LATTICE
Privacy Policy
Effective 14 May 2026
Lattice ("Lattice", "we", "us") is a sudoku game published by
Studio Nordgaard, a company registered in Norway
(org. no. 937 661 622) at
Brattvåggata 54, 6270 Brattvåg, Norway. We respect your privacy and
collect only the data we need to run the game and meet legal
obligations. This page explains what we collect, why, and how to
exercise your rights.
For questions or requests, contact
privacy@lattice.games.
1. Data we collect
1.1 Account data
- Email address — for sign-in and account recovery. Required.
- Password — stored only as a one-way salted hash; we never see the plaintext.
- Name (Sign in with Apple users only) — first and last name as provided by Apple at sign-in time.
- User ID — a random UUID generated when you sign up. Used to associate your data internally.
1.2 Profile
- Display name — what other players see in tournaments and duels.
- Avatar selection — your chosen avatar key.
1.3 Gameplay data
- Game sessions — puzzles you've played, completion times, mistakes, techniques used.
- Daily streaks — consecutive days you've played.
- Achievements — milestones you've earned.
- Technique mastery — your progress through solving techniques.
- Tournament and duel records — entries, scores, and results from multiplayer events.
1.4 Purchase data
- Subscription state — whether you have Premium or Premium+, and when it expires.
-
Payment processing itself is handled by Apple (App Store) or Google (Play Store).
We never see your credit card or payment details.
We only receive a confirmation that you bought something via
RevenueCat.
1.5 Push notifications
-
A device-specific push token issued by Apple (APNs) or Google (FCM),
only collected when you grant notification permission. Used to alert you about
tournament invitations, duel updates, and game events. You can revoke this at
any time in your device's notification settings.
1.6 Diagnostics
-
When the app crashes or hits an unexpected error, we collect a
stack trace, device model, OS version, and app version via
Sentry. We do not include
your game content, name, email, or any personal information in these reports.
1.7 Apple-specific
-
If you sign in with Apple, we store an Apple refresh token server-side.
This exists solely so we can revoke your Apple sign-in tokens when you delete
your account, as required by App Store Review Guideline 5.1.1(v).
2. What we do not collect
- We do not run third-party advertising trackers.
- We do not collect your contacts, photos, microphone, camera, or location.
- We do not sell your data to anyone, ever.
- We do not track you across other apps or websites.
3. How we use your data
- Run the game — sync your progress across devices, run tournaments and duels, deliver subscription content.
- Keep your account secure — authentication, password resets, account deletion.
- Fix bugs — diagnose crashes and errors via aggregated, anonymized diagnostics.
- Meet legal obligations — tax records for paid purchases, account deletion compliance.
4. Legal basis (GDPR)
For users in the EU/EEA, we process your data under these legal bases:
- Contract performance (GDPR Art. 6(1)(b)) — to provide the game you signed up for.
- Legitimate interest (GDPR Art. 6(1)(f)) — to improve the app via crash diagnostics and prevent abuse.
- Consent (GDPR Art. 6(1)(a)) — for push notifications, which you can revoke at any time.
- Legal obligation (GDPR Art. 6(1)(c)) — for tax records and Apple-mandated account-deletion workflows.
5. Subprocessors
We share data with the following service providers, strictly to operate the game:
| Provider |
Purpose |
Data location |
| Supabase |
Database, authentication, and edge functions |
EU (Frankfurt) |
| Apple |
Sign in with Apple, App Store payments, push notifications (APNs) |
Global |
| Google |
Play Store payments and Android push notifications (FCM, future Android release) |
Global |
| RevenueCat |
Subscription state management |
US |
| Sentry (Functional Software, Inc.) |
Crash and error diagnostics |
EU |
| Expo |
App build tooling and push-notification routing |
US |
All providers are bound by a data-processing agreement (DPA) and are
configured to handle data in line with this policy. For transfers outside
the EU/EEA, providers use Standard Contractual Clauses or equivalent
safeguards.
6. Data retention
- Account data is kept as long as your account exists. Delete your account in Settings → Delete Account to remove it.
- Diagnostic data (crash reports) is retained for 90 days.
- Purchase records may be retained longer where required by Norwegian or EU tax law (typically 5 years).
7. Your rights (GDPR)
If you are in the EU/EEA, you have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Delete your data (right to erasure)
- Export your data in a portable format
- Object to processing based on legitimate interest
- Withdraw consent at any time (for processing based on consent)
- Lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) or your local supervisory authority
Most of these can be exercised directly in the app. For others,
email privacy@lattice.games
and we'll respond within 30 days.
8. Account deletion
You can delete your account at any time in
Settings → Delete Account. Deletion removes:
- Your account credentials and profile
- Your gameplay data (game sessions, streaks, achievements, technique mastery)
- Your tournament entries and duel records
- Your push notification tokens
- If you signed in with Apple: we also revoke your Apple sign-in tokens
Deletion is permanent and cannot be reversed. Purchase records and tax
records may be retained where required by law, but they will no longer
be linked to an identifiable account.
9. Children
Lattice is not directed at children under 13 (or 16 in some EU
jurisdictions). We do not knowingly collect data from children under
these ages. If you believe a child has created an account, contact
privacy@lattice.games and
we will delete it.
10. Changes to this policy
When we make material changes, we will update the "Effective" date at
the top of this page and, where appropriate, notify you via the app or
email before the changes take effect.
11. Contact
Studio Nordgaard
Brattvaggata 54
6270 Brattvåg, Norway
privacy@lattice.games