Orizuru — Privacy Policy

Last updated: 2026-05-25 · Effective: 2026-05-25

Who we are

Orizuru is developed and published by Natal Kaplia, registered as an Individual Entrepreneur in Georgia, operating under the studio name Pigo. We are the data controller for the purposes of this policy. This policy is governed by the laws of Georgia; if you are in the EEA/UK or California, the additional rights described below also apply.

Contact for any privacy question or request: [email protected]

What this policy covers

This policy covers the Orizuru mobile app (distributed on Google Play) and the pigo.ink website as it relates to Orizuru. Where the app relies on Google Play and Google services, those providers' own terms and privacy policies also apply (linked below).

Data we collect

In the Orizuru app

• Account identifier — only if you choose to sign in. Sign-in (Google, via Firebase Authentication) is optional. You can play without an account; your progress is stored locally. If you sign in, we associate your game data with your Google account identifier to sync it across devices and to attach purchases.
• Purchases. Purchase and entitlement records (which packs / ad-removal you own) are processed by Google Play Billing. Google handles the payment; we receive purchase tokens and entitlement records, validated server-side.
• Game progress and settings. Level completion, in-game currency balances (cranes, crystals), collection, hint usage, and preferences. Stored on your device, and in Firebase Firestore if you are signed in.
• Advertising data. We show ads via Google AdMob. This involves your device's advertising identifier and ad-interaction data. In the EEA/UK, ad consent is collected through Google's User Messaging Platform (UMP); you can choose non-personalized ads.
• Analytics and diagnostics. App usage events, session data, device and OS information, app version, and coarse region via GameAnalytics and Google Analytics for Firebase. Crash diagnostics (crash logs, device state) via Firebase Crashlytics.
• Technical/device data. Device model, OS version, language, app version, and similar technical identifiers needed to run the game and diagnose issues.

On the pigo.ink website

• Privacy-preserving web analytics (Cloudflare Web Analytics) — page, referrer, coarse country, user-agent class, timestamp. Cookieless, no IP storage, no cross-site tracking. (Confirmed live 2026-05-25; no cookie-consent banner required.)
• The website does not currently collect email addresses or run a mailing list. (If a newsletter is added later, this policy will be updated to cover it.)

How we use your data

• Run and sync the game (progress, purchases, settings).
• Process and restore purchases.
• Serve and measure ads.
• Understand usage and improve the game (analytics, A/B configuration).
• Diagnose and fix crashes and bugs.
• Respond to support requests.

Legal bases (GDPR / UK GDPR)

• Performance of a contract — account sync, purchase processing, delivering the game.
• Consent — personalized ads (EEA/UK) and any non-essential analytics. You can withdraw consent at any time.
• Legitimate interests — security, fraud/abuse prevention, crash diagnostics, and aggregate analytics to improve the game.

Third-party services (sub-processors)

We rely on these providers; their privacy policies govern their processing:

• Google Play / Google Play Billing — distribution, payments. (Google Privacy Policy)
• Firebase (Authentication, Firestore, Analytics, Crashlytics) — Google — accounts, cloud save, analytics, crash reporting. (Firebase privacy & security)
• Google AdMob — advertising. (Google advertising policies)
• GameAnalytics — gameplay analytics. (GameAnalytics privacy policy)

We do not sell your personal data. We share data only with the providers above, as needed to operate Orizuru.

Ads and consent

Ads are served by Google AdMob. In the EEA/UK we ask for consent (via Google UMP) before serving personalized ads; you may choose non-personalized ads. You can reset or limit your advertising identifier in your device settings at any time.

Data retention

• Account / cloud data — kept while your account exists; deleted on request (see your rights).
• Local data — removed when you uninstall the app.
• Analytics — retained in aggregate/limited form for up to 14 months.

Your rights

Depending on your region (GDPR/UK GDPR, CCPA/CPRA, and similar laws), you may have the right to access, correct, delete, port, or restrict your data, to object to processing, and to withdraw consent. To exercise any of these, email [email protected]

Account and data deletion: to delete your account and associated cloud data, email [email protected] with your request; we will process it within 30 days. You can also remove all locally stored data at any time by uninstalling the app.

Automated decision-making: we do not make decisions producing legal or similarly significant effects about you solely by automated means. Ad personalization (only where you consent) is the only profiling-like processing, and you can opt out of it at any time.

You may also lodge a complaint with your local data-protection authority.

Your California privacy rights (CCPA/CPRA)

If you are a California resident:

• Categories of personal information we collect are described in "Data we collect" above (identifiers, commercial/purchase information, app activity, device and usage data).
• We do not sell your personal information.
• Sharing for advertising. When you consent to personalized ads, our ad partner (Google AdMob) uses your advertising identifier in a way that may qualify as "sharing" for cross-context behavioral advertising under the CPRA. You can opt out by choosing non-personalized ads in the in-app consent prompt, or by resetting or limiting your advertising ID in your device settings. This is our "Do Not Sell or Share My Personal Information" mechanism.
• Your rights: to know, access, delete, and correct your personal information, and to opt out of sharing. To exercise them, email [email protected]
• Non-discrimination: we will not deny service, charge a different price, or provide a lesser experience because you exercised these rights.
• We do not knowingly collect or share the personal information of consumers under 16.

Children's privacy

Orizuru is intended for users aged 13 and older and is not directed at children. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us personal data, contact [email protected] and we will delete it.

Security

We use reasonable technical and organizational measures to protect your data, including HTTPS transport, restrictive Firestore security rules, and server-side validation of purchases. No method of transmission or storage is completely secure.

International transfers

Your data may be processed by our providers (e.g. Google) on servers outside your country. Where required, transfers rely on appropriate safeguards such as Standard Contractual Clauses.

Changes to this policy

We may update this policy; we will post the new version here with an updated "Last updated" date. Material changes will be highlighted where appropriate.

Contact

Natal Kaplia (Pigo) — Individual Entrepreneur, Georgia — [email protected]