Privacy Policy

Last updated: April 21, 2026 · Effective: April 21, 2026

The short version. Goblix collects the bare minimum we need to make the game work: a user ID, the handle you picked, and the challenges you send or receive. We do not use your camera, photo library, location, microphone, or contacts. We do not sell or share your data with advertisers. Billing is handled by Apple — we never see your card.

This Privacy Policy describes how Silver Bison LLC ("Silver Bison", "we") handles information in connection with the Goblix mobile application (the "App") and this website, playgoblix.com (the "Site").

1. What we collect

Account identifiers

When you first launch the App, we create an anonymous account for you using Firebase Authentication. That account has a random user ID (a uid). You can also choose a public handle — for example, @yourname — which we store with your account so friends can find you and send you traps.

Gameplay data

Your Goblix avatar and collection: the traits you pick for your personal Goblix, the Goblix you win from friends, and your subscription tier. Stored locally on your device and in our database so your collection survives re-installs.
Challenges you send: the target's handle, the puzzle type, the text attached to the challenge, and the Goblix at stake.
Challenges you receive: the sender's uid and handle, the puzzle type, the text, and whether you accepted, declined, or reported the challenge.
Reports you submit: if you report a challenge as harassment, inappropriate, spam, or other, we store a record containing your uid, the challenge id, and the reason you selected. We never store free-text report content.

Purchase data

If you buy a Goblix+ subscription, Apple processes the payment through the App Store. Apple sends us a receipt identifier we use to unlock the subscription on your device. We never see your card number, billing address, or Apple ID password.

Diagnostic data

The App logs anonymous diagnostic events to help us find crashes and keep the game working (for example: "challenge sent", "puzzle solved", "report submitted"). These events are not linked to any advertising identifier. We do not use the Apple IDFA.

2. What we do not collect

Goblix is built to hold as little of your data as possible. On purpose. We do not collect or access:

Your camera or photo library. The App has no photo upload feature; the Info.plist does not request camera or photo permissions.
Your microphone or speech data.
Your location — precise or approximate.
Your contacts or address book. The viral loop uses the iOS Share Sheet and Universal Links; the App never reads your contacts.
Your health, fitness, financial, or biometric data.
Browsing history outside the App.
Data from other apps on your device.

3. How we use what we do collect

To run the game: deliver challenges, show you your collection, sync your vault across devices.
To keep the game safe: moderate challenge text server-side, honor report submissions, enforce rate limits on abuse vectors.
To provision your Goblix+ subscription if you purchase one.
To fix bugs and improve the App using anonymous diagnostic events.

We do not use your data for advertising. We do not build ad profiles. We do not sell your data to anyone.

4. Who else touches your data

We use a small number of service providers to operate Goblix. These are the only parties that process your data on our behalf:

Apple Inc. — App Store billing, App Tracking Transparency, app delivery.
Google LLC (Firebase) — Authentication, Firestore database, Cloud Functions, and anonymous analytics. Firebase is hosted in Google's US-region infrastructure.

We do not share data with advertising networks or data brokers. Full stop.

5. Children and age rating

Goblix is rated 9+ on the App Store. It is not directed to children under 13. We do not knowingly collect personal information from children under 13. Parents or guardians who believe we have inadvertently collected such information can contact us at privacy@playgoblix.com and we will delete it.

6. Data retention

Your account data and collection are retained as long as your account exists.
Challenge records are retained for 30 days after the challenge is resolved (won, lost, declined, or expired) and are then deleted.
Report records are retained for up to 12 months to support pattern detection, then deleted or anonymized.
Diagnostic events are retained for up to 90 days.

7. Deleting your account

You can delete your Goblix account directly in the App, in Settings → Account → Delete Account. When you confirm, we delete your account identifiers, handle, collection, and pending challenges within 30 days. Report records associated with your uid are retained as described above for moderation integrity, but your personal account data will be removed.

You can also email us at privacy@playgoblix.com to request deletion.

8. Your rights

Depending on where you live, you may have rights to access, correct, delete, or export your personal data (for example, under the GDPR or the CCPA). To exercise any of these rights, contact us at privacy@playgoblix.com and we will respond within 30 days. We will not discriminate against you for exercising any of these rights.

9. International users

Goblix is operated from the United States. If you use the App from outside the US, your data will be transferred to and processed in the US by our service providers. By using Goblix you consent to this transfer.

10. Security

We encrypt data in transit with TLS. Server-side data is stored in Firebase with access limited to authenticated Cloud Functions. No system is perfectly secure, but we run least privilege on our backend and routinely audit our access rules.

11. Changes to this policy

If we change this policy, we will post the updated version here and update the "Last updated" date. Material changes will also be communicated in the App.

12. Contact

Silver Bison LLC
privacy@playgoblix.com