Privacy Policy

Last updated: March 16, 2026

Artax Studios ("we", "us", "our") operates the BoobTap mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App.

1. Information We Collect

1.1 Information You Provide

• Nickname: A username you choose during account creation (3-16 characters).
• Email address: Optional. Used only if you link an email for account recovery or device transfer.
• Password: Optional. Stored securely as a one-way hash (bcrypt). We never store or have access to your plain-text password.
• Language preference: Your selected display language.

1.2 Information Collected Automatically

• Device identifier: A unique device ID used to associate your device with your game account. This is not your hardware serial number.
• Gameplay data: Scores, streaks, puzzle progress, games played, match history, and leaderboard rankings.
• Session data: Session start time, end time, and duration (used to improve game balance).
• Purchase history: Records of in-app purchases including product ID, platform, and transaction status. We do not store payment details (credit card numbers, billing address, etc.) — all payments are processed securely by Google Play or Apple App Store.
• Stamina and token balances: Current in-game resource counts.

1.3 Information We Do NOT Collect

• Real name, date of birth, or physical address
• Phone number
• Precise geolocation or GPS data
• Contacts, photos, or files from your device
• Browsing history
• Financial or payment information (handled entirely by Google Play / App Store)

2. How We Use Your Information

We use the collected information for the following purposes:

• Account management: Create and maintain your game account, enable login across devices.
• Game functionality: Save progress, synchronize data between devices, display leaderboards.
• Game improvement: Analyze session data and gameplay patterns to balance difficulty, fix bugs, and improve the experience.
• Fraud prevention: Detect cheating, suspicious activity, and protect fair play for all users.
• Server maintenance: Monitor server health and ensure reliable service.
• Purchase validation: Verify in-app purchase transactions with Google Play / App Store to prevent fraud.
• Communication: Respond to support requests sent to our contact email.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your data on the following legal bases:

• Contract: Processing necessary to provide the game service (account, gameplay, progress saving).
• Consent: For optional data processing such as analytics, personalized ads, marketing, and crash reports. You can grant or withdraw consent at any time in the App settings.
• Legitimate interest: For game improvement, fraud prevention, and server maintenance — essential operations to keep the game functional and fair.

4. Consent Management

When you first launch the App, you are asked to review and accept our terms. Consents are divided into three categories:

4.1 Required (mandatory to use the App)

• Terms of Service acceptance
• Privacy Policy acceptance
• Age confirmation (16 years or older)

4.2 Optional (your choice)

• Analytics: Help us understand how you play to improve the game.
• Personalized ads: Show ads based on your interests (when ad system is active).
• Marketing: Receive news and special offers.
• Crash reports: Send error data to improve stability.

4.3 Legitimate Interest

• Game improvement: Balance gameplay and fix bugs.
• Fraud prevention: Detect cheating and protect players.
• Server maintenance: Keep services running smoothly.

You can change your optional consent settings at any time through the App's Settings menu.

5. Data Sharing

We do not sell your personal data. We may share limited data with:

• Google Play / Apple App Store: For purchase validation and fraud prevention.
• Advertising partners: If you consent to personalized ads, anonymized advertising identifiers may be shared. No personal data (nickname, email) is shared with advertisers.
• Server hosting provider (Hetzner Online GmbH): Our server is hosted in Falkenstein, Germany (EU). Hetzner provides infrastructure only and does not access your data.
• Law enforcement: Only if required by law, court order, or to protect rights and safety.

6. Data Storage and Security

• Your data is stored on a server located in Germany (EU), compliant with GDPR requirements.
• All communication between the App and our server uses HTTPS/TLS encryption.
• Passwords are hashed using bcrypt (one-way encryption).
• API access is protected by JWT (JSON Web Token) authentication.
• Rate limiting is applied to prevent abuse.

7. Data Retention

• Account data: Retained as long as your account exists.
• Session data: Retained for up to 12 months for analytics purposes, then deleted.
• Purchase history: Retained permanently for transaction verification and refund support.
• Deleted accounts: When you delete your account, all associated data (stats, progress, match history, leaderboard entries, session data, devices) is permanently deleted immediately. Purchase history may be retained for legal compliance.

8. Your Rights (GDPR)

If you are in the EEA, you have the following rights:

• Access: Request a copy of the data we hold about you.
• Rectification: Request correction of inaccurate data.
• Erasure: Delete your account and all associated data through the App's Settings menu, or by contacting us.
• Restriction: Request we limit how we process your data.
• Portability: Request your data in a machine-readable format.
• Objection: Object to processing based on legitimate interest.
• Withdraw consent: Change optional consent settings anytime in the App.

To exercise any of these rights, contact us at contact@boobtap.com. We will respond within 30 days.

9. Children's Privacy

BoobTap is rated 16+ and is not intended for children under 16 years of age. We do not knowingly collect personal information from anyone under 16. Users must confirm they are 16 or older before using the App. If we become aware that we have collected data from someone under 16, we will delete that data immediately.

10. Third-Party Services

The App may integrate the following third-party services, each with their own privacy policies:

• Google Play Services / Google Play Billing: Google Privacy Policy
• Apple App Store / StoreKit: Apple Privacy Policy
• Google AdMob (when active): Google Privacy Policy

11. International Data Transfers

Your data is stored and processed in Germany (EU). If you access the App from outside the EU, your data will be transferred to and processed in Germany under GDPR protections.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the App after changes constitutes acceptance of the updated policy. For significant changes, we may notify you through the App.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us at:

Artax Studios
Email: contact@boobtap.com
Website: https://boobtap.com

← Back to BoobTap