Privacy Policy for Number Strike
Effective Date: March 11, 2026
Last Updated: March 17, 2026
1. Introduction
Welcome to Number Strike ("we," "our," or "us"). Number Strike is a real-time, turn-based player-versus-player (PvP) number guessing game. This Privacy Policy explains what information we collect, how we use it, who we share it with, how long we keep it, and what choices you have, when you use our mobile application (the "App").
By using the App you agree to this Privacy Policy. If you do not agree, please do not use the App.
2. Information We Collect
We collect only the information necessary to provide gameplay, social features, matchmaking, and our in-app economy.
A. Information You Provide
Authentication Data
We use Firebase Authentication. You may sign in using any of the following methods:
- Guest (anonymous): A system-generated Firebase user identifier (UID) is assigned. No personal information is required.
- Google Sign-In: We receive an OAuth token from Google. Your Google account email, display name, and profile photo URL may be stored in Firebase Authentication. We do not copy this data into our own database.
- Sign in with Apple: We receive an identity token and authorization code from Apple. Your email and full name (if you choose to share them) may be stored in Firebase Authentication. We do not copy this data into our own database.
- Email and Password: You provide an email address and password. Firebase Authentication stores your email and a hashed version of your password. We send a verification email to confirm your address.
Profile Data
- Display nickname (3–16 characters). A normalized, lowercase version is also stored to enforce uniqueness.
- Profile photo, if you choose to upload one. The photo is stored in Firebase Storage. As a reliability fallback, a Base64-encoded copy may also be stored in our database.
Camera and Photo Library Access
If you choose to set or change your profile photo, the App may request permission to access your device camera or photo library. These permissions are used solely for profile photo selection and are never accessed for any other purpose.
Social and Communication Data
- Friend list and friend request records (sender, receiver, status, timestamps).
- Match invitations between friends (sender, receiver, match format, status, timestamps).
- Online/offline presence state and last-seen timestamp, used to show availability to friends.
Feedback
You may submit feedback through Settings. When you do, we collect: your user identifier, nickname, the message text, your app version and build number, your device platform (iOS or Android), and a timestamp.
B. Information Generated or Collected Automatically
Gameplay and Competitive Data
When you play matches, we record:
- Match metadata: format (Single, Best-of-3, Best-of-5), participants, start/end timestamps, and result (winner, forfeit, timeout).
- Turn-by-turn history: each guess, the strike/ball feedback, and which player made the guess.
- Competitive statistics: Elo rating, tier/rank, wins, losses, games played, win streaks, and per-mode breakdowns, updated by our server after each match.
- Match history summaries: opponent nickname, format, result, and end time, stored per-player by our server.
- Secret number hashes: To verify fair play, a SHA-256 cryptographic hash of each player's secret number is stored on our server. The actual secret number is held only in device memory and is never transmitted or stored in plaintext.
Credits (In-App Economy)
- Your credit balance, credit transaction history (deductions on match entry, refunds to winners, rewarded-ad grants, hourly free grants), and timestamps of recent credit events.
Push Notifications
- If you enable push notifications, we store your Firebase Cloud Messaging (FCM) device token and the timestamp of the last token refresh. Tokens are used to deliver match invitations, friend-request alerts, and periodic credit-related reminders. Stale tokens are automatically cleared by our server.
Login Activity
- Each time you sign in, a login timestamp is recorded in your account history.
Device Locale and Country
- We collect your device's locale setting (e.g., "en_US") and derive a country code (e.g., "US") from it. This information is updated each time you open the App and is used to understand our user base by region and to support future localization improvements. This data reflects your device's language and region settings, not your precise geographic location.
Advertising Data
We display ads through Unity Ads (Unity Technologies). The Unity Ads SDK may collect and process:
- Advertising identifiers (IDFA on iOS, Google Advertising ID on Android).
- IP address, device model, operating system version, and screen resolution.
- Ad interaction data: impressions, clicks, video completion, and skip events.
This data is collected and processed by Unity Technologies under its own privacy policy. On iOS, we participate in Apple's SKAdNetwork framework for privacy-preserving ad attribution. The App includes SKAdNetwork identifiers for this purpose.
Referral and Deep Link Data
- The App supports referral links (numberstrike.app/invite?ref=CODE). When you open a referral link, the referral code is temporarily stored on your device until account setup completes. Once applied, the referral relationship (referrer and referee identifiers, status, and reward timestamp) is stored on our server.
Local Device Storage
We store non-personal preferences on your device using local storage (SharedPreferences), including:
- Audio settings (volume levels, mute states).
- Language/locale preference.
- Tutorial and onboarding dismissal states.
- Interstitial ad frequency counter.
- In-app review prompt state.
These values contain no personally identifiable information and remain entirely on your device.
C. Information We Do NOT Collect
We do not integrate any dedicated analytics or crash-reporting SDK (such as Google Analytics, Firebase Analytics, Crashlytics, or Sentry). We do not track your browsing activity, location, contacts, or any sensor data.
3. Matchmaking and AI Opponents
To ensure a smooth experience and reduce wait times, the matchmaking system may pair you with an AI-controlled opponent when a human match is not found within a short period. AI opponents are treated the same as human opponents within game systems, including rating adjustments and credit flows. AI opponents have their own persistent profiles and match records.
4. How We Use Information
We use the information we collect to:
- Authenticate your identity and manage your account.
- Operate real-time gameplay, matchmaking, turn progression, and match resolution.
- Maintain your profile, friends list, and social interactions (invitations, presence).
- Run the credits economy: deducting credits on match entry, refunding winners, granting ad rewards, and distributing hourly free credits.
- Process referral attribution and rewards.
- Calculate and update competitive ratings, tiers, and leaderboard rankings.
- Deliver push notifications you have enabled (invitations, friend requests, credit alerts).
- Display advertisements (banner, interstitial, and rewarded video) through Unity Ads.
- Verify fair play through cryptographic hash comparison of secret numbers.
- Enforce nickname uniqueness and prevent abuse.
- Respond to your feedback submissions.
- Understand our user base by region and improve localization (using device locale and country data).
- Comply with legal obligations.
5. Sharing of Information
We do not sell your personal information.
We share data with the following service providers solely to operate the App:
- Google LLC / Firebase: Authentication, Cloud Firestore (database), Firebase Storage (file storage), Cloud Functions (server-side logic), and Firebase Cloud Messaging (push notifications). Firebase processes your data under Google's privacy terms.
- Unity Technologies: Unity Ads SDK for ad serving, measurement, and optimization. Unity processes advertising identifiers, device information, and ad interaction data under its own privacy policy.
- Apple Inc.: Sign in with Apple authentication (when you choose Apple sign-in). SKAdNetwork for privacy-preserving ad attribution on iOS.
- Google LLC: Google Sign-In authentication (when you choose Google sign-in).
We may also disclose information if required by law, legal process, or governmental request, or when necessary to protect the safety, rights, or property of our users or the public.
6. Data Security
We implement multiple layers of security to protect your data:
- Server-side access control: Firestore Security Rules restrict read and write access to authorized users and validated operations. Sensitive fields (such as ratings, credits, and match outcomes) can only be modified by our server-side Cloud Functions, not by client devices.
- Cryptographic integrity: Secret numbers used in gameplay are never stored or transmitted in plaintext. Only their SHA-256 hashes are sent to the server, where they are verified upon match completion.
- Authentication: All data access requires a valid Firebase Authentication session. Each user can only access their own profile and authorized game data.
- Transport encryption: All network communication between the App and our servers uses HTTPS/TLS encryption.
While we strive to protect your information, no method of electronic storage or transmission is completely secure, and we cannot guarantee absolute security.
7. Data Retention
We retain different categories of data for different periods:
- Account and profile data: Retained until you delete your account through the in-app Delete Account feature.
- Game records and turn history: Retained indefinitely to preserve leaderboard integrity and competitive history.
- Match history summaries: Retained indefinitely as part of your game record.
- Login history: Retained until account deletion.
- Matchmaking queue data: Automatically cleaned up when a match is found, cancelled, or detected as stale (within 30 minutes).
- Invitations: Status is updated (accepted, declined, cancelled) but records are retained. Invitations are cancelled upon account deletion.
- Feedback submissions: Retained indefinitely for product improvement purposes.
- FCM tokens: Cleared on sign-out. Stale tokens are automatically invalidated by our server.
- Local device storage: Managed by your device operating system and removed when the App is uninstalled.
8. Account Deletion and Your Rights
You can delete your account at any time using the Delete Account feature in the App's Settings screen. When you delete your account, we remove:
- Your user profile and all associated data (nickname, photo, statistics, ratings, credits, referral code, presence state, FCM token).
- Your nickname reservation (freeing it for future use).
- Your friends list and all pending/received friend requests.
- Your login history.
- Your matchmaking queue entry and matchmaking slot data.
- Your referral record.
- Your profile photo from Firebase Storage.
- Outgoing invitations (marked as cancelled); incoming invitations (marked as cancelled).
- Your Firebase Authentication account.
After deletion, the following may remain:
- Completed game records and turn logs, which are part of the shared competitive history and leaderboard system.
- Your match history entries in other players' records (opponent nickname and match result).
- Feedback submissions you have made.
- Data that has already been processed into aggregated or anonymized form.
Depending on your jurisdiction (for example, under the GDPR, CCPA, or other applicable privacy laws), you may have additional rights regarding your personal data, including the right to access, correct, port, or request deletion of your data. To exercise these rights, please contact us using the information below.
9. Children's Privacy
Number Strike is not directed at children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us and we will promptly delete it.
10. International Data Processing
Our service infrastructure is provided by Google (Firebase) and Unity Technologies, which may process and store data in data centers located outside your country of residence, including in the United States. By using the App, you acknowledge that your data may be transferred to and processed in jurisdictions that may have different data protection laws than your own.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top and, where practical, notify you through the App. Your continued use of the App after changes are posted constitutes your acceptance of the updated policy.
12. Contact
If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have any privacy-related concerns, please contact:
Developer: Jookwang Jung
Email: jaykaysm@gmail.com
Location: Los Angeles, California, USA