Noxie

Welcome to Noxie ("we", "our", or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Noxie mobile application, website, and related backend services (collectively, the "Services").

By using Noxie, a competitive voice-based English learning game, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies, please do not use our services.

1. Information We Collect

To provide a seamless, competitive, and personalized language learning experience, we collect the following types of data:

1.1. Account and Profile Information

Registration Data: Email address and password (securely hashed using PBKDF2), or authentication tokens if you choose to sign in using social login (Google or Apple).
Anonymous Play: You can use the app anonymously. If you do, a unique device identifier is used to track your progress temporarily until you link a permanent account.
Profile Data: Display name, chosen avatar, current league/tier status (e.g., Bronze, Diamond), and lifetime statistics.

1.2. Gameplay Data

Game Progress: Match histories, accuracy rates, streak counts, lightning balance, and reported questions/content issues.

1.3. Device and Usage Data

Technical Information: Device type, operating system, app version, preferred language, and IP address.
Advertising Identifiers: Anonymized Device Identifiers (such as IDFA, AAID) used for advertising and fraud prevention.
Analytics: Usage statistics, session lengths, and crash reports.

1.4. Purchase and Subscription Data

Transactions: If you upgrade to our Premium plans (Explorer or Legend), your purchase history, subscription validity dates, and transaction receipts are processed. We do not process or store your credit card information directly; all financial transactions are handled securely by Apple App Store and Google Play Store.

2. How We Use Your Information

We process your data for the following core purposes:

Core Gameplay: To calculate your scores, update global and league leaderboards, and deliver real-time session experiences.
Account Management: To synchronize your progress across devices and operate the lightning (energy) system.
Personalization: To tailor the difficulty of audio questions to your English proficiency level.
Communication: To send you push notifications about weekly league resets, daily streak reminders, or lightning refills, only with your explicit consent.
Advertising: To display generalized or personalized advertisements via our mediation networks in order to keep the base version of Noxie free of charge.
System Stability: To monitor server load, rate-limit abuse, and fix app crashes.
Legal Compliance: To comply with applicable laws, regulations, and enforce our terms.

3. Data Privacy and Sharing

We do not sell your personal data to third parties for commercial or marketing purposes. Your data is shared with trusted third-party service providers only as necessary to provide our Services:

Advertising & Mediation

We use Google AdMob as our primary ad platform, integrated with AppLovin, Unity Ads, and Meta Audience Network (Facebook) via Hybrid Bidding mediation. These partners may process your advertising identifiers to deliver ads, measure performance, and prevent fraud.

Other Service Providers

Subscription Management: RevenueCat — manages in-app purchases securely. We never store credit card information on our servers.
Push Notifications: OneSignal and Firebase Cloud Messaging.
Diagnostics: Firebase Crashlytics — anonymous crash reports and performance metrics.
Media Storage: Backblaze B2 (audio files) and Cloudinary (images).
CMS: Directus — consent documents and localized content management.

Google Privacy AppLovin Privacy Unity Privacy Meta Privacy RevenueCat Privacy OneSignal Privacy Firebase Privacy Cloudinary Privacy

4. GDPR, CCPA, and Global Compliance

This policy has been prepared in accordance with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

Consent Management (UMP): For users in the European Economic Area (EEA) and the UK, we use Google's User Messaging Platform (UMP) to gather explicit consent for personalized advertising (IAB TCF v2).
Limited Data Use (CCPA): For users in California, we transmit "Do Not Sell" and Limited Data Use (LDU) signals to our ad mediation partners if personalized ads are rejected.

Your Rights

Under the GDPR and applicable data protection laws, you have the following rights:

Access & Correction: View and update your personal data within the app at any time.
Erasure (Right to be Forgotten): You may delete your account and all associated personal data permanently via the "Delete Account" option in app settings. For a step-by-step guide, please visit our Account Deletion page.
Opt-Out of Personalized Ads: You can manage or restrict personalized advertising through your iOS (App Tracking Transparency) or Android device settings.
Portability: Request a copy of your personal data in a standard format.
Withdrawal: Withdraw your consent at any time through device or in-app settings.

5. Data Security

We implement robust, industry-standard security measures to protect your personal information:

Encryption: All API traffic is encrypted via SSL/TLS (HTTPS).
Password Hashing: Passwords are hashed using PBKDF2 with 10,000 iterations and random salts.
Token Security: Short-lived JWT access tokens (1 hour) with refresh token rotation.
Rate Limiting: IP-based rate limiting is enforced to prevent brute-force attacks.
Device Storage: Sensitive tokens are stored using Android Tink (AEAD encryption) and iOS Keychain.

While we strive to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

Personal data is retained for as long as your user account remains active. Upon deletion of your account, all associated content and data (profile, game history, statistics, notifications) is permanently and irreversibly deleted from our servers.

7. Children's Privacy

Noxie is available to users of all ages. For users who are minors, we recommend parental supervision. We are committed to complying with applicable child protection laws, including COPPA (Children's Online Privacy Protection Act), and we do not knowingly collect personal information from children without appropriate parental consent where required by law.

8. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any significant updates through an in-app notification or via email. The "Last Updated" date at the top of this page indicates when it was last revised. Your continued use of Noxie after changes are posted constitutes your acceptance of the updated policy.

9. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

support@noxie.club

10. Related Policies

For more information, please review our Terms of Service and Account Deletion Guide.