Privacy Policy

Last updated: 2026-05-01

1. Plain-English summary

This is the short version. The legal-grade detail is in the sections below.

2. Who we are

MathQuest is built and operated by Daniel Han, an independent developer. For the purposes of GDPR and similar laws, Daniel Han is the data controller for any personal information processed through MathQuest.

The legal name, business form, and country of operation that appear on App Store filings are the controlling versions of these details. To reach the data controller, write to [email protected].

3. What we collect

MathQuest collects only the information needed to save your child's progress and offer the optional features below.

• Progress and accuracy. Which levels have been completed, how many stars each level earned, recent answers, and per-level accuracy. Used to render the world map and adapt difficulty.
• Display name. A short nickname your child picks during onboarding. Used to label their save and (if friends are enabled) appear on a friend's screen.
• Account email (optional). If you create an account so progress syncs across devices, your email is stored to identify the account.
• Friend list (optional, off by default). If you turn on friends, the display names and progress of users you have added.
• Anonymous device identifier. A randomly-generated Firebase user ID, used to scope a save file to its device when no account is created.
• Purchase receipts. Apple App Store or Google Play receipts for any in-app purchases, used to verify entitlements.

4. How we use it

The information above is used only for the following purposes:

• To render and persist your child's progress so the next session continues where they left off.
• To sync that progress across devices when you create an account.
• To verify and restore in-app purchases.
• To populate the friends list, only if you turn on the friends feature.

We do not use any of this information to build advertising profiles, sell data to third parties, or train machine-learning models. We do not run behavioral tracking, ad networks, or marketing-attribution SDKs.

5. Crash diagnostics

To find and fix bugs that would otherwise cause MathQuest to crash on your child's device, we use Firebase Crashlytics, a crash-reporting service operated by Google LLC. When the app crashes or hits an uncaught error, Crashlytics sends a diagnostic report to Google on our behalf. Each report contains:

• A randomly-generated Crashlytics installation identifier (a UUID assigned by the SDK; not the IDFA or any advertising ID).
• The Firebase user ID of the active session (anonymous by default; the same opaque ID we use to scope save data — never your child's name or email).
• Device characteristics: model, operating system version, CPU architecture, RAM, free disk space, jailbreak / root status, screen orientation.
• App metadata: bundle identifier, version number, locale.
• The crash trace itself: stack trace, thread state, binary image references, exception class and message.
• Short breadcrumb logs we add to label what the app was doing just before the crash (for example, “reconciling entitlements” or “loading level”). These never contain answers, names, friends, or progress data.

Crashlytics does not collect IDFA, location, photos, microphone audio, contacts, browsing history, or behavioral-analytics events. Reports are retained by Google for 90 days and then removed from live and backup systems. The full list is published in Firebase's privacy reference.

We rely on Crashlytics solely to maintain and improve the app — specifically, to identify crashes, diagnose their cause, and ship a fix. We do not use Crashlytics data for advertising, profiling, or behavioral analytics, and we do not combine Crashlytics reports with any of the other data we hold (display name, email, friends list, progress).

Legal basis. In the United States, this collection is covered by COPPA's “support for internal operations” exception, which permits operators to collect a persistent identifier without verifiable parental consent solely for purposes including maintaining or analyzing the function of the service and protecting its security or integrity. In the EU/EEA and the UK, our legal basis is legitimate interest in keeping MathQuest stable and free of crashes; the processing is balanced against children's privacy by collecting only diagnostic data, never combining it with personal information, and using a randomly-generated identifier rather than an advertising ID.

6. What we do not collect

To make this concrete, MathQuest does not collect, request, or transmit any of the following:

• Location, GPS, or any geofencing data.
• Photos, camera frames, microphone audio, or contacts.
• Apple's IDFA, Google's AAID, or any other advertising identifier.
• Behavioral-event analytics, tap heatmaps, or session recordings.
• Browsing history, installed apps, or device fingerprints beyond the anonymous Firebase ID described above.
• Any biometric or health data.

7. Service providers (sub-processors)

To run MathQuest, we share some information with the following service providers. Each is bound by their own published privacy policy and by data-processing terms with us.

• Google LLC (Firebase Authentication, Cloud Firestore). Stores the anonymous user ID, optional account email, save data, and friend list. Data is held in Google data centres in the United States and the European Union.
• Google LLC (Firebase Crashlytics). Receives the crash-diagnostic reports described in § 5 above. Reports are retained for 90 days and used solely to fix crashes.
• Google LLC (Firebase Analytics, used at minimal scope). Receives a small set of in-app events — app opened, locale changed, audio toggled, level completed, purchase started / completed / restored — tagged with the same anonymous Firebase user ID. We use these counts to confirm that purchases work end-to-end and that the app reaches launch screens; we do not use them for advertising, profiling, or behavioural targeting. Firebase Analytics in this app does not access IDFA.
• Apple Inc. (App Store). Processes purchase receipts via the iOS StoreKit framework. Apple receives the purchase metadata necessary to bill and refund.
• Google LLC (Google Play). Processes purchase receipts on Android, when MathQuest is distributed through Google Play.

MathQuest does not integrate any third-party advertising network, behavioural-tracking SDK, push-notification provider, or marketing-attribution SDK. New sub-processors will be added to this list before they are integrated.

8. Children's privacy

MathQuest is designed for children. We treat every account as belonging to a child by default and apply the strictest applicable child-privacy rules — the United States Children's Online Privacy Protection Act (COPPA), the EU/EEA General Data Protection Regulation as it applies to children (sometimes called GDPR-K), the United Kingdom Age Appropriate Design Code, and equivalent rules elsewhere — to every user, regardless of declared age.

In practice that means:

• No behavioural advertising. No advertising of any kind.
• No session recording, no marketing-attribution SDKs, no behavioural-analytics SDKs.
• The minimal Firebase Analytics events listed in § 7 and the Firebase Crashlytics diagnostics described in § 5 are used solely for the “internal operations” permitted by COPPA — running and stabilising the service — and are never combined with personal information about your child or used to build any kind of profile.
• Data minimisation. We collect only what the app needs to save your child's progress and to operate optional features you enable.
• A parental gate (a small math puzzle) protects access to settings, account creation, deletion flows, and external links.

If you are a parent or guardian and want to access, correct, or delete the personal information of a child using MathQuest, write to [email protected]. We will respond within 30 days.

9. Your rights

You can exercise the following rights at any time, for free.

• Access. Ask us for a copy of the personal data we hold about you or your child.
• Correction. Ask us to correct anything that is wrong.
• Deletion. Use the in-app delete flow at Settings → Parents → Privacy → Delete Account (the Parents area is protected by a parental math puzzle), or write to us. The in-app flow removes both your account and the data we have stored about it. The factory-reset flow on the same screen also wipes local progress.
• Objection and restriction. Tell us to stop a particular processing activity. Where the processing is required for the app to function, we will instead help you delete the account.
• Portability. Ask us to send your data in a structured, machine-readable format.
• Complaints. If you are in the EU/EEA or the UK, you have the right to complain to your national data protection authority. If you are in California, you have rights under the CCPA/CPRA — including the right to know, delete, and opt out of the sale of personal information. (We do not sell personal information.)

To exercise any of these rights, write to [email protected] from the email address associated with the account, or from the parent or guardian who created the account on a child's behalf.

10. Changes to this policy

We may update this policy as MathQuest changes — for example, when a new sub-processor is added, when we begin processing a new category of data, or when applicable law changes.

We will update the "Last updated" date at the top of the page. For changes that materially expand what we collect or how we use it, we will surface a notice inside the app on next launch and ask you to acknowledge it before continuing.

11. Contact

Privacy questions, deletion requests, and parental data requests all go to a single inbox:

[email protected]

For non-privacy support, the same address is fine.