Privacy Policy

How SudoEarth handles your data

Effective date: 2026-05-03 Last updated: 2026-05-03

This Privacy Policy explains what data the SudoEarth iOS application (“the App”) and the SudoEarth backend service (“the Service”) collect, how that data is used, where it is stored, and what choices you have.

1. What we collect

1.1 Data you provide

• Apple Sign-in identity. When you sign in with Apple, Apple shares an opaque identifier (“sub claim”) with us. We do not receive your name, email, or other Apple ID details unless you explicitly choose to share them via Apple’s “Hide My Email” / “Share My Email” prompt at sign-in.

1.2 Data we generate about your usage

• Account ID. A stable opaque identifier derived from your Apple Sign-in sub. Used only to associate your puzzle progress, entitlement state, and analytics events.
• Puzzle progress. Which chapters and levels you have started, attempted, and completed; per-attempt move sequences (used so the App can resume mid-puzzle and so puzzle history is portable across your devices).
• Subscription state. Whether you currently hold an active SudoEarth Premium subscription, the plan tier, and the period end date. This is derived from receipts Apple provides via the App Store Server Notifications V2 protocol; we do not see your payment method or billing details.
• Analytics events. Anonymized events that record which screens you opened, which puzzles you started/completed, when you tapped “Mira” hints, and basic performance metrics (cold-start time in milliseconds, puzzle-load time in milliseconds). Each event is tagged with the account ID above and a timestamp; no event contains free-text input or personal information.
• Crash reports. When the App crashes, we collect a crash signature (a non-personal identifier of the crash type) and the app version via Firebase Crashlytics. We do not include your account ID or any personal information in crash reports.

1.3 What we do NOT collect

• Your name, email, phone number, mailing address, or any other contact information (unless you explicitly share it with us via support email).
• Your real-world location, GPS coordinates, IP-derived geolocation, or device location data.
• Photos, contacts, calendar, microphone audio, camera input, or other device sensor data.
• Browsing history, third-party cookies, or any cross-app/cross-site tracking identifiers (we do not use the iOS IDFA, do not show ads, and do not present an App Tracking Transparency prompt).
• Payment card numbers, CVV codes, bank account details, or any other financial credentials. All purchases route through Apple’s in-app purchase system; Apple — not SudoEarth — handles your financial data.

2. How we use this data

We use the data described in §1 only for the following purposes: - Authenticating you when you open the App. - Saving your puzzle progress so it persists across reinstalls and syncs between your devices. - Determining whether you have access to subscriber-only features (additional Mira hints). - Diagnosing crashes and performance regressions so we can fix them in subsequent App versions. - Aggregate, non-personal product analytics (e.g. “what percentage of users complete chapter 3 within their first week”) to inform our product decisions.

We do not: - Sell or rent your data to third parties. - Use your data for advertising or marketing. - Combine your data with third-party data sources to build a consumer profile. - Train machine learning models on your puzzle moves or any other personal data.

3. Where data is stored

• On your device. Puzzle progress, in-flight analytics events, and your authentication token are stored locally using iOS’s GRDB SQLite database and Keychain. Local data is encrypted by iOS at rest (subject to your device passcode).
• On our servers. Account state, subscription state, sync’d puzzle progress, and submitted analytics events are stored in a Postgres database hosted on Railway (currently in the US West region). Connections to the database are TLS-encrypted.
• At Apple. Your Apple Sign-in identity and your subscription payment records are managed by Apple under Apple’s Privacy Policy.
• At Google (Firebase Crashlytics). Crash signatures and app version metadata are stored by Firebase Crashlytics under Google’s Privacy Policy. No personal information is included.

4. Data sharing with third parties

We share data only with the following service providers, and only to the extent necessary to deliver the service you requested: - Apple Inc. — Apple Sign-in (authentication), App Store (payments), App Store Server Notifications (subscription webhooks). - Railway Corp. — server and database hosting. - Google LLC (Firebase) — crash reporting via Firebase Crashlytics. - DeepSeek / SiliconFlow — when you tap a “Mira” hint, the App sends the current puzzle state (a 9×9 grid of digits and a cell coordinate) to our server, which forwards it to a large language model hosted at SiliconFlow for hint generation. The request contains no personal information beyond the puzzle state; your account ID is included for rate-limit accounting but not retained by SiliconFlow.

We do not share your data for any other purpose.

5. Data retention

• On your device. Local data persists until you delete the App or sign out (which clears the Keychain credential and entitlement cache).
• On our servers. Account state, subscription state, and analytics events are retained indefinitely by default. You may request deletion at any time using the contact in §8.
• Crash reports. Retained according to Firebase Crashlytics’s default retention policy (90 days for full reports; aggregate metrics longer).

6. Your rights

Depending on where you live, you may have legal rights to: - Request a copy of the personal data we hold about you. - Request correction of inaccurate data. - Request deletion of your data (the “right to be forgotten” under GDPR; the “right to delete” under CCPA). - Withdraw consent for processing. - Lodge a complaint with a supervisory authority.

To exercise any of these rights, email us at the address in §8.

7. Children’s privacy

SudoEarth is rated for ages 4+ and does not knowingly collect personal information from children under 13. The data we collect (opaque account ID, puzzle progress) is functionally necessary for the App to work and is not used for behavioral advertising. If you believe a child under 13 has provided us personal information, please contact us in §8 and we will delete it.

8. Contact

For privacy questions, deletion requests, or any other inquiries:

Email: support@sudoearth.app
Postal: Yue Hu, Room A023, Unit I, 15/F, Block A, Wah Sang Industrial Building, 14-18 Wong Chuk Yeung Street, Shatin, Hong Kong

9. Changes to this policy

We will update this policy from time to time. The “Last updated” date at the top reflects the most recent change. Material changes will be notified in-app on next launch.