← Back to BekpaGames

Privacy Policy

Last updated: May 18, 2026

1. Introduction

BekpaGames ("we," "us," "our") is a game development project operated by Pavel Bekpa, based in the Czech Republic (European Union). We build casual mobile games for Google Play and HTML5 versions of the same games hosted on our websites.

By using our website or installing one of our mobile apps, you agree to the practices described in this Privacy Policy.

2. Information We Collect

2.1 On the website (bekpagames.com)

Our website hosts HTML5 versions of BekpaGames titles alongside the same games we publish on Google Play. When you visit the site or play an HTML5 game on it, we collect:

• nginx access logs (IP address, User-Agent, requested URL, HTTP status, timestamp, referrer) — kept up to 30 days for security and debugging.
• Google AdSense / H5 Games Ads — HTML5 games on bekpagames.com display ads through Google AdSense and/or Google H5 Games Ads. These services use cookies and similar technologies to serve personalized or non-personalized ads based on your choices. See Section 3 for details and opt-out controls.
• localStorage — individual HTML5 games may store your local progress (high scores, level completion, settings) in your browser's localStorage. This data stays on your device, is not sent to us, and you can clear it anytime via your browser settings.
• Leaderboard data (where applicable) — some HTML5 games feature a global leaderboard. When you submit a score, we store your chosen display name, your score, and a one-way hash of your IP address (used only to prevent abuse/spam submissions). No raw IP, email, or persistent identifier is stored.

We do not run Google Analytics, Plausible, or any other third-party analytics on the website.

2.2 In our mobile apps (automatically collected)

Our mobile apps do not require registration, do not have user accounts, and do not connect to any custom backend operated by us. We do not directly collect personally identifying information such as your name, email address, phone number, or physical address.

However, the third-party SDKs embedded in our apps (see Section 3) automatically collect the following categories of data:

• Android Advertising ID (AAID) — used by Google AdMob to serve personalized or non-personalized advertisements. You can reset or delete this ID at any time in your device settings.
• Device information — device model, manufacturer, operating system version, screen size, system language, network type.
• Approximate location — country-level, derived from your IP address for ad targeting and currency selection. We do not request or access precise (GPS) location.
• Crash reports — if the app crashes, Google Play Services sends us a stack trace through the Google Play Console, which may include device model, OS version, and app version.
• Local notification scheduling — when you close the app, we schedule on-device reminders (via Android AlarmManager) to invite you back after 1, 3, and 7 days. No notification data is sent to any server; all scheduling and content generation happens locally on your device. You can disable notifications anytime in your device settings.

2.3 In our mobile apps (purchase data)

If you make an in-app purchase, Google Play Billing provides us with:

• The purchase token issued by Google Play (used to verify and deliver the purchased content)
• The SKU identifier (which product was purchased)
• The transaction timestamp

We never receive your payment card number, CVV, billing address, or Google account email. All payment processing is handled entirely by Google Play.

3. Third-Party SDKs and Services

4. How We Use Your Data

• To display ads in mobile apps — Google AdMob uses the Advertising ID and device information to select and render ads. In the European Economic Area (EEA), UK, and Switzerland, AdMob displays a consent dialog (Google User Messaging Platform) on first launch; your choice determines whether ads are personalized or non-personalized.
• To display ads in HTML5 games on the website — Google AdSense and Google H5 Games Ads use cookies and approximate location to select and render ads. EEA/UK/CH visitors will see a consent banner on first visit; your choice determines personalization.
• To fix crashes — We review crash reports delivered via Google Play Console to identify and fix bugs in future app versions.
• To complete in-app purchases — Purchase tokens from Google Play Billing are used to verify that a purchase occurred and to unlock the purchased content inside the app.
• To secure and debug the website — nginx access logs are reviewed only when investigating an incident, abuse, or outage.

We do not sell your data in the ordinary commercial sense, do not rent or lease it, do not build standalone user profiles, do not perform ad retargeting, and do not run email marketing. Note: see Section 7.2 for the specific CPRA definition of “sale/sharing” related to advertising.

5. Data Sharing

We share data only with:

• The third parties listed in Section 3 of this policy, strictly for the purposes described there.
• Law enforcement or regulatory authorities when required by a valid legal request under Czech or EU law.

We do not sell data to data brokers, ad networks other than the ones listed in Section 3, or any other third party.

6. Data Retention

• Website access logs (nginx): kept for up to 30 days for security and debugging, then deleted.
• Leaderboard entries: retained indefinitely (display name + score + hashed IP). Contact us to request removal.
• Crash reports: retained by Google Play Console for up to 90 days per Google's own documentation.
• In-app purchase records (purchase tokens, SKUs, timestamps): retained for 7 years to comply with Czech accounting and tax law (zákon č. 563/1991 Sb. o účetnictví). No card numbers are ever stored.
• Firebase Analytics events: retained by Google for up to 14 months per Firebase default configuration. Custom event parameters are aggregated and contain no PII.
• Firebase Crashlytics crash data: retained for up to 90 days, then deleted by Google automatically.
• Ad-related data (Advertising ID, device info, ad cookies): retained by Google according to Google's own retention policy. We do not keep copies on our systems.

7. Your Rights

7.1 European Economic Area, UK, Switzerland (GDPR / UK GDPR / FADP)

If you are located in the EEA, UK, or Switzerland, you have the right to:

• Access a copy of your personal data
• Rectify inaccurate data
• Request deletion of your data ("right to be forgotten")
• Object to or restrict processing
• Withdraw consent you previously granted (e.g. in the ad consent dialog)
• Data portability
• Lodge a complaint with a supervisory authority (in the Czech Republic: Úřad pro ochranu osobních údajů, uoou.cz)

Because we do not maintain user accounts and do not operate our own backend, most of these rights must be exercised directly with Google via the control links listed in Section 3. For data held by Google, visit Google Privacy Controls. For leaderboard or in-app purchase records retained by us, see Section 10.

7.2 California residents (CCPA / CPRA)

If you are a California resident, you have the right to know what personal information is collected, to request deletion, and to opt out of the “sale” or “sharing” of personal information. The use of your Advertising ID (in mobile apps) or advertising cookies (on the website) by Google AdMob, AdSense, and H5 Games Ads for personalized advertising may be considered a “sale” or “sharing” under the CPRA, depending on how a given transaction is classified.

How to opt out:

• On first launch of our apps or first visit to the website in California, you will be shown a consent dialog. Selecting non-personalized ads opts you out.
• In your Android device settings: Settings → Google → Ads → Opt out of Ads Personalization (or toggle “Delete advertising ID”).
• For website ads: visit adssettings.google.com and turn off Ad Personalization.
• Email info@bekpagames.com with the subject line “California opt-out request”.

We do not discriminate against users who exercise their CCPA/CPRA rights.

8. Children’s Privacy (COPPA)

Our apps and games are not directed at children under the age of 13 and are not listed in Google Play's Designed for Families program. We do not knowingly collect personal information from children under 13 in the United States, nor from children under 16 in the European Union without verified parental consent.

If you are a parent or legal guardian and believe your child has used our apps, please contact us (Section 12) and we will cooperate with Google to remove any ad-related data tied to that device's Advertising ID.

9. International Data Transfers

The SDKs listed in Section 3 are operated by Google LLC, headquartered in the United States. This means data processed by those SDKs is transferred from the European Economic Area, United Kingdom, and Switzerland to the United States.

These transfers rely on Google's Standard Contractual Clauses (SCCs) as approved by the European Commission, together with Google's certification under the EU-US Data Privacy Framework where applicable. No international transfer is performed by us directly.

10. Data Deletion Request

Our apps have no user accounts and we do not operate a user database, so there is no “account” to delete. However, the following data may be held by Google or by us in connection with your use of our apps or website:

• Advertising ID and ad-related data (held by Google AdMob / AdSense) — reset or delete the Advertising ID in Android settings; clear ad cookies in your browser; or visit adssettings.google.com.
• Crash reports (held by Google Play Console for up to 90 days) — automatically expire; request earlier removal via Google Play Developer Support.
• In-app purchase records (held by us for accounting purposes, 7 years) — see deletion procedure below.
• Leaderboard entries (display name, score, hashed IP) — email us with your leaderboard display name and approximate submission date for removal.

To request deletion of any data we hold about you:

11. Changes to This Policy

We may update this Privacy Policy when laws change or when we add new SDKs or apps. The Last updated date at the top of this page reflects the latest revision. Material changes (new SDKs, new data categories) will be highlighted here for at least 30 days before taking effect. We encourage you to review this page periodically.

12. Contact

This policy is published in English only; the English version is authoritative for all jurisdictions.