Privacy Policy
Transparency about what data TRETA Block collects, why, and what you can do with it.
1. Who we are
This policy applies to the mobile and web app TRETA Block, published by the independent studio nikolaspaolo (individual, Brazil). We are the controller of the personal data processed in the app, as defined by Art. 5, VI of the Brazilian LGPD.
Data Protection Officer (DPO) contact: contato@nikolaspaolo.com
2. What data we collect
We collect the bare minimum needed for the game to work and for the ranking to be fair. No full name, address, phone, government ID or any document.
| Data | Why | Source |
|---|---|---|
Nickname + tag (e.g., Player#0042) |
Identify you on the ranking and in 1v1 versus | You type it |
| Anonymous ID (UUID generated on first launch) | Link progress across sessions without requiring login | Auto-generated |
| Game stats (score, combos, wins, matches) | Feed the global ranking and your history | During matches |
| Advertising identifier (GAID on Android, IDFA on iOS) | Show ads (optional — you can opt out) | Operating system |
| Purchase receipt (token issued by the store) | Validate the "Pro" IAP and restore on other devices | Google Play / App Store |
| IP address + connection timestamp | Prevent abuse and debug server errors | Connection to our versus server |
| Google email (optional) | Save your progress so you can recover it on another device or after reinstalling. Collected only if you opt for "Save with Google" in the profile. Without login, we only keep the anonymous ID generated on the device. | You provide via Google OAuth |
What we do NOT collect
Real name, phone, precise location, contact list, photos, microphone, calendar, browsing history. No behavioral tracking outside the app. Email only if you opt for Google login.
3. Purpose of processing
We process your data under the following LGPD legal bases (Art. 7):
- Contract execution (Art. 7, V) — ranking, 1v1 versus, progress persistence, IAP
- Legitimate interest (Art. 7, IX) — anti-fraud, rate-limit, aggregated error logs
- Consent (Art. 7, I) — display of personalized ads, if you agree on the consent screen
4. Sharing with third parties
The app uses third-party services that necessarily process some data on their own servers:
| Partner | Purpose | Data sent |
|---|---|---|
| Supabase (Ireland/EU) | Anonymous authentication, ranking and history storage | Anonymous ID, nickname, tag, statistics |
| Railway (USA) | WebSocket server for 1v1 matches | Anonymous ID, connection IP, real-time match state |
| Google AdMob | Ad display | Advertising identifier, device data (type, language, app age) |
| Google Identity (OAuth) | Link your profile to your Google email when you opt for "Save with Google" — used only for authentication, not for advertising | Public Google email + name (optional) |
| RevenueCat (USA) | Purchase processing and validation | Anonymous ID, store receipt |
| Google Play / App Store | IAP payment | Per the store's own policy |
No data is sold. None is used for our own direct advertising. Each partner has their own privacy policy — we recommend reading them if you're a frequent user.
5. International transfers
Some partners (Railway, AdMob, RevenueCat) keep servers outside Brazil. Transfers are made under Art. 33 of the LGPD, with standard contractual clauses or in countries with adequate data protection levels recognized by ANPD.
6. Retention
- Active account: we keep your data while the app is installed and in use.
- Inactive account 12 months: we may delete the profile automatically.
- Deletion requested: we remove within 30 days.
- Purchase receipts: kept for 5 years to meet tax requirements and store dispute windows.
- Security logs: up to 90 days.
7. Your rights (LGPD Art. 18 / GDPR Art. 15-22)
You have the right to:
- Confirmation and access — know what we have about you
- Correction — request updates to incorrect data
- Anonymization, blocking or deletion — of unnecessary data
- Portability — receive your data in a structured format
- Deletion of data processed under consent
- Information about sharing with public and private entities
- Withdrawal of consent
To exercise any right, email contato@nikolaspaolo.com with the subject "LGPD" or "GDPR" and your profile's nickname#tag. We respond within 15 days.
8. Minors
TRETA Block is intended for people 13 years or older. We don't knowingly collect data from children. If you're responsible for someone under 13 who used the app, send an email and we'll delete the profile immediately.
9. Cookies and identifiers
The mobile app itself does not use cookies. Third-party SDKs (AdMob, RevenueCat) may use persistent identifiers on the device per their own policies. You can reset the advertising identifier in your operating system settings at any time. The web build uses localStorage to remember your anonymous ID, settings and consent.
10. Security
We use HTTPS on all connections, encryption at rest in Supabase databases, JWT token authentication, and Row-Level Security preventing one user from reading another's data. Even so, no system is 100% secure — if you find a vulnerability, please email us so we can fix it fast.
11. Changes to this policy
If we change anything material, we update the date at the top of this page and, if it involves a new purpose, we notify inside the app before the next session.
12. Contact
Any questions, comments or complaints: contato@nikolaspaolo.com.
If you think we processed your data incorrectly, you may also complain directly to the Brazilian National Data Protection Authority (ANPD): gov.br/anpd.