Privacy Policy

Last updated April 25, 2026

This Privacy Policy for Kindling ("we," "us," "our") describes how and why we might access, collect, store, use, and share ("process") your personal information when you use our services ("Services"), including when you:

WitBlitz is a daily trivia application for iOS. Users answer ten questions per day across six categories, compete on public leaderboards, build streaks, and optionally subscribe to unlock additional features.

Questions or concerns? Reading this Privacy Policy will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at kindlingprivacy@gmail.com.

Summary of Key Points

This summary provides key points from our Privacy Policy. You can find more detail on any of these topics by using the table of contents below.

What personal information do we process? When you use our Services, we may process personal information depending on how you interact with us, including your email address, display name, device information, and subscription status.

Do we process any sensitive personal information? No. We do not process sensitive categories of personal information such as racial or ethnic origin, sexual orientation, religious beliefs, health information, biometric data, or precise geolocation.

Do we collect any information from third parties? When you sign in with Apple or Google, we receive basic account information from those providers (such as your name and email address). We do not purchase or receive data from data brokers.

How do we process your information? We process your information to provide, improve, and administer our Services, to operate leaderboards and accounts, to process subscription payments through Apple, to communicate with you, and for security and fraud prevention. We process your information only when we have a valid legal reason to do so.

In what situations and with which parties do we share personal information? We share information only with service providers that help us operate the Services, such as our backend provider, analytics provider, crash reporting provider, and subscription manager. We do not sell your personal information.

How do we keep your information safe? We use appropriate technical and organizational measures to protect your personal information. However, no electronic transmission or storage system is 100% secure, so we cannot guarantee absolute security.

What are your rights? Depending on where you are located, you may have rights regarding your personal information under applicable law, including rights to access, correct, delete, and port your data.

How do you exercise your rights? Contact us at kindlingprivacy@gmail.com, or delete your account from within the app (Settings → Delete Account).

Table of Contents

1. What Information Do We Collect? 2. How Do We Process Your Information? 3. What Legal Bases Do We Rely On To Process Your Information? 4. When and With Whom Do We Share Your Personal Information? 5. How Do We Handle Your Social Logins? 6. Is Your Information Transferred Internationally? 7. How Long Do We Keep Your Information? 8. How Do We Keep Your Information Safe? 9. Do We Collect Information From Minors? 10. What Are Your Privacy Rights? 11. Controls for Do-Not-Track Features 12. Do United States Residents Have Specific Privacy Rights? 13. Do We Make Updates to This Policy? 14. How Can You Contact Us About This Policy? 15. How Can You Review, Update, or Delete the Data We Collect From You?

1. What Information Do We Collect?

Personal information you disclose to us

In Short: We collect personal information that you provide to us when you create an account or contact us.

We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products, or otherwise when you contact us.

Personal Information Provided by You. The personal information we collect depends on how you interact with the Services and the features you use. It may include:

Sensitive Information. We do not process sensitive personal information.

Payment Data. If you choose to purchase a subscription, all payment data is handled and stored by Apple and by RevenueCat (our subscription management provider). We do not receive or store your payment card details. You can review their privacy practices at https://www.apple.com/legal/privacy/ and https://www.revenuecat.com/privacy.

Social Login Data. If you choose to sign in using Apple or Google, we receive a limited set of information from those providers. See "How Do We Handle Your Social Logins?" below.

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

Information automatically collected

In Short: Some information — such as device identifiers and usage data — is collected automatically when you use the Services.

We and our service providers automatically collect certain information when you access or use our Services. This information does not reveal your specific identity on its own, but may include:

This information is primarily needed to maintain the security and operation of our Services, to diagnose and fix issues, and for our internal analytics and reporting purposes.

Push Notifications

We may request to send you push notifications regarding your account or certain features of the Services, such as daily reminders, streak warnings, and subscription-related messages. You can opt out of push notifications at any time in your device's settings or by disabling specific notification categories within the app's Settings screen.

2. How Do We Process Your Information?

In Short: We process your information to provide, improve, and administer our Services, to communicate with you, for security and fraud prevention, and to comply with law.

We process your personal information for the following purposes:

In Short: We only process your personal information when we have a valid legal reason to do so.

If you are located in the EU or UK, this section applies to you.

The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on to process your personal information. We may rely on the following legal bases:

If you are located in Canada, this section applies to you.

We may process your information if you have given us specific permission (express consent) to use your personal information for a specific purpose, or in situations where your permission can be inferred (implied consent). You can withdraw your consent at any time.

In some exceptional cases, we may be legally permitted under applicable law to process your information without your consent, including for investigations, fraud prevention, legal proceedings, or when required to comply with a subpoena or court order.

4. When and With Whom Do We Share Your Personal Information?

In Short: We share information only with service providers that help us operate the Services. We do not sell your personal information.

Vendors, Consultants, and Other Third-Party Service Providers. We share your data with third-party vendors and service providers who perform services for us or on our behalf and require access to such information to do that work. We have contractual arrangements with these parties designed to safeguard your personal information. They are not permitted to use your personal information for any purpose other than providing their services to us.

The third parties we share personal information with are as follows:

ProviderPurpose
AppleSign in with Apple; App Store purchases; push notification delivery
GoogleSign in with Google
SupabaseDatabase hosting, authentication, and backend infrastructure
RevenueCatSubscription management and entitlement verification
MixpanelProduct analytics (aggregated usage data)
SentryCrash reporting and error monitoring
TestFlight (Apple)Pre-release beta testing distribution

We may also need to share your personal information in the following situations:

5. How Do We Handle Your Social Logins?

In Short: If you sign in using Apple or Google, we receive a limited set of profile information.

Our Services offer you the ability to register and sign in using Apple Sign In or Google Sign-In. Where you choose to do this, we receive a limited set of account information from the provider:

We use this information only for the purposes described in this Privacy Policy, primarily to create and authenticate your account. We do not request or store friend lists, contacts, profile pictures, posts, or any other social media data.

We recommend that you review the privacy policies of Apple and Google to understand how they collect, use, and share information about you.

6. Is Your Information Transferred Internationally?

In Short: Our servers are located in the United States. If you are accessing our Services from outside the United States, your information will be transferred to, stored in, and processed in the United States.

Our servers and primary service providers are located in the United States. If you are a resident in the European Economic Area (EEA), United Kingdom (UK), Switzerland, or other regions with laws governing data collection and use that may differ from United States law, please be aware that information we collect will be transferred to, stored in, and processed in the United States.

European Commission's Standard Contractual Clauses. For transfers of personal information from the EEA, UK, or Switzerland to the United States, we rely on the European Commission's Standard Contractual Clauses (or the UK's equivalent International Data Transfer Agreement) as the legal mechanism for the transfer. These clauses require recipients to protect personal information in accordance with European data protection laws. Our Standard Contractual Clauses can be provided upon request.

7. How Long Do We Keep Your Information?

In Short: We keep your information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy.

We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). Specific retention periods include:

We may retain limited information beyond these periods where required for fraud prevention, legal claims, regulatory compliance, or enforcement of our Terms of Service, in which case the information will be securely stored and isolated from any further active processing until deletion is possible.

8. How Do We Keep Your Information Safe?

In Short: We use appropriate technical and organizational security measures to protect your information.

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. These include encrypted transmission of data (TLS/HTTPS), encryption at rest for database contents, secure authentication practices, and access controls for our service providers.

However, despite our safeguards, no method of electronic transmission or storage is 100% secure. We cannot guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.

Breach Notification. In the event of a data breach affecting your personal information, we will notify you and any applicable regulatory authorities in the manner and within the timeframes required by applicable law.

9. Do We Collect Information From Minors?

In Short: We do not knowingly collect data from or market to children under 13 years of age.

The Services are intended for general audiences and are not directed to children under 13 years of age. We do not knowingly collect, solicit, or market to children under 13. If you are under 13, please do not create an account or send us any personal information.

Users who are at least 13 years of age but who are minors in the jurisdiction in which they reside (generally under the age of 18) must have the permission of, and be directly supervised by, a parent or legal guardian to use the Services.

If we learn that we have collected personal information from a child under 13 without verified parental consent, we will take reasonable steps to promptly delete that information from our records. If you believe we may have collected information from a child under 13, please contact us at kindlingprivacy@gmail.com.

10. What Are Your Privacy Rights?

In Short: Depending on your state or country of residence, you may have rights to access, correct, delete, or port your personal information.

In some regions (such as the EEA, UK, Switzerland, and Canada), you have certain rights under applicable data protection laws. These may include:

You can exercise any of these rights by contacting us at kindlingprivacy@gmail.com, or by deleting your account from within the app (Settings → Delete Account).

Automated Decision-Making. We do not engage in automated decision-making that produces legal or similarly significant effects concerning you. Quiz scoring, streak tracking, and leaderboard ranking are mechanical calculations based on your own gameplay and do not constitute automated decision-making under applicable data protection laws.

We will consider and act upon any request in accordance with applicable data protection laws.

If you are located in the EEA or UK and believe we are unlawfully processing your personal information, you also have the right to complain to your local data protection authority. You can find their contact details at https://www.edpb.europa.eu/about-edpb/about-edpb/members_en.

If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner.

Withdrawing Your Consent

If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. You can withdraw your consent by contacting us or by deleting your account. Please note that withdrawal of consent will not affect the lawfulness of processing conducted before withdrawal.

Opting Out of Communications

You can disable push notifications and other in-app communications at any time in your device settings or within the app's Settings screen. We may still send you service-related messages necessary for the administration of your account.

Account Information

You can review, change, or delete your account information at any time by signing in and using the Settings screen in the app. If you delete your account, we will deactivate or delete your account and information from our active databases. We may retain some information to prevent fraud, troubleshoot problems, assist with investigations, enforce our legal terms, or comply with legal requirements.

11. Controls for Do-Not-Track Features

Most web browsers and some mobile operating systems include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you in a revised version of this Privacy Policy.

12. Do United States Residents Have Specific Privacy Rights?

In Short: If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you may have specific rights regarding access to and control over your personal information.

Categories of Personal Information We Collect

The table below shows the categories of personal information we have collected in the past twelve (12) months.

CategoryExamplesCollected
A. IdentifiersName, email address, account identifier, IP addressYES
B. Personal information (California Customer Records statute)Name, contact informationYES
C. Protected classification characteristicsAge, race, religion, etc.NO
D. Commercial informationSubscription status, purchase historyYES
E. Biometric informationFingerprints, voiceprintsNO
F. Internet or other similar network activityApp usage, feature interactionsYES
G. Geolocation dataPrecise device locationNO
H. Audio, electronic, sensory, or similar informationAudio recordings, video recordingsNO
I. Professional or employment-related informationWork history, job titleNO
J. Education informationStudent recordsNO
K. Inferences drawn from collected personal informationUser preference profilesNO
L. Sensitive personal informationGovernment IDs, health information, precise geolocationNO

We retain Category A, D, and F information for as long as you maintain an account with us.

Sources of Personal Information

We collect personal information directly from you (when you register an account, contact us, or use the Services) and automatically from your device (as described in Section 1).

Sale or Sharing of Personal Information

We have not sold or shared any personal information to third parties for a business or commercial purpose in the preceding twelve (12) months, as those terms are defined under California law. We do not sell or share personal information for targeted advertising.

Your Rights

You have rights under certain US state data protection laws, including:

To exercise these rights, contact us at kindlingprivacy@gmail.com. We may need to verify your identity before processing your request.

Appeals

Under certain US state data protection laws, if we decline to take action regarding your request, you may appeal our decision by emailing us at kindlingprivacy@gmail.com. We will respond to your appeal in writing within the timeframe required by applicable law.

California "Shine the Light" Law

California Civil Code Section 1798.83 permits California residents to request, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year. We do not share personal information with third parties for their direct marketing purposes.

13. Do We Make Updates to This Policy?

In Short: Yes, we will update this Privacy Policy as necessary to stay compliant with relevant laws.

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated "Last updated" date at the top of this Privacy Policy. If we make material changes, we will take reasonable steps to notify you. We encourage you to review this Privacy Policy periodically to stay informed of how we are protecting your information.

14. How Can You Contact Us About This Policy?

If you have questions or comments about this Privacy Policy, you may email us at kindlingprivacy@gmail.com or contact us by post at:

Kindling
14 Walcott St
Natick, MA 01760
United States

15. How Can You Review, Update, or Delete the Data We Collect From You?

Based on the applicable laws of your country or state of residence, you may have the right to request access to the personal information we collect from you, receive details about how we have processed it, correct inaccuracies, or delete your personal information. These rights may be limited in some circumstances by applicable law.

To review, update, or delete your personal information, you can: