🎮Multiplayer Beta has begun! Compete in real-time against other players and climb the leaderboard!

GTR Logo
Submit
← Back to Home

Privacy Policy

Last updated: 4/19/2026

1. Introduction

This Privacy Policy describes how GuessTheRank ("we," "our," or "us") collects, uses, and shares information when you use our website (guesstherank.org), our iOS and Android mobile apps ("Guess The Rank"), and our Discord bot (collectively, the "Service").

By using the Service, you agree to the practices described here. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: email address, username, and authentication credentials when you sign up via email/password or OAuth (Apple, Google, Discord, or Steam).
  • Profile Information: optional avatar image and display name.
  • User Content: gameplay clips you submit, room names, display names, and any other content you post.

2.2 Gameplay & Service Data

  • • Guesses, scores, accuracy, ranked match history, MMR, leagues, XP, and level progression.
  • • Quest progress, daily and longest streaks, and achievement state.
  • • Multiplayer room participation, ranked matchmaking history, and live event activity.

2.3 Subscription & Payment Information

  • Web (Stripe): subscription status, billing period dates, and Stripe customer/subscription identifiers. Stripe processes payment card details directly; we never store full card details.
  • iOS / Android (RevenueCat + Apple/Google billing): subscription entitlement status, product identifiers, and an anonymous RevenueCat user ID linked to your account. Apple and Google process payments and we never receive your payment card details.

2.4 Mobile Device & Diagnostic Data

  • Device identifiers: the Identifier for Advertisers (IDFA on iOS, if you grant App Tracking Transparency permission) and the Android Advertising ID (AAID), used by ad partners to deliver ads. You can reset or limit these at any time in your device settings.
  • Push notification token: a unique token issued by Apple Push Notification service or Firebase Cloud Messaging, used to send quest reminders, streak notifications, and re-engagement messages. You can disable notifications in your device settings at any time.
  • Analytics & crash data: app instance ID, session length, screen views, in-app events, device model, OS version, and crash logs collected via Firebase Analytics.

2.5 Web Device & Cookie Data

  • • Browser type, device type, operating system, IP address, and approximate location derived from IP.
  • • Cookies and similar technologies (see §9).

2.6 Discord Bot

When you use our Discord bot, we collect your Discord user ID, the server (guild) IDs where the bot is installed, and the contents of commands you send to the bot. We do not read messages you send in channels that are not directed at the bot.

2.7 Guest Users

You can play solo or join rooms/live events without an account. Guest gameplay is associated only with a temporary session identifier and is not permanently linked to a personal profile.

3. How We Use Your Information

  • • Provide and maintain the Service (solo, ranked, party rooms, live events, Discord bot).
  • • Authenticate you and protect your account.
  • • Process Pro subscription payments and manage entitlements.
  • • Track gameplay statistics, leaderboards, MMR, XP, quests, and streaks.
  • • Display your profile and statistics to other users.
  • • Send quest reminders, streak protection alerts, and re-engagement notifications (only with your permission).
  • • Serve advertising to free users (mobile only).
  • • Detect, prevent, and respond to fraud, abuse, cheating, and security incidents.
  • • Improve the Service via aggregate analytics.

4. Legal Basis (EEA / UK)

If you are in the European Economic Area, the United Kingdom, or Switzerland, we process your personal data on the following legal bases under the GDPR / UK GDPR:

  • Contract (Art. 6(1)(b)): account creation, gameplay, subscriptions, and customer support.
  • Legitimate interests (Art. 6(1)(f)): security, fraud prevention, and aggregate analytics.
  • Consent (Art. 6(1)(a)): push notifications, personalized advertising, and non-essential cookies.
  • Legal obligation (Art. 6(1)(c)): tax, accounting, and responding to lawful requests.

5. Third-Party Services

5.1 Authentication

  • • Sign in with Apple, Google OAuth, Discord OAuth, Steam OpenID.

5.2 Payments & Subscriptions

  • Stripe (web) — payment processing. Privacy Policy
  • RevenueCat (mobile) — subscription state and entitlements. Privacy Policy
  • Apple App Store & Google Play — billing for in-app subscriptions.

5.3 Advertising (Mobile)

  • Google AdMob serves banner, interstitial, and rewarded ads in the mobile apps for free users. AdMob may collect your advertising identifier (IDFA/AAID), IP address, ad-interaction data, and approximate location to deliver and measure ads. You can opt out of personalized ads via your device settings (iOS: Settings → Privacy & Security → Apple Advertising; Android: Settings → Google → Ads). AdMob Privacy

On iOS 14.5+, we will request your permission via the App Tracking Transparency prompt before tracking you across other companies' apps and websites for advertising. If you decline, you will still see ads, but they will not be personalized.

5.4 Analytics

  • Firebase Analytics (Google) — app usage and performance. Privacy

5.5 Push Notifications

  • • Apple Push Notification service (iOS) and Firebase Cloud Messaging (Android).

5.6 Hosting & Infrastructure

  • Supabase — database, authentication, and realtime services.
  • Google Cloud Platform — web app hosting (Cloud Run) and Discord bot hosting (Compute Engine).

5.7 Content & Media

  • YouTube — embedded video playback. YouTube may set its own cookies; see Google's privacy policy.

6. Data Sharing

We share personal data only as described in this policy:

  • • With the third-party service providers listed in §5, strictly to operate the Service.
  • • With other users when you choose to make information public (profile, leaderboard, room participation).
  • • When required by law, valid legal process, or to protect our rights and the safety of our users.
  • • In connection with a merger, acquisition, or sale of assets, with notice to you.

We do not sell your personal information for monetary consideration.

7. Security

  • • Encrypted transport (HTTPS/TLS).
  • • Secure password hashing on accounts using email/password.
  • • Row-level security on our database; access controls on infrastructure.
  • • On iOS, authentication tokens are stored in the iOS Keychain; on Android, in EncryptedSharedPreferences.

No method of transmission or storage is 100% secure. We cannot guarantee absolute security.

8. Your Rights

Subject to your local laws, you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate information.
  • Delete your account and associated personal data (in-app and via the website).
  • Port your data to another service.
  • Object to or restrict certain processing.
  • Withdraw consent at any time, including for push notifications and personalized ads.
  • Lodge a complaint with your local data protection authority (EEA/UK only).

To exercise any of these rights, contact us at contact@guesstherank.org or use the in-app "Delete Account" option.

8.1 California Residents (CCPA / CPRA)

California residents have the right to know what personal information we collect, to delete it, to correct it, and to opt out of "sale" or "sharing" of personal information. We do not sell personal information for money. To the extent that mobile advertising activity may constitute "sharing" under CPRA, you can opt out via your device settings or by contacting us.

9. Cookies & Similar Technologies

On the website, we use:

  • Strictly necessary cookies — login session, security, load balancing.
  • Functional cookies — preferences, language.
  • Analytics — aggregate site usage.

EU/UK visitors are asked for consent before non-essential cookies are set. You can manage or revoke consent at any time via your browser or our cookie controls.

10. Data Retention

We retain personal information for as long as needed to provide the Service and meet our legal obligations. When you delete your account, we delete or anonymize associated personal data within 30 days, except where we are required to retain certain records (e.g. transaction records for tax purposes).

11. Children's Privacy

The Service is not directed to children under 13 (or under the minimum age required in your country — e.g. 16 in parts of the EU). We do not knowingly collect personal information from children below that age. If you believe a child has provided us with personal information, contact us and we will delete it.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States, where data protection laws may differ. Where required, we rely on the European Commission's Standard Contractual Clauses or other appropriate safeguards.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page and the "Last updated" date will be revised. Continued use of the Service after changes constitutes acceptance.

14. Contact

  • • Email: contact@guesstherank.org
  • • Website: guesstherank.org