Never Have I Ever: Card Game

Privacy Policy

Effective date: 2026-05-19

Controller

Never Have I Ever: Card Game is currently prepared by Adrian Gruber. guba.studio is a working brand name/alias and is not a separate legal entity.

Privacy/support contact: hello@guba.studio.

Short version

  • Core game play is local on your device.
  • You do not need an account to play.
  • We do not use third-party advertising.
  • We do not use a third-party analytics SDK.
  • We use RevenueCat to manage purchases and subscription access when paid products are enabled.
  • We do not use push notifications.
  • We do not sell personal data and do not use data for cross-app tracking.

Data we process

App functionality

The app lets you pick a deck, play a local card round, save or favourite cards during play, remember that a first round has started, and restore purchase access. This core game data stays on your device. We do not receive your private round history or anyone's answers unless you choose to send information to us, for example in a support email or card report.

The app may store necessary local values such as first-round state and app preferences using device storage. You can delete this local data by deleting the app or clearing app data through your device settings where available.

Purchases and subscriptions

If you buy or restore Pro access, purchases are processed by the Apple App Store or Google Play. We use RevenueCat to manage subscription status and purchase entitlements.

Purchase-related data may include:

  • an anonymous app user ID or purchase identifier;
  • product ID, purchase status, and entitlement status;
  • receipt and transaction data;
  • purchase, renewal, cancellation, refund, and expiration events;
  • device platform, app version, locale, and metadata needed for purchase support and entitlement delivery.

We use this data to unlock paid decks, restore purchases, manage subscription status, prevent fraud, and provide customer support.

Support and card reports

If you contact support or report a card, your email app sends the information you choose to include. This may include your email address, message content, screenshots, device platform, app version, purchase identifiers, deck name, and card text.

We use support data to answer your request, fix purchase issues, and review deck content.

Website and legal pages

When you visit pages on https://guba.studio, the hosting provider may process technical log data such as IP address, date and time of access, requested page, browser/device metadata, referrer URL, and error/security logs. This is used to deliver the site, keep it secure, diagnose errors, and prevent abuse.

Analytics, ads, crash reporting, and notifications

The current app does not use third-party ads, cross-app tracking, an attribution SDK, a third-party analytics SDK, a separate app-level crash reporting SDK, or push notifications. If this changes, this Privacy Policy and the store privacy disclosures must be updated before release.

Device permissions

The current app does not request camera, photo library, microphone, contacts, precise location, or notification permissions.

Legal bases

Where the GDPR applies, the legal bases are:

  • GDPR Art. 6(1)(b): providing the app, paid features, purchases, restore purchases, and support related to app use or purchases;
  • GDPR Art. 6(1)(f): keeping the app and website secure, preventing fraud/abuse, improving support quality, and reviewing card reports;
  • GDPR Art. 6(1)(c): keeping records where required by law;
  • GDPR Art. 6(1)(a): consent, if optional processing such as non-essential analytics or notifications is added later.

Cookies, local storage, and similar technologies

The app and website use only technologies that are necessary for app functionality, purchase entitlement management, website delivery, security, and diagnostics. We do not use non-essential advertising, tracking, or analytics technologies in the current version.

Recipients and processors

We may share data with these providers only as needed for the purposes described above:

  • Apple: app distribution, purchases, subscriptions, and refunds.
  • Google: app distribution, purchases, subscriptions, and refunds.
  • RevenueCat: purchase and entitlement management.
  • Vercel: hosting the website and legal pages.
  • Email providers: support and card report email delivery.

International transfers

Some providers may process data outside the European Economic Area. Where required, transfers are based on adequacy decisions, Standard Contractual Clauses, the EU-US Data Privacy Framework where applicable, or another lawful transfer mechanism.

Retention and deletion

We keep personal data only as long as needed for the purposes described in this policy, unless a longer period is required by law or needed for legal claims.

  • Local app data: delete the app or clear app data through your device settings where available.
  • Support messages: retained only as long as needed for support, content review, disputes, fraud prevention, legal claims, or required records.
  • Purchase/subscription records: store-managed purchase records remain with Apple or Google under their own policies. RevenueCat entitlement records are kept as needed to provide purchase access, restore purchases, prevent fraud, and support billing issues.
  • Website logs: retained according to hosting provider retention settings and security needs.

To request deletion of support data or app-side purchase identifiers where deletion is possible, contact hello@guba.studio.

Your rights

Where the GDPR applies, you may have the right to:

  • access your personal data;
  • correct inaccurate data;
  • request deletion;
  • restrict processing;
  • object to processing based on legitimate interests;
  • receive data portability where applicable;
  • withdraw consent at any time for future processing;
  • lodge a complaint with a data protection supervisory authority.

You can contact us at hello@guba.studio.

Children

Never Have I Ever: Card Game is not directed to children. The app is intended for users who meet the age rating shown in the app store. Adult or mature decks are labelled 18+ and are intended only for adults. We do not knowingly collect personal data from children under 13 or below the minimum age required in your country without required consent. If you believe a child has provided personal data, contact hello@guba.studio.

Changes

We may update this Privacy Policy when the app, services, SDKs, store requirements, or legal requirements change. The current version will be available at this page.

Contact

Privacy/support contact: hello@guba.studio.