Privacy Policy

Effective date: [SET ON LAUNCH DAY] · Last updated: [SET ON LAUNCH DAY]

This Privacy Policy explains what information ("we," "us," or "our") collects when you use the Oustwit mobile game and the oustwit.com website (together, the "Service"), why we collect it, how we use it, and the choices you have. This policy is written in plain English. If anything is unclear, email us at .

Draft notice. This document is a working draft and has not been reviewed by legal counsel. We strongly recommend a lawyer admitted in your jurisdiction review it before publication, particularly the sections covering international data transfers, lawful basis under GDPR, and CCPA disclosures. The retention windows below (15-minute code TTL, 30 days for connection logs, 30-day grace period for deleted accounts, 24 months for inactive accounts) are reasonable defaults; confirm or update them so they match the actual server configuration before publishing.

Quick summary

We collect the minimum we need to run online play, sync your profile across devices, and process credit-pack purchases.
We do not sell your personal data, and we do not show you ads.
You can delete your account at any time, in the app or at oustwit.com/delete-account.
We use Google Play Billing and Apple StoreKit to process purchases. Your payment-card details never reach our servers.

1. Who we are

The Oustwit game is operated by , registered at [REGISTERED OFFICE ADDRESS]. References to "we," "us," and "our" in this policy mean . For privacy questions, contact us at .

If you live in the European Economic Area or the United Kingdom, our data controller / EU representative is [NAME AND CONTACT].

2. Information we collect

We collect three categories of information.

Information you give us. When you create an account we ask for your email address. You can also set a display nickname (and if you don't, we generate one for you). There are no other profile fields — no bio, no profile photo, and no free-text chat. In-match communication is limited to a fixed set of preset quick messages, which are relayed to your opponent in real time and not stored on our servers. When you buy a credit pack, the store (Google Play Billing or Apple StoreKit) tells us a purchase happened and gives us a receipt to verify; we do not receive your card number, billing address, or other payment details.

Information generated by playing. Every match you play online produces a record: who played, when, who won and why, the moves made, and the duration. We use this to power your match history, your record against each opponent, and the replay feature. If a match disconnects, we keep the partial state so we can reconnect you.

Technical information. When the app talks to our servers we automatically log connection events (connect, disconnect, reconnect attempts, server failovers) along with a timestamp. We also look up an approximate country from your IP address using an offline MaxMind GeoIP database — this is what sets your country flag and helps route you to a nearby game server. We do not collect your precise location (GPS), advertising IDs, or device identifiers beyond what's necessary to keep your session alive, and we do not retain your IP address beyond the connection logs described here.

Safety information. If you block or report another player, we store that action so we can enforce it and review abuse. A block records the two accounts involved. A report records who you reported, the reason you selected, an optional note, the match it relates to (if any), and a snapshot of the reported player's nickname at the time.

3. How we use your information

We use your information only to operate and improve the Service. Specifically:

To run online matches. Your nickname, country, and stats are visible to other players in the lobby and during matches. Preset quick messages are delivered to your opponent in real time.
To remember you across devices. When you sign in, we restore your profile, credits, and match history.
To process credit-pack purchases. We verify each receipt with Google or Apple before adding credits to your balance, and we record that the purchase happened so we can support refunds and audits.
To keep the Service stable and secure. We use connection logs to diagnose outages, and we use abuse reports to investigate violations of our Terms of Service.
To contact you about the Service. We may email you about security or account matters (for example, a sign-in code, a refund, or a policy change). We do not send marketing emails.

We do not use your information for advertising, profiling, or automated decision-making with legal effect.

4. Legal basis for processing (EEA / UK users)

Where the GDPR or UK GDPR applies, our legal bases are:

Performance of a contract — for everything that's necessary to deliver the Service you signed up for (running matches, syncing your profile, processing your purchases).
Legitimate interests — for keeping the Service stable, preventing fraud, and investigating abuse reports.
Consent — for the optional display nickname you set (we generate a default if you don't). You can change it at any time.
Legal obligation — for retaining transaction records as required by tax and consumer-protection law.

5. Sharing your information

We share information only with the following parties, only for the purposes listed.

Other players. Your nickname, country, and gameplay stats are visible to anyone in the lobby. The preset quick messages you send are visible to your match opponent.
Google and Apple. When you sign in with Google or Apple, those providers tell us your verified email address. When you buy a credit pack, Google Play Billing or Apple StoreKit handles the payment and gives us a receipt to verify.
Hosting providers. We host our servers on ReliableSite (United States) under a data-processing agreement. The hosting provider stores data on our behalf and does not access it for its own purposes.
Authorities, when legally required. If a valid legal process compels us to disclose information, we will, but we will tell you unless prohibited by law.

We do not sell your personal information, and we do not share it for cross-context behavioral advertising.

6. International transfers

Our servers, including failover nodes, are located in the United States. If you connect from outside the United States, your data is transferred there. Where required, transfers from the EEA, UK, or Switzerland to other countries rely on the European Commission's Standard Contractual Clauses or an equivalent mechanism.

7. How long we keep information

Account profile and match history: kept while your account is active.
Inactive accounts: automatically deleted after 24 months of no sign-in.
In-match messages: the preset quick messages are not stored — they are relayed in real time only.
Blocks and reports: kept while your account is active, and for as long as we need them to keep a block in effect or to investigate and act on a report.
Connection logs: kept for 30 days, then deleted.
Purchase records: kept for the period required by tax and consumer-protection law in our jurisdiction (typically 6–10 years), then deleted.
Deleted accounts: when you delete your account, it is deactivated immediately; your profile data is kept for 30 days so you can restore it, then permanently deleted. Anonymized purchase records may be retained as required by law.

8. Your rights

Depending on where you live, you may have the right to access, correct, export, delete, or restrict the processing of your personal information; to object to processing based on legitimate interests; to withdraw consent; and to lodge a complaint with a data protection authority. To exercise any of these rights, email or use the in-app deletion flow under Settings → Delete account.

We respond within 30 days. If we need more time, we will tell you.

9. Children

Oustwit is not directed to children under 13 (or under 16 in the EEA, where higher local age limits apply). We do not knowingly collect personal information from children below those ages. If you believe a child has signed up, email and we will delete the account.

10. Security

We protect your information with industry-standard measures including TLS encryption in transit, encrypted credentials at rest, hashed authentication tokens, and access controls limiting who on our team can see your data. No system is perfectly secure; if we ever detect a breach affecting your information, we will notify you and the relevant authorities as required by law.

11. Changes to this policy

If we change this policy in a material way, we will post the new version here, update the "Last updated" date at the top, and either email you or show a notice the next time you open the app. Continuing to use the Service after the change means you accept the updated policy.

12. Contact us

For privacy questions, account issues, or to exercise any of your rights:

Email:
Web: oustwit.com/support
Postal: [REGISTERED OFFICE ADDRESS]