Privacy Policy

Effective Date: March 23, 2026  ·  Last Updated: April 7, 2026

Hye Labs LLC ("Hye Labs," "we," "us," or "our") operates the Mafia mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the App. Please read this policy carefully. By downloading or using the App, you agree to the practices described in this Privacy Policy.

1. Information We Collect

The App does not:

• Require you to create an account or sign in
• Collect your name, email address, phone number, or any other personal identifiers through the App (if you contact us via our support form, see "Support Communications" below)
• Access your contacts, camera, microphone, location, or photo library
• Use cookies, tracking pixels, or similar technologies ourselves (third-party SDKs may use similar technologies for ad serving — see Section 5)
• Track you across apps or websites (third-party advertising partners may do so if you grant permission — see Section 5)

Anonymous Diagnostic Data: The App uses Sentry, a third-party error monitoring service, to collect anonymous crash reports and performance data. This includes:

• Crash logs and stack traces (when the app encounters an error)
• Device model, operating system version, and app version
• App performance metrics (launch time, response times)
• Session duration (how long the app was open)

This diagnostic data is not linked to your identity and is not used by us to identify you. It is used solely to diagnose and fix bugs and improve app performance.

Anonymous Usage Analytics: The App uses PostHog, a third-party analytics service, to collect anonymous usage data. This helps us understand how the App is used and improve the experience. This includes:

• Game events (game started, completed, or abandoned; phase transitions; round counts)
• Game configuration (player count, which roles were selected — no player names)
• Device information (device model, operating system version, screen size)
• App version, language/locale, and timezone
• A randomly generated anonymous identifier (not linked to your identity or Apple ID)
• Approximate location (city/country level, derived from your IP address)

This analytics data is not linked to your identity and is not used by us to identify you. We do not use Apple's advertising identifier (IDFA) for analytics purposes. We do not track you across other apps or websites ourselves. Third-party advertising partners may do so if you grant permission via App Tracking Transparency (see Section 5).

Saved player profiles - including names, games played, and points - are stored locally on your device and are never transmitted to any server, except when the optional QR Code role distribution feature is used (see below), in which case only player names are transmitted.

QR Code Role Distribution (Optional): When the Game Master enables QR Code Mode, the following data is temporarily transmitted to a relay server operated by Cloudflare Workers on our behalf:

• Player names entered during the game session, as well as previously saved player names (to enable quick selection on joining devices)
• Game configuration (number of players, role assignments)

This data is stored temporarily (maximum 30 minutes) to facilitate role distribution and is automatically deleted after the session expires. No data is retained after the game begins. The relay server does not store any persistent data, does not use cookies, and does not track users across sessions. Data is transmitted over encrypted connections (HTTPS/TLS). This feature requires an internet connection and is entirely optional - the standard phone-passing mode does not transmit any data.

Advertising Data: The App uses Google AdMob, a third-party advertising service, to display optional rewarded video advertisements. When you choose to watch an ad, the AdMob SDK may collect:

• IP address (to estimate general geographic location)
• Device identifiers (Advertising Identifier / IDFA if you have granted permission, or app-scoped identifiers)
• Ad interaction data (advertisements viewed, tapped, or completed)
• Device and performance information (device model, OS version, app state)

This data is used by Google to serve, measure, and improve advertisements. If you have granted App Tracking Transparency (ATT) permission, your Advertising Identifier (IDFA) may be used to deliver more relevant ads. You can change this permission at any time in your device's Settings > Privacy & Security > Tracking.

In-App Purchase Data: The App offers optional in-app purchases processed entirely by Apple through the App Store. We do not collect or store any payment information (credit card numbers, billing addresses, etc.). We receive only a confirmation of purchase status to unlock features within the App.

Support Communications: If you contact us through our support form or by email, we collect the information you voluntarily provide, including your name, email address, and message content. This information is used solely to respond to your inquiry and provide support. We do not use this information for marketing purposes, and we do not share it with third parties except as necessary to respond to your request. Support communications are retained for up to 24 months for quality and record-keeping purposes, unless a longer retention period is required for legal purposes, after which they are deleted.

2. Third-Party Services

The App uses the following third-party services, each acting as a data processor on our behalf:

• Sentry (sentry.io) — for crash reporting and performance monitoring. Processes only the anonymous diagnostic data described in Section 1. Sentry's privacy policy: sentry.io/privacy.
• PostHog (posthog.com) — for anonymous usage analytics. Processes only the anonymous usage data described in Section 1. PostHog's privacy policy: posthog.com/privacy.
• Google AdMob (admob.google.com) — for serving optional rewarded video advertisements. May collect device identifiers, IP address, ad interaction data, and performance data as described in Section 1. Google's privacy policy: policies.google.com/privacy.
• Cloudflare Workers (cloudflare.com) — used as a temporary relay server for the optional QR Code role distribution feature. Processes only player names and game configuration during an active game session (maximum 30 minutes). No persistent data is stored. Cloudflare's privacy policy: cloudflare.com/privacypolicy.

Neither Sentry, PostHog, nor Google receives player names or any information that could directly identify you. Google AdMob may use device identifiers and interaction data for ad serving and measurement purposes. Should we integrate additional third-party services in future updates, this Privacy Policy will be updated accordingly.

3. Legal Basis for Processing (GDPR)

Hye Labs LLC is the data controller for purposes of the GDPR. We have entered into data processing agreements with our third-party service providers where required.

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we process anonymous diagnostic and analytics data under the following legal basis:

• Legitimate interest (Article 6(1)(f) GDPR) — We have a legitimate interest in understanding how the App is used, diagnosing crashes, and improving app stability and the user experience. Because the data we collect is anonymous and is not used by us to identify you, the impact on your privacy is minimal. We have assessed that our legitimate interests are not overridden by your rights and freedoms given the anonymous nature of the data collected. You have the right to object to this processing (see Section 8 below).
• Consent (Article 6(1)(a) GDPR) — For personalized advertising, we obtain your consent before allowing advertising partners to process your data. Where required, we present a consent prompt within the App before enabling personalized advertising. You may withdraw your consent at any time through your device's App Tracking Transparency settings (Settings > Privacy & Security > Tracking). If you do not consent, only contextual (non-personalized) ads will be served, and this will not affect your ability to use the App.

4. Data Retention

We retain anonymous diagnostic and analytics data for up to 12 months from the date of collection, after which it is automatically deleted. Crash reports stored by Sentry are retained for 90 days. You may request early deletion of your analytics data at any time by contacting us (see Section 11).

5. Advertising

The App displays optional rewarded video advertisements through Google AdMob. These ads are entirely voluntary — you choose to watch them in exchange for temporary access to in-game content (valid for one game session).

Data collected by AdMob: When you watch an ad, Google AdMob may collect device identifiers, IP address (for approximate location), ad interaction data, and device performance information. This data is used to serve, measure, and improve advertisements.

Personalized vs. non-personalized ads: If you grant App Tracking Transparency (ATT) permission, AdMob may use your Advertising Identifier (IDFA) to deliver personalized ads based on your interests. If you decline or have not been prompted, only contextual (non-personalized) ads will be served. You can manage this in your device's Settings > Privacy & Security > Tracking.

Opt-out of personalized ads: You can opt out of personalized advertising by:

• Declining the App Tracking Transparency prompt (or revoking it in Settings > Privacy & Security > Tracking)
• Adjusting ad personalization in your device's Settings > Privacy & Security > Apple Advertising
• Visiting Google's Ad Settings at adssettings.google.com

Children: The App is not directed to children under 13. We do not knowingly serve personalized advertising to users under 13 and rely on user and device-level settings and Google's policies to enforce this. The App is designed for a general audience aged 13 and older.

For more information about how Google uses data, see Google's Privacy Policy at policies.google.com/privacy.

6. Children's Privacy

Mafia is a social deduction game intended for a general audience, not specifically directed at children. The App does not knowingly collect personal information from children under the age of 13 (or under the age of 16 in the European Economic Area).

Because we do not directly collect personal data and our third-party services process only device-level identifiers, we believe we are in compliance with the Children's Online Privacy Protection Act (COPPA), the European Union's General Data Protection Regulation (GDPR) as it applies to children, and other applicable children's privacy laws. If we become aware that we have inadvertently collected personal information from a child, we will take immediate steps to delete that information.

If you are a parent or guardian and believe your child has provided personal information to us, please contact us at the address below.

7. Data Security

We do not collect or store personal data through the App itself. Anonymous diagnostic data and usage analytics are transmitted over encrypted connections (HTTPS/TLS) and are stored securely on Sentry's and PostHog's infrastructure, respectively. All game data (player names, roles, scores) exists only on your device and is not transmitted to any server, except when the optional QR Code role distribution feature is used (see Section 1).

8. Your Rights & Opt-Out

Depending on your jurisdiction, you may have rights under applicable data protection laws, including:

• Access, correction, and deletion: You have the right to request access to, correction of, or deletion of your data. Since we do not collect personal data through the App, the only data associated with you is an anonymous analytics identifier. You may request deletion of your anonymous analytics data by contacting us at the address below.
• Opt-out of analytics: If you wish to stop analytics data collection, you may contact us to request opt-out. We will process your request within 30 days.
• Right to object (GDPR): If you are in the EEA, UK, or Switzerland, you have the right to object to processing based on legitimate interest. Contact us to exercise this right.
• Do Not Sell or Share: We do not sell personal information for monetary consideration. Google AdMob may share device identifiers and ad interaction data with advertising partners for ad serving and measurement purposes, which may constitute "sharing" under the California Consumer Privacy Act (CCPA/CPRA). To exercise your "Do Not Sell or Share" rights, you may decline the App Tracking Transparency prompt or contact us. For more information, see Section 5 above.
• Data portability: Under the GDPR and similar laws, you may request a copy of your data in a portable format. Since no personal data is collected through the App, this right does not generally apply in practice. If you have provided personal information via our support form, you may request a copy of that data.
• Non-discrimination: We will not discriminate against you for exercising any of your privacy rights.

To exercise any of these rights, please contact us. We will respond within 30 days.

9. International Users

The App is available worldwide through the Apple App Store. Anonymous diagnostic and analytics data is processed on servers located in the United States (Sentry and PostHog). For users in the European Economic Area (EEA), United Kingdom, or Switzerland, this data transfer is conducted in accordance with applicable data protection laws, including the use of Standard Contractual Clauses (SCCs) where required. Since we do not collect personal data through the App itself, the risk associated with these transfers is minimal.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date at the top of this page. If the changes are material — particularly if we begin collecting personal data through the App — we will provide clear and prominent notice before such changes take effect, where required by law, through the App or through the App Store update description. We encourage you to review this Privacy Policy periodically.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the App's privacy practices, please contact us: