Privacy Policy — TriviaApp
Last updated: 2 May 2026
This Privacy Policy describes how Nordic Node ("we", "us", "our") collects, uses, and shares information when you use TriviaApp (the "App", package name nl.nordicnode.triviaapp) on Android devices. By using the App you agree to the practices described in this Policy.
If you do not agree with this Policy, please do not use the App.
1. Who we are
The App is published by:
- Nordic Node
- Email: nordicnode26@gmail.com
- Play Store listing: play.google.com/store/apps/details?id=nl.nordicnode.triviaapp
For privacy questions, data-access requests, or to exercise any right described below, contact us at nordicnode26@gmail.com. We aim to reply within 30 days.
2. Information we collect
2.1 Information you provide
- In-app preferences and progress. When you play, we store your coin balance, XP, level, quiz history, achievements, unlocked content, daily-streak status, settings (theme, language, sound, haptics, density, palette) and similar gameplay state on your device using Android DataStore. This data is necessary for the App to function.
- Optional Google account sign-in. If you sign in with Google Play Games, we receive a Play Games Services player ID and display name from Google. We use this ID to save your progress to a Google Play Saved Games snapshot so you can restore it on another device.
- Referral codes (optional). If you share or redeem a referral code, we store the code and its redemption status.
2.2 Information collected automatically
- Device and diagnostic data. Through Firebase Crashlytics we receive crash logs and diagnostic information (e.g. Android version, device model, locale, app version, anonymous installation ID, stack traces). These reports help us fix bugs and stability issues.
- Usage analytics. Through Firebase Analytics we receive aggregate events such as quiz starts and completions, in-app purchase events, feature engagement and ad impressions, together with non-precise device attributes (country, language, OS version) and a Firebase installation ID. We do not request precise location.
- Advertising identifiers. When ads are shown (free tier only) the Google Mobile Ads SDK may access the Android Advertising ID (AAID) and basic device signals to deliver and measure ads, including frequency capping, fraud prevention, and (where you consent) personalised advertising. You can reset or limit your AAID in Android system settings.
- Purchase information. When you buy a subscription, coin pack, or other in-app product, Google Play processes the payment. We receive a purchase token, product ID, order ID and acknowledgement state from Google Play in order to grant your entitlement and prevent duplicate charges. We do not receive your payment details (card, bank, PayPal).
2.3 Information we do not collect
- We do not collect your name, email address, phone number, address, or precise location.
- We do not collect contacts, photos, microphone audio, calendar, SMS, or any other content that is not part of gameplay.
- We do not access files outside the App's own sandbox.
3. How we use information
We use the information described above to:
- Operate the App and store your progress, settings, achievements and entitlements on your device and (optionally) in the cloud via Google Play Saved Games.
- Process and verify in-app purchases through Google Play Billing, grant entitlements (e.g. coins, ad-free, Pro), and detect duplicate or fraudulent purchase events.
- Show ads in the free tier through the Google Mobile Ads SDK and, where permitted, measure their performance.
- Diagnose crashes and bugs via Firebase Crashlytics.
- Understand aggregate usage and improve the App via Firebase Analytics.
- Comply with legal obligations and Play Store policies.
We do not use your information for automated decision-making with legal effect, profiling for targeted advertising outside the standard Google Mobile Ads framework, or any sale of personal information.
4. Legal bases (EEA / UK)
If you are in the European Economic Area, the United Kingdom or Switzerland, our legal bases under the GDPR / UK GDPR are:
- Performance of a contract — to operate the App, process purchases, and restore your progress.
- Legitimate interests — to keep the App secure, prevent fraud, debug crashes, and improve features. We balance these interests against your rights.
- Consent — for personalised advertising and for non-essential analytics where required by your local law. We collect consent through Google's User Messaging Platform (UMP) consent dialog the first time you open the App in regions where consent is required. You can change your choice in Settings → Privacy options at any time.
- Legal obligation — to retain transaction records as required by tax and consumer-protection law.
5. Sharing your information
We share information only with:
- Google LLC / Google Ireland Ltd. — Firebase (Analytics, Crashlytics, Cloud Functions, Realtime Database for Duel matchmaking and leaderboards), Google Play Billing, Google Play Saved Games, Google Mobile Ads, and Google Play Console diagnostics. Google acts as a separate controller for some services (Ads, Play Billing) and as our processor for others (Crashlytics, Analytics, Cloud Functions). Google's privacy policy is at policies.google.com/privacy.
- Third parties when required by law, e.g. to respond to a lawful request from a regulator or court, or to enforce our Terms of Service.
We do not sell or rent your personal information to third parties.
6. International transfers
Firebase and Google Mobile Ads process data on infrastructure located in the United States and other regions. Where data is transferred outside the EEA / UK, Google relies on Standard Contractual Clauses and supplementary safeguards as published in the Google Cloud Trust & Compliance documentation.
7. Data retention
- Local progress, preferences and unlocked content remain on your device until you uninstall the App or clear its data in Android settings.
- Cloud-saved progress in Google Play Saved Games is retained by Google according to your Google account settings; you can delete it via play.google.com/store/account/savedgames.
- Crashlytics retains crash reports for up to 90 days. Analytics data is retained for the period configured in our Firebase project (default 14 months for event-level data).
- Purchase records are retained as long as legally required (typically 7 years under EU/NL tax law).
When data is no longer needed for the purposes above, it is deleted or anonymised.
8. Your rights
Depending on where you live, you may have the right to:
- Access the personal information we hold about you.
- Rectify inaccurate information.
- Delete your information ("right to be forgotten").
- Restrict or object to certain processing.
- Port your information to another service.
- Withdraw consent at any time, without affecting the lawfulness of prior processing.
- Lodge a complaint with your local data-protection authority. In the Netherlands this is the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).
To exercise any right, email nordicnode26@gmail.com with the subject "Privacy request". Please tell us which device(s) you used the App on so we can locate your records (we do not have an account system tied to your email).
You can also reset your Advertising ID at any time in Android Settings → Privacy → Ads, and revoke ad personalisation in the in-app Settings → Privacy options menu.
9. Children
The App is intended for a general audience aged 13 and over (16+ in some jurisdictions, e.g. parts of the EEA). We do not knowingly collect personal information from children below the applicable minimum age. If you believe a child has used the App and provided personal information, please contact us at nordicnode26@gmail.com and we will delete the relevant data.
We follow Google Play's Families Policy where applicable and do not show behaviourally-targeted advertising to users we identify as children.
10. Security
We take reasonable measures to protect your information:
- Network traffic to Firebase and Google services is encrypted in transit (HTTPS / TLS).
- Local data is stored in the App's private storage area, accessible only to the App on a non-rooted device.
- Purchase verification (where the server-side feature is enabled) uses Firebase Cloud Functions over an authenticated channel.
No method of transmission or storage is 100% secure, so we cannot guarantee absolute security.
11. In-app purchases and subscriptions
Purchases (coin packs, bundles, ad-removal, Pro Monthly, Pro Annual) are processed by Google Play, not by us. By purchasing you agree to Google Play's Terms of Service. Subscriptions auto-renew at the listed price each billing period until cancelled at least 24 hours before the next renewal. You can manage or cancel any subscription at play.google.com/store/account/subscriptions. Free trials convert to paid subscriptions if not cancelled before the trial ends. Coin packs and one-time bundles are non-refundable consumables; refunds (if any) are subject to Google Play's refund policy.
12. Third-party services
The App integrates the following third-party SDKs. Each has its own privacy policy that governs the data they receive:
- Google Play Services / Play Games — policies.google.com/privacy
- Google Mobile Ads (AdMob) — policies.google.com/technologies/ads
- Firebase (Analytics, Crashlytics, Realtime Database, Cloud Functions, Remote Config) — firebase.google.com/support/privacy
- Google User Messaging Platform (UMP) — policies.google.com/technologies/cookies
13. Changes to this Policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the latest revision. Material changes will be announced in the App or on the Play Store listing before they take effect. Continued use of the App after a change constitutes acceptance of the updated Policy.
14. Contact
For any privacy-related question, request, or complaint, contact:
Nordic Node
Email: nordicnode26@gmail.com
We will respond within 30 days.