← Return to Home

Black Queen — Privacy Policy

Last updated: May 27, 2026

Black Queen is a mobile card game published by Peace Harbor Studios. This policy explains what information the app collects, how it is used, who we share it with, and the choices you have.

Information we collect

Personal information. When you sign in with Apple or Google, we receive your email address, a stable provider identifier (Apple subject, Google subject), and the display name your provider returns. If you authenticate with Apple Game Center on iOS we also receive your Game Center team player ID; on Android, your Google Play Games player ID. These identifiers tie your account to your sign-in provider and to the platform leaderboard / achievement system.

Profile. A username and an optional avatar image (uploaded by you, or imported from your Google profile picture or Game Center / Play Games profile on first sign-in). Your username and avatar are visible to players you have added as friends and to players seated in any online match with you.

Match data and gameplay history. When you play an online match, we store the match state, your moves, the scores, and the roster of participants. We also store the outcome of every match you play (online or local), your daily-hand scores, achievement progress, and cumulative experience points so they sync across devices.

Friends graph. When you invite a friend by email, claim an invite link, or accept an invite, we record the connection so future matches can find each other.

Contacts (hashed only, for friend discovery). If you use the "Find friends by contacts" feature, the app reads the email addresses in your device contacts, normalizes each one, and computes a salted HMAC-SHA256 hash of it locally on your device. Only those hashes are sent to our server, and only to check whether any of them match an existing Black Queen account. We never receive, store, or log your contacts in plaintext, and the hashes are not retained beyond the lookup request.

Push notifications. If you opt in via Settings, we register your device's push token (Apple APNs on iOS, Google FCM on Android) so we can notify you when it is your turn, when a friend invites you, when a match ends, or when a daily hand is ready. You can revoke this any time from your device's system settings or from in-app Settings.

Game Center / Play Games. On iOS the app authenticates with Apple Game Center so achievements and the daily-hand leaderboard mirror to your Apple ID. On Android the same with Google Play Games. Both are managed by Apple and Google under their own privacy policies.

Purchases. If you buy the in-app Remove Ads unlock (a non-consumable in-app purchase), we receive a verified receipt from Apple or Google identifying the product and the transaction. We store the receipt so we can re-grant the unlock on a new device when you tap Restore Purchases, and so we can revoke it if the platform issues a refund. We never see your payment card or billing address — that stays with Apple or Google.

App activity. We log a small set of product events so we know what to improve: app opens, sign-in completions, and match completions. These events are sent to two analytics providers (PostHog and Google Firebase Analytics — see "Third-party services" below). After sign-in your stable user ID is associated with these events; you can turn this off at any time via Settings → Privacy → Analytics.

Bug reports. When you submit a bug report from Settings, we store your description, an optional screenshot, the app version, the device model, and the OS version. The free-text description is scrubbed on-device for obvious email addresses and long runs of digits before it leaves the app. Screenshots are stored encrypted at rest in Cloudflare R2 and reachable only through short-lived HMAC-signed URLs to the engineering team. Screenshots are automatically deleted 180 days after upload.

Crash and diagnostic logs. Unhandled errors are sent to Sentry so we can fix them. We disable Sentry's default PII collection (no IP address, cookies, or user-agent are forwarded). Sentry receives a device fingerprint (model + OS version), a stack trace, the app version, and the breadcrumb trail of in-app events leading up to the crash.

Advertising identifiers. The free version of the app shows ads served by Google AdMob. AdMob may receive an advertising identifier from your device — Apple's IDFA on iOS (only if you grant App Tracking Transparency permission; see below), the Android Advertising ID on Android, and the Firebase App Set ID — along with the AdMob ad-unit ID, your country, and the request context.

How we use information

• Account and gameplay — create your account, sync stats and achievements across devices, run online matches, find friends.
• Communications — deliver push notifications you opted into, send the magic-link email for web-based account deletion, reply to bug reports.
• Product analytics — measure adoption (DAU/MAU), funnel drop-off, and feature usage so we know what to fix.
• Debugging and reliability — diagnose crashes and bugs from the breadcrumb + stack-trace data.
• Advertising — show ads in the free version. If you bought or redeemed an ad-free unlock, no ad requests are made.

Information we do NOT collect

• Location data
• Your address book in plaintext (only salted hashes of email addresses, on opt-in, for friend matching)
• Microphone, camera, photos, or video
• Health, financial, or biometric data
• Browsing history outside the app

Third-party services

• Apple Sign In — sign-in.
• Google Sign In — sign-in.
• Apple Game Center — achievements and leaderboards (iOS).
• Google Play Games — achievements and leaderboards (Android).
• Apple App Store / Google Play — in-app purchase processing. Receipts are forwarded to us for verification; payment details stay with Apple or Google.
• Google AdMob — ads in the free version. Receives advertising identifiers for ad targeting and frequency capping.
• Sentry — crash and diagnostic reporting. PII collection disabled at the SDK level.
• PostHog — product analytics (event stream). After sign-in your user ID is associated with these events; GeoIP enrichment is disabled and no IP is sent.
• Google Firebase Analytics — product analytics (app opens, sign-ins, match completions, screen views). Honors the same in-app opt-out toggle as PostHog.
• SendGrid — transactional emails (bug-report notifications to our studio, the magic-link email for web account deletion, and the nightly bug digest to our studio inbox).
• Cloudflare — hosting, the application database, R2 file storage (avatars, bug-report screenshots), and Turnstile (anti-spam on this page and the web account-deletion form).

Each provider has its own privacy policy and data-handling practices.

Ad personalization and consent

The free version shows ads served by Google AdMob. Whether those ads are personalized depends on your consent:

• EEA, UK, and Switzerland — we present Google's consent prompt (the User Messaging Platform, or UMP) before showing ads. If you consent, AdMob may use an advertising identifier to serve personalized ads. If you decline, you still see ads, but they are non-personalized.
• iOS App Tracking Transparency — on iOS we also ask for App Tracking Transparency permission before initializing the ad SDK. If you allow tracking, AdMob may use your IDFA (Apple's per-device advertising identifier) to serve personalized ads. If you ask the app not to track, AdMob does not receive your IDFA and ads are non-personalized.
• Everywhere else — where neither a UMP consent prompt nor an ATT denial applies, ads may be personalized using the device advertising identifier.

You can change your iOS tracking choice any time at iOS Settings → Privacy & Security → Tracking → Black Queen. If you bought or redeemed an ad-free unlock, no ad requests are made at all.

Children

Black Queen is a general-audience app and is not directed at children under 13. We do not knowingly collect information from children under 13. If you believe a child has provided information to us, contact us and we will delete it.

Your choices

• Delete your account in the app. Settings → Account → Delete Account runs the deletion immediately and signs you out.
• Delete your account from the web. Visit https://blackqueen.app/delete-account. You will receive a one-time confirmation link by email; clicking it runs the deletion immediately.
• Delete your account by email. Email [verify below to reveal contact email] with the subject "Delete account" from the address you signed in with. We process email requests manually within 30 days.
• Stop receiving push notifications. Toggle off in Settings → Notifications, or in your device's system settings.
• Turn off analytics. Toggle off in Settings → Privacy → Analytics. Both PostHog and Firebase honor this immediately; no events are sent while the toggle is off.
• Control ad personalization. In the EEA, UK, and Switzerland, respond to the Google consent prompt (UMP). On iOS, use the App Tracking Transparency prompt or iOS Settings → Privacy & Security → Tracking → Black Queen.

Data retention

• Account data — kept until you delete your account through any of the paths above.
• Bug-report screenshots — automatically deleted from R2 180 days after upload.
• Crash and analytics data — retained according to each provider's standard retention.
• Backups — standard rolling backups of the application database; deleted accounts age out of backups within the normal backup cycle.

International transfers

Our infrastructure runs on Cloudflare's global network, and our third-party providers (Apple, Google, Sentry, PostHog, Firebase, SendGrid) operate globally. Your data may transit and be processed in the United States, the European Union, or other regions depending on your location and the provider's routing.

Your rights

Depending on where you live, you may have rights to access, correct, delete, or receive a portable copy of the information we hold about you, and to withdraw consent for any processing based on it. To exercise any of these rights:

• Access or correction — email [verify below to reveal contact email] from the address tied to your account. We will respond within a reasonable time and at most within the period required by applicable law.
• Deletion — use any of the three deletion paths under "Your choices" above.
• Portability — email [verify below to reveal contact email] with the subject "Data export" from the address tied to your account.

Changes to this policy

We may update this policy as the app evolves. The "Last updated" date at the top of this page changes when we do. Material changes will be highlighted in-app.

Contact

Peace Harbor Studios — a division of Peace Harbor Companies, Sandpoint, Idaho.
[verify below to reveal contact email]

← Return to Home