Privacy Policy
Last updated: May 30, 2026
This Privacy Policy describes how guesslet ("we", "us") collects and uses information when you use the Service. Operator: Jameson Daines, sole proprietor, Utah, USA.
1. What we collect
- Account info: phone number (E.164, hashed at rest), or Apple Sign-In subject ID, or Google Sign-In subject ID, whichever provider you choose. Display name, optional emoji, accent color.
- App activity: groups you belong to, guesses you create or pick, in-app coin balance per group.
- Purchases: if you buy the optional one-time Pro upgrade, our payment processor records that you made a purchase. We never see or store your full card number.
- Device info: push notification tokens (when you grant permission), app version, basic platform identifier.
- Logs: standard server logs (IP, user-agent, request path) retained 30 days for security and debugging.
2. Bingo boards you choose to publish
A bingo board is private to your group by default. If you (as the board's creator) choose to publish a board to a public share link, the board's title and squares become viewable by anyone with that link. We do not include group names, member names, balances, or any other personal data in a published board. You can unpublish at any time, which takes the link offline.
3. How we use it
- To operate the Service: deliver verification codes, route push notifications, render your activity feed.
- To process the optional one-time Pro purchase.
- To detect and prevent abuse, fraud, and unauthorized access.
- To respond to your support requests.
4. What we don't do
- We do not sell your personal information.
- We do not share your data with advertisers or data brokers.
- We do not upload your phone contacts.
- We do not track you across other apps or websites. Our analytics are cookieless and aggregate (see providers below).
5. Service providers
We use the following processors strictly to operate the Service:
- Firebase Authentication (Google) sends the SMS verification code to your phone (when you choose phone signin).
- Apple verifies Apple Sign-In tokens (when you choose Apple).
- Google verifies Google Sign-In tokens (when you choose Google).
- Lemon Squeezy is our payment provider and merchant of record for the optional one-time Pro purchase. They handle your card details and the transaction directly; we receive only a confirmation that the purchase succeeded.
- Plausible Analytics measures aggregate, anonymized site usage. It is cookieless, does not collect personal data, and does not track you across other sites.
- Cloudflare provides DNS and edge caching for the Service.
6. Data retention
Account data is retained while your account is active. When you delete your account from in-app settings, all personal data is purged within 30 days. Aggregate, anonymized analytics may be retained indefinitely.
7. Your rights
You may at any time:
- Access your data: visible in-app at any time.
- Export your data: JSON dump per group, available in settings.
- Delete your account: full data wipe within 30 days.
If you are in the EU, UK, California, or another jurisdiction with statutory privacy rights (GDPR, UK GDPR, CCPA, etc.), you have additional rights including the right to object to processing and to lodge a complaint with your local supervisory authority.
8. Children
Guesslet is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account, contact us and we will promptly delete it.
9. Security
Data in transit is encrypted via TLS 1.2+. Phone numbers and tokens are hashed or encrypted at rest. We follow industry-standard practices but no system is perfectly secure.
10. Changes
We may update this Policy. Material changes will be communicated in-app. The "Last updated" date above always reflects the current version.