Last Updated: February 25, 2026
Effective Date: February 25, 2026
Mateusz Krasniewski ("we", "us", "our") operates the Paper Soccer mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App. Please read this policy carefully. By using the App, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
1.1 Information You Provide
| Data Type | Details | Purpose |
|---|
| Username | A display name you choose (3-20 characters, alphanumeric) | Identify you in multiplayer games and leaderboards |
1.2 Social Login (Optional)
The App may offer the option to sign in using third-party providers such as Facebook or Google. If you choose to use social login:
- We receive your name and profile picture URL from the provider
- We do not receive or store your email address, password, friends list, or any other data from the provider
- Authentication is handled by Supabase using the OAuth 2.0 protocol — your credentials are never shared with us
- You can use the App without social login by using anonymous authentication instead
1.3 Information Collected Automatically
| Data Type | Details | Purpose |
|---|
| User ID | A randomly generated unique identifier (UUID) created when you first use the App | Associate your profile, game history, and ratings |
| Gameplay Data | Game moves, match results, win/loss records, ELO rating, win streaks | Provide game functionality, rankings, replays, and match history |
| Authentication Tokens | Session tokens for maintaining your login state | Keep you signed in between sessions |
1.4 Information We Do NOT Collect
We do not collect:
- Email addresses, phone numbers, or real names
- Location data (GPS or IP-based geolocation)
- Device identifiers (IDFA, GAID, or fingerprinting)
- Photos, contacts, calendar, or other device data
- Financial or payment information
- Health, fitness, or biometric data
- Browsing history or data from other apps
2. How We Use Your Information
We use the collected information for the following purposes:
- Provide Game Services: Enable single-player (vs. AI) and multiplayer gameplay
- Matchmaking: Connect you with other players for online matches
- Rankings & Leaderboards: Calculate and display ELO ratings and standings
- Match History & Replays: Store game results so you can review past matches
- Game Improvement: Understand general usage patterns to improve the App
3. Legal Basis for Processing (GDPR - EU/EEA Users)
Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:
| Legal Basis | Data Processed |
|---|
| Contract Performance (Art. 6(1)(b)) | User ID, username, gameplay data - necessary to provide the game service you requested |
| Legitimate Interest (Art. 6(1)(f)) | Aggregated gameplay statistics - to maintain fair play, detect abuse, and improve the App |
4. Data Sharing and Third Parties
4.1 Service Providers
We use the following third-party service to operate the App:
| Provider | Purpose | Data Shared | Location |
|---|
| Supabase Inc. | Backend infrastructure: database hosting, user authentication, real-time multiplayer | User ID, username, gameplay data, authentication tokens | AWS (EU/US regions) |
Supabase acts as a data processor on our behalf and is bound by a Data Processing Agreement (DPA) in compliance with GDPR. Supabase is SOC 2 Type II certified.
4.2 Other Players
When you play multiplayer games, the following information is visible to your opponent:
- Your username
- Your ELO rating
- Your game moves during the match
4.3 What We Do NOT Do
- We do not sell your personal data to anyone
- We do not share data with advertisers
- We do not use analytics or tracking SDKs
- We do not track you across other apps or websites
- We do not serve advertisements
5. Data Retention
- Account Data: Retained as long as your account exists. Deleted upon account deletion request.
- Gameplay Data: Game results and replays are retained for the lifetime of the service to support leaderboards and match history. Upon account deletion, your gameplay data will be anonymized (username replaced with "Deleted User").
- Authentication Tokens: Stored locally on your device. Session tokens expire after 1 hour and are automatically refreshed. Cleared when you sign out.
6. Your Rights
6.1 All Users
You have the right to:
- Access your personal data (viewable in your profile within the App)
- Correct your data (edit your username in the App)
- Delete your account and associated data
6.2 EU/EEA Users (GDPR)
In addition to the above, under the GDPR you have the right to:
- Data Portability: Request a copy of your data in a machine-readable format (JSON)
- Restriction of Processing: Request we limit how we use your data
- Object to Processing: Object to processing based on legitimate interest
- Lodge a Complaint: File a complaint with your local Data Protection Authority. In Poland, this is the Urząd Ochrony Danych Osobowych (UODO) - uodo.gov.pl
6.3 California Users (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
- Right to Know: What personal information we collect and how we use it
- Right to Delete: Request deletion of your personal information
- Right to Non-Discrimination: We will not discriminate against you for exercising your rights
- No Sale of Data: We do not sell personal information. We do not share personal information for cross-context behavioral advertising.
6.4 How to Exercise Your Rights
To exercise any of the above rights, contact us at: mateusz.krasniewski19@gmail.com
We will respond to your request within 30 days (or within the timeframe required by applicable law).
7. Account Deletion
You can delete your account at any time from your Profile screen within the App. When you delete your account:
- Your personal data (username, avatar) is permanently erased and replaced with an anonymized placeholder
- Your rating and statistics are reset to zero
- Your authentication credentials are permanently deleted — you will no longer be able to sign in
- Your past game results are preserved in anonymized form so that other players' match histories remain intact, but they can no longer be linked to your identity
- This action is irreversible
You may also request account deletion by emailing mateusz.krasniewski19@gmail.com.
8. Data Security
We implement appropriate technical and organizational measures to protect your data:
- Encryption in Transit: All data transmitted between the App and our servers uses HTTPS/TLS encryption
- Secure Storage: Authentication tokens are stored in secure platform storage (iOS Keychain / Android Encrypted SharedPreferences)
- Access Control: Row-Level Security (RLS) policies ensure users can only access their own data
- Minimal Data Collection: We only collect what is necessary to provide the game service
9. Children's Privacy
Paper Soccer is not directed to children under the age of 13 (or under 16 in the EU/EEA). We do not knowingly collect personal information from children under these ages.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us at mateusz.krasniewski19@gmail.com, and we will take steps to delete such information.
10. AI Opponent
Paper Soccer includes an AI opponent powered by an on-device machine learning model (ONNX Runtime). This AI:
- Runs entirely on your device - no gameplay data is sent to external AI services
- Does not learn from your gameplay - the model uses static, pre-trained weights
- Does not collect any additional data beyond what is described in this policy
11. International Data Transfers
Your data may be processed on servers located outside your country of residence (including the United States) through our use of Supabase. Where data is transferred outside the EU/EEA, we ensure adequate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Service providers with SOC 2 certification and GDPR-compliant Data Processing Agreements
12. Tracking and Advertising
Paper Soccer does not track you.
We do not use any advertising SDKs, analytics trackers, or cross-app tracking technologies. We do not participate in the Apple App Tracking Transparency framework because we have nothing to track. Our iOS Privacy Manifest (PrivacyInfo.xcprivacy) declares NSPrivacyTracking: false and no collected data types.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make changes, we will:
- Update the "Last Updated" date at the top of this page
- Post the revised policy at this URL
- For material changes, notify users through the App
Your continued use of the App after changes are posted constitutes your acceptance of the updated policy.
14. Data Controller
The data controller responsible for your personal data is:
Mateusz Krasniewski
Email: mateusz.krasniewski19@gmail.com
Country: Poland
15. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us at:
Email: mateusz.krasniewski19@gmail.com