Privacy Policy
Last updated: February 15, 2026
Our Commitment to Privacy
At Apurikotto, we are committed to protecting your privacy and ensuring transparency in how we handle your information for Spill. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your personal information.
Information We Collect
Spill collects the following categories of information: **Account Information** • Firebase Authentication UID (unique identifier) • Email address (when signing in with Email, Google, or Apple) • Display name (from Google or Apple Sign-In) • Profile photo (optional, for user profiles) **Game Data** • Circles: Friend groups you create with player names • Game progress: Which prompts you've seen (stored locally on your device) • User preferences: Language, theme, notification settings **Device & Technical Information** • Device model, manufacturer, operating system version • Device identifier (iOS identifierForVendor) • Screen dimensions • App version and build number • IP address (temporarily, for network requests) **Analytics & Diagnostics** • App usage events (screens viewed, features used) • Session information (session ID, duration) • Crash reports and error logs • Performance metrics (app load time, response times) **Subscription Data** (if applicable) • Purchase history and subscription status (managed by RevenueCat) • Entitlement status (which content tiers you have access to)
How We Use Your Information
We use your information for the following purposes: **App Functionality** • Authenticate you and maintain your session • Save and sync your circles across devices • Personalize game prompts with player names • Enable in-app purchases and manage subscriptions **Analytics & Improvement** • Understand how users interact with Spill • Identify and fix bugs and crashes • Measure app performance and optimize user experience • Develop new features based on usage patterns **Communication** • Send transactional emails (account verification, password resets) • Deliver push notifications (if enabled) • Respond to support requests **Legal & Safety** • Comply with legal obligations • Protect against fraud and abuse • Enforce our Terms of Service
Third-Party Services & Data Sharing
We use the following trusted third-party services to operate Spill: **Firebase (Google)** • Authentication: User sign-in and account management • Firestore: Cloud storage for circles data • Analytics: App usage tracking and behavior analysis • Crashlytics: Crash reporting and diagnostics • Cloud Functions: Backend processing • Cloud Messaging: Push notifications • Remote Config: Feature flags and dynamic configuration **Sentry** • Error tracking and performance monitoring • Collects error reports, stack traces, and diagnostic data **RevenueCat** • Subscription management and in-app purchase processing • Integrates with App Store for payment processing **We do not:** • Sell your personal information to third parties • Share your data with advertisers • Use your data for cross-app or cross-site tracking • Collect data for purposes unrelated to app functionality These services may process data on servers located outside your country. All services are GDPR and CCPA compliant and use industry-standard security measures.
Data Retention
We retain your data for as long as necessary to provide Spill's services: • **Account data**: Retained while your account is active • **Circles data**: Retained while your account is active • **Analytics data**: Aggregated and retained for up to 14 months • **Crash logs**: Retained for 90 days • **Deleted accounts**: Data permanently deleted within 30 days of account deletion You can delete your account and all associated data at any time through the app settings.
Data Security
We implement industry-standard security measures to protect your information: • Data encrypted in transit using HTTPS/TLS • Data encrypted at rest using AES-256 encryption • Secure authentication using Firebase Auth • Regular security audits and updates • Access controls limiting who can access your data • Automated monitoring for suspicious activity While we strive to protect your data, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.
Your Privacy Rights
Depending on your location, you have the following rights: **Access & Portability** • Request a copy of your personal data • Export your circles data in JSON format **Correction** • Update your account information • Correct inaccurate data **Deletion** • Delete your account and all associated data • Request deletion of specific data categories **Opt-Out** • Disable analytics collection (Settings → Privacy) • Unsubscribe from promotional emails • Disable push notifications **GDPR Rights** (EU/EEA users) • Right to restriction of processing • Right to object to processing • Right to lodge a complaint with supervisory authority **CCPA Rights** (California residents) • Right to know what data is collected • Right to opt-out of data sales (we don't sell data) • Right to non-discrimination To exercise your rights, contact us at [email protected]
Children's Privacy
Spill is intended for users aged 18 and older due to mature content (18+ categories). We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us with personal information, we will delete it immediately. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected]
International Data Transfers
Spill is operated from the United States. If you are located outside the U.S., your information will be transferred to and processed in the United States and other countries where our service providers operate. These countries may have data protection laws different from your country. By using Spill, you consent to the transfer of your information to the U.S. and other countries. We ensure adequate safeguards are in place through: • Standard Contractual Clauses (SCCs) with service providers • Privacy Shield Framework compliance (where applicable) • GDPR-compliant data processing agreements
California Privacy Rights (CCPA)
California residents have specific rights under the California Consumer Privacy Act (CCPA): **Right to Know**: You can request details about the personal information we collect, use, disclose, and sell. **Right to Delete**: You can request deletion of your personal information, subject to certain exceptions. **Right to Opt-Out**: We do not sell personal information. If we ever do in the future, you will have the right to opt-out. **Right to Non-Discrimination**: We will not discriminate against you for exercising your CCPA rights. To submit a request, email [email protected] with the subject line "CCPA Request".
European Privacy Rights (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR): • Right of access to your personal data • Right to rectification of inaccurate data • Right to erasure ("right to be forgotten") • Right to restriction of processing • Right to data portability • Right to object to processing • Right to withdraw consent • Right to lodge a complaint with supervisory authority **Legal Basis for Processing**: • Contract performance (to provide Spill services) • Legitimate interests (analytics, security, improvements) • Consent (for optional features like push notifications) To exercise your rights, contact [email protected]
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make changes, we will: • Update the "Last Updated" date at the top • Notify you via email or in-app notification for material changes • Post the updated policy on our website Continued use of Spill after changes constitutes acceptance of the updated Privacy Policy. We encourage you to review this policy periodically.
Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us: **Email**: [email protected] **Website**: https://spill.apurikotto.app **Response Time**: We aim to respond within 48 hours For data protection inquiries, please include "Privacy Request" in your email subject line.