- No signup required. We don't ask for your email, name, age, or anything personal.
- We don't sell your data. Period.
- We do collect anonymous usage stats (which genres are popular, crash reports) to make the app better.
- Ads are served by Google AdMob. They use an advertising ID to show relevant ads. You can opt out in your phone settings.
- Music streams from Deezer's catalog. Their preview URLs play through your device — we don't store songs.
- We send optional push notifications (daily streak reminders) if you grant permission. You can turn them off anytime in your device settings.
- You can delete your data anytime by uninstalling the app (and emailing us if you want server-side data removed too).
1. Who We Are
bitndrop ("the app", "we", "us", "our") is operated by Maxim Kozlov, based in Givatayim, Israel.
For privacy questions or requests: support@bitndrop.com
Privacy officer: Maxim Kozlov · support@bitndrop.com
2. Information We Collect
2.1 Information you provide
None at signup. bitndrop does not require an account, email address, password, or any personal information to use. You can play immediately without telling us anything about yourself.
If you contact us by email we receive whatever information you include in that message.
2.2 Information collected automatically
| Data | Why we collect it | Source |
|---|---|---|
| Anonymous user identifier (Firebase UID) | Save your scores and streaks across sessions | Firebase Anonymous Auth |
| Daily streak count and last challenge date | Track your streak, send timely reminders | Firebase Firestore |
| Push notification token (Expo push token) | Deliver daily streak reminder notifications | Expo / Firebase Firestore |
| Device timezone (IANA timezone string, e.g. "America/New_York") | Deliver push notifications at your local time instead of a fixed UTC time | Firebase Firestore |
| Device attestation token | Verify the request comes from a genuine, unmodified app (security) | Apple App Attest / DeviceCheck fallback (iOS) · Google Play Integrity (Android) via Firebase App Check |
| Device type, OS version, app version | Crash reports, compatibility | Firebase Crashlytics |
| App usage events (genres played, quiz completions, scores) | Improve the app, identify popular features | Firebase Analytics |
| Crash logs and stack traces | Diagnose and fix bugs | Firebase Crashlytics |
| Advertising identifier (IDFA on iOS, AAID on Android) | Relevant ads, frequency capping | Google AdMob |
| Approximate location (country-level, from IP) | Regional ad targeting, analytics | Google AdMob, Firebase Analytics |
We do not collect your name, email, phone number, contacts, photos, calendar, microphone data, precise GPS location, browsing history, or social media accounts.
2.3 Information stored on your device
The following is stored locally on your device (MMKV) and never transmitted to our servers: settings (sound/haptics/language), high scores, and a cache version flag. Clear it anytime by uninstalling the app.
3. How We Use Your Information
- Operate the app — maintain your anonymous account, save your scores
- Improve the app — understand which genres are popular, where users drop off, what's broken
- Fix bugs — diagnose crashes through Crashlytics stack traces
- Show ads — Google AdMob serves banner and rewarded video ads to keep the app free
- Send push notifications — (1) daily streak reminder at approximately 21:00 in your local timezone if you have an active streak and haven't played yet; (2) re-engagement nudge at approximately 13:00 in your local timezone if you haven't played in 2–7 days (only if you granted notification permission)
- Communicate with you — only if you email us first
We do not sell your data, build marketing profiles for resale, or do cross-app tracking outside our own analytics.
4. Third-Party Services
4.1 Google Firebase
Authentication (anonymous), Firestore, Analytics, Crashlytics, and App Check.
Provider: Google LLC — Privacy Policy
Data shared: Anonymous user ID, device info, usage events, crash logs, device attestation tokens (App Check — used to verify requests come from a genuine, unmodified installation of bitndrop; no user-identifiable information is derived from these tokens)
4.2 Google AdMob
Banner and rewarded video ads.
Provider: Google LLC — Privacy Policy
Data shared: Advertising identifier, IP-based country, ad interaction data
4.3 Deezer
30-second song previews streamed from Deezer's public catalog API. Audio files are not stored by us.
Provider: Deezer S.A. — Privacy Policy
Data shared: Generic API requests (genre/playlist IDs only — no user identifier sent to Deezer)
4.4 Expo
Push notification delivery. When you grant notification permission, an Expo push token is generated on your device, stored in Firestore, and used to route streak reminder notifications through Expo's push infrastructure.
Provider: Expo (by Expo, Inc.) — Privacy Policy
Data shared: Push notification token, notification payload (streak count, deep-link route)
4.5 Apple App Store / Google Play
Download stores collect data per their own policies: Apple · Google
5. Advertising and Tracking Choices
5.1 iOS App Tracking Transparency (ATT)
On iOS 14.5+, you'll see a system prompt when you first open the app. If you decline, AdMob shows non-personalized ads.
5.2 Limit ad tracking
- iOS: Settings → Privacy & Security → Tracking → toggle off
- Android: Settings → Privacy → Ads → Delete advertising ID
5.3 Disable analytics in-app
Settings → Privacy → Analytics (within bitndrop).
5.4 Push notifications
You can revoke notification permission anytime:
- iOS: Settings → bitndrop → Notifications → toggle off
- Android: Settings → Apps → bitndrop → Notifications → toggle off
Revoking permission stops future notifications. Your push token is removed from our servers upon account deletion, after 24 months of inactivity, or when your device is unregistered (see §6). You can also request immediate deletion by emailing support@bitndrop.com.
6. Data Retention
| Data type | Retention period |
|---|---|
| Anonymous user account | Until deletion request or 24 months of inactivity |
| Push notification token | Until account deletion, 24-month inactivity expiry, or device unregistration |
| Game session records | 24 months, then automatically deleted |
| Analytics events (Firebase) | Google's default (currently 14 months) |
| Crash reports | 90 days after crash |
| Local device data | Until you uninstall the app |
| Email correspondence | Up to 24 months |
7. Your Rights
7.1 Everyone
- Stop using the app anytime — uninstalling wipes local data immediately.
- Request deletion of server-side records: email support@bitndrop.com with subject "Delete my data" and your anonymous user ID (Settings → About).
- Limit ads via your device's advertising ID controls (Section 5).
7.2 Canadian residents (PIPEDA)
Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) gives you the right to know what personal information we hold, to request corrections, and to withdraw consent to its collection or use. We collect only the data necessary to operate the app (see §2), retain it only as long as needed (see §6), and do not sell it. To exercise your rights, email support@bitndrop.com.
7.3 California residents (CCPA / CPRA)
We do not sell your personal information. AdMob's ad serving may be considered "sharing" under CPRA — opt out via iOS ATT or Android ad ID controls.
7.4 Israeli residents (PPL)
You have the right to access, correct, or delete your data per Israel's Privacy Protection Law 5741-1981. Email support@bitndrop.com.
8. Children's Privacy
bitndrop is rated 12+ on the App Store and Teen on Google Play. The app is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us data, contact support@bitndrop.com and we will delete it promptly.
9. Security
- All network traffic uses HTTPS / TLS
- Firestore is access-restricted by Security Rules — users can only read/write their own data
- No passwords stored (no signup)
- Infrastructure operated by Google with industry-standard security
In the event of a security breach posing a real risk of harm, we will notify affected users and the relevant data protection authority (Privacy Commissioner of Canada; Israeli Privacy Protection Authority) without undue delay as required by applicable law.
10. International Data Transfers
Our third-party providers (Google, Expo, Deezer) operate globally under their own data processing agreements.
11. Changes to This Policy
We update the "Last Updated" date when changes are made. For material changes, the Last Updated date will change and we will update the App Store / Play Store description. Continued use after changes are posted constitutes acceptance.
12. Contact
Email: support@bitndrop.com
Operator: Maxim Kozlov, Givatayim, Israel
We aim to respond to privacy inquiries within 30 days.
13. App Store Disclosures
Apple Privacy Nutrition Labels
Data collected and linked to your anonymous identifier: Product Interaction, Crash Data, Performance Data, Other Diagnostic Data, Identifiers (Device ID — push notification token).
Data used for tracking (ATT consent only): Device ID (advertising identifier).
Not collected: Contact Info, Health & Fitness, Financial Info, precise Location, Sensitive Info, Contacts, User Content, Browsing History, Purchases.
Google Play Data Safety
- Data collected: App activity, App info (crash logs, diagnostics), Device IDs
- Shared with third parties: App activity, Device IDs (Google Firebase, AdMob, Expo)
- Encrypted in transit: Yes
- Data deletion: Email support@bitndrop.com
14. Data Deletion
To request deletion of your Bitndrop data, email:
support@bitndrop.com
Include your display name (if set) and approximate last play date.
We will delete within 30 days:
- Your anonymous user account
- Display name and leaderboard scores
- Daily challenge history and streak
- Challenge sessions you created or played
- Push notification token
Anonymized analytics data may be retained for product analytics.