Privacy Policy

1. Scope

This Privacy Policy describes how the Operator handles information relating to users of the app "Reversi Master" and its associated websites, notifications, support channels, and other related services (collectively, the "Service").

Where the personal data protection laws, GDPR, UK GDPR, consumer protection laws, or other legislation applicable in the user's jurisdiction provide stronger protections or additional obligations beyond those in this Policy, such legislation shall prevail.

2. Information We Collect

The Operator may collect or process the following information. The actual items collected depend on the user's usage, device, region, consent status, app store, OS, and the current feature set of the Service.

2-1. Information Directly Provided by Users

• Nickname
• Support inquiry category and message content
• Images or screenshots attached to support inquiries
• Information included in account deletion, correction, or disclosure requests
• Any other information voluntarily submitted by the user

2-2. Authentication and Account Information

When using login via Google or Apple, the following information may be processed through the authentication platform:

• Firebase UID and other authentication identifiers
• Google account display name and email address
• Login status and authentication provider information
• Account creation date, last login date, and other authentication metadata

2-3. Information Generated Through Use of the Service

• Profile information
• Settings including current title, title list, icon, language, notification, and gameplay assistance preferences
• AI unlock status, trial status, completion status, and title award history
• Game progress data such as match results, disc difference, hint usage, win/loss count, win streaks, remaining match credits, and recovery state
• In-app event information from news views and screen transitions
• Support ticket numbers, ticket status, and response history
• Operational logs for fraud prevention, auditing, compensation, and nickname change handling

2-4. Payment, Advertising, and Technical Information

• Platform, product ID, purchase token, verification status, and verification date when using in-app purchases
• Information related to ad display, ad viewing, reward grants, and ad errors
• App version, build number, device information, OS, language, timezone, IP address, app instance identifiers, advertising identifiers, and other device identifiers
• Crash information, diagnostic data, error logs, and performance data
• Notification permission status and messaging-related technical information
• Information required for Remote Config, App Check, security verification, and access control

If a web or PWA version is provided, browser cookies, local storage, and similar technologies may be used.

3. Sources of Information

The Operator receives information from the following sources:

• The user directly
• Google, Apple, Firebase, and other authentication, analytics, notification, and advertising providers
• Apple, Google, and other app stores or payment processors
• The user's device, OS, browser, and app usage history
• Information lawfully recorded by support or operational personnel

4. Purposes and Legal Basis

The Operator uses collected information for the following purposes. Where the GDPR or UK GDPR applies, the primary legal bases are noted alongside each purpose.

Where the legal basis is consent, users may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing performed prior to withdrawal.

5. Sharing, Delegation, and Disclosure

The Operator may share user information with, or delegate processing to, third parties in the following circumstances to the extent necessary:

• Google / Firebase: For provision and operation of Firebase Authentication, Cloud Firestore, Cloud Functions, Cloud Storage, Firebase Analytics, Crashlytics, Firebase Cloud Messaging, Remote Config, App Check, etc.
• Google Mobile Ads / AdMob and other ad providers: For ad display, delivery, measurement, and fraud prevention
• Apple, Google, and other app stores, payment processors, and purchase verification providers: For payment processing, purchase verification, refunds, and dispute handling
• Contractors, service providers, support personnel, and legal/tax/audit advisors: For necessary operational support
• Courts, regulatory authorities, law enforcement, and other public bodies as required by law
• Successors in connection with business transfers, mergers, splits, or other reorganizations

The Operator does not sell user information to third parties, except as permitted by law.

Even when authorized operational staff access user information, such access is limited to what is necessary for their role and subject to role-based access controls.

6. International Transfers

Servers or sub-processors of third-party providers used by the Service may be located outside Japan, including in countries or regions such as the United States where the level of personal data protection may not always be deemed equivalent to that in the user's country of residence.

Where the GDPR or UK GDPR applies, the Operator endeavors to use adequacy decisions, standard contractual clauses, data transfer mechanisms provided by third-party providers, or other lawful transfer mechanisms. For details, please contact us.

7. Retention Period

The Operator retains collected information only for as long as necessary to fulfill the purposes of use. The following are general guidelines, though information may be retained longer due to legal retention obligations, fraud investigations, unresolved disputes, tax/accounting/audit requirements, or other legitimate reasons.

• Authentication, profile, and game progress data: During the account's lifetime and up to approximately 180 days after deletion request or last use
• Support inquiries, attachments, and response history: Up to approximately 2 years after inquiry resolution
• Payment verification, audit logs, and fraud prevention logs: Up to approximately 7 years or as required by law
• Analytics, crash, and advertising data: For the period maintained by third-party providers or as deemed necessary for quality improvement and fraud prevention
• Local data during guest usage: For as long as it remains on the device; may be lost due to app deletion, device changes, or OS operations

After the retention period expires, information that has been aggregated or anonymized so that individuals can no longer be identified may continue to be used.

8. Security

The Operator implements reasonable security measures, including access controls, least privilege principles, audit logs, server-side validation, and authentication integration, to prevent leakage, loss, damage, unauthorized access, and misuse of user information.

However, absolute security cannot be guaranteed for internet communications and cloud services.

9. Your Rights

Subject to applicable law, users may have the following rights regarding their personal information:

• Right to access or obtain disclosure
• Right to rectification or update
• Right to erasure
• Right to restriction of processing
• Right to object to processing
• Right to data portability
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority

To exercise these rights, please contact us with information necessary for identity verification. The Operator may be unable to fulfill some requests to the extent permitted by law, including for identity verification, scope determination, protection of third-party rights, or fulfillment of legal obligations.

Users may request account deletion from the My Page section within the app. Once deletion is completed, major data linked to the user, including profile data, progress, titles, match history, inquiry history, and purchase records, will in principle be deleted. However, the minimum information necessary for legal compliance, fraud prevention, accounting or audit responses, or dispute handling may be retained for a certain period based on applicable law or legitimate interests.

Residents of the EEA or UK may also lodge a complaint with the supervisory authority of their country or place of residence.

10. Minors

The Service does not categorically prohibit use by minors; however, minors should obtain the consent of their legal guardian before using the Service. In the EEA and similar regions, parental consent may be required if the user has not reached the age of digital consent.

If the Operator reasonably determines that it has collected information from a minor without appropriate parental involvement, it will take necessary steps such as deleting the information.

11. Automated Decision-Making

The Operator does not intend to make decisions that produce legal effects or similarly significant impacts on users based solely on automated processing.

However, automated signals, rules, or detection logic may be used as supplementary tools in fraud detection, anti-cheat measures, nickname review, and usage restriction determinations. Human review will be conducted as necessary.

12. Sensitive Information and Screenshots

The Service does not, as a rule, request submission of health information, philosophical or religious beliefs, sexual orientation, biometric data, government-issued ID numbers, full payment card numbers, or other specially protected or sensitive personal information.

Please do not include unnecessary personal information, third-party information, account numbers, payment details, location data, or other sensitive information in support messages or screenshots. If such information is submitted, the Operator may mask, delete, restrict use of, or request resubmission of the content as necessary.

13. Your Choices

Users can control the handling of their information to a certain extent through the following methods:

• Signing in with Apple or Google, or using the Service as a guest without signing in
• Changing notification permissions via in-app or device settings
• Reviewing ad-related settings via device or Google/Apple settings
• Updating profile information such as nickname
• Requesting deletion, correction, or disclosure through the in-app account deletion feature or the support channel

Please note that changing settings or withdrawing consent may result in some features of the Service becoming unavailable.

14. Changes to This Policy

The Operator may revise this Policy in response to changes in legislation, changes to the Service, security requirements, or operational necessity.

For material changes, the Operator will notify users through in-app notices, website postings, or other methods deemed appropriate. Unless otherwise specified, revised policies take effect upon posting or on the announced effective date.

15. Contact Us

For questions about this Policy, information handling within the Service, exercise of GDPR/UK GDPR rights, deletion requests, or complaints, please contact:

• Contact: Support Page / studio.gennai1@gmail.com
• Operator: STUDIO-GENNAI
• Address: 2-25-3 Mejiro, Toshima-ku, Tokyo, Japan