Privacy Policy for Ashto

This Privacy Policy describes how we collect, use, store, share, and protect personal data when you use the Ashto mobile application (the "App"). It also explains your rights under the European Union General Data Protection Regulation (GDPR) and similar data protection laws. By using the App, you agree to the practices described in this Policy.

1. Who we are

The App is developed and maintained by divya sriramula, an independent developer. For the purposes of GDPR, we act as the data controller for personal data we collect through the App. You can contact us at any time at roopalabs.dev@gmail.com for any questions about this Policy or your data.

2. What information we collect

2.1 Information you provide to us

When you create an account or use the App, you may provide us with the following personal information:

• Name or display name � used to identify you in games and to other players
• Email address � when you sign in with Google
• Profile picture � when you sign in with Google
• User ID � a unique identifier we generate to associate your gameplay data with your account

You may also play as a guest, in which case we generate an anonymous local ID for you and do not collect your name, email, or profile picture unless you choose to set a display name.

2.2 Information collected automatically

When you use the App, we (or our service providers) may automatically collect:

• Device type, model, and operating system version
• Approximate IP address (used to route network traffic; not stored long-term)
• App usage data, such as games played, wins, kills, and in-app coin balance
• Crash reports and diagnostic information (to help us fix bugs)

2.3 Information we do NOT collect

• We do not collect precise location (GPS) data
• We do not collect contacts, photos, microphone, or camera data
• We do not use Artificial Intelligence (AI) to process your personal data
• We do not sell your personal data to third parties
• We do not currently display advertisements in the App

3. How we use your information

We use the personal data we collect for the following purposes:

• To create and maintain your player account
• To enable online multiplayer gameplay, friend lists, and friend requests
• To display your name and avatar to other players in your games
• To save your in-game progress, statistics, and coin balance
• To diagnose crashes, bugs, and performance issues
• To respond to your questions, feedback, or support requests
• To comply with legal obligations

4. Legal basis for processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or another jurisdiction with similar laws, we process your personal data under the following legal bases:

• Performance of a contract � to provide you with the App's features (online multiplayer, accounts, friends)
• Legitimate interests � to fix bugs, prevent fraud, and improve the App
• Consent � where you have given us specific permission, such as by signing in with Google
• Legal obligation � where we are required to retain or disclose data by law

5. Third-party services

We use the following third-party services to operate the App. Each service has its own privacy policy, which we recommend you review:

• Google Play Services � required for Android apps
• Firebase Authentication � for sign-in
• Firebase Realtime Database � for online multiplayer
• Cloud Firestore � for player profiles and stats
• Google Analytics for Firebase � for anonymous usage analytics
• Firebase Crashlytics � for crash reporting

These services are operated by Google LLC, which acts as our data processor under GDPR. Data may be transferred to and processed in the United States and other countries where Google operates servers. Google complies with the EU-U.S. Data Privacy Framework and uses Standard Contractual Clauses for international data transfers.

6. Data sharing and disclosure

We do not sell, rent, or trade your personal data. We may share your information only in the following limited circumstances:

• With other players: Your display name, avatar, and in-game actions are visible to other players in online matches and to your friends list.
• With service providers: We share data with Google Firebase services as described in Section 5.
• For legal reasons: We may disclose information if required by law, subpoena, court order, or to protect our rights, your safety, or the safety of others.
• In a business transfer: If the App is acquired or merged with another entity, your data may be transferred to the new owner under the same privacy commitments.

7. Data retention

We retain your personal data only as long as necessary to provide the App's services and to comply with our legal obligations:

• Account data (name, email, user ID, stats): retained for as long as your account exists.
• Crash and diagnostic data: retained for up to 90 days.
• Analytics data: retained for up to 24 months in aggregated form.
• Friend lists and game history: retained for as long as your account exists.

If you delete your account or request deletion (see Section 8), we will delete your personal data within 30 days, except where we are required to retain it by law.

8. Your rights under GDPR

If you are in the EEA, United Kingdom, or a jurisdiction with similar laws, you have the following rights regarding your personal data:

• Right of access � you can request a copy of the personal data we hold about you
• Right to rectification � you can ask us to correct inaccurate or incomplete data
• Right to erasure ("right to be forgotten") � you can ask us to delete your personal data
• Right to restrict processing � you can ask us to stop processing your data in certain circumstances
• Right to data portability � you can ask us to provide your data in a machine-readable format
• Right to object � you can object to our processing of your data based on legitimate interests
• Right to withdraw consent � where processing is based on consent, you can withdraw it at any time
• Right to lodge a complaint � you can complain to your local data protection authority if you believe we have violated your rights

To exercise any of these rights, contact us at roopalabs.dev@gmail.com. We will respond within 30 days.

9. How to delete your account and data

You can stop the App from collecting any new information at any time by uninstalling it from your device. To request deletion of personal data we have already collected, email us at roopalabs.dev@gmail.com with the subject line "Account Deletion Request" and include the email address or display name associated with your account. We will delete your data within 30 days and confirm by email.

10. Children's privacy

The App is not directed to children under the age of 13 (or under 16 in the EEA). We do not knowingly collect personal information from children under these ages. If you are a parent or guardian and you believe your child has provided us with personal data, please contact us at roopalabs.dev@gmail.com and we will delete the information promptly.

11. Data security

We take reasonable physical, electronic, and procedural measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. This includes using Google Firebase's secure infrastructure, encrypted connections (HTTPS/TLS), and limiting access to data on a need-to-know basis. However, no security system is perfect, and we cannot guarantee absolute security of data transmitted over the internet.

12. International data transfers

Your personal data may be transferred to, stored, and processed in countries outside your country of residence, including the United States and Singapore (where our Firebase Realtime Database is hosted in the asia-southeast1 region). When we transfer personal data outside the EEA, we rely on legal mechanisms such as Standard Contractual Clauses to ensure your data is protected to the same standard as under GDPR.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the App, or legal requirements. When we make changes, we will update the "Effective date" at the top of this page and, where appropriate, notify you within the App. We encourage you to review this Policy regularly.

14. Contact us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

Email: roopalabs.dev@gmail.com
Developer: divya sriramula
App: Ashto (ashta chamma)