Sifnos Privacy Policy

Last updated: April 15, 2026

This document outlines how we collect, use, and protect our users' personal information. We have implemented clear policies and practices that safeguard the collected data, ensuring privacy and compliance with applicable data protection regulations.

1. Information Collected

Sifnos collects only the minimum data necessary for use of the application, for the management of in-app purchases, and to allow users to connect with one another. We do not collect sensitive personal data. The data collected includes:

• Email address: Collected when a user creates a player profile. This is required to create the profile, sign in, and allow access to the account from other devices.
• Username: Users may choose any name to identify themselves within the app; it does not have to be their real name. This information can be modified after profile creation.
• Purchase and transaction data: When users purchase access passes or slot packages, we do not collect or store financial information such as credit card numbers. These payments are securely processed directly by the application stores (Apple App Store and Google Play Store). Sifnos only receives transaction identifiers and digital receipts to validate the purchase and enable the corresponding features within the game.
• Usage Data: We collect information on how users interact with the app, such as most-used features, frequency of use, session duration, days and times of activity, device type, and operating system version. This data is collected anonymously and is not linked to individual users. It is used solely to improve the app's quality and optimize functionality.

2. Data Collection Methods

We collect information through forms within the mobile application. The email address is collected when the user creates their player profile. The username may be modified after profile creation. Data related to in-app purchases is collected and processed externally by the distribution platforms (Google and Apple), which only communicate transaction confirmation to us. We do not use cookies, do not use third-party services that are not mentioned in this document, and do not track users outside the application. Usage data is collected only when users interact with the app; this data is fully anonymous and is not associated with any specific user.

3. Legal Basis for Data Processing

Consent is requested immediately before the user creates their player profile, at which point they explicitly agree that they have read this document and the terms of use. Once accepted, the user may proceed to create their profile. This consent is the legal basis for processing the information provided. In addition, when a user makes a purchase within the application, the legal basis for processing that transaction identifier is the necessity of performing a commercial contract in order to provide the purchased functionality.

4. How We Use the Information

We use the collected information to connect players, process and validate purchases in order to enable the calculation of prediction points, optimize the application's features, and conduct general analysis not linked to specific users, with the sole purpose of improving the user experience.

5. Third-Party Services

In our application, we use third-party services to provide key functionality, process payments, and improve certain technical aspects. These services operate in accordance with international data protection standards, such as the General Data Protection Regulation (GDPR), and apply measures such as encryption and anonymization to protect user privacy. The legal basis for using these services includes legitimate interest in analyzing and improving the application, as well as the need to ensure essential functionality and payment services. Although we do not use these services for advertising purposes or cross-app tracking, we encourage users to review each privacy policy for more details on how their data is handled.

• Google Cloud Platform (GCP): We use GCP to manage databases, authenticate users, and securely store data. GCP ensures encrypted data transmission and storage, complying with international data protection regulations such as the GDPR. [Privacy Policy]
• Firebase Analytics: This service is used to anonymously analyze general app usage, with the aim of improving functionality. It is not used for cross-app tracking or identifying users for advertising purposes. [Privacy Policy]
• RevenueCat: We use RevenueCat to manage and validate the status of subscriptions and in-app purchases within the application. RevenueCat may process transaction identifiers, digital receipts, and technical information required to verify access to purchased functionality. [Privacy Policy]
• Payment Processors and App Stores: Purchases of individual passes and packages are managed through in-app purchases. For this purpose, we use the native services of Google Play Store and Apple App Store. These platforms process and store financial information under their own strict security standards and privacy regulations, and they do not share users' personal financial data with Sifnos.

6. International Data Transfers

User data is stored on Google Cloud servers located in the United States. We implement all appropriate security measures to ensure the protection of the stored information and comply with applicable international data protection regulations. If users reside in the European Union, data transfers are carried out in accordance with Article 46 of the General Data Protection Regulation (GDPR), under Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring the protection and privacy of personal information. Google Cloud holds recognized certifications that demonstrate compliance with security and privacy standards. Users may request additional information about the specific server locations and applicable security measures by contacting us at contact@playsifnos.com.

7. Data Security

We implement all necessary measures to protect the information provided by users:

• Information transmitted through the application is encrypted using services provided by Google Cloud Platform and Firebase.
• We use user authentication and authorization to prevent unauthorized access.
• Google Cloud Platform encrypts data both in transit and at rest to ensure information security.

8. Data Retention

We retain user information for as long as the account remains active. Users have the right to modify or delete their information at any time through the application. When an account is deleted, all data is permanently removed from our systems.

9. User Rights

At Sifnos, we respect and protect the rights of our users in relation to the processing of their personal data. Below, we describe the rights they may exercise and how they apply in the context of our application:

• Access and editing: Users may access and modify their personal information directly from the application.
• Deletion: Users can delete their account and all associated data at any time.
• Withdrawal of consent: Users may withdraw their consent for the use of their personal data by deleting their account. This means no additional processing of the provided information will take place.
• Right to data portability: Users have the right to request a copy of the data they provided. However, in the case of Sifnos, the only information collected is an email address and a name. This data only makes sense within the context of the application, and there are no sufficiently similar platforms to which this data could be ported. Due to the limited nature of the information collected, no portability to other services is carried out.
• Right to file a complaint: If a user believes that the processing of their personal data violates applicable data protection regulations, they have the right to file a complaint with a competent supervisory authority.
• Right to restrict processing and right to object to processing: Sifnos does not use the collected information for advertising, cross-marketing, or profiling purposes. Commercial processing of data is strictly limited to validating in-app purchases in order to provide the service. Therefore, there is no invasive processing that would affect users' privacy rights.

10. Device Permissions

Sifnos requests one device permission. Users always retain control over this permission and may revoke it from their device settings:

• Push Notifications: This permission is requested to notify users about application updates, updates regarding their games, and match reminders. Users may disable or customize notifications through their phone settings.

11. Local Data Storage

Sifnos does not store users' personal information locally. Data stored locally is temporary and limited to cache generated by Firebase to improve application efficiency.

12. Data Breach Policy

In the event of a data breach that could compromise users' personal information, we undertake to notify the competent authority within 72 hours of detection. We will also inform affected users and take measures to mitigate any possible harm.

13. Changes to this Privacy Policy

We will update this Privacy Policy periodically to reflect changes in our practices or in applicable laws. We will notify users of any material changes through the application and will update the date of the latest revision.

14. Data Deletion and Procedures

Users may delete all of their personal information from within the application, and this deletion will be processed immediately. All data associated with the account will be permanently removed from our systems. If users need more information about the data deletion process or encounter difficulties deleting their account, they may consult our Data Deletion Instructions. They may also contact us through our support email for assistance: contact@playsifnos.com.

15. Advertising and Marketing Data

Sifnos does not use users' personal information for advertising purposes or to conduct marketing analysis. We do not collect or share data with third parties for the purpose of combining databases or generating marketing profiles.

16. Information for Minors

Sifnos is not intended for children under 13 years of age. We do not knowingly collect information from minors without appropriate consent.

17. Automated Processing and Decision-Making

Sifnos does not use automated algorithms to establish connections between players. Contact between users is limited to their joint participation in the same game, which is accessed through a shared link. At no time does the application facilitate direct communication between players. No additional automated processing is carried out that could have legal or significant effects on users' rights.

18. User Requests for Data Access and Deletion

In addition to the options available within the application to delete an account or modify data, users may submit specific requests for access to or deletion of their data by contacting us directly through our support email. For a request to be valid, users must provide their username, registered email address, and a clear description of the request. We respond to these requests in accordance with applicable regulations and ensure complete deletion of data where applicable.

19. Contact

If you have questions, concerns, or inquiries about this Privacy Policy or about how we handle your personal data, you may contact us through our support email: contact@playsifnos.com.