INOVIXI
Technology & Innovation
← Back to Home

Grind Grid

Privacy Policy

Effective date: 2026-05-07  ·  Last updated: 2026-05-07

1. Introduction

This Privacy Policy describes how the “Grind Grid” mobile application (the “Application”) collects, uses, shares, and protects information about you. Grind Grid is a casual physics puzzle game developed by Siraç Özmen, operating under the brand Inovixi (collectively the “Service Provider”, “we”, “us”, or “our”).

By downloading or using the Application, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with any part of this policy, please do not use the Application.

2. Data Controller

The data controller responsible for your personal data under the General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), and the Turkish Personal Data Protection Law (KVKK, Law No. 6698) is:

We have not appointed a Data Protection Officer because the scale of our processing does not legally require one; however, all privacy questions and requests are handled directly by the controller via the email above.

3. Information We Collect

The Application is designed to minimize data collection. We do not ask you to create an account, sign in, or provide your name, email, phone, address, payment details, or any other directly identifying information. The categories below match the disclosures in our Google Play Data Safety section.

3.1 Information collected automatically

When you use the Application, certain data is collected automatically by the Application and the third-party SDKs we integrate:

  • Device or other identifiers — the Android Advertising ID (AAID), App Set ID, and similar identifiers used by advertising and analytics services.
  • App information and performance — crash logs, diagnostics (such as app launch time, energy usage, frame rate), and SDK error reports used to keep the Application stable.
  • Approximate technical data — your device's Internet Protocol (IP) address, mobile network state (Wi-Fi vs. cellular), device model, operating system version, system language, and country derived from IP at coarse granularity.

3.2 Information we do NOT collect

  • Precise location (GPS) — we do not request the location permission.
  • Personal identifiers such as name, email, phone number, address, or government IDs.
  • Photos, videos, audio recordings, contacts, calendar entries, or files on your device.
  • Health, fitness, or biometric data.
  • Browsing history outside the Application.
  • Financial information — the Application contains no in-app purchases.
  • User-generated content — the Application has no chat, profile, or upload features.

3.3 Information stored locally on your device

Your gameplay progress (completed levels, earned stars, in-app settings) is stored locally on your device using Android SharedPreferences. This data never leaves your device and is not transmitted to our servers (we do not operate any servers that store user data).

4. Third-Party Services and SDKs

The Application integrates third-party Software Development Kits (SDKs) that may collect and process data independently of us. We list each one explicitly below, including the categories of data they receive and links to their respective privacy policies. You are encouraged to review them.

4.1 Google AdMob (advertising)

We use Google AdMob to display rewarded advertisements within the Application. According to Google's official disclosure, AdMob automatically collects and may share IP address, user product interactions, diagnostic information, and device/account identifiers (including Android Advertising ID) for advertising, analytics, and fraud prevention.

4.2 Google Play Services (Android Vitals, Ad Services)

Google Play Services is bundled with most Android devices. It supplies crash reporting (Android Vitals), diagnostic telemetry, the Advertising ID controls, and the AdServices APIs (Topics, Attribution, Measurement). Data flows are governed by Google's privacy policy.

No other analytics, crash reporting, marketing-attribution, social, or push-notification SDKs are integrated. We do not use Firebase Analytics, Crashlytics, Facebook SDK, AppsFlyer, Adjust, Unity Analytics, OneSignal, or similar services in this version of the Application.

5. How We Use Your Information

The data we and our third-party SDK partners process is used for the following limited purposes:

  • App functionality — to operate the Application, deliver rewarded ads when you choose to view them, and keep gameplay state.
  • Analytics — to understand stability and performance (crashes, slow load times, low frame rates) at an aggregate level.
  • Advertising — AdMob may use the Advertising ID to serve, frequency-cap, measure, and (where permitted by law and consent) personalize ads. We ourselves do not maintain any advertising profiles.
  • Fraud prevention and security — to detect invalid traffic, click fraud, and abuse of the rewarded-ad system.

We do not use your data for any other purposes, do not engage in cross-context behavioral advertising on our own behalf, and do not sell your data for monetary consideration.

6. Legal Basis for Processing (GDPR / UK GDPR)

For users in the European Economic Area (EEA), the United Kingdom, and Switzerland, we rely on the following lawful bases under Articles 6 and 7 of the GDPR:

  • Consent (Art. 6(1)(a)) — for personalized advertising and any storage of identifiers in your terminal equipment that requires consent under the ePrivacy Directive. Consent is collected through Google's certified User Messaging Platform (UMP) the first time the Application is launched and can be withdrawn at any time via the in-app privacy options or by resetting the Advertising ID in your device settings.
  • Legitimate interests (Art. 6(1)(f)) — for non-personalized contextual advertising, fraud prevention, security, crash reporting, and aggregate analytics required to keep the Application stable and free.
  • Compliance with a legal obligation (Art. 6(1)(c)) — where we must retain or disclose data to comply with applicable law.

7. Sharing and Disclosure

We do not sell your personal data. We share data only with the third-party SDKs listed in Section 4, and only as required for them to deliver their service. In limited circumstances we may also disclose data:

  • where required by law, valid legal process, court order, or government request;
  • to protect the rights, safety, or property of the Service Provider, our users, or the public;
  • to investigate, prevent, or take action regarding illegal activity, suspected fraud, or violations of our Terms.

8. International Data Transfers

Our third-party SDK providers are primarily based in the United States. When data about EEA, UK, or Swiss users is transferred outside those regions, the transfers rely on one of the following safeguards:

  • The EU-U.S. Data Privacy Framework (DPF), the UK Extension to the DPF, and the Swiss-U.S. DPF, where the recipient is self-certified.
  • The European Commission's Standard Contractual Clauses (SCCs) (Decision (EU) 2021/914) where DPF certification does not apply, accompanied by supplementary measures (encryption in transit, access controls) where appropriate.

You may request a copy of the safeguards applied to a specific transfer by emailing mail@inovixi.com.

9. Data Retention

Because we operate no user-data servers, the only data subject to retention is the data held by our third-party SDK partners and the local data on your device.

Data categoryWhere storedRetention
Game progress & settingsYour device onlyUntil you uninstall or clear app data
Advertising ID, IP, ad-related eventsGoogle AdMobPer Google's retention schedule (typically up to 14 months for personalization signals)
Crash logs & diagnosticsGoogle Play ConsoleUp to 60 days for individual records, longer for aggregate trends
Email correspondence with usOur mailboxUp to 24 months, then deleted unless required for legal compliance

When data is no longer needed for the purpose collected, we ensure deletion or full anonymization.

10. Personalized Advertising and EU/UK Consent

The Application shows rewarded ads only — you choose to watch a short video to receive an in-game bonus. We do not show interstitial or banner ads outside of explicit opt-in.

For users located in the EEA, UK, and Switzerland, we use Google's certified User Messaging Platform (UMP) Consent Management Platform, integrated with the IAB Transparency & Consent Framework (TCF), in accordance with Google's EU User Consent Policy (effective January 16, 2024). Through that consent flow you can:

  • Grant or refuse consent to personalized advertising and the storage of identifiers on your device.
  • See the list of certified ad partners that may process your data.
  • Change your choices at any time.

Independently of the consent flow, you can opt out of personalized ads on Android at any time:

  • Settings → Google → Ads → Delete advertising ID (Android 12+) removes the AAID and disables personalization across all apps.
  • Settings → Google → Ads → Opt out of Ads Personalization on older Android versions.

11. Your Rights

11.1 Rights under the GDPR / UK GDPR (EEA, UK, Switzerland)

Subject to the conditions in the GDPR, you have the right to:

  • Access the personal data we hold about you (Art. 15);
  • Have inaccurate data rectified (Art. 16);
  • Have your data erased (Art. 17 – “right to be forgotten”);
  • Restrict processing in certain circumstances (Art. 18);
  • Receive your data in a portable, machine-readable format (Art. 20);
  • Object to processing based on legitimate interests, including direct marketing (Art. 21);
  • Withdraw consent at any time without affecting prior lawful processing (Art. 7(3));
  • Lodge a complaint with your national supervisory authority — for example, the EDPB list of national authorities for EEA users, or the UK ICO for UK users.

11.2 Rights under the CCPA/CPRA (California residents)

If you are a California resident, you have the right to:

  • Know what categories of personal information we collect, use, and share, and the purposes for doing so;
  • Request access to and a copy of the specific pieces of personal information we have collected;
  • Request deletion of your personal information;
  • Request correction of inaccurate personal information;
  • Opt out of the “sale” or “sharing” of personal information — see Section 12 below;
  • Limit the use of sensitive personal information;
  • Not be discriminated against for exercising your rights.

We respect the Global Privacy Control (GPC) browser/OS signal as a valid opt-out request where it is available on the platform.

11.3 Rights under the KVKK (Türkiye)

Per Article 11 of the Turkish Personal Data Protection Law (KVKK):

  • To learn whether your data is processed (verilerinizin işlenip işlenmediğini öğrenme);
  • To request information regarding processing;
  • To learn the purpose and whether the data is used in accordance with that purpose;
  • To know the third parties to whom data has been transferred, in Türkiye or abroad;
  • To request correction of incomplete or inaccurate data;
  • To request deletion or destruction of personal data within the framework of Article 7;
  • To object to outcomes adverse to yourself based solely on automated analysis;
  • To request compensation for damages arising from unlawful processing.

Requests can be made via email to mail@inovixi.com. You may also file a complaint with the Turkish Personal Data Protection Authority (KVKK).

11.4 How to exercise your rights

To exercise any of these rights, email mail@inovixi.com with the subject “Privacy Request — Grind Grid”. We will respond within 30 days (or such shorter period as the applicable law requires). We may need to verify your identity in a privacy-respecting way before fulfilling certain requests.

12. California “Do Not Sell or Share My Personal Information”

Under the CCPA as amended by the CPRA, certain ad-tech data flows can be considered a “sale” or “sharing” even if no money changes hands. While we do not sell personal information for monetary consideration, the Advertising ID and related signals processed by AdMob for ad personalization may fall within the broad CPRA definitions.

You can opt out of this sharing in any of the following ways:

  • Use the Global Privacy Control (GPC) signal in your browser or operating system — we honor it as a valid opt-out request.
  • Reset or delete your Android Advertising ID (Settings → Google → Ads).
  • Email mail@inovixi.com with the subject “Do Not Sell or Share — Grind Grid”.

13. Children's Privacy (COPPA and Beyond)

The Application is rated Teen / Everyone-13+ on Google Play and is not directed to children under 13. We do not knowingly collect personal information from children under 13 in the United States, nor children under the applicable age of digital consent (between 13 and 16 depending on the EU member state).

In line with the Children's Online Privacy Protection Act (COPPA), as amended by the FTC's 2025 Final Rule (effective June 23, 2025; compliance deadline April 22, 2026):

  • We do not collect biometric identifiers, government-issued identifiers, or any other category of personal information defined under the amended Rule from children under 13.
  • We do not share children's personal information with third parties for targeted advertising.
  • If we become aware that we have inadvertently collected personal information from a child under 13, we will delete it promptly.

If you are a parent or guardian and believe your child has provided personal information through the Application, please contact us at mail@inovixi.com and we will take immediate action.

14. Security

We take reasonable and appropriate technical and organizational measures to protect data, including:

  • Encryption in transit — all network communication, including data sent to AdMob and Google Play Services, is protected using Transport Layer Security (TLS 1.2 or higher). The Application does not permit cleartext HTTP traffic.
  • Minimization — we do not collect information beyond what is described in this policy, and we do not maintain user-data servers ourselves.
  • Vendor diligence — the SDK partners we rely on (Google) operate enterprise-grade security programs documented in their respective trust portals.

No method of transmission or storage is 100% secure; we cannot guarantee absolute security. We will notify you and the relevant supervisory authorities of any material data breach affecting your data without undue delay, in line with GDPR Article 33-34 and similar local obligations.

15. Cookies and Similar Technologies

The Application is a native Android app and does not use HTTP cookies. However, the AdMob SDK may use device-local storage and identifiers (Advertising ID, App Set ID) for ad delivery, frequency capping, attribution, and fraud prevention. Where consent is required (EEA, UK, Switzerland), we obtain it through Google's UMP consent flow before any non-essential identifier is read or written.

16. Data Retention & Deletion

Grind Grid (developed by Siraç Özmen / Inovixi) does not require an account and stores game progress (level completion, stars earned) locally on your device. The Service Provider does not maintain a server-side copy of this gameplay data.

How to delete your data:

  1. Local device data (game progress, settings): Uninstall the Application from your device. All locally stored data is removed immediately as part of the standard Android uninstall process. Alternatively, on your device, go to Settings → Apps → Grind Grid → Storage → Clear Data to wipe data without uninstalling.
  2. Data processed by third-party services: Diagnostic information, crash logs, and advertising identifiers handled by Google Play Services and AdMob can be controlled via your device's privacy settings (Settings → Google → Ads to reset or delete the advertising ID, and through Google's My Activity dashboard).
  3. Email request: If you would like the Service Provider to delete any data they may hold or to confirm in writing that no server-side data exists for you, please email mail@inovixi.com with the subject line “Grind Grid Data Deletion Request”. The Service Provider will respond within 30 days.

Data types deleted: all locally stored gameplay data (level progress, star ratings, settings).

Data types retained: none on the Service Provider's servers (no server-side user accounts exist). Aggregated, anonymized analytics events that cannot be linked to an individual user may be retained by third-party services for the periods specified in Section 9 of this policy and in their respective privacy policies.

Retention period for email correspondence: communications you send to us are kept for up to 24 months and then deleted, unless retention is required by law.

17. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes to the Application, the SDKs we use, or applicable law. When we do, we will update the “Last updated” date at the top of this page and, if the changes are material, post a clear in-app notice. Continued use of the Application after such changes take effect constitutes acceptance of the revised policy.

18. Contact Us

If you have any questions, requests, or complaints about this Privacy Policy or our handling of your data, please contact us at:

We aim to respond to all privacy inquiries within 30 days, and sooner where required by applicable law.

Last updated: 2026-05-07