Privacy Policy

Synapgeek is an indie studio based in France, developing mobile puzzle game applications. This privacy policy applies to all Synapgeek applications and services, including Cerebrum (hereinafter "the App").

For any questions regarding the protection of your data, you can contact us at: privacy@synapgeek.com

We collect the following categories of data:

Account data If you create an account via Apple, Google, Facebook, or email: unique identifier, email address, display name, and profile photo (depending on the provider). You may also use the App without an account (anonymous mode).

Gameplay and progression data Scores, completion times, hints used, mistakes, stars earned, levels completed, difficulty level, attempts, best records, daily challenges, play streaks.

Virtual currency and customization data Coin balance, in-app transaction history, unlocked avatars, monthly trophies, experience points (XP), league/ranking.

Device and usage data Device type, operating system version, language, anonymized usage data, diagnostics, error logs, app performance data.

Advertising data Advertising identifier (IDFA, with your consent via App Tracking Transparency), ad interactions, attribution data via SKAdNetwork.

Transaction data In-app purchase and subscription history, processed by Apple via StoreKit 2. Synapgeek does not collect or store your payment information.

Data we do NOT collect We do not collect any geolocation, health, contacts, photos, camera, calendar, or microphone data.

In accordance with the General Data Protection Regulation (GDPR), we process your data on the following legal bases:

- Performance of a contract: processing necessary to provide the service (account, progression, purchases, synchronization) - Consent: personalized advertising, advertising identifier (IDFA), non-essential cookies and tracking technologies - Legitimate interest: first-party analytics, App improvement, fraud detection, security

You may withdraw your consent at any time through the App's privacy settings or your device settings.

Your data is used to:

- Provide, maintain, and improve the App and its features - Synchronize your progress across devices (if signed in) - Manage your account and preferences - Process your in-app purchases and subscriptions - Display advertisements (personalized with consent, or contextual) - Analyze aggregate usage to improve the user experience - Detect and prevent abuse, fraud, and technical issues - Manage leaderboards and the league system

The App displays advertisements served by Google AdMob. Users with an ad-free subscription or purchase do not see advertisements.

Advertising consent (EEA/UK/Switzerland) For users located in the European Economic Area, the United Kingdom, and Switzerland, a Consent Management Platform (CMP) is displayed at first launch. You can change your preferences at any time through the App's privacy settings.

App Tracking Transparency (ATT) On iOS 14.5 and later, the App requests your permission before accessing your advertising identifier (IDFA). If you decline, only contextual (non-personalized) ads are displayed. Declining tracking does not affect any App functionality.

SKAdNetwork The App uses Apple's SKAdNetwork framework for advertising attribution. This mechanism does not allow you to be personally identified.

Opting out of personalized ads You can disable personalized ads at any time via: - Privacy settings within the App - iOS Settings > Privacy & Security > Tracking - Purchasing an ad-free subscription or lifetime purchase

Your data may be shared with the following technical partners, strictly for the purposes described above:

- Google (Firebase Analytics, Firebase Crashlytics, Firebase Performance, Firebase Firestore, Firebase Auth, AdMob) — for analytics, data storage, authentication, monitoring, and advertising. Privacy Policy: https://policies.google.com/privacy - Apple (StoreKit 2, Sign in with Apple, SKAdNetwork) — for in-app purchases, authentication, and advertising attribution. Privacy Policy: https://www.apple.com/legal/privacy/ - Meta (Facebook SDK) — for authentication via Facebook. Privacy Policy: https://www.facebook.com/privacy/policy/

We do not sell your personal data. We do not share your data with third-party artificial intelligence systems for model training purposes.

Some of our technical partners (Google, Meta, Apple) process data outside the European Economic Area, including in the United States. These transfers are governed by standard contractual clauses approved by the European Commission, in accordance with Articles 46 and 49 of the GDPR, to ensure an adequate level of protection for your data.

We retain your data for the following periods:

- Analytics data: maximum 14 months (Firebase Analytics default policy) - Account and progression data: as long as your account is active - Transaction data: in accordance with applicable legal obligations (up to 10 years for accounting requirements) - Error logs (Crashlytics): 90 days

After account deletion, all your personal data is removed from our servers. Certain aggregated and anonymized data may be retained for statistical purposes.

We implement the following technical measures to protect your data:

- Encryption of data in transit (HTTPS/TLS) - Firebase Security Rules (access limited to authenticated user) - Secure authentication via OAuth 2.0 protocols and nonce for Apple Sign-In - Encrypted local storage on device

No system is infallible. In the event of a data breach affecting your rights, we will notify you in accordance with applicable legal deadlines.

The App is intended for users aged 13 and older. We do not knowingly collect personal data from individuals under 13 years of age.

If you are a parent or guardian and discover that your child under 13 has provided us with personal data, please contact us at privacy@synapgeek.com. We will delete such data promptly.

Rights under GDPR (EU/EEA) In accordance with the GDPR, you have the following rights:

- Access: request a copy of your personal data - Rectification: correct inaccurate or incomplete data - Erasure: request deletion of your data - Restriction: request restriction of processing - Objection: object to processing based on legitimate interest - Portability: receive your data in a structured, machine-readable format - Withdraw consent: withdraw your consent at any time

You also have the right to lodge a complaint with a supervisory authority (in France: CNIL — www.cnil.fr).

Rights under CCPA/CPRA (California, United States) If you reside in California, you have the following rights: - Right to know what data is collected and how it is used - Right to request deletion of your data - Right to opt out of the "sale" or "sharing" of your data (we do not sell your data) - Right to non-discrimination for exercising your rights

Account deletion You can delete your account directly in the App via Profile > Delete Account. This action is irreversible and results in the deletion of all your personal data (progression, purchases, avatars, leaderboards).

Exercising your rights To exercise any of these rights, contact us at: privacy@synapgeek.com. We will respond within 30 days.

We may update this privacy policy periodically. In the event of a material change, the update date at the top of this page will be revised. We encourage you to review this page regularly. Continued use of the App after any modification constitutes acceptance of the revised policy.

For any questions regarding this privacy policy or your personal data:

Synapgeek Email: privacy@synapgeek.com Website: https://synapgeek.com