BFG — Arithmetix

Privacy Policy

Last updated: 27 February 2026

1. Who We Are

Arithmetix is operated by Alex Ghita, who acts as the data controller for the purposes of applicable data protection law.

Contact: blueflamegames@proton.me

2. What Data We Collect

Parent/Guardian accounts

• Email address (used for authentication and account recovery)
• Optional display name
• Purchase status (verified via Apple)

Child profiles (created by a parent)

• First name or nickname
• School year group
• Exercise records: questions, responses, scores, and timestamps
• Progress data: topic completion, badges, and coin balance

What we do NOT collect

• Location data
• Photos or media
• Voice or audio
• Device identifiers
• Advertising identifiers

3. How We Use This Data

• Service delivery — personalised learning experiences and progress tracking
• Account administration — authentication and account recovery
• App enhancement — aggregated topic difficulty analysis to improve content

4. Legal Basis (UK GDPR)

• Contract performance — processing necessary to provide the service you signed up for
• Legitimate interests — aggregated analytics to improve the app
• Legal obligations — compliance with applicable law

5. Children's Data

Parents create and manage all child profiles. We do not collect data from children under 13 without verified parental consent. If you believe a child's data has been collected without authorisation, please contact us at blueflamegames@proton.me and we will delete it promptly.

Child profile data is only accessible to the parent or guardian account that created it.

6. Third-Party Processors

• Google Firebase — authentication and Cloud Firestore database. Data may be stored in the EU or USA. A Data Processing Agreement (DPA) with Standard Contractual Clauses (SCCs) is in place.
• Apple Inc. — App Store distribution and in-app purchases.

We do not sell your data to any third party.

7. Data Retention

• Account and profile data — deleted within 90 days of a removal request
• Session logs and progress — automatically removed after 2 years
• Purchase records — retained as required for Apple compliance

8. International Transfers

Firebase may store data outside the UK/EEA, including in the USA. Where this occurs, transfers are protected by Standard Contractual Clauses (SCCs) under the UK GDPR.

9. Your Rights (UK GDPR)

You have the right to:

• Access your personal data
• Correct inaccurate data
• Request deletion of your data
• Restrict processing
• Data portability
• Object to processing based on legitimate interest

To exercise any of these rights, contact blueflamegames@proton.me. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

10. Security

We protect your data with Firebase security rules, HTTPS encryption, and role-based access controls. However, no method of electronic transmission or storage is 100% secure.

11. Changes

If we make material changes to this policy, we will notify you via an in-app notification. Continuing to use the app after changes are posted constitutes acceptance of the updated policy.

12. Contact