Privacy Policy

Last updated: April 27, 2026

This Privacy Policy describes how Guesslet ("we", "us") collects and uses information when you use the Service. Operator: Jameson Daines, sole proprietor, Utah, USA.

1. What we collect

• Account info: phone number (E.164, hashed at rest), or Apple Sign-In subject ID, or Google Sign-In subject ID — whichever provider you choose. Display name, optional emoji, accent color.
• App activity: groups you belong to, guesses you create or pick, in-app coin balance per group.
• Device info: push notification tokens (when you grant permission), app version, basic platform identifier.
• Logs: standard server logs (IP, user-agent, request path) retained 30 days for security and debugging.

2. How we use it

• To operate the Service: deliver verification codes, route push notifications, render your activity feed.
• To detect and prevent abuse, fraud, and unauthorized access.
• To respond to your support requests.

3. What we don't do

• We do not sell your personal information.
• We do not share your data with advertisers or data brokers.
• We do not upload your phone contacts.
• We do not track you across other apps or websites.

4. Service providers

We use the following processors strictly to operate the Service:

• Twilio — sends SMS verification codes to your phone (when you choose phone signin).
• Apple — verifies Apple Sign-In tokens (when you choose Apple).
• Google — verifies Google Sign-In tokens (when you choose Google).
• Cloudflare — DNS and edge caching for the Service.

5. Data retention

Account data is retained while your account is active. When you delete your account from in-app settings, all personal data is purged within 30 days. Aggregate, anonymized analytics may be retained indefinitely.

6. Your rights

You may at any time:

• Access your data — visible in-app at any time.
• Export your data — JSON dump per group, available in settings.
• Delete your account — full data wipe within 30 days.

If you are in the EU, UK, California, or another jurisdiction with statutory privacy rights (GDPR, UK GDPR, CCPA, etc.), you have additional rights including the right to object to processing and to lodge a complaint with your local supervisory authority.

7. Children

Guesslet is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account, contact us and we will promptly delete it.

8. Security

Data in transit is encrypted via TLS 1.2+. Phone numbers and tokens are hashed or encrypted at rest. We follow industry-standard practices but no system is perfectly secure.

9. Changes

We may update this Policy. Material changes will be communicated in-app. The "Last updated" date above always reflects the current version.

10. Contact

[email protected]