Dice Crew – Privacy Policy
Last updated: June 12, 2026
This privacy policy explains which personal data is processed when using the Dice Crew app, why it is processed, and which rights users have.
1. Controller
The controller responsible for data processing in Dice Crew is:
PW IT Solutions
Address: Insterburger Str. 21c, 76139 Karlsruhe, Germany
Email: dicecrew@pw-it-solutions.de
2. Summary
- Dice Crew is an online dice game with accounts, profiles, friend features, duels, in-game currency, chat, push notifications, profile images, and moderation features.
- Dice Crew uses Firebase/Google services for accounts, database, Cloud Functions, and push notifications.
- Profile images and gallery images are stored through a Cloudflare Worker in Cloudflare R2 and are publicly served when used in a profile.
- Dice Crew uses Google Mobile Ads for rewarded ads and Google User Messaging Platform for consent and privacy options. The app currently requests non-personalized ads only.
- Sensitive profile fields such as postal code, country, gender, push token, and notification settings are stored in a private data area that security rules make readable only to the user’s own account and the server logic.
- The account can be deleted directly in the app. This removes profile and game data, the sign-in account, and uploaded images.
- Private in-app chat messages are not end-to-end encrypted messages. They are processed to provide the chat feature and for moderation.
- Dice Crew does not collect health data, precise location data, microphone data, or audio recordings.
3. Data We Process
3.1 Account and Sign-In
Depending on the selected sign-in method, Dice Crew processes data from Firebase Authentication, Sign in with Apple, Google Sign-In, or email/password authentication. This may include a user ID, authentication provider, email address where provided by the provider, display name where provided, authentication tokens, and technical login data.
The purpose is to create and manage user accounts, provide secure sign-in, and assign game, profile, and chat data to the correct account. The legal basis is Art. 6(1)(b) GDPR where processing is required for app use, and Art. 6(1)(f) GDPR for security and abuse prevention.
3.2 Profile, Friends, and Community Features
Profile data is stored in the Firestore database, including for example user ID, display name, unique username, friend code, friend list, level, XP, game statistics, unlocked cosmetic items, selected cosmetic items, profile image URL, and optional information such as gender, country and postal code with a coarse regional key derived from that information.
Public and private profile data are separated: display name, username, level, game statistics, cosmetic items, and profile image may be shown to other signed-in users where this is necessary for gameplay, leaderboards, friends, opponent profiles, and matchmaking. Gender, country, postal code, regional key, push token, and notification settings are stored in a separate private data area restricted by security rules so that only the user’s own account and the server logic can access it.
3.3 Game and In-Game Currency Data
For online duels, Dice Crew processes game IDs, player IDs, display names, player levels, game status, stake and payout in the in-game currency, scorecards, dice values, held dice, remaining rolls, winner, timestamps, timeout information, game statistics, and virtual currency transactions.
The virtual currency is used only for app gameplay. Unless a separate feature is explicitly introduced, it does not create any claim to a payout in real money.
3.4 Chat Messages
When using the in-app chat, Dice Crew stores message content, sender ID, sender name, game ID, message ID, and timestamp. Chat messages are used to display messages in the relevant game, trigger chat push notifications, and address abuse.
If a message is reported, a message excerpt may be stored together with the report for moderation purposes.
3.5 Profile Images and Gallery
When users select a profile or gallery image, the image is resized in the app and sent as a JPEG to the Dice Crew Cloudflare Worker. The upload requires a Firebase ID token. Stored data includes the image file, file type, file size, storage key, user ID as metadata, upload timestamp, and a publicly accessible image URL.
Images may be visible to other users depending on profile display. Users should not upload images that contain private information, infringe third-party rights, or include content that should not be visible in a game profile.
3.6 Push Notifications
If push notifications are enabled, Dice Crew processes a Firebase Cloud Messaging token and stores it in the private data area of the profile, which is not readable by other users. The token is used to send notifications about game turns and chat messages. Users can disable push notifications in iOS and can enable or disable chat and game notifications in the app.
3.7 Advertising and Consent
Dice Crew uses Google Mobile Ads for rewarded ads and Google User Messaging Platform to manage consent and privacy options. Depending on consent, region, and Google configuration, technical data such as advertising and device identifiers, IP address, app usage data, ad interactions, consent status, and diagnostic data may be processed.
The app currently requests non-personalized ads only and does not perform cross-app tracking. Where consent is required, processing is based on Art. 6(1)(a) GDPR. Where technically necessary processing is required for ad delivery, security, or billing, Art. 6(1)(f) GDPR may apply. Advertising privacy options can be opened in the app where they are required for the user’s region.
After a rewarded ad has been fully watched, Google AdMob sends a server-side verification callback to the Dice Crew server. This involves in particular the Dice Crew account’s user ID, an ad transaction ID, reward details, and a cryptographic signature, which are processed and stored as proof of the reward. The purpose is the correct crediting of the in-game reward and protection against abuse (Art. 6(1)(b) and (f) GDPR). In addition, daily reward and lucky wheel credits are logged with user ID, date, and amount.
3.8 Moderation, Reports, and Safety
To enforce community rules, Dice Crew processes reports with the reporting user ID, reported user, reason, optional note, context, game ID, message ID, message excerpt, status, and timestamp. In addition, moderation status, reason, processing timestamp, and internal moderation data may be stored in a profile.
This processing protects users, prevents fraud and abuse, handles complaints, and enforces the app’s rules.
3.9 Data Stored Locally on the Device
The app may store certain data locally on the device, such as login state, local turn state, acknowledged warnings, sound and display settings, and technical app state. Locally processed data is not transferred to Dice Crew unless the app explicitly synchronizes it for online features.
4. Services and Recipients
| Service | Purpose | Possible Data |
|---|---|---|
| Firebase Authentication / Google Identity Platform | Sign-in, account management, authentication | User ID, email address where provided, provider information, authentication data, technical security data |
| Cloud Firestore | Profiles, games, chat, friends, reports, leaderboards | Profile, game, chat, moderation, and timestamp data |
| Firebase Cloud Functions | Server logic for dice rolls, scores, duels, Pips, cosmetic items, and push triggers | User ID, game and profile data, function calls, technical log data |
| Firebase Cloud Messaging / Apple Push Notification service | Push notifications | FCM token, APNs-related technical data, notification payload data such as game ID |
| Sign in with Apple | Apple sign-in | Apple user identifier, name where released, authentication token |
| Google Sign-In | Google sign-in | Google user identifier, email address where released, name, authentication token |
| Google Mobile Ads | Rewarded ads, ad measurement, fraud prevention | Advertising/device identifiers, IP address, ad interactions, app usage and diagnostic data depending on consent and configuration |
| Google User Messaging Platform | Consent and privacy options for advertising | Consent status, region/language information, and technical information |
| Cloudflare Workers / Cloudflare R2 | Upload, storage, and delivery of profile and gallery images | Image files, user ID as image metadata, upload timestamp, file type, file size, IP/request data |
| Firebase App Check (Apple App Attest / DeviceCheck) | Protecting server endpoints against manipulated or unauthorized clients | Device attestation tokens, app identity, technical verification data |
| Google AdMob Server-Side Verification | Server-side confirmation of watched rewarded ads | User ID, transaction ID, reward details, ad unit, signature data |
Hosting location: Wherever possible, data is hosted in Germany or within the European Union. The central server components of Dice Crew (Cloud Functions and database) are operated in the Google Cloud region Frankfurt am Main (europe-west3). For some services, processing exclusively within the EU cannot be technically guaranteed; this applies in particular to ad delivery (Google), push notifications (Apple), and Cloudflare’s global edge network used for image delivery.
Where processing takes place in countries outside the European Union or the European Economic Area, transfers are based on appropriate safeguards, such as EU Standard Contractual Clauses, adequacy decisions, or comparable safeguards provided by the relevant service providers.
5. Purposes of Processing
- Providing the app, user accounts, and online game modes
- Matchmaking, duels, dice logic, scoring, and leaderboards
- Managing profiles, friend lists, cosmetic items, and virtual currency
- Providing chat, push notifications, and profile images
- Displaying rewarded ads and managing advertising consent
- Detecting abuse, moderation, fraud prevention, and app security
- Troubleshooting, technical maintenance, and app development
- Complying with legal obligations and responding to user requests
6. Retention
Personal data is stored only for as long as necessary for the purposes described above. Account data, profiles, game states, friend lists, chat messages, images, and moderation data are generally stored for as long as the account exists or the data is needed for gameplay, safety, moderation, or legal obligations.
In-app account deletion: The account can be deleted directly in the app at any time (settings). This deletes the profile including the private data area, the assignment to games, uploaded profile and gallery images, and the Firebase sign-in account.
When deletion is requested, we review which data can be deleted or anonymized. Certain data may be retained for longer where this is required for abuse prevention, legal obligations, or the establishment, exercise, or defense of legal claims. This may in particular include reports, moderation and audit logs, and reward verification records.
7. Notes for the App Store Connect Privacy Label
Based on the functionality currently visible in the repository, the following data types should in particular be reviewed and declared in App Store Connect. The exact selection must be checked before submission against the actual production configuration, Google AdMob settings, and Firebase project settings.
| Apple Data Category | Visible in Dice Crew | Purpose | Linked to User? |
|---|---|---|---|
| Contact Information | Email address and name where provided during sign-in | App functionality, account, authentication | Yes |
| User Content | Chat messages, profile images, gallery images, report notes | App functionality, moderation, safety | Yes |
| Identifiers | Firebase UID, FCM token, possibly advertising or device identifiers through Google Mobile Ads | App functionality, push notifications, advertising, safety | Yes |
| Usage Data | Games, turns, level, statistics, chat/notification settings, ad interactions | App functionality, advertising, ad delivery analysis, safety | Yes |
| Diagnostics | Technical log, error, and request data at Firebase, Cloudflare, and Google Ads | Troubleshooting, safety, app functionality | Possibly yes, depending on provider logs |
| Other Data / Gameplay Content | Game states, scorecards, dice values, matchmaking and duel information | App functionality | Yes |
| Coarse Location | Country, postal code, and derived regional key if voluntarily provided; IP address at service providers | Profile/community features, safety, service delivery | Yes or possibly yes |
| Data Used for Tracking | The app itself declares no tracking and requests non-personalized ads only. Tracking would only become possible if Google Mobile Ads were configured in the future to use data across apps or websites for advertising or ad measurement | Third-party advertising / ad measurement based on consent and provider configuration | Possibly yes |
If personalized advertising, tracking, or IDFA use is enabled, App Tracking Transparency, consent settings, and App Store Connect declarations must be implemented consistently.
8. User Rights
Under the GDPR, data subjects have in particular the following rights, subject to the applicable legal requirements:
- Access to personal data being processed
- Correction of inaccurate data
- Deletion of personal data
- Restriction of processing
- Data portability
- Objection to processing based on legitimate interests
- Withdrawal of consent with effect for the future
- Complaint to a competent data protection supervisory authority
Requests can be sent to the address listed in the Contact section. To process a request, verification may be required so that data is not disclosed to or deleted by unauthorized persons.
9. Children and Minors
Dice Crew is not directed at children. Use of the app requires at least the age stated in the age rating displayed on the App Store. The app contains duels with stakes in a purely virtual play currency without real-money value, as well as a daily lucky wheel; payout or exchange into real money is excluded.
Depending on the country, stricter age limits or consent requirements may apply to the use of digital services. If we become aware that personal data of a child has been processed without required consent, we will take appropriate steps to delete or restrict that data.
10. Security
Dice Crew uses technical and organizational measures to protect personal data against unauthorized access, loss, and misuse. These measures include Firebase security rules with separated public and private profile areas, server-side game logic, Firebase App Check for device and app verification, signature-verified ad reward callbacks, authenticated Cloud Function calls, token-based image uploads, moderation features, and restricted write permissions in the database.
Absolute security cannot be guaranteed for internet-based services.
11. Changes to This Privacy Policy
This privacy policy may be updated if features, services, legal requirements, or data processing practices change. The current version should be made available in the app and at the publicly accessible Privacy Policy URL.
12. Contact
Questions about privacy, access requests, or deletion requests can be sent to:
PW IT Solutions
Email: dicecrew@pw-it-solutions.de