This Privacy Policy describes how Niva Games (“we”, “us”, “our”) collects, uses, stores, and shares information when you use our games and related services, including Mentalist Detective (the “Game”), our website at nivagames.com, and support email.
By playing the Game or contacting us, you agree to this policy. If you do not agree, please do not use the Game or send us personal data.
This document is provided for transparency. It is not legal advice.
Table of contents
1. Who we are
Data controller: Niva Games
Contact (privacy & support): [email protected]
Website: https://nivagames.com
For privacy requests (access, correction, deletion), email us at the address above with the subject line “Privacy request” and enough detail for us to identify your account (e.g. the email used to sign in).
2. What we collect
We collect information in three broad categories: account & profile, gameplay & game services, and product analytics. We also receive limited data from third-party services that help the Game run (authentication, ads, payments, AI).
2.1 Account and profile
When you create or use an account, we may collect:
- Sign-in credentials or identifiers — email and password, or sign-in through Google or Apple (we receive authentication tokens via our auth provider; we do not receive your Google/Apple password).
- Profile information you provide — display name (detective name), age, and optional avatar.
- Game account data — reputation, cases solved/failed/abandoned, stars, in-game currency (tokens), hints, energy, premium/subscription status, and related progression fields stored on our servers.
2.2 Gameplay and game services
To provide murder-mystery gameplay, case generation, saves, and multiplayer-style persistence, we store gameplay data on our backend, including:
- Cases and investigations — case content, your progress (locations unlocked, evidence found, time played, reports, accusations, outcomes).
- Interrogation data — questions you send to suspects, NPC replies, AI classifications (e.g. question type), emotions/stress metadata, and evidence presented during interrogation. Your messages are sent to an AI service for processing and are stored in our database as part of your play session.
- Generated content — procedurally generated case elements and assets tied to your account or session.
- Purchases — records of in-app purchases and subscriptions (product identifiers, platform, transaction references, tokens or benefits granted). Payment card details are handled by Apple App Store or Google Play, not by us.
2.3 Product analytics (first-party)
We run our own product analytics (we do not use a separate analytics SDK such as Google Analytics or Firebase Analytics in the Game client).
When you are signed in, the Game sends usage events to our servers, including:
- Session information — session identifier, session start/end, approximate duration.
- Device and app context — platform (e.g. iOS, Android), OS version, device model, app version, screen size, locale.
- Gameplay flow — scenes visited, time in scenes, game states, case started/ended, locations visited, evidence discovered, interrogation started/ended (counts and durations, not full chat text in analytics).
- UI interactions — button presses (button identifiers, truncated label text, scene paths).
- Auth events — sign-in and sign-out.
- Errors and system messages — some events may include error or system message text to help us fix bugs.
These events are stored with a user identifier linked to your account (pseudonymous account ID). They are used to understand how the Game is used, improve stability, and prioritize features. We do not describe this as “anonymized” in the strict sense, because events can be associated with your account.
Analytics are sent only when you are authenticated; we do not use a separate third-party analytics product for this pipeline.
2.4 Support and website
If you contact us by email or through our contact form:
- We receive your name, email address, and message (and any information you choose to include).
- We use this only to respond to your request and for related support history. We do not use support email for unrelated marketing.
Our website may use standard server and security logs (e.g. IP address, browser type, pages requested) operated by our hosting provider.
2.5 Optional rewarded advertising (mobile)
On iOS and Android, you may choose to watch rewarded video ads (e.g. to receive in-game energy or hints). These ads are served through Google AdMob (Google Mobile Ads SDK).
When you use ads, Google may collect device and advertising-related data under Google’s Privacy Policy for ad delivery, fraud prevention, and measurement. We configure the Game for rewarded ads; we do not use in-game banner ads in the current client.
3. How we use your information
We use personal data to:
| Purpose | Examples |
|---|---|
| Provide the Game | Accounts, saves, case generation, interrogation AI, progression, leaderboards/stats |
| Process purchases | Validate App Store / Play purchases and grant tokens or subscription benefits |
| Improve the product | First-party analytics, crash/error diagnosis, balancing difficulty |
| Security & abuse prevention | Protect accounts and backend integrity |
| Support | Answer your emails and fix reported issues |
| Legal compliance | Respond to lawful requests where required |
We do not sell your personal data.
We do not use your data for unrelated third-party marketing.
4. AI processing
Interrogation and related features use artificial intelligence hosted by our backend, which sends your in-game messages (and necessary game context) to an AI provider (currently OpenAI) to generate NPC dialogue and classify questions.
- What is sent: Your typed questions and context needed for the scene (e.g. case and suspect state), not your real-world identity beyond your account linkage on our servers.
- Why: To power dynamic conversations and difficulty-appropriate responses.
- Storage: Messages and AI responses are stored in our database as part of your gameplay record.
OpenAI processes data according to its terms and privacy policy. We use API access for production features; we do not use your interrogation text to train public models unless a provider’s terms and our configuration explicitly allow it—check OpenAI’s policies for current practices.
5. Third-party services (processors)
We rely on service providers that process data on our behalf:
| Provider | Role |
|---|---|
| Supabase | Authentication, database, file storage, serverless functions (including analytics event storage) |
| OpenAI | AI dialogue and question classification for interrogation |
| Google (AdMob) | Rewarded video ads on mobile |
| Google / Apple | Sign-in (OAuth) and in-app purchase platforms |
| Hosting / CDN | Website and static assets (e.g. Cloudflare) |
Each provider has its own privacy policy. We choose providers appropriate for a mobile game backend and require contractual protections where available.
International transfers: Our providers may process data in the United States, the European Union, or other countries. Where required by law, we rely on appropriate safeguards (such as standard contractual clauses) offered by our vendors.
6. Legal bases (EEA / UK — GDPR)
If you are in the European Economic Area or the United Kingdom, we process personal data on these bases:
| Processing | Legal basis |
|---|---|
| Account, gameplay, purchases, support | Contract — necessary to provide the Game you requested |
| Product analytics (account-linked) | Legitimate interests — understanding and improving the Game, balanced against your rights |
| Rewarded ads (where consent is required by law) | Consent — where applicable, via platform or ad consent flows |
| Legal obligations | Legal obligation — where we must retain or disclose data |
You may object to processing based on legitimate interests (see Section 9). Where we rely on consent, you may withdraw it without affecting the lawfulness of processing before withdrawal.
7. Retention
We keep personal data only as long as needed for the purposes above:
- Account and gameplay data — while your account is active and for a reasonable period afterward so you can return to the Game or we can resolve disputes.
- Analytics events — typically for a limited period suitable for product analysis (e.g. months, not indefinitely), unless aggregated into non-identifying statistics.
- Purchase records — as required for accounting, fraud prevention, and tax law.
- Support email — as long as needed to handle your request and maintain a reasonable support history.
You may request deletion of your account and associated data (Section 9). Some data may be retained where the law requires (e.g. financial records).
8. Children and age
The Game is intended for players who can engage with murder-mystery themes. Our Age Suitability page recommends 12+, and the Game adapts case complexity using the age you provide in your profile.
We ask for age during profile setup. We do not knowingly collect personal data from children under 13 without appropriate parental consent where required by law (e.g. COPPA in the United States). If you believe a child under 13 has provided us personal data, contact us and we will take steps to delete it.
Parents and guardians may contact us regarding a minor’s account.
9. Your rights
Depending on where you live, you may have the right to:
- Access a copy of your personal data
- Correct inaccurate data (e.g. update display name or age in the Game)
- Delete your account and associated data
- Restrict or object to certain processing
- Data portability — receive data in a structured, commonly used format where applicable
- Withdraw consent — where processing is based on consent (e.g. ads, where applicable)
- Lodge a complaint with your local data protection authority (EU/UK)
To exercise these rights, email [email protected]. We may need to verify your identity before fulfilling a request.
California (CCPA/CPRA): We do not sell personal information. California residents may request access, deletion, and correction as described above.
10. Security
We use industry-standard measures appropriate for an indie online game: encrypted connections (HTTPS/TLS), authenticated API access, server-side access controls, and hosted infrastructure with security features from our providers.
No method of transmission or storage is 100% secure. If you believe your account has been compromised, contact us and change your password or revoke third-party sign-in access via Google/Apple.
11. Changes to this policy
We may update this Privacy Policy from time to time. We will post the new version on nivagames.com/privacy/ with an updated “Last updated” date. For material changes, we may provide additional notice in the Game or by email where appropriate.
Continued use of the Game after changes means you accept the updated policy, unless otherwise required by law.
12. Summary
| Topic | Our practice |
|---|---|
| Selling data | We do not sell personal data |
| Analytics | First-party events stored on our backend, linked to your account when signed in |
| AI | Interrogation messages processed by OpenAI via our servers; stored as gameplay data |
| Ads | Optional rewarded AdMob videos on mobile; Google may collect ad-related data |
| Payments | Apple / Google handle payment; we store purchase outcome records |
| Support | Email used only to help you, not unrelated marketing |
| Contact | [email protected] |
© Niva Games. All rights reserved.