Dumka – Privacy Policy

1. Who We Are

Doonax BG (“we”, “our”, “us”) is the trading name of Lyubomir Georgiev, an independent developer based in Bulgaria (EU). Contact: doonaxbg@gmail.com.

2. Information We Collect & Why

2.1 Local Game Data

• Words guessed, wins, streaks, haptics and other in-game stats.
• Purpose: provide gameplay features, achievements and preferences.
• Storage: only on your device; not transmitted to us.

2.2 Advertising (Google AdMob)

• We use Google’s Families Self-Certified Ads SDK (AdMob) to show non-personalized, G-rated ads only.
• All ad requests are tagged tagForChildDirectedTreatment(true) and tagForUnderAgeOfConsent(true).
• Google may receive a resettable Advertising ID, coarse device/OS info and your IP address to deliver, measure and protect against fraud/abuse. This can reveal approximate location (city/region level) for safety and compliance purposes.
• Ad processing is governed by the Google Privacy Policy.

2.3 Firebase (Analytics, Crashlytics & Performance)

• Analytics (Firebase Analytics): anonymous usage events (e.g., screens, taps, session counts) to understand usage and improve the app. We do not set a user ID or use data for personalized advertising.
• Crash Reporting (Firebase Crashlytics): crash traces, diagnostics, device/OS/app version to find and fix problems.
• Performance Monitoring (Firebase Performance): timing and network performance metrics to keep the app fast and reliable.
• Controls: where required by law (e.g., EEA/UK), we minimize identifiers and obtain consent or rely on another lawful basis as described below. You may also request we disable analytics/crash/performance for your device by emailing us.
• Data is processed by Google Firebase under their product-specific terms and privacy policy.

2.4 In-App Purchases

• Purchases (e.g., ad removal) are handled by Google Play / Apple App Store. We do not receive payment card data.

2.5 Device Permissions

• Vibration (haptics) and Internet (ads, updates, purchase verification).

2.6 Data We Do Not Collect

• No account registration, names, emails (except if you email us).
• No precise geolocation, contacts, photos, microphone or camera.
• No sensitive personal data (e.g., health, biometrics).

3. Legal Bases (GDPR/UK GDPR)

• Consent: where required (e.g., certain analytics or diagnostics in EEA/UK), and you can withdraw at any time by contacting us.
• Contract / legitimate interests: provide the game, ensure security/fraud prevention, measure basic service performance, and show non-personalized, contextual ads to fund the free service (while honoring child-directed flags).
• Legal obligation: compliance with applicable laws and responses to lawful requests.

Children/unknown-age: we request only non-personalized ads and apply child-directed settings. We avoid profiling and do not knowingly collect children’s personal data beyond what is strictly necessary to provide the app.

4. Children’s Privacy & Families Policy

Dumka is suitable for all ages. We do not knowingly collect personal information from children. Ads are non-personalized, age-appropriate and requested via Google’s UMP with child-directed settings. Parents/guardians may contact us to remove any information sent inadvertently.

5. Your Choices & Controls

• Ads: our ads are non-personalized. You can also reset/limit your Advertising ID in your device settings.
• Analytics/Crash/Performance: if you prefer to opt out on your device, contact us at doonaxbg@gmail.com and we will honor your request by disabling collection signals where feasible.
• Reset Advertising ID: Android Settings → Privacy → Ads → Reset advertising ID.
• Delete local data: uninstall the app or clear its storage.
• Contact us: doonaxbg@gmail.com

We do not sell or share your personal information for cross-context behavioral advertising (as defined by California law). See “California Privacy Disclosures” below.

6. Data Security, Retention & International Transfers

• Security: all communications use HTTPS/TLS. We follow industry-standard practices appropriate to the nature of the data.
• Retention: we keep data only as long as needed for the purposes described or as required by law. Local game data stays on your device until you delete the app or its storage. Our processors (e.g., Google) retain data per their policies and service settings.
• Transfers: Google may process data on servers outside your country. Such transfers are covered by Google’s data protection terms and appropriate safeguards (e.g., Standard Contractual Clauses and, where applicable, Data Privacy Framework certifications).

7. Your Privacy Rights

Depending on your location, you may have the right to request access, correction, deletion, portability, restriction or objection to certain processing, and to withdraw consent.

• EEA/UK (GDPR): access, rectification, erasure, restriction, portability, and objection; right to lodge a complaint with your supervisory authority.
• California (CPRA): right to know, delete, correct, limit use of sensitive information, and opt-out of sale/share. We do not sell or share your personal information. You may still contact us to exercise your rights.
• Brazil (LGPD), Canada (PIPEDA), South Africa (POPIA) and other regions: similar rights may apply; we will honor valid requests as required by local law.

To exercise any right, email doonaxbg@gmail.com. We may ask for information to verify your request. You may authorize an agent where your law allows.

8. Third-Party Processors

We rely on the following providers solely to deliver our services:

• Google AdMob (including UMP): ad delivery, fraud prevention, measurement (non-personalized). Privacy: Google.
• Google Firebase: Analytics, Crashlytics, Performance Monitoring. Privacy: Google and the Firebase service terms.

These providers act as processors/service providers under applicable laws. We do not permit them to use your data for their own advertising or profiling unrelated to our app.

9. California Privacy Disclosures

• Categories collected: identifiers (Advertising ID), device/OS/app info, diagnostics (crash/performance), app activity (non-personalized usage events), and approximate location (derived from IP by Google for safety/compliance).
• Sensitive information: none collected.
• Purposes: provide and secure the app, basic measurement, non-personalized ads, fraud/abuse prevention.
• Sale/Share: we do not sell or share personal information as defined by CPRA. If you still wish to submit a “Do Not Sell or Share” request, contact doonaxbg@gmail.com and we will confirm our status in writing.
• Non-discrimination: we will not discriminate against you for exercising your rights.

10. Contact & Complaints

Questions or requests: doonaxbg@gmail.com.

EU/EEA/UK users may also complain to their local data protection authority. Because we are established in the EU (Bulgaria), our lead authority is the Bulgarian Commission for Personal Data Protection (CPDP).

11. Changes

We may update this policy. The “Last updated” date will change. Significant changes will be announced in-app. Continued use after an update constitutes acceptance.

12. Summary of Key Points (Non-binding)

• No accounts; game data lives on your device.
• Ads are non-personalized, G-rated, and child-directed flags are always on.
• Firebase is used for anonymous analytics, crashes and performance; no user ID for ads.
• Approximate location may be inferred by Google from IP to keep the service safe and compliant.
• You have rights. Email us to exercise them; we do not sell or share your data.