Privacy Policy
Effective: May 13, 2026
Last modified: May 13, 2026
Bitnara ("Company") values the privacy of BrainFit ("App") users and is committed to protecting personal information in compliance with applicable laws. This privacy policy explains what information the App collects, its purpose, and how it is protected.
1. Information We Collect
1.1 Advertising Data (Automatically Collected)
The free version displays ads via Google AdMob, which may automatically collect:
- Advertising identifiers (Android Ad ID / Apple IDFA)
- Device information (model, OS version)
- IP address (used for approximate location)
- App usage data (ad impressions and interactions)
Pro subscribers see no ads and no ad-related data is collected. Users can disable ad personalization in device settings.
1.2 Subscription & Payment
Purchases are processed by Google Play or Apple App Store. We do not directly collect or store payment information such as credit card numbers.
RevenueCat is used for subscription management and processes:
- Anonymous app user identifier
- Purchase history and subscription status
To measure ad campaign performance, subscription events (trial start, purchase, cancellation) are forwarded from RevenueCat to AppsFlyer (see section 1.5 below).
See RevenueCat Privacy Policy.
1.3 Account & Social Features
For social features such as Galaxy (guild), friends, and rankings, the following information is collected via Supabase:
- User ID (anonymous or Google/Apple social login)
- Nickname and profile information
- Game records and BQ scores
- Galaxy code and social activity data
Social features are optional. If not used, no related data is collected. Apple Sign-In is available only on iOS; you may choose to use a private relay email (@privaterelay.appleid.com) when signing in with Apple.
1.4 Analytics & Error Reporting
To improve the app and ensure stability, we use the following services:
- Firebase Analytics: Anonymously collects app usage patterns, screen views, and event data.
- Sentry: Collects crash and error information to quickly fix bugs.
- Device information (model, OS version)
- App version and build number
- Stack traces when errors occur
- Screen view and feature usage events
Analytics data in this section is collected anonymously and is not used to identify individuals. See section 1.5 below for how ad attribution data is handled.
1.5 Ad Attribution & Push Notifications
We use the following services to measure ad campaign performance and to deliver push notifications:
- AppsFlyer: Used for ad attribution (measuring which ad/channel led to an install), OneLink deep linking, and app uninstall measurement.
- Firebase Cloud Messaging (FCM/APNs): Handles push notification delivery and provides device push tokens required for AppsFlyer's uninstall measurement.
- Advertising identifiers (Android Advertising ID / Apple IDFA)
- AppsFlyer device ID and IP address
- Device push token (APNs/FCM)
- Attribution events (registration completed, first game completed, first daily mission completed, 3-day streak)
- User ID (Supabase account identifier, forwarded as AppsFlyer Customer User ID)
On iOS, an App Tracking Transparency (ATT) prompt is shown on first launch. If you choose "Ask App Not to Track", IDFA is not collected and attribution data is processed only at an anonymous level.
You can stop further data transmission by disabling ad personalization in device settings (Android: reset/delete Advertising ID; iOS: Settings > Privacy & Security > Tracking — disable Allow Apps to Request to Track) or by uninstalling the app.
See AppsFlyer Services Privacy Policy.
1.6 Information Collected When Submitting Feedback
When you send feedback through the in-app feedback feature, the following information is attached:
- Device model, OS version, app version and build number
- Text you wrote and optional attached images
Submitting feedback is optional. If you do not submit, no related information is collected. Only image files you explicitly select from your gallery are transmitted.
1.7 Local-Only Data (Not Transmitted)
The following data is stored only on your device and is never transmitted externally:
- Game progress and statistics
- BQ Brain Quotient history
- Planet evolution and decoration state
- Daily missions and attendance records
- App settings (theme, senior mode, etc.)
- Held currencies (meteor fragments, draw tickets, limited draw tickets, orbit shields)
- Achievement records
- Survival mode records
- Training plan and session data
- Weekly report data
All local data is automatically deleted when you uninstall the app.
2. Purpose of Use
- Providing and improving app features
- Displaying ads (free version)
- Managing subscription status
- Providing social features (Galaxy, rankings)
- Ensuring app stability and fixing errors
- Improving services through usage pattern analysis
3. Third-Party Services
This app uses the following third-party services:
| Service | Purpose | Data Collected |
|---|---|---|
| Google AdMob | Advertising | Ad ID, device info, IP |
| RevenueCat | Subscription management | Anonymous ID, purchases |
| Supabase | Account & social features | User ID, nickname, game data |
| Firebase Analytics | App analytics | Anonymous events, device info |
| Sentry | Error monitoring | Crash logs, device info |
| AppsFlyer | Ad attribution & uninstall measurement | Ad ID, AppsFlyer device ID, IP, push token, user ID, attribution events |
| Firebase Cloud Messaging | Push notifications & uninstall measurement token | Device push token (APNs/FCM) |
| Google Sign-In | Social login (Google) | Google account info |
| Apple Sign-In | Social login (Apple, iOS) | Apple account info (name/email or private relay email) |
| Cloudflare Turnstile | Bot prevention (CAPTCHA) | Device/browser information |
4. Data Retention
- Local data: Until app is uninstalled
- Account data: Until account deletion is requested
- Cloud backup: Until user deletes or account is deleted
- Ad/analytics data: Per each service provider's policy
5. Children's Privacy
This app is not directed at children under 13. We do not knowingly collect personal information from children. If we learn that we have collected such information, we will delete it promptly.
6. EU User Rights (GDPR)
Users in the European Economic Area (EEA) may exercise the following rights:
- Request access, correction, or deletion of personal data
- Request processing restrictions
- Request data portability
- Withdraw consent for ad personalization
A GDPR consent dialog is shown on first launch for EEA users. This setting can be changed at any time within the app.
7. California User Rights (CCPA)
California residents may exercise the following rights:
- Request disclosure of data categories and purposes
- Request deletion of personal information
- Opt out of data sharing ("Do Not Sell My Personal Information")
To opt out of data sharing through AdMob and AppsFlyer, decline the iOS ATT prompt or disable ad personalization in your device settings (Android: reset/delete Advertising ID; iOS: Settings > Privacy & Security > Tracking).
8. Security
We use reasonable technical and administrative measures to protect your information. All network communications use HTTPS encryption. On-device data is protected by OS-level app sandboxing. The Supabase database is protected with Row-Level Security (RLS).
9. Changes
We will notify users of material changes through in-app notices or this page. Significant changes will be noted in app update descriptions.
10. Contact
For privacy inquiries or data requests:
Email: help@brainfit.bitnara.net