Crisp

← Home

Privacy Policy

Last updated: 2026-05-10

1. Who we are

CodeBucky LLC (“we,” “us,” “our”) is a limited liability company organized in the State of Arizona, United States. We operate Crispy Fruits, including mobile apps and related web properties such as playcrisp.live. This Privacy Policy explains how we handle personal information when you use our games, websites, and services (collectively, the “Services”).

Contact: Contact form — general support, privacy-related requests, CPRA/CCPA rights, and “do not sell or share” inquiries.

2. Scope

This policy applies to:

  • Our iOS and Android apps (Crispy Fruits).
  • Our websites (including marketing pages on playcrisp.live).
  • Streamer-facing experiences we may offer on the web (e.g. WebGL or dashboard), when available.

Some features are optional or limited to specific users (for example, approved streamers). We describe those separately where it matters for your privacy.

3. Information we collect

We collect information in the following categories, depending on how you use the Services.

3.1 You provide directly

Examples include:

  • Email address if you sign up for launch or newsletter updates on playcrisp.live (processed by our email service provider, Brevo; see §6).
  • Account or profile data you choose to submit (e.g. email, display name) when you register or contact support.
  • Third-party sign-in data received when you authenticate via Apple, Google, or TikTok, including your username, display name, profile picture URL, and a platform-specific user identifier. For TikTok sign-in, we also receive and store authentication tokens (encrypted at rest) to maintain your session and verify your account.
  • Communications you send us (support tickets, feedback).

3.2 Automatically collected (apps & web)

Examples include:

  • Device and app information such as device type, operating system version, app version, language, and general diagnostic logs.
  • Identifiers such as advertising IDs (where allowed and configured), device IDs, or IP address.
  • Usage data such as gameplay or feature usage, crashes, and performance metrics.

3.3 From third parties

Examples include:

  • Ad and analytics partners that provide measurement or advertising services in the mobile apps (e.g. ad networks), subject to your device settings and applicable law.
  • Payment processors (Apple App Store, Google Play) that process purchases; we generally receive limited transaction or entitlement information, not your full payment card details.
  • Live stream integrations used for streamer features. When a streamer connects a live stream tool (such as TikFinity), we receive real-time event data from their broadcast, including viewer usernames, gift information, and chat messages. This data is used to power interactive gameplay features and is not stored beyond the active session.

4. How we use information

We use information to:

  • Provide, operate, and improve the Services (including gameplay, progression, and technical support).
  • Personalize content and features where appropriate.
  • Deliver and measure advertising in mobile builds where enabled.
  • Maintain security, prevent fraud, cheating, and abuse, and enforce our Terms.
  • Communicate with you about updates, policies, or your requests.
  • Comply with legal obligations and respond to lawful requests.

5. Legal bases (EEA / UK / similar)

Where GDPR or similar laws apply, we rely on one or more of the following:

  • Contract — to provide the Services you request.
  • Legitimate interests — to secure our Services, improve them, and communicate operational messages, balanced against your rights.
  • Consent — where required (e.g. certain cookies on the web, or advertising/analytics choices where applicable).
  • Legal obligation — where we must retain or disclose information by law.

6. Sharing of information

We may share information with:

  • Service providers who assist us (hosting, analytics, customer support tools, email delivery via Brevo), bound by confidentiality and processing terms.
  • Ad and measurement partners in the mobile apps, as permitted by platform rules and your settings.
  • Professional advisors (lawyers, accountants) where necessary.
  • Authorities when required by law or to protect rights, safety, and integrity of users and the Services.

We do not sell personal information for money. The mobile apps may share device identifiers with ad partners in ways U.S. state laws classify as “sharing” — see §12 for your opt-out choices.

7. Children

Our Services are not directed to children under 13 (or the minimum age required in your region). We do not knowingly collect personal information from children under that age. If you believe we have done so, contact us via our contact form and we will take appropriate steps to delete the information.

Streamer-facing features are limited to adults (18+) as described in our Terms.

8. Retention

We keep information only as long as needed for the purposes above, including legal, accounting, and dispute resolution needs. Specific examples:

  • Newsletter email addresses are retained until you unsubscribe or request deletion — whichever comes first.
  • Account data (profile, settings, creator codes) is retained while your account is active and for a reasonable period afterward to meet legal or dispute-resolution needs.
  • TikTok authentication tokens are stored encrypted while your streamer account is active and deleted upon account deletion or token revocation.
  • Live stream event data (gift events, chat interactions) is used in real time for gameplay and is not persisted beyond the active session.
  • Ad-related identifiers are retained only as long as they are needed to serve and measure ads, subject to your device and consent settings.

Contact us via our contact form for more detail about specific categories.

9. Security

We use reasonable technical and organizational measures to protect information. No method of transmission or storage is 100% secure.

10. International transfers

We may process information in countries other than where you live. Where required, we use appropriate safeguards (such as standard contractual clauses).

11. Your rights

Depending on your location, you may have rights to access, correct, delete, port, or restrict processing of your personal information, and to object to certain processing or withdraw consent where processing is consent-based. You may also have the right to lodge a complaint with a supervisory authority.

To exercise any of these rights, contact us via our contact form. We may need to verify your identity before processing your request.

California residents (CCPA / CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

  • Right to know: You may request the categories and specific pieces of personal information we have collected, the sources, the business purposes, and the categories of third parties we share with.
  • Right to delete: You may request deletion of personal information we hold about you, subject to certain exceptions (e.g. legal obligations, completing a transaction). Crispy Fruits players can also delete their account directly — see our Delete Account page.
  • Right to correct: You may request correction of inaccurate personal information.
  • Right to opt out of sale/sharing: See §12 below.
  • Right to non-discrimination: We will not discriminate against you for exercising your rights.

Categories of personal information we collect: Identifiers (email, device ID, IP address, advertising ID); internet or electronic network activity (usage data, ad interactions); geolocation (coarse, via IP address).

Business purposes: Providing and improving the Services; advertising and measurement; security and fraud prevention; legal compliance.

Categories shared with third parties: Device identifiers and ad interaction data shared with ad networks for targeted advertising (this may constitute “sharing” under the CPRA).

We do not collect or process sensitive personal information as defined by the CPRA for purposes that would require a “Limit the Use” option.

To submit a request, use our contact form. We will verify your identity and respond within 45 days (extendable to 90 days with notice). You may also designate an authorized agent to make a request on your behalf.

12. “Do Not Sell or Share” & Global Privacy Control

We do not sell personal information for money. However, the mobile apps may share device identifiers with ad and measurement partners in ways that U.S. state privacy laws (such as the CCPA / CPRA) may classify as “selling” or “sharing.”

Your choices:

  • Mobile (iOS): Decline the App Tracking Transparency prompt. This prevents sharing of the advertising identifier with ad networks.
  • Mobile (Android): When a consent dialog is presented, decline personalized ads.
  • Web: We do not run ad or analytics trackers on playcrisp.live at launch. If that changes, we will provide an opt-out mechanism here.
  • Contact form: Use our contact form and include “Do Not Sell or Share” in your message.

Global Privacy Control: We honor the Global Privacy Control (Sec-GPC) signal on our web properties. If your browser sends a Sec-GPC: 1 header, we treat it as a valid opt-out of “sale” or “sharing” of personal information under applicable law.

Our apps and sites may include third-party SDKs (for ads, analytics, etc.) or links to third-party sites or services. Their practices are governed by their own policies. We encourage you to review them.

Specific third parties used in our mobile apps:

  • LevelPlay (ironSource) — ad mediation
  • AdMob (Google) — advertising
  • Unity Ads — advertising
  • Apple SKAdNetwork — privacy-preserving ad attribution on iOS
  • Apple App Tracking Transparency (ATT) — your tracking choice on iOS gates personalized ad targeting
  • Supabase (managed Postgres and Edge Functions) — anonymous account creation, leaderboard scores, display names, content-moderation reports
  • Apple iCloud Key-Value Storage — cross-device save sync on iOS
  • Apple In-App Purchase / Google Play Billing — purchase processing

14. Changes

We may update this Privacy Policy from time to time. We will post the new version on this page and update the “Last updated” date. If changes are material, we will provide additional notice as required by law.

15. Data breaches

Where required by law, we will notify affected users and regulators of unauthorized access to personal data in accordance with applicable requirements.