Privacy Policy

Effective Date: April 10, 2026

This Privacy Policy describes how Kay ("Developer," "we," "us," or "our") collects, uses, and shares information in connection with the mobile game Kay's Records ("the App"), available on iOS and Android.

By using the App, you agree to the collection and use of information as described in this policy.

1. Information We Collect

a) Information You Provide

The App offers multiple sign-in options. Depending on the method you choose, we may collect:

• Google Sign-In: Your email address, display name, and profile photo
• Apple Sign-In: Your email address (or Apple's private relay email) and display name
• Guest Play: An anonymous identifier is created automatically; no personal information is collected

This information is used for authentication, saving your game progress, and syncing data across devices.

b) User Diary Entries

The App allows you to write personal diary entries. If you choose to use this feature, the following data is stored in Firebase Realtime Database, linked to your account:

• Diary title (up to 50 characters) and body text (up to 500 characters)
• The in-game time (UTC) at which the entry was written
• Language code and creation/modification timestamps

These entries are private and visible only to you within the App. Diary titles and body text are encrypted on your device using AES-256 encryption before being transmitted to Firebase servers. Each user's encryption key is derived from their unique account identifier, so diary content cannot be read in plain text on the server. As with any cloud-based service, authorized personnel (the Developer) may have technical access to stored data for operational purposes such as troubleshooting, data recovery, or responding to your support requests. We do not routinely review, monitor, or moderate the content of your diary entries.

Important: Please be mindful of the information you include in your diary entries. Avoid entering sensitive personal information such as health data, financial details, government-issued identification numbers, passwords, or other confidential information. The diary feature is intended for personal reflections related to gameplay. You assume full responsibility for any sensitive information you choose to include.

c) Game Data

When you use the App, we store your game progress data (such as game time, diary unlock and read history, in-game currency balance, fast-forward time, harvest status, and ad interaction history) in Firebase Realtime Database, linked to your account.

d) Device and Session Data

To support multi-device login protection, we generate and store a persistent device identifier and session token on your device and in Firebase. This data is used solely to detect concurrent sessions and prevent unauthorized access.

e) Local Device Storage

The App stores diary screenshot thumbnails locally on your device. These images are not uploaded to our servers and are deleted when you delete your account within the App.

f) Automatically Collected Information

We use third-party services that may automatically collect certain information, including:

• Device information (device model, operating system version, unique device identifiers)
• App usage data and interaction events
• Advertising identifiers (IDFA on iOS, Advertising ID on Android)
• IP address and approximate location (country/region level)
• Crash logs, error reports, and performance data

2. Third-Party Services

The App uses the following third-party services, each of which has its own privacy policy governing the use of your information:

• Firebase Authentication — for user sign-in via Google, Apple, or anonymous login. Firebase Privacy
• Firebase Realtime Database — for storing and syncing game progress data. Firebase Privacy
• Firebase Analytics — for understanding app usage and improving the user experience. Firebase Privacy
• Firebase Crashlytics — for collecting crash reports and diagnostic data to improve app stability. Firebase Privacy
• Firebase Remote Config — for delivering configuration updates without requiring an app update. Firebase Privacy
• Firebase App Check — for verifying that requests come from authentic app instances (uses DeviceCheck on iOS and Play Integrity on Android). Firebase Privacy
• Google AdMob — for serving rewarded advertisements. AdMob may collect data to provide personalized or non-personalized ads. Google Privacy Policy
• Google User Messaging Platform (UMP) — for managing ad consent in compliance with GDPR and other regulations. Google Privacy Policy

3. How We Use Information

We use the collected information to:

• Provide, maintain, and improve the App
• Authenticate users and save game progress across devices
• Display advertisements (including rewarded ads)
• Analyze app usage to improve gameplay and performance
• Diagnose crashes, errors, and technical issues
• Store and display your personal diary entries within the App
• Deliver configuration updates and feature adjustments
• Send local notifications (e.g., harvest completion reminders), if you have granted notification permissions
• Detect and prevent concurrent sessions for account security

4. Legal Basis for Processing (EEA/UK Users)

If you are located in the European Economic Area (EEA) or the United Kingdom (UK), we process your personal data based on the following legal grounds under GDPR Article 6:

• Performance of a contract (Art. 6(1)(b)): Processing necessary to provide the App's core services, including user authentication, saving and syncing game progress, storing your diary entries, and managing your account.
• Consent (Art. 6(1)(a)): Processing that requires your explicit opt-in, including serving personalized advertisements (managed through Google's User Messaging Platform) and collecting your device's advertising identifier (managed through Apple's ATT framework on iOS).
• Legitimate interests (Art. 6(1)(f)): Processing necessary for our legitimate interests, provided these interests are not overridden by your rights, including app analytics to improve gameplay experience, crash reporting to maintain app stability, and security measures such as session management and App Check verification.

You may withdraw your consent at any time (see Section 12: Your Rights). Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

5. Advertising & Consent

The App displays ads served by Google AdMob. AdMob may use cookies, device identifiers, and other technologies to collect data for the purpose of serving ads.

For users in the European Economic Area (EEA), the UK, and other applicable regions, the App uses Google's User Messaging Platform (UMP) to obtain your consent before serving personalized ads, in accordance with GDPR requirements.

You may opt out of personalized advertising by adjusting your device settings:

• iOS: Settings > Privacy & Security > Tracking
• Android: Settings > Google > Ads > Opt out of Ads Personalization

6. App Tracking Transparency (iOS)

On iOS, the App requests your permission through Apple's App Tracking Transparency (ATT) framework before collecting your device's advertising identifier (IDFA). You may decline this request, and the App will continue to function normally with non-personalized ads.

7. Data Sharing

We do not sell your personal information. We may share information only in the following circumstances:

• With third-party service providers listed above, as necessary for the App to function
• If required by law, regulation, or legal process
• To protect the rights, safety, or property of our users or the public

8. International Data Transfer

The App uses Firebase services operated by Google LLC, whose servers are primarily located in the United States. If you are located outside the United States (including in the EEA, UK, or the Republic of Korea), your personal data — including game progress, diary entries, and account information — will be transferred to and processed in the United States.

Google relies on appropriate safeguards for international data transfers, including the EU-U.S. Data Privacy Framework and Standard Contractual Clauses (SCCs) approved by the European Commission. For more information, see Google's Data Transfer Frameworks.

9. Data Retention

We retain your information only for as long as necessary to provide the App's services:

• Account and game data: Retained while your account is active. Deleted upon account deletion request or in-app account deletion.
• User diary entries: Retained while your account is active. All diary metadata and body text are permanently deleted when your account is deleted. There is no separate diary deletion feature; diary data is removed as part of account deletion.
• Session data: Session tokens expire automatically after 30 minutes of inactivity.
• Local screenshots: Stored on your device until you delete your account within the App.
• Anonymized analytics data: May be retained after account deletion, as it cannot be linked back to you.

If you wish to delete your account and all associated data (including game progress and all personal diary entries you have written), you may do so within the App (Settings > Account > Delete Account) or by contacting us using the information below.

10. Children's Privacy

The App is not directed at children under the age of 16 (or the applicable age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will take steps to delete such information promptly.

11. Security

We take reasonable measures to protect your information from unauthorized access, alteration, or destruction:

• In transit: All data transmitted between the App and Firebase servers is encrypted using TLS.
• At rest (infrastructure): Data stored on Firebase servers is encrypted at rest using AES-256 encryption as part of Google's infrastructure-level security.
• At rest (application): User diary titles and body text are additionally encrypted with AES-256-CBC on your device before being stored on Firebase. Each user has a unique encryption key derived from their account identifier. This means diary content is not readable in plain text on the server, even by personnel with database access.

No method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

12. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete personal data.
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data. You can delete your account and all associated data at any time via Settings > Account > Delete Account within the App.
• Right to Restriction of Processing: Request that we limit the processing of your personal data under certain circumstances.
• Right to Data Portability: Request to receive your personal data in a structured, commonly used, and machine-readable format.
• Right to Object: Object to the processing of your personal data based on legitimate interests.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time. For ad consent, EEA/UK users can update preferences via the privacy options button in the App's settings. For iOS tracking, you can change your choice in your device's Settings > Privacy & Security > Tracking.
• Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority if you believe your personal data has been processed unlawfully.

To exercise any of these rights, please contact us at the email address below. We will respond to your request within 30 days (or within the timeframe required by applicable law).

13. Special Note on Sensitive Information

The App does not request or require any sensitive personal information (also known as "special category data" under GDPR), including but not limited to information about health, racial or ethnic origin, political opinions, religious beliefs, sexual orientation, or biometric data.

The user diary feature is a free-text field. If you choose to enter sensitive personal information in your diary entries, you do so entirely at your own discretion and risk. We do not specifically collect, process, or analyze such information, and we strongly advise against including it. By entering any sensitive information, you acknowledge that you have done so voluntarily.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated effective date. We encourage you to review this page periodically.

15. Contact Us

© 2026 KIM YOO BIN. All rights reserved.