DiceCrew. Deutsche Version

Dice Crew – Privacy Policy

Last updated: June 12, 2026

This privacy policy explains which personal data is processed when using the Dice Crew app, why it is processed, and which rights users have.

1. Controller

The controller responsible for data processing in Dice Crew is:

PW IT Solutions
Address: Insterburger Str. 21c, 76139 Karlsruhe, Germany
Email: dicecrew@pw-it-solutions.de

2. Summary

3. Data We Process

3.1 Account and Sign-In

Depending on the selected sign-in method, Dice Crew processes data from Firebase Authentication, Sign in with Apple, Google Sign-In, or email/password authentication. This may include a user ID, authentication provider, email address where provided by the provider, display name where provided, authentication tokens, and technical login data.

The purpose is to create and manage user accounts, provide secure sign-in, and assign game, profile, and chat data to the correct account. The legal basis is Art. 6(1)(b) GDPR where processing is required for app use, and Art. 6(1)(f) GDPR for security and abuse prevention.

3.2 Profile, Friends, and Community Features

Profile data is stored in the Firestore database, including for example user ID, display name, unique username, friend code, friend list, level, XP, game statistics, unlocked cosmetic items, selected cosmetic items, profile image URL, and optional information such as gender, country and postal code with a coarse regional key derived from that information.

Public and private profile data are separated: display name, username, level, game statistics, cosmetic items, and profile image may be shown to other signed-in users where this is necessary for gameplay, leaderboards, friends, opponent profiles, and matchmaking. Gender, country, postal code, regional key, push token, and notification settings are stored in a separate private data area restricted by security rules so that only the user’s own account and the server logic can access it.

3.3 Game and In-Game Currency Data

For online duels, Dice Crew processes game IDs, player IDs, display names, player levels, game status, stake and payout in the in-game currency, scorecards, dice values, held dice, remaining rolls, winner, timestamps, timeout information, game statistics, and virtual currency transactions.

The virtual currency is used only for app gameplay. Unless a separate feature is explicitly introduced, it does not create any claim to a payout in real money.

3.4 Chat Messages

When using the in-app chat, Dice Crew stores message content, sender ID, sender name, game ID, message ID, and timestamp. Chat messages are used to display messages in the relevant game, trigger chat push notifications, and address abuse.

If a message is reported, a message excerpt may be stored together with the report for moderation purposes.

3.5 Profile Images and Gallery

When users select a profile or gallery image, the image is resized in the app and sent as a JPEG to the Dice Crew Cloudflare Worker. The upload requires a Firebase ID token. Stored data includes the image file, file type, file size, storage key, user ID as metadata, upload timestamp, and a publicly accessible image URL.

Images may be visible to other users depending on profile display. Users should not upload images that contain private information, infringe third-party rights, or include content that should not be visible in a game profile.

3.6 Push Notifications

If push notifications are enabled, Dice Crew processes a Firebase Cloud Messaging token and stores it in the private data area of the profile, which is not readable by other users. The token is used to send notifications about game turns and chat messages. Users can disable push notifications in iOS and can enable or disable chat and game notifications in the app.

3.7 Advertising and Consent

Dice Crew uses Google Mobile Ads for rewarded ads and Google User Messaging Platform to manage consent and privacy options. Depending on consent, region, and Google configuration, technical data such as advertising and device identifiers, IP address, app usage data, ad interactions, consent status, and diagnostic data may be processed.

The app currently requests non-personalized ads only and does not perform cross-app tracking. Where consent is required, processing is based on Art. 6(1)(a) GDPR. Where technically necessary processing is required for ad delivery, security, or billing, Art. 6(1)(f) GDPR may apply. Advertising privacy options can be opened in the app where they are required for the user’s region.

After a rewarded ad has been fully watched, Google AdMob sends a server-side verification callback to the Dice Crew server. This involves in particular the Dice Crew account’s user ID, an ad transaction ID, reward details, and a cryptographic signature, which are processed and stored as proof of the reward. The purpose is the correct crediting of the in-game reward and protection against abuse (Art. 6(1)(b) and (f) GDPR). In addition, daily reward and lucky wheel credits are logged with user ID, date, and amount.

3.8 Moderation, Reports, and Safety

To enforce community rules, Dice Crew processes reports with the reporting user ID, reported user, reason, optional note, context, game ID, message ID, message excerpt, status, and timestamp. In addition, moderation status, reason, processing timestamp, and internal moderation data may be stored in a profile.

This processing protects users, prevents fraud and abuse, handles complaints, and enforces the app’s rules.

3.9 Data Stored Locally on the Device

The app may store certain data locally on the device, such as login state, local turn state, acknowledged warnings, sound and display settings, and technical app state. Locally processed data is not transferred to Dice Crew unless the app explicitly synchronizes it for online features.

4. Services and Recipients

ServicePurposePossible Data
Firebase Authentication / Google Identity PlatformSign-in, account management, authenticationUser ID, email address where provided, provider information, authentication data, technical security data
Cloud FirestoreProfiles, games, chat, friends, reports, leaderboardsProfile, game, chat, moderation, and timestamp data
Firebase Cloud FunctionsServer logic for dice rolls, scores, duels, Pips, cosmetic items, and push triggersUser ID, game and profile data, function calls, technical log data
Firebase Cloud Messaging / Apple Push Notification servicePush notificationsFCM token, APNs-related technical data, notification payload data such as game ID
Sign in with AppleApple sign-inApple user identifier, name where released, authentication token
Google Sign-InGoogle sign-inGoogle user identifier, email address where released, name, authentication token
Google Mobile AdsRewarded ads, ad measurement, fraud preventionAdvertising/device identifiers, IP address, ad interactions, app usage and diagnostic data depending on consent and configuration
Google User Messaging PlatformConsent and privacy options for advertisingConsent status, region/language information, and technical information
Cloudflare Workers / Cloudflare R2Upload, storage, and delivery of profile and gallery imagesImage files, user ID as image metadata, upload timestamp, file type, file size, IP/request data
Firebase App Check (Apple App Attest / DeviceCheck)Protecting server endpoints against manipulated or unauthorized clientsDevice attestation tokens, app identity, technical verification data
Google AdMob Server-Side VerificationServer-side confirmation of watched rewarded adsUser ID, transaction ID, reward details, ad unit, signature data

Hosting location: Wherever possible, data is hosted in Germany or within the European Union. The central server components of Dice Crew (Cloud Functions and database) are operated in the Google Cloud region Frankfurt am Main (europe-west3). For some services, processing exclusively within the EU cannot be technically guaranteed; this applies in particular to ad delivery (Google), push notifications (Apple), and Cloudflare’s global edge network used for image delivery.

Where processing takes place in countries outside the European Union or the European Economic Area, transfers are based on appropriate safeguards, such as EU Standard Contractual Clauses, adequacy decisions, or comparable safeguards provided by the relevant service providers.

5. Purposes of Processing

6. Retention

Personal data is stored only for as long as necessary for the purposes described above. Account data, profiles, game states, friend lists, chat messages, images, and moderation data are generally stored for as long as the account exists or the data is needed for gameplay, safety, moderation, or legal obligations.

In-app account deletion: The account can be deleted directly in the app at any time (settings). This deletes the profile including the private data area, the assignment to games, uploaded profile and gallery images, and the Firebase sign-in account.

When deletion is requested, we review which data can be deleted or anonymized. Certain data may be retained for longer where this is required for abuse prevention, legal obligations, or the establishment, exercise, or defense of legal claims. This may in particular include reports, moderation and audit logs, and reward verification records.

7. Notes for the App Store Connect Privacy Label

Based on the functionality currently visible in the repository, the following data types should in particular be reviewed and declared in App Store Connect. The exact selection must be checked before submission against the actual production configuration, Google AdMob settings, and Firebase project settings.

Apple Data CategoryVisible in Dice CrewPurposeLinked to User?
Contact InformationEmail address and name where provided during sign-inApp functionality, account, authenticationYes
User ContentChat messages, profile images, gallery images, report notesApp functionality, moderation, safetyYes
IdentifiersFirebase UID, FCM token, possibly advertising or device identifiers through Google Mobile AdsApp functionality, push notifications, advertising, safetyYes
Usage DataGames, turns, level, statistics, chat/notification settings, ad interactionsApp functionality, advertising, ad delivery analysis, safetyYes
DiagnosticsTechnical log, error, and request data at Firebase, Cloudflare, and Google AdsTroubleshooting, safety, app functionalityPossibly yes, depending on provider logs
Other Data / Gameplay ContentGame states, scorecards, dice values, matchmaking and duel informationApp functionalityYes
Coarse LocationCountry, postal code, and derived regional key if voluntarily provided; IP address at service providersProfile/community features, safety, service deliveryYes or possibly yes
Data Used for TrackingThe app itself declares no tracking and requests non-personalized ads only. Tracking would only become possible if Google Mobile Ads were configured in the future to use data across apps or websites for advertising or ad measurementThird-party advertising / ad measurement based on consent and provider configurationPossibly yes

If personalized advertising, tracking, or IDFA use is enabled, App Tracking Transparency, consent settings, and App Store Connect declarations must be implemented consistently.

8. User Rights

Under the GDPR, data subjects have in particular the following rights, subject to the applicable legal requirements:

Requests can be sent to the address listed in the Contact section. To process a request, verification may be required so that data is not disclosed to or deleted by unauthorized persons.

9. Children and Minors

Dice Crew is not directed at children. Use of the app requires at least the age stated in the age rating displayed on the App Store. The app contains duels with stakes in a purely virtual play currency without real-money value, as well as a daily lucky wheel; payout or exchange into real money is excluded.

Depending on the country, stricter age limits or consent requirements may apply to the use of digital services. If we become aware that personal data of a child has been processed without required consent, we will take appropriate steps to delete or restrict that data.

10. Security

Dice Crew uses technical and organizational measures to protect personal data against unauthorized access, loss, and misuse. These measures include Firebase security rules with separated public and private profile areas, server-side game logic, Firebase App Check for device and app verification, signature-verified ad reward callbacks, authenticated Cloud Function calls, token-based image uploads, moderation features, and restricted write permissions in the database.

Absolute security cannot be guaranteed for internet-based services.

11. Changes to This Privacy Policy

This privacy policy may be updated if features, services, legal requirements, or data processing practices change. The current version should be made available in the app and at the publicly accessible Privacy Policy URL.

12. Contact

Questions about privacy, access requests, or deletion requests can be sent to:

PW IT Solutions
Email: dicecrew@pw-it-solutions.de