1. Introduction
Welcome to Hexicon ("we," "our," or "us"). We are committed to protecting your privacy and personal data.
This Privacy Policy explains how we collect, use, and safeguard your information when you use our word
puzzle game and website at hexicon.online, including our premium subscription services.
2. Information We Collect
2.1 Account Information
When you sign in with Google, we collect:
- Your name and email address
- Google account ID (Firebase UID)
- Profile picture (if publicly available)
- Account creation and last login dates
2.2 Game Data
To provide our game service, we collect:
- Puzzle completion times and scores
- Hints used and game progress
- Performance statistics and achievements
- Game preferences and settings
- Daily puzzle completion history
- Wrong clicks and accuracy metrics
- Word completion patterns and timing
2.3 Premium Subscription Data
For premium subscribers, we additionally collect:
- Subscription plan type and billing frequency
- Payment status and subscription dates
- Stripe customer ID (for payment processing)
- Billing history and invoice information
- Trial period usage and conversion data
- Premium feature usage analytics
Important: We do not store credit card details or payment methods on our servers.
All payment information is securely handled by Stripe, our payment processor.
2.4 Leaderboard Data
For premium users participating in leaderboards:
- Your display name and ranking position
- Aggregated performance statistics (visible to other premium users)
- Competition history and achievements
- Comparative performance metrics
2.5 Technical Information
We automatically collect:
- Device type and browser information
- IP address and general location (country/region)
- Usage patterns and feature interactions
- Error logs and performance data
- Session duration and engagement metrics
3. How We Use Your Information
3.1 Core Game Functions
- Provide access to daily puzzles and archive
- Save your game progress and statistics
- Display personalized achievements and performance
- Sync your data across devices
- Calculate performance ratings and rankings
3.2 Premium Services
- Process subscription payments and billing
- Provide access to global leaderboards
- Enable premium features and content
- Generate advanced analytics and insights
- Offer customer support for billing issues
- Send subscription-related notifications
3.3 Leaderboards and Competition
- Display aggregated performance data to other premium users
- Calculate rankings and competitive statistics
- Enable social features and community interaction
- Prevent cheating and maintain fair play
3.4 Service Improvement
- Analyze game usage to improve puzzle difficulty
- Fix bugs and optimize performance
- Develop new features based on user behavior
- Conduct A/B testing for feature improvements
4. Legal Basis for Processing (GDPR)
We process your personal data based on:
- Consent: When you sign in and agree to data collection
- Contractual necessity: To provide the game service and premium subscriptions you've
requested
- Legitimate interests: To improve our service, prevent fraud, and ensure fair play
- Legal obligation: To comply with tax, accounting, and consumer protection laws
5. Data Sharing and Disclosure
We do not sell your personal data. We may share information with:
5.1 Service Providers
- Google Firebase: Authentication and secure data storage
- Stripe: Payment processing and subscription management
- Hosting Services: Website and database hosting
- Analytics Services: Usage analysis (anonymized data only)
5.2 Premium User Community
- Leaderboard Data: Your display name, rankings, and performance statistics are
visible to other premium users
- Competition Features: Aggregated gameplay data for competitive features
5.3 Legal Requirements
We may disclose information if required by law, court order, or to protect our rights and safety.
6. Data Retention
- Active accounts: Data retained while account is active
- Premium subscribers: Billing data retained for 7 years (tax/legal requirements)
- Inactive free accounts: Deleted after 3 years of inactivity
- Inactive premium accounts: Deleted after 5 years of inactivity
- Game statistics: Retained for service improvement (anonymized after account
deletion)
- Payment records: Retained as required by law and Stripe's policies
7. Your Rights (GDPR/UK GDPR)
You have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate or incomplete data
- Erasure: Delete your account and personal data (subject to legal retention
requirements)
- Portability: Export your data in a machine-readable format
- Restriction: Limit how we process your data
- Objection: Object to processing based on legitimate interests
- Withdraw consent: Remove consent for data processing
Note: Some data may need to be retained for legal compliance (e.g., payment records for
tax purposes) even after account deletion.
8. Payment Data Security
8.1 Stripe Integration
- All payment processing is handled by Stripe, a PCI DSS Level 1 certified payment processor
- We never store credit card numbers, CVV codes, or other sensitive payment data
- Payment data is encrypted and transmitted securely
- We only store Stripe customer IDs and subscription metadata
8.2 Subscription Security
- Webhook endpoints are secured and verified
- Subscription status is validated in real-time
- Access controls prevent unauthorized premium feature access
9. Cookies and Local Storage
9.1 Essential Cookies
These are necessary for the game to function:
- Authentication tokens (to keep you signed in)
- Game state data (to save your progress)
- User preferences (settings and customizations)
- Subscription status (for premium feature access)
9.2 Analytics Cookies (Optional)
With your consent, we may use:
- Google Analytics (to understand usage patterns)
- Performance monitoring (to identify technical issues)
- Conversion tracking (to measure subscription effectiveness)
10. Data Security
We implement appropriate technical and organizational measures to protect your data:
- Encryption in transit (HTTPS/TLS) and at rest
- Regular security assessments and penetration testing
- Access controls and multi-factor authentication
- Secure hosting infrastructure with reputable providers
- Payment data isolation through Stripe's secure systems
- Regular backups and disaster recovery procedures
11. International Data Transfers
Your data may be processed in countries outside the UK/EU, including the United States (Google Firebase,
Stripe). We ensure adequate protection through:
- Google's and Stripe's compliance with international data protection frameworks
- Standard Contractual Clauses (SCCs) and adequacy decisions
- Regular monitoring of data protection standards
- Data Processing Agreements with all third-party providers
12. Children's Privacy
Hexicon is intended for users aged 13 and above. We do not knowingly collect personal information from
children under 13. If we become aware of such collection, we will delete the information immediately and
terminate the account.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the updated policy on our website
- Updating the "Effective Date" at the top
- Sending email notifications for significant changes
- In-app notifications for premium subscribers
Continued use of our service after changes constitutes acceptance of the updated policy.
This Privacy Policy was last updated on January 15, 2025