Privacy Policy
1. Who We Are
Boolip is operated by Boolip Ltd, a company registered in Israel (company no. 517350443), David Saharov 3, Rishon LeZion, Israel (“Boolip”, “we”, “us”). Boolip is a social arcade: a curated feed of quick mobile games, friend-to-friend duels, and daily leaderboards. This Policy explains what we collect, why, and your rights.
2. What We Collect
Account data
Your email address, display name, avatar, and any profile information you provide. When you sign in with a third party (Apple or Google), we receive the basic profile fields that provider returns — typically your name, email, and avatar.
Activity & content data
The comments you post, the likes and saves you give, the people you follow, the messages you send to other users, and any gameplay clips you choose to record and share.
Gameplay data
Scores, play durations, completion status, duel results, and leaderboard/coliseum progress. We collect this to power leaderboards, challenges, duels, and your own statistics.
Safety & moderation data
We log reports you file and reports filed against your content or profile, along with the moderation decision and reasoning. This data is used for safety, audit, and to improve our filters.
Technical data
IP address, user agent, device type, approximate region (derived from IP), referrer, and basic interaction telemetry (screen views, load latency). We use this for security, abuse prevention, and product analytics.
Notifications
If you enable push notifications, we store a device push token so we can send you duel invites, leaderboard updates, and important account notices. You can turn notifications off at any time in your device settings.
3. How We Use Your Data
- To provide and operate the Service (create your account, serve games, host your content);
- To power social features — leaderboards, duels, follows, and messages;
- To moderate content and enforce our Terms (reports, review, enforcement actions);
- To prevent fraud, abuse, and unauthorized access (rate limits, anomaly detection);
- To communicate with you about your account, safety reports, or material policy changes;
- To improve the Service (which games people enjoy, where the app can be faster or clearer).
4. Third-Party Processors
We share specific data with the following processors strictly to operate the Service. Each is bound by its own data-processing agreement. We do not sell your personal data, we do not share it with advertisers, and we do not track you across other companies’ apps or websites for advertising.
| Processor | Purpose | Data shared |
|---|---|---|
| Vercel | Hosting, CDN & asset storage | Application traffic, request logs, uploaded clips/assets |
| Neon | PostgreSQL database | All persistent account & gameplay data |
| Upstash (Redis) | Rate limiting & caching | User IDs, transient counters |
| Apple | Sign in with Apple | OAuth profile (name, email) |
| Sign-in | OAuth profile (email, name, avatar) | |
| Google Firebase (Cloud Messaging) | Push-notification delivery (Android) | Device push token, device identifiers |
| Sentry | Error monitoring | Stack traces, request metadata |
5. Where Your Data Lives
Our primary database (Neon) is hosted in EU regions. Media and assets are stored on Vercel (multi-region with EU presence). Some processors may process limited data outside the EEA; where required, we rely on Standard Contractual Clauses or other lawful transfer mechanisms.
6. Retention
- Account data: while your account is active, plus up to 30 days after a deletion request.
- Content you publish (comments, clips): retained while published; removed on takedown and hard-deleted within 30 days.
- Safety & moderation logs and reports: retained 24 months for safety and audit.
- Server logs: retained up to 90 days for security and debugging.
7. Your Rights
Depending on where you live, you may have the right to access, correct, export, or delete your personal data, to object to processing, or to lodge a complaint with a supervisory authority. EU residents may exercise rights under the GDPR; California residents may exercise rights under the CCPA. To exercise any right, email support@boolip.com. We respond within 30 days.
Deleting your account
You can delete your Boolip account and its associated personal data at any time from within the app (Profile → Settings → Delete Account), or by emailing support@boolip.com from your registered address. When you delete your account, we erase your personal data within 30 days, except limited records we are legally required to retain (such as safety logs or fraud-prevention data) as described in Retention above.
8. Cookies & Local Storage
We use a session cookie to keep you signed in and a small set of local-storage entries to remember preferences (theme, last-viewed feed position). We do not use third-party advertising cookies. We use first-party analytics to measure performance; these do not identify you across other sites.
9. Children’s Privacy
The Service is not directed at children under 13 (or under 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact support@boolip.com and we will delete it.
10. Security
We use industry-standard safeguards: encryption in transit (HTTPS/TLS), encryption at rest for our database, strong password hashing, least-privilege internal access, automated security monitoring, and regular review of our infrastructure. No method of transmission or storage is 100% secure; we work to continuously improve.
11. Changes to This Policy
We may update this Policy. When we make material changes, we will revise the version string above and notify active users so you can review and re-accept where required.
12. Contact
Privacy questions, data-rights requests, or general support: support@boolip.com.