Suspects! legal

Privacy Policy

Effective date: May 15, 2026
Last updated: May 15, 2026
Controller: Mcat.one / Mateusz Kania
Contact: support@mcat.one

Summary in plain words

Suspects! is an offline-first party game. There is no sign-up, no login, and no server you talk to during gameplay. Everything you do in a round — players, words, votes, scores — stays on your device. We do not see your contacts, photos, or location.

Data we process

Device identifier — a one-way pseudonymous hash derived from your device's hardware identifiers. It cannot be reversed to identify you. Used to prevent abuse of free pack quotas and to match purchases to your device.
App preferences — language, accessibility, game mode and content filter you configure in Settings. Stored locally only.
Gameplay data — match history, round outcomes, career stats. Stored locally on your device only. Never transmitted to our servers.
In-App Purchase entitlements — confirmation from Apple (via RevenueCat) that you paid for Full Unlock or Party Pass 24h. We do not receive your payment card details. We store the purchase identifier to verify your entitlement.
Telemetry events (only with explicit consent) — anonymous events such as screen views, mode picked, completed rounds and crash reports. Default OFF. Toggle in Settings → Privacy.

Third-party providers

Apple App Store / StoreKit — handles all payments. Card details never leave Apple.
RevenueCat — verifies your purchase entitlement and lets us restore purchases across devices. RevenueCat is based in the United States and is certified under the EU-U.S. Data Privacy Framework. RevenueCat receives a pseudonymous user ID, the product purchased, and the transaction metadata.

No personal data is sold, rented, or shared with third parties for marketing purposes. There is no SDK for analytics, ads, attribution, or social tracking.

Tracking

We do not run App Tracking Transparency prompts because we do not perform cross-app tracking. No IDFA collection. No ad networks.

Children

Suspects! is rated 12+ on the App Store. The default content filter is family-safe; the Spicy pack is opt-in only and disabled by default. The app is not marketed to children under 13.

Data retention

Device hash + telemetry events (if you opt in): 90 days, then auto-deleted.
IAP entitlement records: lifetime of your purchase / device.
Local gameplay data: until you delete the App or tap Settings → Privacy → Delete my data.

Your rights (GDPR / CCPA / LGPD)

You have the right to access, correct, delete, restrict, port, or object to processing of your personal data, plus the right to withdraw consent at any time. Submit requests to support@mcat.one or use the in-app shortcut Settings → Privacy → Delete my data / Export my data.

You also have the right to lodge a complaint with your local supervisory authority (in Poland: Prezes Urzędu Ochrony Danych Osobowych, uodo.gov.pl).

Changes to this policy

We update the effective date above whenever the policy changes. Material changes that affect your rights will be announced in-app before they take effect.