App: Dice! Publisher: Matthew Sawrey Last updated: 2026-04-21

1. Introduction

This policy describes how the Dice! mobile application (“the App”) collects, uses and shares personal data. It is written to comply with the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018, and to satisfy the privacy-disclosure requirements of the Apple App Store and Google Play.

We have built the App to keep as much data on your device as possible. We do not run any server of our own; no account is required to use the App; and your dice collections, roll history and settings stay on your phone unless you choose to share them. The personal data covered by this policy is collected by the third-party SDKs described in Section 5.

2. Data Controller

The data controller responsible for the processing described in this policy is:

Matthew Sawrey United Kingdom mattsawrey.dev@gmail.com

You can contact us about this policy or exercise any of the rights described in Section 9 using the email above.

3. What data we collect

3.1 Data stored only on your device

The following is stored exclusively on your device using the operating system’s private app storage (AsyncStorage on iOS and Android). It is not transmitted to us or any third party.

  • Your dice collections (names, icons, dice presets) and per-collection roll history.
  • Your app settings (dice colours, roll speed, animation preferences, language, UI defaults).
  • Your recent-collection shortcuts and lifetime roll counters.
  • Your one-time-upgrade entitlement state (whether you have purchased the upgrade).

Clearing the app’s data via Settings → Reset all data, uninstalling the App, or resetting your device all erase this data permanently. We have no copy to restore.

3.2 Data collected by third-party SDKs

The App embeds SDKs from Google for crash reporting, usage analytics and advertising. These SDKs collect the categories of personal data listed in Section 5. We receive aggregated or de-identified versions of this data; we never receive raw user records.

3.3 Data we do not collect

We do not collect, and have no way to collect:

  • Your name, email address, phone number, postal address or date of birth.
  • Any government identifier, payment card number or bank details (in-app purchases are processed entirely by Apple or Google — we never see your payment data).
  • Your contacts, photos, microphone, location (beyond the coarse ad-geography described in Section 5), health data, or any content outside the App.
  • Any biometric data or precise location data.

Under UK GDPR we must identify a lawful basis for every processing activity. The bases we rely on are:

Activity Purpose Legal basis (UK GDPR Art. 6)
Storing your dice collections and settings on your device Core app functionality Not applicable — the data never leaves your device so is not processed by us.
Crash reporting via Firebase Crashlytics Diagnose and fix app crashes, secure operation of the App Legitimate interests (Art. 6(1)(f)) — keeping the App stable and safe.
Usage analytics via Firebase Analytics Understand which features are used so we can improve the App Legitimate interests (Art. 6(1)(f)) — see Section 5 for opt-out.
Non-personalised advertising via Google AdMob Fund the free tier of the App Legitimate interests (Art. 6(1)(f)).
Personalised advertising via Google AdMob Show ads relevant to you Consent (Art. 6(1)(a)) — collected via the in-app consent prompt (see Section 6).
Processing in-app purchases Deliver the “Upgrade” non-consumable you have paid for Performance of a contract (Art. 6(1)(b)). Data is processed by Apple or Google, not by us.

5. Third-party services

The App relies on the following third-party processors. Each link points to the processor’s own privacy policy. We have no control over and are not responsible for the content of those policies — you should read them alongside this one.

5.1 Firebase Analytics (Google LLC / Google Ireland Limited)

  • Purpose: measuring feature usage, app installs and user retention.
  • Data collected: pseudonymous installation identifier, app version, device model, OS version, country (derived from IP address, not stored), events you trigger in the App (e.g. a roll completing), and a session timestamp. No free-text content from the App is sent.
  • Transfers: data is processed on Google servers, which may be located outside the UK; transfers are covered by the UK Addendum to the EU Standard Contractual Clauses.
  • Retention: Google’s default retention of up to 14 months for event-level data; aggregated data may be kept longer.
  • Policy: https://policies.google.com/privacy

5.2 Firebase Crashlytics (Google LLC / Google Ireland Limited)

  • Purpose: reporting crashes and non-fatal errors so we can fix them.
  • Data collected: crash stack trace, a Crashlytics-generated installation UUID, device model, OS version, app version, and non-personal breadcrumbs (e.g. “user opened Roll screen”). Breadcrumbs never contain your dice collections, roll history or settings content.
  • Retention: up to 90 days.
  • Policy: https://firebase.google.com/support/privacy

5.3 Google Mobile Ads / AdMob (Google LLC / Google Ireland Limited)

  • Purpose: serving the banner and interstitial ads that fund the free tier of the App, unless you have purchased the one-time Upgrade.
  • Data collected:
    • Always: approximate (country-level) location derived from IP address, device type, app version, and a coarse ad-frequency counter.
    • If you consent (see Section 6): your device’s advertising identifier (IDFA on iOS, AAID on Android) and an “interest category” signal used to personalise the ads.
    • If you refuse consent or use iOS App Tracking Transparency to deny tracking: non-personalised ads are shown, no advertising identifier is shared, and no cross-app profile is built.
  • Transfers: as for Firebase Analytics above.
  • Retention: Google publishes retention durations per data category at the policy link below.
  • Policy: https://policies.google.com/technologies/ads

5.4 Apple App Store / Google Play in-app purchases

The App uses Google’s User Messaging Platform (“UMP”) and, on iOS, Apple’s App Tracking Transparency (“ATT”) framework to manage consent for personalised advertising.

  • iOS: on first launch (and any time you reinstall), iOS will ask “Allow [Dice!] to track your activity across other companies’ apps and websites?”. Choosing “Ask App Not to Track” means no IDFA is shared and only non-personalised ads are shown.
  • UK / EU / EEA / Switzerland users: a Google-provided consent form is presented on first launch, letting you accept or refuse personalised ads. You can change your choice any time — see the next paragraph.
  • All other users: non-personalised ads are shown unless local law requires a consent prompt, in which case Google’s UMP will present one automatically.

Withdrawing consent. You can withdraw consent at any time by clearing the App’s data in your device’s system settings, by uninstalling the App, or by buying the one-time Upgrade (which removes advertising entirely).

7. Data retention

  • On-device data: kept until you delete it (via “Reset all data” in the App) or uninstall the App.
  • Crashlytics data: up to 90 days, per Google’s published retention.
  • Firebase Analytics data: up to 14 months at event level, per Google’s published retention.
  • AdMob data: per Google’s published retention at https://support.google.com/admob/answer/9572634.

8. Data recipients and international transfers

We do not sell your personal data. Data collected by the third-party SDKs listed in Section 5 is shared with those processors (Google) and may be transferred outside the UK to countries whose data-protection regime has not been ruled equivalent. Google covers those transfers via the UK Addendum to the EU Standard Contractual Clauses and (where applicable) supplementary measures; see Google’s own policies for the specifics.

9. Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you (Art. 15).
  • Rectification of inaccurate data (Art. 16).
  • Erasure (“right to be forgotten”) (Art. 17).
  • Restriction of processing (Art. 18).
  • Data portability for data processed by automated means on the basis of consent or contract (Art. 20).
  • Object to processing based on legitimate interests, including for direct marketing (Art. 21).
  • Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, email us at mattsawrey.dev@gmail.com. In practice, the only rights we can action server-side are those over the data collected by the third-party SDKs — for on-device data the “right to erasure” is the uninstall button.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority, at https://ico.org.uk/make-a-complaint/.

10. Children

The App is not directed at children under the age of 13. We have configured our advertising integration to request only age-appropriate ad content and do not knowingly collect personal data from children. If you believe a child has used the App and personal data has been collected, please contact us at mattsawrey.dev@gmail.com and we will take reasonable steps to delete the data.

11. Security

Data stored on your device is protected by your device’s operating-system sandboxing. Data transmitted to Google (crash reports, analytics events, ad requests) is encrypted in transit (HTTPS/TLS). We use no unencrypted channels and we hold no data on our own servers.

12. Changes to this policy

We may update this policy from time to time — for example if we add new SDKs, change retention, or respond to regulatory guidance. Material changes will be flagged at the top of this document with an updated Last updated date. You can always find the latest version at https://mattsawrey.github.io/dice-2d/privacy/.

13. Contact

If you have any questions about this policy or how we handle personal data:

Email: mattsawrey.dev@gmail.com