Forgotten Script

Effective date: 22 April 2026
Last updated: 22 April 2026
Operator: Gökhan Oğuz, independent developer
Contact: m.gokhanoguz2@gmail.com

Short version: Forgotten Script collects as little as possible. The game itself is single-player and works offline. If you choose to sign in, a small set of progress data syncs to the cloud so streaks and leaderboards work across your devices. There are no ads, no third-party analytics, and no advertising identifiers.

1. Data we store on your device

The app uses a local database on your device to keep your puzzle progress, settings, run history, daily streak state, and an XP / achievements tally. This data lives only on the device and is not transmitted anywhere unless you sign in (see section 2).

2. Data we sync to the cloud (only if you sign in)

Sign-in is optional. The game is fully playable without an account. If you sign in with Apple or Google, we use Firebase Authentication and Cloud Firestore (Google) to store the following:

Your account identifier (UID) — assigned by Firebase. We do not see or store your Apple ID, Google email, or password.
A display name — either chosen by you or derived from your sign-in provider, used on leaderboards.
Run scores and metadata — for each completed run: score, language, difficulty, completion timestamp (UTC), accuracy, duration, and a per-run idempotency key. Used to compute leaderboard standings.
Aggregated leaderboard rows — your total score and run count, all-time and per ISO week, by language.
Streak state — current streak, longest streak, last qualifying day, and rescue/shield bookkeeping.

We do not collect or store: your real name (unless you put it in your display name), email address, location, contacts, photos, microphone, advertising identifier, IP-based location, or any device identifier beyond what Firebase needs to operate.

3. Sign-in providers

If you choose to sign in, you authenticate through one of:

Sign in with Apple — see Apple's privacy terms. Apple may share a private relay email with the app; we do not read or persist it.
Sign in with Google — see Google's privacy terms.
Anonymous sign-in — Firebase issues a random UID with no personal data attached. This is what we use if you haven't linked an Apple or Google account.

4. Third-party services

The app uses these services to function. Each has its own privacy policy that governs the data they receive.

Firebase Authentication (Google) — sign-in and account identity.
Cloud Firestore (Google) — leaderboard and sync storage.
Sign in with Apple (Apple) — sign-in option.
Google Sign-In (Google) — sign-in option.

We do not use Firebase Analytics, Firebase Crashlytics, AdMob, Facebook SDK, or any third-party analytics or advertising SDKs. The app does not contain ads.

5. Children

Forgotten Script is suitable for ages 4 and up and does not knowingly collect personal information from children. Sign-in is optional and the only way data leaves the device. If you believe a child has provided us with personal data, please contact us and we will delete it.

6. Your rights

You can review, export, or delete your data at any time. The app itself includes:

Sign out — keeps your local progress, stops cloud sync.
Delete account — permanently removes your Firebase account, your private streak/sync data, and your leaderboard rows. This action cannot be undone.
Wipe local data — clears the on-device database; the app reverts to a fresh anonymous state.

You may also email m.gokhanoguz2@gmail.com to request access, correction, or deletion of any data we hold, and we will respond within 30 days.

7. Data retention

Cloud data is retained for as long as your account exists. When you delete your account, your private documents and leaderboard rows are removed. Aggregated, non-identifying counts (e.g. "how many runs were completed in week N") may persist; these contain no link to you.

8. Where data is processed

Firebase services are operated by Google and your data may be processed in any country where Google maintains infrastructure. Google publishes details of its sub-processors and locations.

9. Security

Cloud data is protected by Firebase security rules that restrict reads and writes to the owning account. Network traffic is encrypted in transit (HTTPS / TLS). Despite reasonable safeguards, no system is perfectly secure; please report any suspected vulnerability to the contact address above.

10. Changes to this policy

If material changes are made, the "Effective date" above will be updated and a notice will be posted in-app or on this page. Minor clarifications may be made at any time.

11. Contact

Questions, requests, or concerns: m.gokhanoguz2@gmail.com.