This is the privacy policy for AURA Tiles, a mobile puzzle game published by AURA Games (the "Developer", "we", "us"). It is written in plain English on purpose.
1. Who we are
| App | AURA Tiles |
|---|---|
| Developer | AURA Games |
| Contact | Aura.games.2020@gmail.com |
| Platforms | Android (Google Play), iOS (App Store) — when published |
If you have a question, want a copy of your data, or want your data deleted, email the contact address above. We aim to respond within 30 days.
2. The short version
- We do not ask for your name, email, phone number, or address.
- We do not access your photos, contacts, microphone, camera, or location.
- We do collect anonymous gameplay state, crash reports, and analytics events so the game runs, recovers from crashes, and can be improved.
- We do show ads from AppLovin MAX and partner networks. On iOS, ads use the standard Apple App Tracking Transparency framework, and you choose whether to share your advertising identifier.
- We honor GDPR (EU), UK-GDPR, CCPA (California), and similar privacy laws.
- You can reset consent choices inside the app through Settings → Reset privacy choices.
- You can delete all your cloud data at any time through Settings → Privacy → Delete my cloud data.
3. Data we collect
We group what we collect into the following categories.
3.1 Gameplay state
Gameplay state is saved on your device and in our cloud. It may include:
- Levels completed, stars earned, and coin balance.
- Daily Chest streak, Daily Challenge results, and Genie's Rescue progress.
- Biosphere identity, including the biosphere reached and playstyle samples that shaped it.
- In-app purchase entitlements, meaning which non-consumable items you own, not your payment method.
- App settings such as music, haptics, and reduced motion.
This data is stored on your device using Flutter's SharedPreferences. A copy is also kept in Google Cloud Firestore under an anonymous identifier so progress can survive crashes and data corruption. The identifier is generated by Firebase Anonymous Authentication and is not linked to a real-world identity.
3.2 Crash reports
If the app crashes, Firebase Crashlytics may send us:
- The crash stack trace.
- The app version, OS version, and device model.
- A breadcrumb of recent events inside the app, such as a level win or store-screen view.
These reports help us fix bugs. They do not contain your name, email, or payment information. Crash reporting is off in debug builds and on in the production app downloaded from a store.
3.3 Analytics events
We send anonymous gameplay events to Firebase Analytics to understand feature use and level difficulty. Events may include:
- App opened.
- A level completed and the completion time.
- Store viewed.
- A biosphere evolution event.
Events do not contain your name, email, or other directly identifying information. They contain an anonymous Firebase device identifier so events from the same device can be grouped for analysis.
3.4 Advertising data
AURA Tiles shows ads using AppLovin MAX, which may mediate ads from partner networks such as Google AdMob, Meta Audience Network, and Unity Ads. An advertising SDK may transmit:
- A device advertising identifier: Google AAID on Android or IDFA on iOS, with IDFA used only with your ATT consent.
- Coarse device characteristics such as model, OS version, and language.
- Whether you tapped an ad.
If you decline App Tracking Transparency on iOS, ads still display but are non-personalised. In GDPR regions, AppLovin's consent flow asks for permission before personalised processing begins. You can revoke consent through Settings → Reset privacy choices. California residents can use Settings → Do Not Sell My Information.
If you purchase the Remove Ads product or have an active AURA Pass subscription, no ads are shown and no ad-related data is collected.
3.5 Push notification token
If you grant notification permission, the app receives a token from Firebase Cloud Messaging so we can send Daily Chest or Daily Challenge reminders. The token identifies the app installation, not you personally.
You can revoke notification permission in your device settings or by resetting privacy choices inside the app.
3.6 In-app purchases
Purchases such as coin packs, bundles, Remove Ads, or an AURA Pass subscription are processed by Google Play Billing on Android or Apple StoreKit on iOS. Those platforms collect payment details directly. We never see your card number, billing address, or other payment data.
We receive only a verification token confirming that a purchase succeeded so the item can be delivered.
4. What we do not collect
The app does not ask for or access:
- Your name, email, phone number, or postal address.
- Your contacts, photos, files, calendar, microphone, or camera.
- Your real-time or background location.
- Your social media activity.
- Your browsing history outside the app.
- Health, biometric, or financial data.
If a future version adds any of these, this policy will be updated before that feature ships.
5. Who we share data with
We share the minimum data necessary to operate the app with the following processors. Each is bound by its own privacy policy and applicable data processing agreements.
| Processor | Purpose | Privacy policy |
|---|---|---|
| Google LLC: Firebase Crashlytics, Analytics, Cloud Firestore, Anonymous Auth, Cloud Messaging, and Play Billing | Crash reporting, analytics, cloud save, push notifications, and Android in-app purchases | Google Privacy Policy |
| Apple Inc. (StoreKit) | In-app purchases on iOS | Apple Privacy Policy |
| AppLovin Corporation (MAX SDK and mediated networks) | Advertising | AppLovin Privacy Policy |
We do not sell personal information to data brokers. We do not share data with social networks or marketing partners outside the processors above.
6. Where your data is processed
The processors named above operate globally. Data may be processed in countries other than your country of residence, including the United States. We rely on Standard Contractual Clauses and equivalent safeguards approved by the European Commission for transfers out of the EEA.
If you have specific concerns about transfers, email us and we will explain in detail.
7. Your rights
Depending on where you live, you have the following rights:
| Right | What it means |
|---|---|
| Access | Get a copy of the data held about your installation. |
| Deletion | Have save state and analytics data tied to your installation deleted. |
| Correction | Ask us to correct inaccurate data. |
| Portability | Receive data in a structured, machine-readable format. |
| Restriction or objection | Limit how data is processed or object to a specific use, such as analytics. |
| Withdraw consent | Withdraw consent at any time through Settings → Reset privacy choices. Withdrawal does not affect processing that occurred before it. |
| Lodge a complaint | Contact your local data protection authority. EU authorities are listed by the European Data Protection Board. |
7.1 How to exercise the right to deletion
Because AURA Tiles never asks for your name or email, the deletion mechanism is built into the app itself rather than handled by email correspondence. There are three paths, in order of preference:
1. In-app self-service (primary)
Open the app and go to Settings → Privacy → Delete my cloud data. This:
- Permanently deletes your cloud-save document from Firestore.
- Signs your device out of our anonymous-identity service, so future activity is no longer associated with the prior identifier.
- Resets the app on this device to a fresh-install state.
The deletion is immediate and irreversible. No email is needed and no waiting period applies.
2. Email with your Install ID (fallback)
If you have uninstalled the app and want your cloud data removed without reinstalling and using the in-app button, email Aura.games.2020@gmail.com and include your Install ID, the anonymous identifier generated for your installation. We will delete the matching cloud document within 30 days.
3. Parental requests under COPPA or GDPR-K
Parents and guardians who believe their child's data should be removed can email Aura.games.2020@gmail.com without an Install ID. See Section 9 for details.
An email saying "delete my data" from an address we do not otherwise know, without an Install ID or parental context, is something we cannot reliably act on. We do not collect email addresses or names, so we cannot authenticate such a request or identify the installation it refers to. In that situation, the in-app deletion button is the only path that can identify and delete the correct data. This is consistent with GDPR Article 11(2), which recognises that controllers who do not identify users are not required to collect additional identifying information solely to enable rights requests.
7.2 Other rights
For access, correction, portability, restriction, or objection, email Aura.games.2020@gmail.com. Include your Install ID where possible so we can locate the correct record. We will respond within 30 days.
California residents under CCPA or CPRA also have:
- Right to know: learn what categories of personal information we collect.
- Right to opt out: opt out of sale or sharing through Settings → Do Not Sell My Information.
- Right to non-discrimination: we will not deny service or charge differently because you exercise your rights.
We do not sell personal information in the conventional sense. The Do Not Sell setting controls whether advertising identifiers are shared with AppLovin's mediated networks under California's broader definition of sharing.
8. How long we keep data
| Data | Retention |
|---|---|
| Gameplay state on your device | Until you uninstall the app or use Settings → Reset Progress. |
| Cloud save in Firestore | Until you use Settings → Privacy → Delete my cloud data, as described in Section 7.1, or after 12 months of complete inactivity, whichever comes first. |
| Crash reports | 90 days by default. Older Crashlytics reports are deleted. |
| Analytics events | 14 months in Firebase Analytics. |
| Advertising data | According to AppLovin's retention policy, typically up to 13 months for measurement. |
| In-app purchase records | Indefinitely, where required by tax and accounting law and platform-store requirements. |
9. Children's privacy
AURA Tiles is rated for everyone, but is not specifically designed for or directed to children under 13, or under 16 in some EU jurisdictions. We do not knowingly collect personal information from children under 13.
If you are a parent or guardian and believe your child installed AURA Tiles and you want their data removed, email Aura.games.2020@gmail.com. Include whatever details you have, such as the approximate installation date, device model, the Install ID if visible in Settings → Privacy, or other context that may help identify the cloud record. We will locate and delete the matching cloud document within 30 days.
If you have access to the device, Settings → Privacy → Delete my cloud data is the fastest path and does not require email.
We do not link the app to child-directed services or knowingly serve targeted advertising to children. AppLovin is configured to respect COPPA in the United States and GDPR-K in the European Union.
10. Security
Data is held on systems operated by Google, Apple, and AppLovin. Those parties maintain encryption in transit and at rest, access controls, and regular security audits.
Inside the app, device-side Firebase API keys used for ads or analytics are identifiers rather than authentication secrets. Cloud Firestore access is gated by per-user security rules, so an anonymous user can read or write only their own save state.
No security model is perfect. If we discover a breach that affects you, we will notify you within 72 hours where required by applicable law and post a notice through the in-app Settings → Privacy Policy area.
12. Changes to this policy
If we make a material change, such as collecting a new category of data or sharing with a new processor, we will:
- Update this policy and the Last updated date.
- Show an in-app notice the next time you launch the app.
- Where required by law, request renewed consent before the change takes effect.
Non-material changes, such as clarifying language, formatting, or typo fixes, may be made with the Last updated date refreshed.
13. Questions
For any privacy question, data request, or compliance concern, email:
Plain-English questions are welcome. We will respond within 30 days at most, and usually much faster.