Privacy Policy

1. Anonymous Play (No Sign-In Required)

The first time you open the Tingo app, we create an anonymous account tied to a randomly-generated identifier stored on your device. You don't need to give us your name, email, or any other personal information to play.

Against this anonymous account we store only what the game needs to function:

• A device identifier (a random UUID we generate)
• The games and boards you create or join, and your progress within them
• A push-notification token, if you enable alerts

You can wipe this anonymous account at any time using “Delete My Data” in the app's account screen. Doing so deletes the server record, clears the identifier from your device, and starts you fresh.

2. Information We Collect When You Sign In

If you choose to create a Tingo account or sign in with Google or Apple, we additionally collect:

• Name and email address. Provided directly by you, or supplied by Google/Apple at sign-in. With Apple Sign-In you may use Apple's private email-relay service so we never see your real address.
• Profile photo URL. If your Google or Apple profile includes one, we store the URL (not the image itself) so it can appear next to your name in games.
• Password (if you created one). Stored only as a salted hash; we never see or log the original.

3. Gameplay Data

We store the games and boards you create or join, the items you mark as found, and your in-game stats. This data is what makes multiplayer Tingo work — your username and scores are visible to other players in games you're in.

4. Push Notifications

If you enable alerts in the app, your device registers a push token with Apple Push Notification Service or Google Firebase Cloud Messaging. We store the token against your account so we can notify you about game events. You can revoke the permission in your device's system settings or by toggling Enable Alerts off in the app.

5. Subscriptions and Purchases

If you subscribe through the App Store or Google Play, we receive a transaction identifier and subscription status from Apple or Google so we can grant access to subscriber features. We do not see or store your credit card or billing address — those stay with Apple and Google.

6. Diagnostic Data (Crash and Performance)

To find and fix bugs, the app sends crash reports and a small sample of performance traces to Sentry, our error-monitoring vendor. These reports include:

• Stack traces and the state of the app at the moment of an error
• Device model, operating system version, and app build number
• Your account's internal Tingo user ID and whether the account is anonymous (so we can correlate a crash with the report it produced)

We have configured Sentry with personally-identifying data collection disabled. We do not send your name, email, IP address, or request bodies to Sentry.

7. Third-Party Services

Tingo relies on a small number of third parties to operate. Each one only receives the data described above:

• Apple and Google — for sign-in, push notifications (APNs / Firebase Cloud Messaging), and in-app purchases.
• Sentry — for crash and performance monitoring (see Section 6).
• DigitalOcean — our hosting provider, where the Tingo servers and database run.
• Resend — for transactional email (confirming an interest signup, password reset, etc.).

We do not use any advertising, behavioral analytics, or third-party tracking SDKs. We do not sell your personal information.

8. Local Data on Your Device

The app keeps an offline cache of your games and boards on your device so it works without a connection. Authentication tokens and your device identifier are stored in the operating system's secure storage (iOS Keychain / Android Keystore). All of this is cleared by uninstalling the app, by signing out, or by tapping Delete My Data.

9. Marketing Email Signups

If you enter your email address on our website to be notified about Tingo, we store only your email address and the date you signed up. We use it to send you Tingo-related updates and the initial confirmation. You can ask us to remove your address at any time by emailing us.

10. Data Retention

We keep your data for as long as your account exists. When you delete your account or use Delete My Data, the corresponding records are removed from our database. Backups roll off within 30 days. We may retain a minimal record of subscription transactions where required by law or by Apple/Google.

11. Your Rights

Depending on where you live, you may have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Opt out of marketing email
• Receive a copy of your data in a machine-readable format

The fastest way to delete your data is the Delete My Data action in the app. For anything else, email us at [email protected].

12. Children's Privacy

Tingo is not directed to children under 13, and we do not knowingly collect personal information from children under 13. Anonymous play does not require any personal information at all. If you believe a child has provided us with personal information through a sign-in flow, please contact us and we will delete it.

13. Security

We use industry-standard encryption in transit (TLS) and at rest. Passwords are stored as salted hashes. No system is perfectly secure; if we discover a breach affecting your data we will notify you as required by law.

14. Changes to This Policy

We may update this Privacy Policy when our practices change. We'll update the effective date above and, for material changes, notify you in the app or by email.

15. Contact Us

Questions about this Privacy Policy? Reach us at [email protected].