Privacy Policy
Last updated: February 17, 2026
Grid Genius ("we", "our", "us") operates the Grid Genius crossword puzzle application and website at gridgenius.app. This policy explains what data we collect, why we collect it, and your rights regarding that data.
1. Data We Collect
Account Information
When you sign in with Google or Apple, we receive and store:
- Email address
- Display name
- Profile photo URL
We do not receive or store your Google or Apple password.
Gameplay Data
We store data about your puzzles and progress, including:
- Puzzles played, completed, and in-progress grid states
- Solve times, hints used, and difficulty preferences
- Daily challenge results, streaks, and leaderboard rankings
- Ratings, reviews, and comments you post
- Achievements and statistics
Device and Usage Data
We automatically collect:
- Device type, browser, and operating system
- Screen dimensions
- Pages visited and interaction events (button clicks, scroll depth, time on page)
- Referring URL
- Approximate location (country level, derived from IP address)
We do not collect precise geolocation data.
Preferences and Settings
We store your in-app preferences such as theme (light/dark), sound, haptic feedback, notification settings, and daily reminder times.
2. How We Use Your Data
- Provide the service: authenticate your account, save your progress, generate personalized puzzles, and maintain streaks and leaderboards.
- Improve the product: understand how features are used, run A/B tests on landing pages, and identify bugs.
- Communicate with you: send push notifications for daily challenges, streak reminders, and achievement alerts (if you opt in).
- Process payments: manage subscriptions and in-app purchases through our payment providers.
- Show ads: display rewarded video ads in exchange for in-app hints (free-tier users only).
3. Third-Party Services
We use the following third-party services that may process your data under their own privacy policies:
| Service | Purpose |
|---|---|
| Firebase (Google) | Authentication, push notifications |
| Google AdMob | Rewarded video ads |
| RevenueCat | In-app purchase management (iOS, Android) |
| Dodo Payments | Web subscription processing |
| PostHog | Product analytics and A/B testing |
| Microsoft Clarity | Heatmaps and session recordings |
| Google Gemini | AI puzzle generation |
| Cloudflare | Hosting, CDN, and DNS |
Payment information (credit card numbers, billing details) is handled entirely by RevenueCat, Dodo Payments, Apple, and Google. We never see, store, or process your payment card data.
4. Session Recording
We use PostHog and Microsoft Clarity on our landing pages to record user sessions (mouse movements, clicks, and scrolls). These recordings help us understand how visitors interact with our pages and improve the user experience. Password fields are always masked. Session recordings are not used on the main application.
5. Cookies and Local Storage
We use browser local storage (not traditional cookies) to store:
- A randomly generated visitor ID for analytics
- Your A/B test variant assignment (so you see the same landing page consistently)
- Authentication tokens for keeping you signed in
Third-party services (PostHog, Clarity, Google) may set their own cookies. You can disable cookies in your browser settings, though some features may not work correctly.
6. Advertising
Free-tier users may watch rewarded video ads to earn in-app hints. These ads are served by Google AdMob, which may use device identifiers and usage data to show relevant ads. You can opt out of ad personalization in your device settings. Premium subscribers do not see ads.
7. AI-Generated Content
We use Google Gemini to generate crossword puzzles. The topics and parameters you choose when creating a puzzle are sent to this service. We do not send your personal information (name, email) to AI providers. Your puzzle preferences are not used to train AI models.
8. Data Retention
We retain your account and gameplay data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days. Anonymized, aggregated analytics data (which cannot identify you) may be retained indefinitely.
9. Data Security
We protect your data with:
- HTTPS encryption for all data in transit
- Firebase Authentication with secure token validation
- Server-side access controls and rate limiting
No method of transmission or storage is 100% secure. If you discover a security vulnerability, please contact us at [email protected].
10. Your Rights
Depending on your location, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Delete your account and associated data
- Export your data in a portable format
- Object to processing of your data for marketing purposes
- Withdraw consent for optional data processing (e.g., push notifications, ad personalization)
To exercise any of these rights, email [email protected].
11. Children's Privacy
Grid Genius is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
12. Changes to This Policy
We may update this policy from time to time. We will notify you of significant changes by posting a notice in the app or on our website. Continued use of Grid Genius after changes constitutes acceptance of the updated policy.
13. Contact Us
If you have questions about this privacy policy or your data, contact us at: