Sultan's Gambit Background

Privacy Policy

This privacy policy explains how we collect, use, and protect your information when you use our web-based game application.

Effective Date: December 15, 2024 | Last Updated: December 15, 2024

Information We Collect

We collect information to provide you with the best gaming experience:

Account Information

  • Email address (for account creation, login, and communication)
  • Player display name (chosen by you, visible to other players)
  • User ID (unique identifier generated by our system)
  • Account authentication tokens (for secure login sessions)
  • Profile information (avatar selection, preferences)

Game Data

  • Game progress and statistics (level, experience points, rank, match history)
  • Card collection and deck configurations (owned cards, deck compositions, deck names)
  • In-game currency balances (Akçe, Elmas virtual currencies)
  • Purchase history (in-app purchases, bundle acquisitions, transaction records)
  • Matchmaking data (preferences, queue times, match results, win/loss records)
  • Game session data (play duration, features used, game actions taken)
  • Social features (friend list, friend requests, match invitations)

Device and Technical Information

  • Device identifiers (for technical support and crash reporting)
  • Browser information (type, version, user agent)
  • Operating system (type and version)
  • Screen resolution and device capabilities
  • Network connectivity information (connection type, IP address)
  • App performance data (loading times, frame rates, error logs)
  • Crash reports (stack traces, device state at time of crash)

Usage Analytics and Behavioral Data

  • Game feature usage patterns (which features you use most, navigation paths)
  • Session analytics (duration, frequency, time of day, play patterns)
  • Gameplay behavior (card play patterns, strategic decisions, reaction times)
  • Performance metrics (app responsiveness, load times, error rates)
  • User interaction data (clicks, taps, scrolling behavior, menu usage)
  • Monetization analytics (purchase behavior, bundle viewing, pricing response)

Communication Data

  • Support communications (help requests, bug reports, feedback)
  • Marketing preferences (consent status, communication preferences)
  • Survey responses (feedback, ratings, suggestions)

How We Use Your Information

Core Game Services

  • Provide game functionality (enable gameplay, save progress, manage accounts)
  • Synchronize data across devices (cloud save, cross-platform progression)
  • Enable multiplayer features (matchmaking, friend system, competitions)
  • Process transactions (in-app purchases, virtual currency management)
  • Prevent fraud (detect suspicious activity, protect against cheating)
  • Provide customer support (resolve issues, respond to inquiries)

Performance and Improvement

  • Analyze app performance (identify bugs, optimize loading times, fix crashes)
  • Understand user behavior (improve game balance, enhance user experience)
  • Develop new features (based on usage patterns and player feedback)
  • A/B testing (test new features, optimize user interface design)
  • Quality assurance (monitor game stability, identify technical issues)

Communication and Marketing

  • Send service communications (account updates, security alerts, policy changes)
  • Provide customer support (respond to help requests, technical assistance)
  • Marketing communications (with your explicit consent only)
  • Community engagement (tournaments, events, announcements)

Legal and Security

  • Comply with legal obligations (respond to legal requests, regulatory compliance)
  • Protect our rights (enforce terms of service, investigate violations)
  • Ensure security (prevent unauthorized access, detect malicious activity)
  • Maintain service integrity (prevent cheating, ensure fair play)

Third-Party Services and Data Sharing

We do not sell, trade, or rent your personal information to third parties. However, we use several third-party services that may process your data:

Firebase Services (Google LLC)

What we use: Firebase Authentication (secure login, account management), Cloud Firestore (game data storage, real-time synchronization), Firebase Crashlytics (crash reporting, performance monitoring), Firebase Performance Monitoring (app performance tracking), Firebase Analytics (usage analytics, player behavior insights)

Data shared: User IDs, email addresses, game progress, device information, usage analytics, crash reports

Privacy Policy: https://policies.google.com/privacy

Google Sign-In

Purpose: Alternative authentication method

Data shared: Email address, basic profile information (name, profile picture)

Privacy Policy: https://policies.google.com/privacy

Apple Sign-In (if applicable)

Purpose: Alternative authentication method for Apple users

Data shared: Email address (or private relay), basic profile information

Privacy Policy: https://www.apple.com/privacy/

Apple App Store / Google Play Store

Purpose: Process in-app purchases and app distribution

Data shared: Purchase information, app usage statistics

Privacy Policies: Apple: https://www.apple.com/privacy/ | Google: https://policies.google.com/privacy

Content Delivery Networks (CDNs)

Purpose: Deliver game assets and improve loading times

Data shared: IP address, device information

Examples: Vercel, Cloudflare

Legal Requirements

We may share information when required by law, legal process, or to protect our rights or the safety of users, investigate fraud or security issues, or in connection with a business transfer or merger.

Data Storage and Security

Storage Location

  • Primary storage: Firebase servers (Google Cloud Platform)
  • Geographic location: Europe (europe-west3 - Frankfurt) and other global regions
  • Encryption: All data is encrypted in transit (TLS/SSL) and at rest (AES-256)
  • Backup systems: Regular automated backups with encryption

Security Measures

  • Industry-standard encryption protocols (TLS 1.3, AES-256)
  • Regular security audits and vulnerability assessments
  • Access controls (limited team access, two-factor authentication)
  • Secure authentication systems (OAuth 2.0, JWT tokens)
  • Monitoring systems (intrusion detection, anomaly monitoring)
  • Data breach response procedures (incident response plan, user notification)

Data Retention

We retain your information for as long as necessary to provide our services:

  • Account data: Until account deletion (with 30-day grace period)
  • Game progress: Until account deletion
  • Analytics data: Maximum 26 months (anonymized after 14 months)
  • Support communications: Maximum 3 years
  • Crash reports: Maximum 12 months
  • Financial records: 7 years (legal requirement)

Your Rights and Choices

Account Management

  • Access: View and download your account information and data
  • Update: Modify your account information, preferences, and settings
  • Delete: Request complete account and data deletion
  • Export: Download your game data in a portable format
  • Portability: Transfer your data to another service (where technically feasible)

Communication Preferences

  • Opt-out: Unsubscribe from promotional communications
  • Notification settings: Control push notifications and email preferences
  • Marketing consent: Manage marketing communication preferences
  • Frequency controls: Adjust communication frequency

Data Subject Rights (GDPR - EU Users)

If you are in the European Union, you have additional rights:

  • Right of access: Obtain information about processing and a copy of your data
  • Right of rectification: Request correction of inaccurate personal data
  • Right of erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to data portability: Receive your data in a machine-readable format
  • Right to object: Object to processing based on legitimate interests
  • Right to restrict processing: Request limitation of processing in certain circumstances
  • Rights related to automated decision-making: Protection against purely automated decisions

California Privacy Rights (CCPA - California Users)

California residents have additional rights:

  • Right to know: What personal information is collected and how it's used
  • Right to delete: Request deletion of personal information
  • Right to opt-out: Opt-out of the sale of personal information (we don't sell data)
  • Right to non-discrimination: Not be discriminated against for exercising privacy rights

How to Exercise Your Rights

Contact us through:

  • Email: contact@sultansgambit.com
  • In-game support: Settings → Help & Support → Privacy Request
  • Response time: We will respond within 30 days (GDPR) or 45 days (CCPA)

Virtual Items and Monetization

Card Bundle System

Sultan's Gambit features predetermined card bundles with transparent contents:

  • No randomization: All bundle contents are predetermined and disclosed before purchase
  • Transparent system: Players know exactly which cards they're purchasing
  • No gambling: No random chance elements or loot box mechanics
  • Fair pricing: All bundles clearly display contents and pricing

In-Game Purchases

  • Virtual goods: All purchases are for virtual items with no real-world value
  • Transaction records: All purchase history is maintained for your records
  • Refund policy: Refunds handled according to platform policies (Apple App Store, etc.)
  • Fraud prevention: We monitor for suspicious purchasing activity

Contact Information

General Privacy Questions

Email: contact@sultansgambit.com

Subject line: "Privacy Policy Inquiry"

Response time: Within 5 business days

Data Protection Officer

Email: contact@sultansgambit.com

Subject line: "Data Protection Officer"

For: GDPR-related requests, data protection concerns

Business Address

Address: Meuschelstraße 60, 90408 Nürnberg, Germany