Mafia

Last updated: February 2025

This Privacy Policy describes how the Mafia app ("we", "our", or "the app") collects, uses, stores, and protects information when you use our application. The app is a pass-the-phone host tool for the Mafia / Werewolf social deduction game: one device, one host, players take turns with the phone. We are committed to protecting your privacy and complying with applicable data protection laws and platform requirements (Google Play and Apple App Store).

1. Overview of the App and Data Flow

The app works in an offline-first way: most data you create (game setups, player names, presets, game history, settings) is stored only on your device. If you sign in with Google or Apple and choose to sync when switching from guest to account, we upload your game history to the cloud (Firebase Firestore) so you can access it from other devices. We do not sell your personal information. We do not use your in-app data for advertising or profiling.

2. Information We Collect and Process

2.1 Account and sign-in

• Guest mode: You can use the app without an account. No account identifier is collected; all data stays on your device.
• Google Sign-In (Android and iOS): When you choose "Continue with Google", we use Google's OAuth to authenticate you. We receive and use a Firebase Auth user identifier (UID) to associate your cloud data (e.g. game history) with your account. Google may share profile data (e.g. email, display name) with the app depending on your Google account and consent; we use the UID as the primary link to your data in our backend.
• Sign in with Apple (iOS only): When you choose Sign in with Apple, we receive an Apple credential and create a Firebase Auth account. We do not store or link your Apple email (including Hide My Email relay addresses) for identification. We use only the Firebase UID to associate your cloud data with your account, in line with Apple's Sign in with Apple and anonymized-data requirements.

2.2 Data stored on your device (local storage)

We use local storage (Hive) on your device for the following. This data does not leave your device unless you sign in and choose to sync (see 2.3).

• Presets: Saved game setups (e.g. role lists, player counts) that you create or load.
• Statistics / game history: Summaries of finished games (up to 200 stored locally), including: date and time of the game, winner or outcome text, number of players, number of rounds, and for each player — the name you entered, assigned role, team, and whether they were eliminated (and if so, whether by vote or night kill, and in which round). This is the same structure used for cloud sync when you have an account.
• Groups: Group name, expected player count, preset role configuration, and optional pre-filled player names; used for organizing games (e.g. "Friday group") and locking the lobby when a game starts.
• Crash recovery / game state: So you can resume if the app closes during a game, we save the current game state: phase (e.g. night, day, voting, role reveal), list of players (id, name, role, status, seating order), round index, night/day actions (e.g. who was eliminated, witch save/poison used, vigilante kills used), optional host passcode for "Reveal all roles", and elimination history. This is overwritten each time the phase changes and is only used to restore the session on the same device.
• Settings: Your preferences, including: theme (e.g. dark/light), auto-hide duration, whether to reveal role on death, role-level rules (e.g. doctor can save self, mafia/werewolf must kill, tie behavior, discussion timer, secret voting, first night no kill, seer sees exact role), confirm destructive actions, dramatic role reveal, and sound on/off.
• Wheel participants: Names or identifiers you enter for the "wheel of fortune" feature (e.g. to randomly choose the host).

2.3 Data stored in the cloud (when you have an account and sync)

If you sign in with Google or Apple and, when switching from guest to account, you choose to sync your data, we upload your game history to Firebase Firestore. The cloud data is stored under your Firebase user ID in the path users/{userId}/game_history. Each stored game summary includes: a unique id, played-at timestamp, winner/outcome text, player count, rounds played, and for each player — player name, role name, role id, team name, whether eliminated, and if applicable elimination label (e.g. "Day 2 (voted out)"; and an elimination recap (round index, voted vs night kill, labels, player and role names). We do not currently sync presets, groups, or settings to the cloud; only game history is synced. You can sign out at any time; your local data remains until you clear it or uninstall. We do not use your game history for advertising or to build profiles about you.

2.4 Data we do not collect

We do not collect or process: precise location; contacts; photos or media from your device; health or biometric data; or any data for third-party advertising or cross-app tracking. The app does not include analytics or crash-reporting SDKs that send identifiable data to us or third parties; unhandled errors may be reported to the Flutter framework on device, and we do not receive those reports unless we add a separate crash service later (which we would disclose in an updated policy).

3. How We Use Your Information

• To provide the app: run games, save and load presets and groups, show game history and statistics, and restore the current game after a crash or restart.
• To authenticate you when you use Google or Apple sign-in and to associate your cloud game history with your account when you choose to sync.
• To sync game history to Firestore when you have an account and have chosen to upload local data (e.g. when migrating from guest to account).
• To apply your settings (theme, sound, game rules) and to respect your choices (e.g. not syncing: we clear local data only if you explicitly choose "No" when asked to sync after signing in).
• To comply with legal obligations and to enforce our Terms of Use.

4. Data Retention and Deletion

On device: Data remains until you clear it (e.g. via in-app "clear data" if offered when signing out or switching account), or until you uninstall the app. Game history is capped at 200 summaries locally; older entries are trimmed when new ones are added.

In the cloud: Game history stored in Firestore remains until you ask us to delete it or we delete your account. To request deletion of your cloud data or account, contact us at the email below. We will process your request in line with applicable law.

5. Data Storage and Security

Local data is stored on your device using the app's private storage (Hive). Cloud data is stored in Google Firebase Firestore; access is restricted to your user ID. We rely on Firebase and your device OS for security. We use reasonable measures to protect data; we cannot guarantee absolute security of data transmitted over the internet or stored on any system.

6. Third-Party Services

The app uses the following third-party services that may process data:

• Google Firebase (Firebase Auth, Cloud Firestore): Authentication and cloud storage of game history when you are signed in and have synced. Data is processed according to Google's policies. Google Privacy Policy.
• Google Sign-In: Used to sign you in; Google may provide profile information per your consent. Google Privacy Policy.
• Apple (Sign in with Apple): Used on iOS to sign you in. We do not store or use your Apple email for identification. Apple Privacy Policy.
• Google Play / Apple App Store: For in-app purchases (e.g. premium features), payment and purchase data are processed by the store. Refunds and purchase history are subject to the store's terms and privacy policies.
• Audio: The app plays sound effects from assets bundled in the app (e.g. via just_audio). Playback is local only; no audio is sent to us or third parties.

We do not sell your personal information to third parties.

7. Your Rights and Choices

Depending on your region, you may have the right to: access the personal data we hold about you; request correction or deletion; object to or restrict certain processing; and data portability where applicable.

You can: use the app as a guest (no account); sign in with Google or Apple; when switching from guest to account, choose whether to sync local data (upload) or clear it and start fresh; sign out at any time; and manage in-app settings (e.g. sound, theme). To request access, correction, deletion of cloud data, or to exercise other privacy rights, contact us at the email below. We will respond in line with applicable law.

8. Children's Privacy

The app is not directed at children under 13 (or the applicable age in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected such information, please contact us so we can delete it.

9. International Transfers

Your data may be processed in countries other than your own (e.g. Firebase may store data in regions chosen by the project). Where required by law, we ensure appropriate safeguards (e.g. standard contractual clauses or equivalent).

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the "Last updated" date. Continued use of the app after changes constitutes acceptance of the updated policy where permitted by law. For material changes, we may provide additional notice (e.g. in the app or by email where available).

11. Contact

For privacy-related questions, requests, or complaints:

Email: vaghblogger@gmail.com