Privacy Policy

Effective date: April 17, 2026 | Last updated: May 13, 2026

Thank you for using SudokuMind ("Game/App"), package name com.sudokumind.yesaa. We respect your privacy. This Privacy Policy explains how we handle your information and is designed to comply with Google Play requirements and applicable privacy laws in the United States, the European Union/EEA, the United Kingdom, and other regions where the game/app may be available.

For the purposes of this Privacy Policy:

Account means a unique account created for you to access our Service or parts of our Service. SudokuMind does not require you to create an account.

Affiliate means an entity that controls, is controlled by, or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest, or other securities entitled to vote for the election of directors or other managing authority.

Application refers to the software program provided by the Company, named SudokuMind, a Sudoku logic puzzle game/app that lets you play and manage game progress on your device.

Company (referred to as "the Company", "We", "Us", or "Our" in this policy) refers to Yesaa Technologies.

Country refers to: India (where Yesaa Technologies is established).

Device means any device that can access the Service, such as a computer, mobile phone, or digital tablet.

Personal Data means any information that relates to an identified or identifiable individual.

Service refers to the Application.

Service Provider means any natural or legal person who processes data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service, or to assist the Company in analyzing how the Service is used.

1. Information we collect

1.1 Information we do not ask you to submit

SudokuMind does not require registration or login. We do not ask you for your name, email, phone number, or postal address for core gameplay.

1.2 Local game data (on your device)

To provide save/resume and in-game features, the Application stores puzzle-related data locally on your device (for example difficulty, grid state, notes, timer, and hint coins) using local app storage (SharedPreferences). This data is used to restore your session and is not uploaded to our own servers by the Application for the features described in this version.

1.3 Advertising-related data (TopOn and ad networks)

The Application integrates the TopOn SDK and multiple third-party advertising networks to show ads (such as interstitial and rewarded ads). Those partners may process data for ad delivery, measurement, fraud prevention, and optimization, which may include:

Device information such as device model, OS version, language, screen parameters, and similar technical identifiers;
Advertising identifiers such as Google Advertising ID (where available and permitted);
Approximate location inferred from IP address;
App usage and ad interaction data such as impressions, clicks, completions, and related events;
Network information such as IP address, connection type (Wi‑Fi/cellular), and carrier-related information when available.

These Service Providers process data under their own privacy policies. We recommend reviewing their policies to understand their practices.

1.4 Transmission security (ads)

Communications between the Application and TopOn, and between TopOn and its partners, normally use industry-standard HTTPS/TLS encryption to protect data in transit. No method of transmission over the Internet is 100% secure.

1.5 First-launch install count (internal statistics only)

After you install the Application and open it for the first time, the Application may send one lightweight HTTP POST request (empty body) to:

https://www.aiabn.space/api/stat/report?appCode=sudu

Timing: This request is queued from the Application’s first cold start (application process start), before the in-game TopOn GDPR/consent UI (if any) is shown. It is independent of the advertising consent flow.

This request is used only for our company’s internal statistics on how many times the Application is installed or first launched. By design, the Application does not attach your saved game content, account credentials (the Application has no login), advertising ID, or other fields intended to identify you as a person. The request is fired asynchronously; whether it succeeds or fails does not affect gameplay, ads, or any other feature.

Like any HTTPS request, standard network routing may involve technical metadata that web servers commonly observe (for example IP address, TLS/session metadata, and timestamps at the infrastructure layer). Depending on applicable law, such metadata may be treated as personal data when held by the server operator. We do not use this endpoint for user profiling, personalization, or linking to your identity for marketing purposes. Google Play “Data safety” (or equivalent store disclosures) should reflect any categories you declare there (for example device or diagnostic information) so they stay consistent with this Policy.

2. How we use information

We use locally stored game data solely to operate Sudoku features on your device.

We use the first-launch request described in Section 1.5 solely for internal install-count statistics and not for identifying individuals.

We rely on TopOn and advertising partners to show ads and measure ad performance. Their processing is described in their policies and in Section 5 of this Privacy Policy.

We do not sell your personal data. Where advertising partners process identifiers or usage data that may be considered personal data under applicable law, their processing is governed by their policies and your device and platform settings.

3. Data storage and retention

Locally stored game data remains on your device until you clear app data or uninstall the Application, unless your device backup/restore copies it according to your OS or account settings.

Advertising partners may retain ad-related data according to their own retention schedules (often months to up to approximately 24 months, then deletion or anonymization, depending on the partner).

4. Permissions (our manifest and merged SDK manifest)

The final installed APK/AAB merges permissions from SudokuMind’s own AndroidManifest.xml with those contributed by TopOn and integrated advertising SDKs (Section 5). Labels on your device may differ slightly by OEM or Android version; the authoritative list is under Settings → Apps → SudokuMind → Permissions. We do not enable precise/coarse location or legacy external storage write permissions in our manifest (those lines remain commented).

4.1 Declared in our own AndroidManifest.xml

These are the uses-permission entries we actively declare and enable (not commented out) in our project:

android.permission.INTERNET

Purpose: Allows the app to use network access. The integrated TopOn SDK and ad network partners need the internet to fetch ad configuration and creatives, show interstitial/rewarded ads, and communicate with ad and measurement servers. Without this permission, those ad-related features cannot work normally.

Important: This permission alone does not mean “a specific category of personal data is always uploaded”; it enables lawful network communication under this Policy and partners’ policies. If you disable mobile data/Wi‑Fi for the app or restrict background data, ads and network-dependent features may fail or behave inconsistently.

android.permission.ACCESS_NETWORK_STATE

Purpose: Lets the app read whether the device has connectivity and the connection type (for example Wi‑Fi vs cellular). The app and ad SDKs use this to decide whether to request ads, whether large downloads are appropriate on cellular, and to degrade gracefully on offline or poor networks.

Important: Used for connectivity checks and policy optimization only. You can manage network permissions in system settings; restricting them may affect ad loading and retries.

com.google.android.gms.permission.AD_ID

Purpose: Where supported and permitted under Google Play policies, allows the app and integrated ad SDKs (TopOn and partners) to access the Google advertising ID for personalized ads and measurement (impressions, clicks, conversions, attribution) in support of the free-to-play ad model.

Important: The advertising ID is provided by Google Play services and can be reset by you; it is not your name, email, or phone number. We and partners use it only for advertising and measurement as described. You can reset the advertising ID or limit ad personalization in device settings (paths vary by OEM/Android version, for example under Google or Privacy → Ads). Resetting or limiting the ad ID does not block core gameplay; you may still see ads, but they may be less relevant.

4.2 Additional permissions commonly merged from third-party SDKs

Depending on SDK version and build variant, the merged manifest may also include permissions such as the following. They are listed for transparency; not every build or device will surface every item in Settings. Typical purposes are summarized; see each partner’s policy for detail.

android.permission.ACCESS_WIFI_STATE — Wi‑Fi connection state for network diagnostics and ad/media loading behavior.
android.permission.ACCESS_ADSERVICES_ATTRIBUTION — Android Privacy Sandbox–related attribution APIs where supported.
android.permission.ACCESS_ADSERVICES_TOPICS — Android Privacy Sandbox Topics (or related ad-services APIs) where supported.
android.permission.READ_PHONE_STATE — Often declared by ad SDKs for call-state awareness (e.g. pausing ads during a call) and network-type signals. It does not authorize us to collect call content; partners must comply with law and platform policy.
android.permission.VIBRATE — Haptics in gameplay or ad UI; not used to read identity data.
com.android.vending.CHECK_LICENSE — Play licensing when distributed via Google Play; not used to collect personal identity data for its own sake.
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE — Install referrer / campaign attribution via Play services.
android.permission.WAKE_LOCK — Keeps the device awake for ad playback, downloads, or SDK background work where applicable.
android.permission.RECEIVE_BOOT_COMPLETED — System broadcast after reboot for SDK scheduling (as implemented by each SDK).
android.permission.FOREGROUND_SERVICE — Foreground service types that media or ad components may use under system rules.
App-specific non-exported receiver permission (signature-level, e.g. com.sudokumind.yesaa.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION) — Restricts dynamic broadcast receivers; security hardening, not for collecting personal information.

If a merged permission is not granted at runtime (where Android requires runtime consent), affected SDK features may be limited. Your Google Play Data safety section should align with actual data collected or shared, which may depend on these SDKs—not only the three permissions in Section 4.1.

5. Third-party services: TopOn SDK and integrated advertising SDKs

The Application integrates TopOn (TPN / Anythink) mediation and the following advertising-related components (versions may change between releases; see your installed build or store listing for details):

TopOn core and ad format modules (core, native, banner, interstitial, rewarded, splash)
Vungle (Liftoff)
Unity Ads
ironSource (LevelPlay)
BIGO Ads
Meta Audience Network (Facebook)
InMobi
SmartDigiMktTech (SDM / related TU Adx components)
AppLovin
Mintegral
Chartboost
Yandex Mobile Ads
Fyber (Digital Turbine marketplace)
Tramini plugin (TopOn-related analytics/measurement tooling)

Supporting Google Play services libraries may also be present (for example components used with advertising identifiers or related APIs).

5.1 Privacy policy links (third parties)

Partner	Privacy policy (URL)
TopOn	https://www.toponad.net/en/privacy-policy
Vungle	https://vungle.com/privacy/
Unity	https://unity.com/legal/game-player-and-app-user-privacy-policy
ironSource	https://developers.is.com/ironsource-mobile/air/ironsource-mobile-privacy-policy/
BIGO Ads	https://forbusiness.bigo.sg/privacy
Meta (Facebook)	https://www.facebook.com/privacy/policy
InMobi	https://www.inmobi.com/privacy-policy/
AppLovin	https://legal.applovin.com/privacy/
Mintegral	https://www.mintegral.com/en/privacy/
Chartboost	https://docs.chartboost.com/en/legal/privacy-policy/
Yandex	https://yandex.com/legal/confidential/
Fyber	https://www.fyber.com/privacy-policy/

For SmartDigiMktTech / Tramini and other TopOn companion components, also refer to TopOn documentation and the TopOn privacy policy above.

EEA/UK users (consent and SDK initialization)

Depending on your region, advertising SDKs may require a lawful basis such as consent before processing certain data. In current builds:

The main game screen may be shown right after launch while the app concurrently runs TopOn’s region detection (ATSDK.checkIsEuTraffic), combined where relevant with on-device signals such as ATSDK.isEUTraffic.
When region detection succeeds and traffic is treated as EU/EEA/UK-related and ATSDK.getGDPRDataLevel is still ATSDK.UNKNOWN, the app shows TopOn’s GDPR / consent UI over the game screen before initializing ads. If the user is not in scope for that UI, or the GDPR level is already set (not UNKNOWN), the app may proceed without that form.
GDPR level ATSDK.UNKNOWN and ad initialization: In our integration, when the GDPR data level returned by TopOn is UNKNOWN, the Application may still initialize TopOn and ad-related SDKs (this covers typical non‑EU traffic and other cases TopOn treats as not requiring a blocking unknown state). This is separate from the user explicitly refusing consent through TopOn’s UI (refusal paths do not initialize ads in the current build).
If checkIsEuTraffic fails (for example a network error), the app uses a fallback path based on ATSDK.getGDPRDataLevel so the UI is not stuck. In that situation, if the level is still UNKNOWN, the consent form may not be shown, yet TopOn and ad-related SDKs may still initialize under the same rules as the bullet above. A completed “deny” / refuse choice already stored by the SDK is not overridden by this fallback.
The first-launch install statistic in Section 1.5 may run on cold start before any TopOn consent UI; it is not blocked by the advertising consent flow.

We encourage users in the EU/EEA/UK to use system ad privacy controls (for example reset advertising ID, limit ad personalization). Whether an additional certified consent platform (CMP) is required for your use case is governed by current Google and local rules—verify against the latest official guidance.

6. Children's privacy

The game/app is not directed at children under 13 (or under 16 in the EEA/UK where applicable). We do not knowingly collect personal data from children for our own independent profiling. Advertising partners may have their own age-related rules and controls. If you believe we have inadvertently collected such data, please contact us at yesaatechnologies1990@gmail.com and we will address it promptly.

7. Data security

We take reasonable technical and organizational measures to protect information. Local gameplay data stays primarily on your device. Ad-related transmissions normally use HTTPS/TLS as described above. No method of storage or transmission is 100% secure.

8. International data transfers

Advertising partners may process data in countries other than your own. Their practices are described in their privacy policies. Where required by law, they may rely on appropriate safeguards for international transfers.

9. Your rights by region

Depending on where you live, you may have rights to access, correct, delete, restrict, or object to processing, to data portability, and to withdraw consent where processing is based on consent. You may also have the right to opt out of certain "sales" or "sharing" of personal information under US state laws, where applicable.

Because advertising partners may process identifiers or usage data that can be personal data in some jurisdictions, you can also exercise controls through your device (for example reset advertising ID, opt out of ads personalization) and through partner policies linked in Section 5.

For requests to us regarding this Privacy Policy, contact yesaatechnologies1990@gmail.com.

9.1 Deletion of your personal data (and limits)

Depending on applicable law, you may have the right to request deletion of personal data we hold about you, subject to the limits below.

No in-app accounts: SudokuMind does not offer registration or login. There is no user account to cancel. Please describe your request clearly (for example, data related to our first-launch statistic in Section 1.5) rather than using “account closure” wording.

How to contact us: Email yesaatechnologies1990@gmail.com with a clear subject line (for example, “SudokuMind – data deletion request”). Where we control the data and deletion is technically feasible and lawful, we aim to complete appropriate steps within approximately 30 days, unless a longer period is required by law or legitimate dispute resolution.

Data stored on your device: Local game data described in Section 1.2 can be removed by clearing app data or uninstalling the Application.

Advertising ID and ad partners: You can reset or limit the Google advertising ID and ad personalization in your device settings (paths vary by OEM/Android version). That reduces linkage of future ad activity to the previous identifier for TopOn and partners, but it does not erase historical records already held by third-party networks; they process data under their policies (Section 5).

TopOn and other independent controllers: For data processed primarily by TopOn or another advertising partner, you may need to exercise rights directly with that partner using its privacy policy and tools. Our email address is for the Company’s own practices and data we control (for example, reasonable requests regarding our first-launch statistic endpoint in Section 1.5, where applicable and technically feasible).

What we may retain: We may keep information where law requires it, for dispute resolution or to protect legal rights, or where information is already aggregated or anonymized so that it can no longer reasonably identify you.

Third-party retention: Advertising partners may retain ad-related data according to their schedules (often on the order of months to up to approximately 24 months, then deletion or anonymization, depending on the partner). A request to us does not automatically delete copies held by third parties.

Withdrawing consent (where applicable): You may use device settings (advertising ID, app permissions such as network access where applicable), TopOn’s GDPR/consent UI when it is shown, and email to the address above. Withdrawing consent or limiting identifiers may affect ads personalization or measurement; core Sudoku gameplay may remain usable depending on your choices and connectivity.

This Application does not use an in-app account system, in-app WebView–based login, or cookies for the features described in this Policy; deletion lists referring to “passwords,” “WebView session tokens,” or similar items do not apply to the current store build.

European Union (EU) / European Economic Area (EEA) / United Kingdom (UK) - GDPR / UK GDPR

You may have the rights described above and the right to lodge a complaint with a supervisory authority. Contact us at yesaatechnologies1990@gmail.com for questions.

United States - California (CCPA / CPRA)

California residents may have additional rights regarding personal information. We do not "sell" personal information in the traditional sense; some sharing of identifiers for cross-context behavioral advertising may be treated as "sharing" under California law—use device opt-outs and partner controls where available.

Other US states / Brazil / other regions

Similar rights may apply under local laws. Contact us at yesaatechnologies1990@gmail.com for requests or questions.

10. Changes to this policy

We may update this Privacy Policy from time to time. We will change the "Last updated" date at the top and, where appropriate, notify you through the game/app or the store listing. Your continued use of the game/app after changes constitutes acceptance of the updated policy where permitted by law.

11. Governing law

This policy is governed by the laws of the jurisdiction in which Yesaa Technologies is established, without prejudice to any mandatory rights you have under the laws of your country of residence (including in the EEA, UK, or US states).

12. Contact us

For any questions, requests, or complaints about this Privacy Policy or our handling of your information:

Email: yesaatechnologies1990@gmail.com

We will respond within a reasonable time.

This document describes SudokuMind’s practices for the current store build. If anything conflicts with mandatory law or store rules, the law and store rules prevail.