card or billing details. See RevenueCat privacy policy.
• Apple / Google (App Store, Play Store). Process the actual transaction. Their privacy policies cover that flow.

Retention

Progress data is kept indefinitely while you use the app — that's what makes the reinstall-and-continue flow work. If you ask us to delete it (see below) we remove it immediately. Crash logs are kept by Firebase Crashlytics for up to 90 days, after which Google deletes them automatically.

Your rights & data deletion

Because Arrows has no account, there is nothing tied to your name or email. To request deletion of the data we hold (your progress row, keyed by your anonymous install id), email support@swtlm.com with the subject line "Arrows data deletion request" from any device. Include the install id if you can find it (Settings → About → Install id); otherwise we will guide you through fetching it. We confirm deletion within 30 days.

If you live in the EU/EEA, the UK, or California you also have the right to access, correct, or restrict processing of any data we hold, and to lodge a complaint with your supervisory authority. Send any of those requests to the same address above.

Children's privacy

Arrows is rated for ages 13 and above and is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided information through the app, contact us and we will delete it.

Notifications

Notifications are off by default. If you opt in to the daily reminder or promotional notifications inside Settings, the device subscribes to a topic-based Firebase Cloud Messaging channel. We never store device-level push tokens server-side.

Changes to this policy

We may revise this policy as the app evolves. Material changes — new sub-processors, new data categories, new sharing — will be reflected here with an updated "last updated" date above. Continued use of the app after a change constitutes acceptance of the revised policy.

This website

This landing page uses Google Analytics (GA4) to measure aggregate visitor behaviour — pages visited, session count, and referral source. Analytics cookies (_ga, _ga_*) are set only after you accept via the cookie banner on first visit. No marketing cookies, ad-targeting cookies, or tracking pixels are set beyond Google Analytics. You can withdraw consent at any time by clearing your browser's local storage for this site.

Contact

Questions: support@swtlm.com.