Integritetspolicy
Last updated: April 2026
1. Who We Are
LexiLegend is published by KOD 73 AB, org. no. SE559057-0940, registered in Sweden ("we", "us", "our"). We are the data controller for personal data processed in connection with the App and this website.
Contact: publisher@kod73.se
2. Scope
This Privacy Policy describes how we collect, use, and share personal data when you use the LexiLegend mobile application ("App") and our website at lexilegend.com. It applies to all users, including children.
3. Children's Privacy (COPPA & GDPR)
LexiLegend is a word puzzle game suitable for all ages, including children under 13. Because the App is directed at children, the following rules apply:
- USA (COPPA): We do not collect personal information from children under 13 without verifiable parental consent. The only data collected during gameplay is a non-persistent, pseudonymous device identifier used solely to maintain game state during a session. We do not collect names, email addresses, phone numbers, or precise location data. If you are a parent or guardian and believe your child has submitted personal information without your consent, contact us at publisher@kod73.se and we will delete it promptly.
- EU (GDPR): For users in the European Union under the age of 13, we only process personal data with verifiable parental consent. Where we rely on consent as the legal basis, a parent or guardian must provide that consent on behalf of the child.
- Advertising for children: All advertising shown to users who are identified or reasonably believed to be under 13 is served in child-directed mode with no personalisation or behavioural targeting. See Section 7 for details.
4. Data We Collect
| Data | Purpose | Legal Basis (GDPR) |
|---|---|---|
| Pseudonymous device/account identifier (from Google Play Games or Apple Game Center) | Authenticate your account and sync game progress | Performance of contract — Art. 6(1)(b) |
| Game data: scores, achievements, level progress, challenge history, statistics | Provide game features, leaderboards, and challenges | Performance of contract — Art. 6(1)(b) |
| Device type, OS version, app version | Bug fixing and performance optimisation | Legitimate interest — Art. 6(1)(f) |
| Crash reports and error logs | Error tracking and app stability | Legitimate interest — Art. 6(1)(f) |
| Push notification token | Send optional game notifications | Consent — Art. 6(1)(a) |
| Non-personalised advertising identifier (child-directed) | Display non-personalised ads (unless ad-free purchased) | Legitimate interest / Consent — Art. 6(1)(a)/(f) |
| Language preference cookie (functional, no tracking) | Remember your chosen display language across visits | Legitimate interest — Art. 6(1)(f) · Essential cookie · 1 year |
| Analytics consent flag (localStorage) | Store your cookie consent choice to avoid re-prompting | Legitimate interest — Art. 6(1)(f) · Essential · Persistent |
We do not collect names, email addresses, precise location, or payment card data. Payment processing is handled exclusively by Apple or Google.
5. How We Use Your Data
- Provide and maintain the game experience
- Sync your progress, achievements, and statistics across devices
- Enable social features (friends, challenges, leaderboards)
- Send push notifications (only if you have granted permission, and you can revoke this at any time)
- Identify and fix bugs and crashes
- Display non-personalised advertising (unless you have purchased the ad-free pass)
We do not sell your personal data to third parties. We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.
6. Third-Party Services and International Data Transfers
We use the following third-party services. Some are located outside the European Economic Area (EEA). Where data is transferred outside the EEA, we rely on Standard Contractual Clauses (SCCs) adopted by the European Commission, or on an adequacy decision, to protect your data.
-
Microsoft PlayFab (USA) — Backend services for authentication, cloud saves, leaderboards, and game services. Data may be stored in Microsoft Azure data centres. Transfer mechanism: Standard Contractual Clauses.
Microsoft Privacy Statement -
Google AdMob (USA) — Advertising network. For users under 13, ads are configured as child-directed and non-personalised (
tagForChildDirectedTreatment=true). Transfer mechanism: Standard Contractual Clauses / EU–US Data Privacy Framework.
Google Privacy Policy -
Google Firebase (USA) — Push notifications. Transfer mechanism: Standard Contractual Clauses / EU–US Data Privacy Framework.
Firebase Privacy -
Sentry (USA) — Error tracking and performance monitoring. Crash reports may contain device type and OS version. Transfer mechanism: Standard Contractual Clauses.
Sentry Privacy Policy
7. Advertising
The App displays advertisements when the ad-free pass has not been purchased. We use Google AdMob to serve ads.
- All advertising is configured as child-directed and non-personalised for users who are identified or reasonably believed to be under 13, in compliance with COPPA and Google Play Families Policy.
- For adult users, contextual (non-behavioural) ads may be displayed. We do not build advertising profiles based on gameplay behaviour.
- You can remove all advertising permanently by purchasing the ad-free pass within the App.
8. Data Retention
| Data | Retention period |
|---|---|
| Account and game data (PlayFab) | Until you delete your account, then deleted within 30 days |
| Error logs (Sentry) | 90 days |
| Push notification tokens (Firebase) | Until you revoke notification permission or delete your account |
| Advertising identifiers (AdMob) | Managed by Google per their retention policy |
9. Data Storage & Security
Your game data is stored securely using industry-standard encryption. Local data on your device is stored in an encrypted local database. Cloud data is managed through PlayFab's secure infrastructure. We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure.
10. Your Rights
Under GDPR, if you are located in the European Economic Area, you have the following rights:
- Right of access — request a copy of the personal data we hold about you
- Right to rectification — request correction of inaccurate data
- Right to erasure — request deletion of your personal data
- Right to restriction — request that we limit how we use your data
- Right to data portability — receive your data in a structured, machine-readable format
- Right to object — object to processing based on legitimate interest
- Right to withdraw consent — withdraw any consent you have given at any time, without affecting the lawfulness of prior processing
- Right to lodge a complaint — you have the right to lodge a complaint with the Swedish supervisory authority, Integritetsskyddsmyndigheten (IMY), at www.imy.se
To delete your account and associated data, go to Settings → Account Settings → Delete Account in the App, or visit our account deletion page. For other requests, contact us at publisher@kod73.se. We will respond within 30 days.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice in the App and updating the date at the top of this page. For significant changes affecting children's data, we will seek fresh parental consent where required.
12. Contact Us
If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:
KOD 73 AB
publisher@kod73.se