Privacy Policy for Paw Merge Idle

Last updated: June 11, 2026

This Privacy Policy explains how Paw Merge Idle (the "App") and Appazzola LLC ("Appazzola," "we," "us," or "our") collect, use, disclose, retain, and protect information when you use the App.

1. Scope

This Privacy Policy explains how we and our service providers collect, use, disclose, retain, and protect information when you use Paw Merge Idle. It covers gameplay, local saves, Firebase authentication, cloud save, public leaderboards, display-name moderation, advertising, analytics, crash reporting, in-app purchases, subscriptions, and support interactions.

This policy does not apply to third-party websites, app stores, payment processors, ad networks, or identity providers except where we describe how they help us operate the App.

2. Summary

Paw Merge Idle is a casual idle/merge game. You can play with local progress, and the App may also create an anonymous Firebase account so progress can be saved to the cloud when Firebase is available. You may optionally link Google Sign-In or Sign in with Apple.

The App uses:

• Firebase Authentication for anonymous, Google, and Apple sign-in.
• Cloud Firestore for cloud-save storage.
• Firebase Cloud Functions for leaderboard score validation, display-name moderation, reports, account deletion, and RevenueCat webhook handling.
• Firebase Analytics in production builds for gameplay and product analytics.
• Firebase Crashlytics in production builds for crash diagnostics.
• Google Mobile Ads / AdMob for rewarded and interstitial advertising.
• Google User Messaging Platform (UMP) for consent collection where required.
• Apple App Tracking Transparency (ATT) on iOS where tracking permission is required.
• RevenueCat to manage in-app purchase and subscription entitlements.
• Apple App Store and Google Play for purchases, subscriptions, refunds, billing, and store account management.

The App does not require precise location, contacts, photos, camera, microphone, phone number, or postal address to play.

3. Information We Process

Depending on your device, platform, region, settings, consent choices, and how you use the App, we and our service providers may process the following categories of information.

3.1 Gameplay and Save Data

The App stores gameplay and progression data locally on your device and, when Firebase is available, in Cloud Firestore under your Firebase user ID. This may include:

• Catnip, gems, stars, free spawns, boosts, timers, cooldowns, offline earnings, streaks, quest progress, achievements, prestige progress, and merge-board state.
• Unlocked cats, rooms, room items, item levels, cosmetics, themes, skins, paw skins, themed decor, and decor positions.
• Purchase and entitlement flags such as remove-ads status, starter pack status, and Cat Club subscription status.
• Settings such as sound, music, and vibration preferences.
• Save timestamps and cloud-save update timestamps.
• Leaderboard-related progress values used to validate and submit scores, such as lifetime catnip earned, prestige count, and golden paws claimed.

3.2 Leaderboards, Display Names, Reports, and Moderation

When Firebase leaderboards are enabled, the App may process:

• A guest display name, such as Guest######, automatically assigned to your Firebase user ID.
• Any leaderboard display name you choose, plus a normalized lowercase version used to reserve names and prevent duplicates.
• Leaderboard rows that include your Firebase user ID, display name, score, board ID, rank position derived from scores, and update timestamp.
• Display-name reports submitted by other players, including reporter Firebase user ID, reported Firebase user ID, board ID, reported display name, optional report reason, report status, and timestamps.
• Moderation state such as report counts, forced-rename flags, leaderboard bans, risk flags related to refunds, and manual moderation actions.

Leaderboard rows are readable by signed-in players and may show your display name, score, and rank. Firebase user IDs are used internally to key rows and identify your own row; they are not intended as user-facing names, but they are part of the leaderboard record.

3.3 Account and Sign-In Data

The App may process:

• Anonymous Firebase user identifiers created by Firebase Authentication.
• If you choose Google Sign-In, Google account identifiers and profile data made available through the sign-in flow, such as email address, display name, and profile information depending on your Google settings.
• If you choose Sign in with Apple, Apple account identifiers and information Apple provides, such as email address, private relay email address, full name, and identity token information depending on your Apple settings and prior choices.
• Authentication state, linked providers, sign-in timestamps, and related account metadata maintained by Firebase.

3.4 Purchase and Subscription Data

For in-app purchases and subscriptions, we and our service providers may process:

• Product IDs, purchase status, subscription status, entitlement status, renewal status, expiration status, restoration status, refunds, chargebacks, and related transaction metadata.
• RevenueCat app user identifiers. The current app configuration uses a Firebase-based app user ID prefix (firebase:) when Firebase Authentication is available.
• Store country, currency, price, offering, package, and product metadata made available by Apple, Google, or RevenueCat.

We do not receive or store your full payment card number. Apple and Google handle payment processing under their own terms and privacy practices.

3.5 Advertising and Ad Measurement Data

The App uses AdMob to request, load, display, measure, and protect rewarded and interstitial ads. AdMob and its partners may process information such as:

• Advertising identifiers, device identifiers, IP address, approximate location inferred from network information, device type, operating system, app version, language, region, ad unit, ad placement, ad interactions, ad completion, ad performance, and fraud-prevention signals.
• Consent choices collected through UMP and device-level settings such as iOS ATT status or Android advertising settings.

Depending on your consent choices, region, and platform settings, ads may be personalized, non-personalized, or limited. Ad availability is not guaranteed.

3.6 Analytics Data

In production builds, the App uses Firebase Analytics to understand app performance, gameplay balance, monetization, and feature usage. Analytics events may include:

• Session start and whether Firebase or ads initialized.
• Progression events, merges, cat unlocks, prestige, quests, achievements, streaks, offline rewards, currency earn and spend events, room item purchases, skin purchases, theme/decor purchases, and rewarded or interstitial ad events.
• In-app purchase and entitlement grant events.
• Device and app information such as app version, platform, general region, language, device model, and operating system information.

Analytics data is not intended to include names, email addresses, postal addresses, phone numbers, or payment card data.

3.7 Crash and Diagnostics Data

In production builds, the App uses Firebase Crashlytics to help identify and fix crashes and fatal errors. Crashlytics may process:

• Crash stack traces, error messages, app state at the time of a crash, device and operating system information, app version, Firebase installation identifiers, and related diagnostics.

Crashlytics collection is disabled in debug builds in the current codebase.

3.8 Device, App, and Local Storage Data

The App may process:

• Device type, operating system, app version, language, general region, app configuration, SDK status, and technical logs.
• Local storage through Flutter shared_preferences or equivalent platform storage for save data and settings.
• Consent and privacy choices stored by SDKs such as Google UMP and Apple ATT.

3.9 Support and Direct Communications

If you contact us, we may process your email address, message contents, attachments, account identifiers you provide, device or app details you provide, and any information needed to respond to your request.

4. Information We Do Not Intentionally Collect

The App does not intentionally require or request:

• Precise GPS location.
• Contacts, photos, camera, microphone, calendar, health, or fitness data.
• Postal address or phone number.
• Payment card numbers.
• Public chat messages or open-ended user-generated public content. Leaderboard display names, scores, ranks, and display-name reports are processed as described above.

If future versions add these features or permissions, this policy and the store disclosures must be updated before release.

5. How We Use Information

We use information to:

• Operate the App and provide gameplay.
• Save, restore, sync, and protect progress.
• Enable guest, anonymous, Google, and Apple sign-in.
• Create, validate, display, and moderate leaderboard names and scores.
• Process, validate, restore, and honor purchases and subscriptions.
• Provide remove-ads, Cat Club, item packs, virtual currency, boosts, cosmetics, and other entitlements.
• Load and show ads, grant rewarded-ad benefits, measure ad performance, enforce frequency limits, and prevent ad fraud.
• Analyze gameplay, balance the economy, improve retention, identify bugs, and understand feature usage.
• Diagnose crashes, improve stability, and maintain security.
• Prevent cheating, fraud, abuse, unauthorized automation, chargeback abuse, and security incidents.
• Communicate with you about support, account, privacy, and legal requests.
• Comply with laws, enforce our Terms, and protect our rights, users, and services.

We do not sell personal information for money. Some advertising or analytics uses may be considered "sharing", "targeted advertising", or "cross-context behavioral advertising" under certain privacy laws. See the "Your Choices and Rights" section for available controls.

6. Legal Bases for EEA, UK, and Similar Regions

Where GDPR, UK GDPR, or similar laws apply, our legal bases may include:

• Contract: operating the App, saving progress, enabling sign-in, cloud save, purchases, subscriptions, and entitlements.
• Legitimate interests: security, fraud prevention, crash diagnostics, service improvement, support, analytics that do not require consent, and enforcement of our Terms, balanced against your rights and freedoms.
• Consent: personalized advertising, access to device identifiers for tracking where required, cookies or local storage where legally required, and other processing that requires consent.
• Legal obligations: tax, accounting, consumer protection, app-store, regulatory, and dispute-resolution obligations.

You may withdraw consent where consent is the legal basis, but withdrawal does not affect processing that occurred before withdrawal.

7. Local Saves, Firebase Accounts, and Cloud Save

The App stores progress locally on your device. Local data may be deleted or become unavailable if you delete the App, clear app data, reset your device, switch devices, sign out to a new guest account, or overwrite progress through gameplay.

When Firebase is available, the App creates or uses a Firebase account. On first launch, the App currently attempts anonymous Firebase sign-in. Cloud Firestore stores your save payload under your Firebase user ID so progress can be restored or synchronized.

If you later use Google Sign-In or Sign in with Apple, the App may link your anonymous Firebase account to that provider or switch to the existing provider-linked account. Signing out and restoring anonymous play may create a new anonymous Firebase account and may make prior cloud progress unavailable unless you sign back into the previous account or restore purchases through the store systems.

Cloud save is provided on a best-effort basis and may be unavailable, delayed, conflicted, or interrupted.

8. Advertising, Consent, and Tracking Choices

The App uses AdMob rewarded and interstitial ads. Rewarded ads are optional and provide in-game benefits only after the App receives confirmation that the ad qualifies for a reward. Interstitial ads may appear at natural gameplay breaks and do not provide a reward.

For users in the EEA, UK, and Switzerland, Google requires publishers using AdMob to use a Google-certified consent management platform that integrates with the IAB Transparency and Consent Framework when serving ads. The App uses Google UMP for this purpose. Where Google UMP indicates a privacy options entry point is required, the App exposes an Ad Privacy Choices control in Settings → Legal that re-presents the UMP privacy options form.

On iOS, the App may request permission through Apple's App Tracking Transparency framework before SDKs access the Identifier for Advertisers (IDFA) for tracking. You can manage this permission in iOS Settings.

On Android, you can manage advertising choices through Android and Google settings where available, including resetting or deleting your advertising ID and limiting ad personalization.

Ad choices may affect whether personalized, non-personalized, or limited ads are available. If consent is not available or cannot be confirmed in a regulated region, ads may be suppressed or limited.

9. In-App Purchases and Subscriptions

The App may offer:

• Cat Club monthly subscription.
• Remove-ads or ad-related entitlements.
• Starter packs.
• Catnip packs.
• Gem packs.
• Other virtual items, boosts, cosmetics, passes, or unlocks.

Apple App Store and Google Play process purchases and subscriptions. RevenueCat helps us retrieve offerings, validate purchases, sync entitlements, restore access, and apply subscription or purchase benefits in the App.

Purchase and subscription information may be shared between the App, Apple, Google, RevenueCat, and Firebase identifiers as needed to provide and protect entitlements. We do not receive your full payment card details.

Manage subscriptions, cancellation, refunds, family sharing, purchase history, and payment methods through Apple App Store or Google Play account settings.

10. Service Providers and Third Parties

We use service providers to operate the App. Their own terms and privacy policies govern their processing.

We may disclose information to service providers, app stores, regulators, law enforcement, professional advisors, or counterparties in a business transaction where permitted by law and as needed for the purposes described in this policy.

11. Retention

We retain information only as long as reasonably needed for the purposes described in this policy, unless a longer retention period is required or permitted by law.

• Local gameplay data: remains on your device until you delete it, clear app storage, uninstall the App, reset through in-app controls if available, or overwrite it through normal gameplay.
• Cloud save data: retained while the associated Firebase account remains active and as needed for restoration, security, fraud prevention, disputes, legal compliance, and operations. Anonymous guest cloud saves with no purchase history may be deleted after 365 days of inactivity.
• Leaderboard, display-name, and moderation data: retained while the associated Firebase account remains active, while leaderboard rows are needed to operate the feature, and as needed for moderation, security, fraud prevention, disputes, legal compliance, and operations.
• Account data: retained by Firebase Authentication and linked identity providers according to their settings and policies, and as needed to provide the App.
• Analytics data: retained according to Firebase Analytics project retention settings.
• Crashlytics data: retained according to Firebase Crashlytics settings and Google Firebase policies.
• Advertising data: retained by Google AdMob and its partners under their own policies. We do not separately store raw ad-request logs outside analytics and app state.
• Purchase and entitlement records: retained by Apple, Google, RevenueCat, and us as needed to honor purchases, restore entitlements, prevent fraud, resolve disputes, and comply with tax, accounting, and consumer-protection obligations.
• Support messages: retained as long as needed to handle your request, maintain records, resolve disputes, and comply with law.

If you request deletion, we will delete or de-identify personal data we control unless retention is needed for legal, security, fraud-prevention, accounting, dispute-resolution, or operational reasons.

12. Your Choices and Rights

Depending on your platform, region, and settings, you may be able to:

• Play as a guest or anonymous Firebase user instead of linking Google or Apple sign-in.
• Edit your leaderboard display name, where the feature is available and subject to moderation and name availability.
• Sign out and restore anonymous play, understanding that this may create a new account and make prior progress unavailable.
• Delete local data by uninstalling the App, clearing app storage, or using any in-app reset/delete controls if provided.
• Contact us to request access, correction, deletion, export, restriction, or objection for personal data we control.
• Manage Google Sign-In through your Google account.
• Manage Sign in with Apple and Hide My Email through your Apple account.
• Manage ad tracking on iOS through App Tracking Transparency settings.
• Manage advertising choices on Android and through Google settings where available.
• Use the Ad Privacy Choices entry in Settings → Legal to re-present the Google UMP privacy options form, where required and available.
• Manage purchases, refunds, cancellations, and subscriptions through Apple App Store or Google Play.

To exercise privacy rights, contact [email protected]. We may need to verify your request and may ask for information such as your Firebase user ID, purchase identifiers, or support details so we can locate relevant records.

Deleting the App or local save data does not automatically delete data held by Apple, Google, Firebase, AdMob, RevenueCat, or identity providers. You may need to use those providers' privacy and account tools for data they control.

13. California and Other U.S. State Privacy Rights

Residents of California and other U.S. states may have rights under applicable privacy laws, including rights to know, access, correct, delete, obtain a copy of, or opt out of certain uses of personal information.

Categories of personal information we may collect include:

• Identifiers, such as Firebase user IDs, provider account identifiers, email address if provided by a sign-in provider, advertising identifiers, and device identifiers.
• Internet or electronic network activity, such as app usage, ad interactions, analytics events, diagnostics, and crash data.
• Commercial information, such as purchase, subscription, entitlement, refund, and chargeback status.
• Approximate location inferred by service providers from IP address or device/network information for ads, analytics, fraud prevention, and compliance.
• Inferences drawn from gameplay, purchase, and usage activity for analytics, app improvement, advertising, and personalization where permitted.

We do not sell personal information for money. We may disclose information to service providers and may "share" information for cross-context behavioral advertising or targeted advertising if personalized ads are enabled and permitted by your consent choices and applicable law.

To exercise rights or opt out where legally required and technically available, contact [email protected] and use platform-level or in-app ad/privacy controls.

We will not discriminate against you for exercising privacy rights.

14. Children

The App is not directed to children under 13 and is not intended for use by children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information to us, contact [email protected] and we will take appropriate steps to delete it.

Parents or guardians may contact us to review, correct, or delete information associated with their child where required by law.

If the App is later distributed in the Apple Kids Category, Google Play Families program, or any child-directed category or channel, this policy, the App's SDK configuration, ads, analytics, data collection, and consent flows must be updated before release.

15. International Transfers

We and our service providers may process information in the United States and other countries where we or they operate. These countries may have privacy laws that differ from the laws where you live. Where required, we rely on appropriate safeguards for international transfers, such as contractual protections used by our service providers.

16. Security

We use reasonable administrative, technical, and organizational measures designed to protect information. Firestore rules in the current codebase restrict each user's save document to the authenticated Firebase user ID. No transmission or storage system is completely secure.

You are responsible for keeping your device, platform accounts, and sign-in credentials secure.

17. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version at https://appazzola.com/privacy/paw-merge-idle and update the effective date or last-updated date. If changes are material, we may provide additional notice in the App, through the app stores, or by other appropriate means.

18. Contact

Questions, privacy requests, or legal requests: [email protected] General contact and support: [email protected]