Privacy policy — Mentium

Note on the controller's nature: "King Island Studio" is the trade name under which Mentium is distributed. The legal data controller is the individual identified above. When Mentium evolves into a legal entity (limited company), we will notify the change inside the app and publish an updated version of this Policy at least 30 days in advance.

1. Introduction

This Privacy Policy describes how King Island Studio ("we", "the Studio") collects, uses, stores and shares your personal information when you use Mentium (the "Application"). Please read this document carefully. By installing and using the Application you accept the practices described here.

If you do not agree with this Policy, uninstall the Application and do not create an account.

This Policy complies with the EU General Data Protection Regulation (GDPR), Brazil's General Data Protection Law (LGPD), the UK GDPR, the California Consumer Privacy Act (CCPA) and Spain's Organic Law on Data Protection (LOPD).

2. Who is the data controller

The controller of your personal data collected through Mentium is Valentín Stancu, an individual residing in Arganda del Rey, Madrid, Spain, distributing the Application under the trade name "King Island Studio".

Mentium is currently operated as an independent solo-developer project; no formal legal entity exists yet. When this evolves into a registered company, we will notify the change of data controller inside the app and via email (if you have a linked account) at least 30 calendar days in advance.

For any inquiry regarding this Policy or to exercise your rights over your personal data, contact us at: privacy@kingislandstudio.com.

Primary processing server: Belgium (European Union — region europe-west1 of Google Cloud).

3. What data we collect

3.1 Data you provide directly

• Nickname chosen at signup (3 character minimum, unique within the system).
• Avatar, frame, banner, title selected as personalization.
• Country declared (optional, used for countryMastery in stats and regional leaderboards).
• Language chosen manually (or detected from the operating system).
• Custom topics you type in AI Category / Lightning / Local Duel mode — may include any term you decide. Your input passes through moderation filters before being sent to the AI model. We do NOT store your input as a re-identifiable history, but we do send an anonymous keyword stem to Firebase Analytics to detect abuse patterns (see §3.4).
• Suspect questions in Detective mode (free-form interrogation) — free text you submit to the AI model. Same handling as above.

3.2 Data automatically generated while playing

• Game stats: level, XP, coins, "Mentis" (internal gems), lives, games played, perfect games, accuracy, streaks, per-mode records, achievements unlocked, equipped titles, chests, mastered/weak topics.
• Per-mode progression: Detective cases solved, countries visited in Traveler, longest Nexus chain, Lightning high score, AI battles defeated, Classic difficulties unlocked per category.
• AI rival memory (AiRivalMemory): wins/losses counter, AI-generated summary of your play style, last encounter date. Stored only when a rival is active.
• AI coach memory (AiCoachMemory): last motivational message, date, "ignored count" to adapt tone. Empty if you've disabled the coach in Settings.
• Weak subtopics (weakSubtopics): (subtopic, counter) pairs for areas where you fail, feeding Smart Review. Decrement automatically when you answer correctly.
• Presence heartbeats during Online matches and active sessions (lastSeen timestamps, isInGame flag) for matchmaking and "friends online".
• Daily ad views (resettable counters): lives, coins, gems — to enforce daily anti-fraud limits.

3.3 Account and authentication data

• Google Sign-In: if you choose this option, we receive your email from Google plus a unique Firebase UID. We do NOT receive your password, profile picture or contacts.
• Anonymous sign-in: an alternative that doesn't require email. Generates a random Firebase UID. We cannot contact you if you lose access to this account.
• Unique player tag: an automatically generated permanent 8-digit string (#00423917) so friends can find you.

3.4 Analytics and technical data (anonymized or pseudonymized)

• Usage events (Firebase Analytics): current screen, mode completed, online matches finished, network errors, ad views, synthetic product events (e.g. ai_feature_used:detective_interrogate, coach_action_clicked, topic_rejected:length). Each event includes your UID + language + level + adsRemoved flag.
• Question keyword stems you type in Detective mode (the first 2 alphanumeric stems of ≥3 characters per question) — sent to interrogation_question_keywords to understand what kinds of questions players ask. We never send the full sentence or any re-identifiable text.
• Crashes and non-fatal errors (Firebase Crashlytics): stack traces, device model, Android version, app version.
• Performance metrics (Firebase Performance, optional): network operation latency within the Application.
• Android Advertising ID (Google AdMob): a resettable identifier you can regenerate or limit from your OS settings. Used only when "Remove Ads" is disabled.

3.5 Data we do NOT collect

• We do not record device audio or video.
• We do not access your contacts, photos, messages, precise location, microphone or camera. The Application does not require any optional Android permission beyond the technical install ones.
• We do not read your installed apps or your browsing history.
• We do not sell your data to third parties under any circumstances.
• We do not use cookies (this is a mobile app, not a website).
• We do not perform automated profiling with legal or significant effects on you in the sense of GDPR Art. 22.

4. How we use your data

Purpose	Legal basis (GDPR Art. 6)
Create and manage your account	Contract performance (Art. 6.1.b)
Sync your progress across devices	Contract performance (Art. 6.1.b)
Personalize the experience (memory rival, daily coach, Smart Review, Nexus mastery bias)	Contract performance + legitimate interest (Art. 6.1.b/f)
Generate AI content (questions, narratives, interrogations, debates, etc.) using your input	Contract performance (Art. 6.1.b)
Display ads (when "Remove Ads" is disabled)	Consent (Art. 6.1.a) — collected via Google's UMP/CMP
Process in-app purchases (Mentis, Rival Pack, Remove Ads)	Contract performance (Art. 6.1.b)
Anti-cheat and daily ad limit enforcement	Legitimate interest (Art. 6.1.f)
Crash and error diagnostics	Legitimate interest (Art. 6.1.f)
Aggregated usage metrics for product improvement	Legitimate interest (Art. 6.1.f)
Push notifications (lives ready, chest open, daily coach, etc.)	Consent (Art. 6.1.a) — collected at first launch
Social system (friends, gifts, challenges)	Contract performance (Art. 6.1.b)

5. Processors and sub-processors (third parties with technical access)

Mentium uses the following third-party services, all contractually bound to comply with GDPR and equivalent regulations:

Provider	Function	Data shared	Server location
Google Firebase (Authentication, Firestore, Cloud Functions, Analytics, Crashlytics, Performance, App Check)	Authentication, storage, sync, telemetry	UID, email (Google Sign-In only), all data from §3	europe-west1 (Belgium)
Google Gemini API (via gemini-2.5-flash-lite)	AI content generation	Topics you write + internal system prompts. Does NOT include email, nickname or identifiable data	United States / Google Cloud regions
Google AdMob	Advertising (interstitial + rewarded)	Ad ID, language, declared age (not collected), view event. Only when "Remove Ads" is off	Variable per network
Google Play Billing	In-app purchases	Opaque purchase token validated server-side by our Cloud Function	Variable per Play country
Google Cloud Logging	Cloud Functions debug and operations logs	Log text without email, without tokens; UID hashed or removed	europe-west1

These providers are data processors acting on our instructions. We do not use them to sell your data or cross-reference it with external advertising profiles.

The Studio's Cloud Functions deploy in europe-west1 (Belgium) to minimize international transfers.

International transfers: when Gemini API or AdMob processes data outside the European Economic Area, those transfers rely on the European Commission's Standard Contractual Clauses (SCCs) + Google's additional safeguards (standard Google Cloud DPA).

6. How long we retain your data

• While your account is active: indefinitely, until you or we delete it for inactivity.
• Inactive accounts: if you don't sign in for 3 consecutive years, we may delete your account and all associated data without further notice.
• After deletion at your request: complete erasure within 30 calendar days via Settings → Danger zone → Delete account (function deleteAllUserData in FirestoreRepository). This deletes:
  • users/{uid}/data/profile
  • users/{uid}/data/achievements
  • users/{uid}/data/chests
  • publicProfiles/{uid}
  • aiMemory/{uid} (rival + coach + weakSubtopics)
  • playerTags/{tag} (releases your tag for reuse)
  • nicknames/{normalized} (releases your nickname)
  • weeklyScores/{uid}
  • friendRequests/* where you participated
  • gameInvites/* where you participated
  • gifts/* where you were sender or receiver
  • feedEvents/* with your uid
• Technical logs (Crashlytics, Cloud Logging): retained at most 90 days.
• Aggregated analytics data (Firebase Analytics): Google's default retention 2 to 14 months per event (configurable, currently 14 months).
• Daily Challenge scores: indefinite retention as part of the historical leaderboard, containing no re-identifiable info beyond your nick + tag.

After account deletion, residual information may persist up to 90 days in technical backups before final removal.

7. Your rights

Under GDPR, LOPD and equivalent regulations, you have the right to:

• Access (Art. 15): request a copy of your personal data.
• Rectification (Art. 16): correct inaccurate data. Almost everything is editable directly in the app (Settings, Edit Profile).
• Erasure / "right to be forgotten" (Art. 17): delete your account and all data. You can do it directly from Settings → Delete account (red button under "Danger zone"). Erasure is permanent.
• Restriction of processing (Art. 18): limit how we process your data in specific cases.
• Portability (Art. 20): receive your data in a structured format (JSON). Request via email.
• Objection (Art. 21): object to processing based on legitimate interest (analytics).
• Withdraw consent (Art. 7.3): at any time, without affecting the lawfulness of prior processing:
  • Ads: revoke UMP consent from Settings.
  • Push notifications: disable from Android settings or from inside the app.
  • Daily coach: disable in Settings → Daily coach → Disable coach.
• Not be subject to automated decisions (Art. 22): AI content generation does NOT produce legal effects on you. Rewards and adaptive difficulty are gameplay features, not legal decisions.
• Lodge a complaint with a supervisory authority: if you believe your rights are not respected, you can file a complaint with the Spanish Data Protection Agency (AEPD) or the equivalent authority in your country of residence.

To exercise any right not directly available in the app, write to privacy@kingislandstudio.com stating your nickname and/or tag (#XXXXXXXX). We will respond within 30 calendar days (extendable to 60 in justified complex cases).

8. Minors

Mentium is rated for users aged 13 and above (PEGI 7 / ESRB E10+ pending official confirmation).

We do not knowingly collect personal data from children under 13. If we discover that a minor under 13 has created an account without verifiable guardian consent, we will delete it immediately.

Some game modes (Debate, Detective with free-form interrogation, AI question generation) cover topics that may not be suitable for very young users. Parental supervision is recommended.

If you are the legal guardian of a minor using Mentium, contact privacy@kingislandstudio.com to handle the account deletion.

9. In-app purchases and subscriptions

Mentium offers in-app purchases:

• Mentis packs (consumables): gems_pack_1 through gems_pack_5 — between 50 and 1,750 Mentis.
• Rival Pack (non-consumable, €1.99): permanent access to the 5 rival characters.
• Remove Ads (in-app purchase paid in Mentis, 500 Mentis): permanently disables ads on your account.

Purchases are processed through Google Play Billing. We do NOT store your card or payment data — Google is the payment processor. We only store:

• Purchase confirmation (server-side validated by our Cloud Function validateRivalPackPurchase calling the Play Developer API).
• The product state on your profile (adsRemoved=true, rivalPackOwned=true, Mentis balance).

We do not offer subscriptions. All purchases are one-time.

Refunds: refund requests are handled exclusively through Google Play, per Google's policies. We have no direct control over refund decisions.

10. Push notifications

Mentium may send you push notifications if you grant permission at first app launch:

• Lives recovered.
• Chest ready to open.
• Daily chest available.
• Daily coach message (~09:00 local time, optional).
• Re-engagement reminder if you've been inactive ≥48 h.

Global cap: 3 notifications per day (except the daily coach, which has its own 1/day cap).

You can disable notifications anytime from your OS settings or from Settings → System notifications.

11. Advertising

If "Remove Ads" is disabled, Mentium displays ads served by Google AdMob:

• Interstitial: full-screen ad between matches (frequency-capped).
• Rewarded: voluntary ad the player initiates to earn rewards (lives, coins, gems, double rewards, +5 questions in Detective).

Consent for personalized ads is collected via Google's User Messaging Platform (UMP), compliant with IAB Europe's Transparency and Consent Framework (TCF). You can:

• Accept personalized ads (based on your Ad ID and behavior within Mentium).
• Reject personalized ads (you'll see contextual non-personalized ads).
• Change your choice anytime from the UMP dialog re-launchable from Settings.

Daily ad caps to prevent ad fatigue:

• 3 lives ads per day.
• 3 coin ads per day.
• 1 gem ad per day.
• 3 extra-question ads per day in Detective (+ 50 additional Mentis purchases up to the absolute cap).

12. Security

We implement technical and organizational measures to protect your data:

• Encryption in transit: TLS 1.2+ for all client↔server communications.
• Encryption at rest: native Firestore encryption (Google-managed).
• Firebase App Check: API abuse protection on sensitive endpoints (Authentication enforcement at 100%; critical Cloud Functions — proxyGroqRequest, validateRivalPackPurchase — protected).
• Server-side purchase validation: Cloud Function validates each Rival Pack purchase against the Google Play Developer API before marking the product as owned.
• Firestore Security Rules: every collection and document has explicit rules restricting reads/writes to the owner or legitimate participants (e.g. only match participants can read/write the match document).
• Anti-cheat: daily ad counters synced to Firestore with maxOf merge — clearing local data does not reset the limit.
• Content moderation: 3-layer filters (client blacklist + AI escape hatch + length/character sanity) on all free-text entry points.
• Pseudonymization in analytics: we only send events tied to your Firebase UID, never to your email, real name or directly identifiable data.

Despite these measures, no system is 100% secure. If you discover a vulnerability, report it to security@kingislandstudio.com (or to privacy@kingislandstudio.com if the security@ alias is not yet propagated) — we will treat it confidentially and promptly (informal responsible disclosure program).

In case of a security breach affecting your personal data, we will notify you within 72 hours of detection, as required by GDPR Art. 33-34.

13. AI features and informed consent

Mentium uses generative AI models (currently Google Gemini 2.5 Flash Lite) to create unique content in these modes:

• AI Category / AI Battle / AI Exam / AI Debate / AI Detective / Smart Review / Lightning / Traveler / Nexus / AI Online Mode.
• Daily Challenge (generated by our Cloud Function using Gemini, identical for all players each day).
• Daily coach and rival messages.

Data sent to the AI model:

• Your input (topic, suspect question, etc.).
• Anonymized game context (level, topic mastery, weak subtopics, language, selected difficulty). This "player context" is built in GeminiPromptBuilder.buildPlayerContext and does NOT include email, nickname, tag, declared country or directly identifiable data.
• Rival and coach memory if active (summaries previously generated by the AI itself).

Limitations and warnings:

• AI-generated content can be factually incorrect, biased or out of date. Exam-mode questions DO NOT replace official exams.
• Input moderation is defensive but not infallible. If you encounter inappropriate AI-generated content, report it from the question itself ("Report error" button) or via email.
• We do NOT use your inputs to train our own models. Google Gemini, per its DPA, also does not train its models on enterprise API prompts (only on Bard/Gemini consumer product data, which we DO NOT use).

You can disable the daily coach from Settings → Daily coach → Disable coach. The AI cannot be "globally disabled" because it's the core of the product, but you can simply not play AI modes if you're not interested — Classic and Daily Challenge work without your input being processed by generative AI.

14. Changes to this Policy

We may update this Privacy Policy to reflect changes in:

• Product features.
• Technology providers.
• Legal or regulatory requirements.

Updated versions are published at this URL and on the Settings → Privacy policy screen of the app, with the last updated date visible at the top of the document.

Material changes (those significantly affecting how we handle your data) will be notified inside the app before they take effect, giving you a chance to review the new Policy and, if you wish, delete your account before it applies.

Version history is kept in the project's public repository.

15. Contact

Valentín Stancu
Trade name: King Island Studio
Arganda del Rey, Madrid, Spain
Web: kingislandstudio.com

Contact addresses:

• General support / bugs / account: support@kingislandstudio.com
• Privacy / GDPR / rights exercise: privacy@kingislandstudio.com
• Legal / DMCA / compliance: legal@kingislandstudio.com
• Press / partnerships: hello@kingislandstudio.com

To exercise GDPR rights, report incidents, request your data archive in JSON format, or any other matter related to this Policy, write to privacy@kingislandstudio.com. Suggested subject: [GDPR] Your request. Response time: up to 30 calendar days.

---

This English version is provided for convenience. The Spanish version is the legally authoritative one — in case of conflict, the Spanish version prevails.