Privacy Policy

Last updated: June 20, 2026

1. Who we are

Cleave is developed and operated by Youssef Chajia, trading as Red Rain, based in Budapest, Hungary (hereinafter "we", "us", or "our"). Youssef Chajia is the data controller within the meaning of the EU General Data Protection Regulation (GDPR, Regulation (EU) 2016/679).

Contact: youssefchajia62@gmail.com

2. Scope

This Privacy Policy explains what personal data the Cleave mobile application (iOS and Android) and any associated websites collect, why we collect it, who we share it with, how long we keep it, and what rights you have over it.

3. Data we collect and why

3.1 Anonymous gameplay data (Supabase)

When you play Cleave, we store an anonymous device-level identifier (a randomly generated UUID) alongside your daily puzzle attempt — specifically your score, precision grade, and the date of play. This data does not contain your name, email address, or any information that directly identifies you.

3.2 In-app purchases (RevenueCat, Apple, Google)

Cleave offers a one-time, $4.99 "Remove Ads" in-app purchase. All payment processing is handled exclusively by Apple (iOS) or Google (Android). We receive only a non-reversible purchase receipt and an anonymised customer identifier from RevenueCat; we never see your payment card details or billing address.

3.3 Advertising identifiers (Google AdMob)

If you have not purchased "Remove Ads", Cleave displays rewarded and interstitial advertisements provided by Google AdMob. AdMob may read your device's Advertising Identifier (IDFA on iOS, GAID on Android) to serve personalised ads, measure ad performance, and prevent fraud.

3.4 Analytics (PostHog)

We use PostHog for product analytics to understand aggregate engagement (e.g. how many users complete the daily puzzle). Analytics are strictly opt-in — no data is sent unless you choose to help us improve the app in the consent dialogue.

3.5 Local notifications

If you enable daily reminders, Cleave schedules notifications locally on your device using the iOS/Android notification framework. No personal data leaves your device for this feature; all scheduling logic runs entirely on-device.

4. Third-party service summary

Service Purpose Data transferred Legal basis
Supabase Backend / leaderboard Anonymous UUID, score, date Legitimate interest
RevenueCat IAP entitlement Purchase receipt, anon customer ID Contract performance
Google AdMob Advertising Advertising identifier (consent-gated) Consent
Google UMP SDK GDPR/CCPA consent UI Consent choice (stored locally) Legal obligation (GDPR)
Apple ATT iOS tracking authorisation Authorisation status (stored locally) Legal obligation (Apple policy)
PostHog Product analytics Anonymised events (opt-in only) Consent

5. International transfers

Some third-party processors listed above are headquartered in the United States. Where personal data is transferred outside the European Economic Area (EEA), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or on the adequacy decisions applicable to those processors, to ensure an equivalent level of data protection.

6. How long we keep your data

7. Your GDPR rights

If you are located in the European Economic Area (EEA), you have the following rights under the GDPR:

To exercise any of the rights above, email us at youssefchajia62@gmail.com with "GDPR Request" in the subject line. We will respond within 30 calendar days.

8. California residents (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

9. Children's privacy

Cleave is not directed at children under 13 years of age (or under 16 where required by applicable law). We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has submitted data to us, please contact us at youssefchajia62@gmail.com and we will delete the information promptly.

10. Security

We take reasonable technical and organisational measures to protect your data, including encrypted transport (TLS), row-level security on the Supabase database, and limiting data access to services that strictly require it. However, no method of transmission over the Internet is 100% secure.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be notified via an in-app notice or an updated "Last updated" date at the top of this page. We encourage you to review this page periodically.

12. Contact

For any questions or requests regarding this Privacy Policy, please contact:
Youssef Chajia (Red Rain)
Budapest, Hungary
youssefchajia62@gmail.com