♔

Privacy Policy

Effective: April 22, 2026 · Last updated: April 22, 2026

Gambit is a chess application developed and operated by Codeign (the "developer", "we", "us"). This Privacy Policy explains what information we collect when you use the Gambit mobile app, how we use it, who we share it with, and what rights you have over your data.

We collect the minimum amount of information needed to operate the service. We do not sell personal information. You can delete your account and all associated data from inside the app at any time.

Contents

Information we collect
How we use information
Third parties and processors
Advertising and identifiers
Children's privacy
Retention and deletion
Your rights
Security
International users
Changes to this policy
Contact

§ IInformation we collect

We collect the following categories of information:

Account information. Email address (sign-in), display name, and optional country. Provided by you when you create an account or sign in with Apple, Google, or email.
Game data. Match history, move sequences, ratings, puzzle attempts, friend list, and challenge history — created automatically as you use the app.
Device and diagnostic data. App version, platform, locale, crash logs, and error traces. Collected via Sentry to detect and fix bugs.
Push notification token. A device-specific token used to deliver notifications you have opted into (your turn, friend requests, daily puzzle, news).
Purchase receipts. Verified by RevenueCat to confirm Premium subscription status. We do not see your payment card or store credentials.
Approximate IP address. Used for session security, abuse prevention, and matchmaking region heuristics. Not used for precise location.

We do not collect: precise location, contacts, photos or media library, microphone, camera, browsing history, biometric data, or health data.

§ IIHow we use information

To run core game features: matchmaking, online play, puzzles, leaderboards, friends, and chat between match participants.
To verify and apply your Premium subscription benefits.
To send notifications you have explicitly opted into (in-app preferences).
To detect, prevent, and respond to abuse, fraud, and policy violations.
To diagnose crashes and improve app reliability.
To comply with legal obligations.

We do not sell your personal information. We do not use your information for cross-context behavioural advertising.

We share the minimum data required with the following service providers:

Supabase — backend hosting, authentication, database, realtime sync.
RevenueCat — subscription management and receipt verification.
Apple Push Notification Service (APNs) and Firebase Cloud Messaging (FCM) — push notification delivery.
Expo Push Service — relays notifications between our backend and APNs / FCM.
Sentry — crash and error reporting.
Google AdMob — serves advertisements to non-Premium users (banner, interstitial, rewarded).
Apple, Google — sign-in identity verification when you choose to use Apple or Google sign-in.

We never sell your personal information to third parties or share it for their independent marketing purposes.

§ IVAdvertising and identifiers

Free users are shown advertisements via Google AdMob. AdMob may use the platform advertising identifier (Apple IDFA on iOS, Google Advertising ID on Android) to serve more relevant ads. You can reset or limit this identifier in your device settings:

iOS: Settings → Privacy & Security → Tracking → toggle off "Allow Apps to Request to Track" (also reset IDFA there).
Android: Settings → Google → Ads → Reset advertising ID, or "Delete advertising ID".

Premium subscribers see no ads and the advertising identifier is not used for ad targeting on their devices.

§ VChildren's privacy

Gambit is rated for general audiences (4+ on the App Store, "Everyone" on Google Play). The service is not directed at children under 13 (under 16 in the EEA and UK). We do not knowingly collect personal information from children below those ages. If you are a parent or guardian and believe a child has provided us with personal information, please contact us at the address below and we will delete it.

§ VIRetention and deletion

We keep your data while your account is active. You can delete your account at any time from inside the app: Settings → Account → Delete account. Deleting your account permanently removes your profile, match history, puzzle history, ratings, friends list, and push notification tokens. Server backups are rotated within 30 days.

We may retain a minimal record of completed transactions (subscription billing receipts) for as long as required by tax and accounting law, and we may retain abuse-prevention records (e.g. blocked accounts) for up to 12 months.

§ VIIYour rights

Depending on where you live, you have rights over your personal data including access, correction, deletion, portability, and objection to processing. Most of these rights can be exercised directly inside the app:

View your profile information: Settings → Profile
Edit your display name and country: Settings → Profile
Export your match history: Settings → Account → Export
Delete your account and data: Settings → Account → Delete account
Manage notification preferences: Settings → Notifications

For requests we cannot fulfill in-app, contact us at the email address below. We will respond within 30 days.

EEA, UK, Switzerland users: the legal basis for processing your data is performance of contract (running the app), legitimate interest (security, abuse prevention, error reporting), consent (push notifications, advertising identifiers), and legal obligation (tax records).

California users: Codeign does not sell or share personal information as defined under the California Consumer Privacy Act (CCPA).

§ VIIISecurity

Data is encrypted in transit (TLS 1.2+) and at rest by our service providers. Authentication tokens are stored securely on the device using the platform keystore (iOS Keychain, Android Keystore). We follow industry-standard practices for access control, password hashing, and secret rotation. No system is perfectly secure: if you discover a vulnerability please contact us privately at the email below.

§ IXInternational users

Our backend is hosted on Supabase, which operates servers in multiple regions. By using Gambit you consent to the transfer of your data to and processing in these regions, which may be outside your country of residence. We rely on standard contractual clauses where required by EU law.

§ XChanges to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. Material changes will be announced inside the app and, where required by law, by email. Continued use of the app after a change constitutes acceptance of the revised policy.

§ XIContact

Questions about this Privacy Policy, or requests regarding your personal data, can be sent to:

Codeign
Email: m.aziz.kurt25@gmail.com
Website: https://gambit.codeign.com