Privacy Policy

Last updated: April 2026

This is a plain-English summary first. The detailed sections follow. We don't sell your data. We don't track you across the internet. We collect only what we need to make multiplayer mahjong work and keep your account secure.

1. Who we are

Mahj & Friends ("we", "us", "our") is an iOS app for playing American Mahjong asynchronously with friends. This Privacy Policy applies to the Mahj & Friends app and the website at mahjandfriends.com.

2. What we collect

To create your account and run multiplayer games, we collect:

• Account info — email address, display name, chosen handle, and (optionally) profile avatar color preference.
• Authentication credentials — managed through Firebase Authentication (Google) and/or Sign In with Apple. We never see your password directly; only an authentication token.
• Game data — the games you play, hands you've won, points earned, club memberships, friend connections, and tournament entries. This is required to run async multiplayer at all.
• Device info — iOS version, device model, app version, and a push-notification token (so we can tell you when it's your turn). No precise location, no contacts unless you grant permission, no microphone, no camera.
• Crash and diagnostic data — through Firebase Crashlytics, to fix bugs faster.
• Email waitlist — if you join our pre-launch waitlist on the website, your email address is stored in our email service (Kit / ConvertKit) and used only to notify you about the app. You can unsubscribe with one click.

3. What we don't collect

• We don't read your contacts, photos, or location.
• We don't track you across other apps or websites.
• We don't sell or rent your personal data to anyone.
• We don't share your gameplay activity with advertisers.

4. Advertising (free tier)

The free version of Mahj & Friends shows ads from Google AdMob in a few specific places: between hand sections in lists, on the Discover screen, and after some practice-vs-bots games. We never show ads during real gameplay, on the game board, on the win screen, or on your Profile screen.

Apple requires us to ask your permission before allowing third-party tracking. If you decline, you'll still see ads, but they will not be personalized based on activity in other apps. Premium subscribers ("Mahj+") see no ads anywhere in the app.

5. Children

Mahj & Friends is rated 4+ and is appropriate for general audiences, but we do not knowingly collect data from children under 13. If we learn that we have, we will delete it.

6. Where your data lives

Your account and game data are stored on Google Cloud (Firebase), which uses servers in the United States and Europe depending on region. Email waitlist data is stored on the servers of our email provider (Kit, hosted in the United States).

7. How long we keep it

We keep your account data for as long as your account exists. Completed games are kept for 90 days, then archived in a non-personally-identifiable form for aggregate stats. If you delete your account, we permanently remove your profile, friend connections, club memberships, active games, and tournament entries within 30 days. Some anonymized aggregate game stats may remain.

8. Your rights

You can:

• See your data — Settings → Data → Export My Data.
• Edit your profile — Settings → Account.
• Delete your account — Settings → Danger Zone → Delete Account. This is permanent.
• Withdraw consent — for ad tracking, via iOS Settings → Privacy → Tracking. For email, by clicking unsubscribe in any email we send.

If you live in the EU, UK, or California, you have additional rights (access, rectification, erasure, portability, objection). Email support@mahjandfriends.com and we'll respond within 30 days.

9. Security

We use industry-standard security: encrypted connections (TLS) for every request, Firebase's authentication and security rules for access control, and we never store passwords ourselves. No system is 100% secure. If we ever experience a breach affecting your personal data, we'll tell you.

10. Third parties we use

• Firebase (Google) — Authentication, Firestore database, Cloud Messaging push notifications, Crashlytics.
• Google AdMob — advertising on the free tier only.
• Kit (ConvertKit) — email waitlist, used only if you join from this website.
• Apple StoreKit — for in-app purchases and subscriptions; Apple processes payments and we never see your card info.

11. Changes to this policy

If we change this policy materially, we'll let you know in-app and update the date at the top of this page. Continued use after a change means you accept the new version.

12. Contact

Questions? Email support@mahjandfriends.com.