Privacy Policy for Monopay

Preamble

This Privacy Policy explains which personal data we process when you use the web and mobile app Monopay (monopay.kleinerzwerg.com), for what purposes, and on which legal basis.

Version: March 7, 2026

Controller

Ronny Szallies
Legal notice: https://www.mein.online-impressum.de/kleinerzwerg/

What Data We Process

• Game and session data
  This includes game codes, start/end times, game settings, transactions, and user-selected details such as nickname, symbol, color, and balance. This data is technically necessary to run a game session.
• Technical connection and log data
  When you use the web app and related Google/Firebase services, technically required data may be processed (for example IP address, timestamps, device/browser metadata, and error logs).
• Advertising data (mobile app only)
  In the mobile app, we use Google AdMob (banner and interstitial ads). Depending on the ad mode, this may involve data such as advertising ID, device information, and network signals. Consent is managed via Google UMP (User Messaging Platform). If consent is declined, restricted non-personalized ad delivery (for example Limited Ads) may still occur where legally permitted.
• Feedback data (optional, Android)
  If you use the feedback feature, we process your message, optional email address, and technical device/app information to handle your request.
• Locally stored app data
  The app stores certain data locally, such as language preference, optional rejoin session data, and feedback cooldown timestamps, so core functions work correctly.

Purposes of Processing

• Providing and operating app features
• Running active game sessions
• IT security, error diagnostics, and abuse prevention
• Handling user feedback
• Financing the mobile app through advertising

Legal Bases

1. Art. 6(1)(b) GDPR (contract / pre-contractual measures) for game operation.
2. Art. 6(1)(f) GDPR (legitimate interests) for secure and stable operation, abuse detection, and technical delivery.
3. Art. 6(1)(a) GDPR (consent), in particular for personalized advertising where required.

Recipients and Services Used

To operate Monopay, we use Google services, including Firebase Hosting, Firebase Realtime Database, Cloud Firestore, Google Mobile Ads/AdMob, and UMP. The provider is generally Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Further information:

• Google Privacy Policy: https://policies.google.com/privacy
• Google AdMob: https://support.google.com/admob/

Transfers to Third Countries

Using Google services may involve transfers of personal data to third countries (especially the United States). For relevant transfers, Google states that it relies on the EU-US Data Privacy Framework (DPF) and Standard Contractual Clauses (SCC).

Retention and Deletion

• Game and session data is deleted no later than 24 hours after a game ends, in line with our technical cleanup configuration.
• Feedback data in our Firestore mail pipeline is processed with a 24-hour TTL.
• Locally stored app data remains on your device until you delete it (for example by clearing app data or uninstalling) or until overwritten.
• Data processed by Google services (for example AdMob/Firebase logs) is retained/deleted according to Google policies.

Ad Consent Management (Mobile App)

In the mobile app, we use Google UMP to manage ad consent. Depending on region (especially EEA, UK, Switzerland), users are shown the relevant consent choices.

You can reopen and change your choice in the app (button "Ad privacy settings / Werbe-Datenschutz", where required for your region), including withdrawing consent.

Web Analytics, Cookies, and Similar Technologies

• Web app: We currently do not use a separate Google Analytics integration on the web app.
• Technically necessary processing: Accessing the website generates technically required requests and logs (hosting/CDN).
• Mobile app: AdMob ad delivery may use device identifiers or similar technologies. Details depend on your consent choice and the applicable legal framework.

Security Measures

• Encrypted transmission via HTTPS/TLS
• Technical and organizational safeguards to protect systems
• Regular updates of the components we use

Your Rights

Subject to statutory conditions, you have the right to access, rectification, erasure, restriction of processing, data portability, objection, and withdrawal of consent for future processing. You also have the right to lodge a complaint with a data protection authority.

Changes to This Privacy Policy

We may update this Privacy Policy if legal requirements, features, or services change. The version published here, including its date, is authoritative.