Button Smasher — Privacy Policy
Effective date: 2026-03-25 | Last updated: 2026-03-25
1. Introduction
Button Smasher ("we", "us", "our"), developed by MASONNET, is committed to protecting your privacy. This comprehensive policy details how we collect, process, and protect your information. We comply with major global privacy frameworks, including:
- GDPR: General Data Protection Regulation (EU/UK)
- CCPA/CPRA: California Consumer Privacy Act
- LGPD: Lei Geral de Proteção de Dados (Brazil)
- COPPA: Children's Online Privacy Protection Act (USA)
- EU AI Act: Transparency requirements for AI systems
2. Data Controller & Contact Information
MASONNET acts as the Data Controller for the personal data processed through Button Smasher. For inquiries, data requests, or to contact our Data Protection Office:
Email: masonnet@masonnet.org
3. Categories of Data We Collect
We collect data in the following categories to provide and secure our services:
A. Identifiers & Account Data
- Direct Identifiers: Username, Email address, and unique Account UID assigned via Firebase.
- Authentication Data: Login credentials and tokens managed securely by Firebase Auth.
B. Technical & Network Activity
- Device Information: Device model, OS version, hardware specifications, and unique device tokens (e.g., Android ID).
- Network Data: IP address (used for geolocation at a city/country level and security).
- Security Logs: Interaction timestamps and failure logs used for anti-cheat and moderation.
C. Gameplay & Commercial Data
- Stats: High scores, streak counts, play time, and unlocked achievements.
- Purchases: Transaction history and entitlements (processed via Google Play Billing). We never see or store your credit card numbers.
D. AI Interaction Content
- Conversations: Text prompts sent to ButtonAI. These are processed to generate responses but are not linked to your real-world identity for advertising purposes.
4. Purpose and Legal Bases for Processing
| Data Category | Purpose | Legal Basis (GDPR) |
|---|---|---|
| Identifiers | Account sync, authentication | Contractual Necessity |
| Technical Data | Security, ban enforcement, anti-cheat | Legitimate Interest |
| Gameplay Stats | Leaderboards, social features | Contractual Necessity |
| Analytics | Improve app performance | Consent (Opt-in) |
5. AI Transparency & Safety (EU AI Act)
Button Smasher utilizes Large Language Models (LLMs) provided by Google Gemini to power the "ButtonAI" feature.
- User Notification: By using ButtonAI, you are interacting with an AI system.
- Data Usage: Conversations are used to provide the service and improve safety filters. We do not use your AI conversations to train base models or for behavioral advertising.
- Human Oversight: Critical moderation decisions (bans) involving AI content are subject to human review.
6. Third-Party Service Providers (Sub-processors)
We share data with the following essential service providers:
- Google LLC (Firebase): Used for hosting, real-time database, authentication, and push notifications.
- Google LLC (Gemini AI): Used to process AI chat interactions.
- Google LLC (Play Games Services): Used for achievements and social leaderboards.
- Google LLC (Analytics): If consented, used for anonymous usage tracking.
7. International Data Transfers
Your data is primarily stored on servers located in the United States. For users in the EU or other regions with transfer restrictions, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission and robust TLS encryption to ensure your data remains protected abroad.
8. Data Retention & Deletion
- Active Accounts: Data is retained as long as your account is active.
- Deletion Requests: Upon a valid deletion request (via settings), personal data is purged from our active databases within 30 days.
- Backups: Residual data may remain in secure backups for up to an additional 60 days.
- Moderation: We may retain limited technical identifiers (hashes of IP/Device ID) indefinitely to enforce permanent bans and protect our community.
9. Your Global Privacy Rights
Regardless of your location, Button Smasher provides the following rights:
- Right to Access: Request a portable copy of your personal data.
- Right to Rectification: Correct inaccurate information in your profile.
- Right to Erasure: Delete your account and all associated data via the "Delete Account" button in settings.
- Right to Restrict Processing: Withdraw consent for analytics at any time.
- Right to Object: Object to our legitimate interest processing (e.g., security) if you believe your rights outweigh our interests.
10. United States State-Specific Disclosures
California (CCPA/CPRA)
We do not "sell" or "share" (for cross-context behavioral advertising) your personal information as defined by California law. We do not use or disclose "Sensitive Personal Information" for purposes other than providing the service.
Other States (VA, CO, CT, UT, TX)
We honor your rights to access, delete, and opt-out of profiling/targeted advertising (though we do not engage in such activities).
11. Children's Privacy (COPPA Compliance)
Button Smasher includes an "Age Gate." Users under 13 (or the relevant age in your country) are restricted from certain features. We do not knowingly collect PII from children. If we discover accidental collection, we purge the data immediately. Parental controls are available in the app settings to further restrict gameplay and AI access.
12. Data Security Measures
We protect your data using:
- Encryption: Data is encrypted at rest (AES-256) and in transit (TLS 1.2+).
- Firebase App Check: Prevents unauthorized clients from accessing our backend services.
- Access Controls: Only authorized MASONNET personnel have access to backend databases for support/moderation.
13. Third-Party Links
Our app may contain links to external websites (e.g., our official site or support portal). We are not responsible for the privacy practices of external entities.
14. Changes to this Policy
We may update this policy to reflect changes in law or app features. Material changes will be notified via an in-app popup or email. Your continued use of the app after an update constitutes acceptance of the new terms.