Privacy Policy

1. Introduction

Recess Kitchen Pty Ltd is the entity responsible for personal information collected and held in connection with The BS Bingo Game for the purposes of the Australian Privacy Act 1988. This Privacy Policy explains how we collect, use, disclose, and safeguard your information.

2. Information We Collect

We collect the following types of information:

2.1 Account Information

• Email address (for account creation and password recovery)
• Password (hashed; one-way and not reversible)
• Username or display name (shown to other players during games)
• An internal account identifier generated at signup and used to associate your data with your account

If you sign in with Apple or Google (currently not enabled in production), we may store OAuth tokens (access, refresh, and ID tokens) returned by the provider, used solely to authenticate you and managed by our authentication provider.

2.2 Game and Gameplay Data

• Game history (games hosted or joined)
• Chat messages exchanged during games
• Game performance data (scores, wins, participation)

2.3 Custom Content

• Custom word lists created by users

2.4 Subscription and Payment Data

Payment information is processed by the App Store or Google Play and not stored by Recess Kitchen. We store subscription status through RevenueCat.

2.5 Device and Advertising Data

The app uses Google AdMob to serve advertisements. We serve non-personalised ads only, which means ads are not based on your past activity, and our ad request flow does not pass your device advertising ID through to AdMob. AdMob still collects limited information to deliver and measure ads, including approximate location derived from IP address, device type and operating system, and ad interaction data. Information handled by AdMob is governed by Google's Privacy Policy. You can reset or limit the use of your advertising ID at any time through your device settings (iOS: Settings › Privacy & Security › Tracking or Apple Advertising; Android: Settings › Google › Ads).

2.6 Support Requests

If you submit a bug report through the app, we collect the description you provide, the app version, and basic device information (such as operating system and version) so we can investigate and respond. Bug reports are delivered to our support inbox and are not stored in the app database.

2.7 Session Security Data

When you use the app while signed in to an account, our authentication system records the IP address and user agent (browser or app version string) associated with each active session. This information is used for operational purposes only: maintaining your logged-in session, detecting suspicious or fraudulent login activity, and protecting your account from unauthorised access. It is not used to track you across other apps or websites, to build a profile about you, or for advertising or analytics purposes. Session records are deleted when you log out, when the session expires, or when you delete your account (subject to the residual backup retention described in Section 5).

2.8 Error and Diagnostic Data

When an error occurs in the app or backend, we automatically send a diagnostic report to Sentry, our error logging provider. These reports help us identify and fix bugs and stability issues. A report may include a stack trace, the app version, the device operating system and model, the route or screen the error occurred on, the request context that triggered the error, and limited identifiers associated with the active session (such as a user identifier or session identifier) so that recurring errors affecting the same account can be diagnosed. We do not use this data for advertising, profiling, or tracking across other apps or websites. See Section 4 for more about Sentry as a third-party processor and Section 5 for retention.

3. How We Use Your Information

We use collected information for:

• Providing and maintaining the application
• Processing subscriptions and in-app purchases
• Enabling multiplayer gameplay and chat functionality
• Sending password reset and account notifications
• Improving and optimizing the application
• Serving non-personalised advertisements via AdMob

4. Data Sharing and Third Parties

We do not sell your personal information, and we do not track users across other companies' apps or websites for advertising or analytics purposes. We may share your data with the following third parties:

• RevenueCat: for subscription management and entitlements
• AdMob (Google): for advertisement serving and analytics
• Supabase: for backend infrastructure and database storage
• Better Auth: for authentication, session management, and password reset handling
• Sentry: for error logging, crash reporting, and diagnostic monitoring

These third parties are contractually required to protect your data and only use it for the purposes outlined in this policy.

Your data is stored on servers operated by Supabase located in the United States. Sentry, our error logging provider, also processes diagnostic data in the United States. By using the app, you acknowledge that your data may be transferred to, stored, and processed outside Australia. We take reasonable steps to ensure that overseas recipients handle your personal information consistent with the Australian Privacy Principles.

5. Data Retention and Deletion

When you delete your account, the following data is removed from our active systems immediately. Residual copies may remain in encrypted backups for up to 30 days before being overwritten in the normal course of our backup rotation, after which all copies are permanently deleted:

• Your email address and password
• All games you hosted (including other players' data from those games)
• Your player records in games you joined
• Your chat messages
• Your custom word lists
• Authentication and session records

Finished games are automatically deleted 60 minutes after they end as part of our routine cleanup process. This includes the game record, all associated player records for that game, and all chat messages exchanged during that game.

Note that the cleanup deletes the Game record, the chat messages exchanged during that game, and the associated player-game relationship records for the game; aggregate player records and individual bingo marks tied to your account are retained as part of your account data and are removed on account deletion (subject to the residual backup retention described above).

We retain a limited, hashed record of your acceptance of our Terms of Service and Privacy Policy for legal compliance purposes. The record contains a salted SHA-256 hash of your user ID and email address, a truncated IP address (IPv4 /24 or IPv6 /48), and the acceptance context (signup, guest entry, or re-acceptance). This record persists after account deletion as a consent audit trail. It does not contain unhashed personal data.

6. Data Security

We implement security measures to protect your data, including password encryption and secure communication protocols. If you believe your data has been compromised, please contact us at privacy@playbsbingo.com.

If a data breach occurs that is likely to result in serious harm to your rights, we will notify the Office of the Australian Information Commissioner and affected individuals in line with our obligations under the Notifiable Data Breaches scheme of the Australian Privacy Act 1988.

7. Privacy Rights

Under the Australian Privacy Act 1988, you have the right to:

• Access your personal information
• Request correction of inaccurate data
• Delete your account and associated data
• Opt out of marketing communications

To exercise these rights, email privacy@playbsbingo.com. For access requests under APP 12, we will respond within 30 days and provide your information in a commonly used format. If we refuse a request (for example, where required or permitted by law), we will explain why and tell you how to complain.

8. International Privacy Compliance

The BS Bingo Game is not available for download in the European Union or the United Kingdom. References to GDPR in earlier versions of this policy reflected our prior global availability and are retained in the change log.

If you are a resident of California, your use is subject to the California Consumer Privacy Act and the California Privacy Rights Act. You have the right to know what personal information we collect, to delete it, to correct it, and to opt out of any sale or sharing of it. We do not sell your personal information. The categories of personal information we collect, in CCPA terms, are: identifiers (email, internal account ID, advertising ID), commercial information (subscription status), internet or other electronic network activity information (game interaction data, chat messages within games, session telemetry), geolocation information (approximate, derived from IP for ad serving and security), and inferences (none drawn). To exercise any of these rights, or to opt out of the limited sharing with AdMob for advertising purposes, email privacy@playbsbingo.com with the subject "Do Not Sell or Share My Personal Information". We will respond within 45 days.

9. Children's Privacy

The BS Bingo Game is rated 17+ on the App Store and is not directed to children. We do not knowingly collect personal information from anyone under 16 (under 13 in the United States, or the equivalent age threshold in your jurisdiction). If we become aware that we have collected personal information from a person under that threshold, we will delete it. The app is not available in the European Union or the United Kingdom; references to GDPR Article 8 are included for completeness only.

10. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted in the app, and your continued use indicates acceptance of the updated policy.

11. Contact Us

For privacy concerns or questions, contact us at:

Email: privacy@playbsbingo.com

Mailing address: Recess Kitchen Pty Ltd (ABN 61 626 144 625), 533 The Entrance Rd, Erina Heights NSW 2260, Australia.