Privacy Policy

Schrödinger's Cat: Quantum Lab · KheniTech · Last updated: May 26, 2026

1. Introduction

This Privacy Policy explains how KheniTech ("we", "us", or "our") collects, uses, and protects information when you use Schrödinger's Cat: Quantum Lab (the "App") on iOS, Android, or web.

By using the App you agree to this policy. If you do not agree, please do not use the App.

The App is not directed at children under the age of 13. We do not knowingly collect personal data from anyone under 13. If you are under 13, please do not use the App. If we become aware that a child under 13 has provided personal information, we will delete it promptly.

2. Data We Collect

We collect only what is necessary to provide the App's features.

You can play single-player without signing in. The App opens directly to the game and needs no account for solo play. The data below sourced from "Google / Apple sign-in" is collected only if you choose to sign in to use account-based features (online multiplayer or your profile). Playing as a guest, or signing out, stops this collection.

Data	Source	Why	Where Stored	Retention
Email address	Google / Apple sign-in	Authentication	Firebase Auth (Google, US)	Until account deletion
Display name	Google / Apple sign-in	In-app profile display	Firebase Auth (Google, US)	Until account deletion
Profile photo URL	Google account (if signed in with Google)	Avatar in profile screen	Firebase Auth stores URL; image served from Google's CDN	URL until account deletion
Firebase User ID (UID)	Assigned by Firebase Auth on first sign-in	Identifies you within the App; used for multiplayer room ownership	Firebase Auth + ephemeral RTDB room records	Until account deletion
In-game position & actions	Your gameplay during multiplayer sessions	Real-time multiplayer sync (position, bombs, projectiles)	Firebase Realtime Database (Google, US-Central1) — ephemeral	Deleted automatically when the game session ends or you disconnect
Firebase Installation ID (FID)	Firebase SDK (automatic)	Required by Firebase services to maintain SDK connection	Google Firebase servers	Until app uninstall or explicit SDK reset
Authentication tokens	Firebase Auth	Keeps you signed in across app restarts	Device local storage (inside the app's WebView sandbox)	Until sign-out or account deletion

3. What We Do NOT Collect

Real-world location or GPS data
Device advertising identifiers (IDFA / GAID)
Microphone, camera, or contacts data
Browsing history or search history
Financial or payment information
Crash logs or performance analytics (no Crashlytics or Firebase Analytics)
Push notification tokens (FCM is registered at the SDK level but we do not request notification permission or send push notifications)

4. How We Use Your Information

Authentication — to create and maintain your account
Multiplayer — to sync your game state with other players in real time during a session
Profile display — to show your name and photo inside the App
App operation — Firebase Installation ID is used by the Firebase SDK to maintain service connectivity

We do not sell your data, use it for advertising, or share it with any third party other than the processors listed below.

5. Third-Party Data Processors

Processor	Purpose	Data Shared	Privacy Policy
Google LLC (Firebase Auth, Firebase Realtime Database)	Authentication, real-time multiplayer data sync	Email, name, photo URL, UID, in-game session data, Firebase Installation ID	Google Privacy Policy · Firebase Privacy
Apple Inc. (Sign in with Apple)	Authentication (iOS only)	Name, email (or Apple relay address)	Apple Privacy Policy

Firebase services operate under Google's Data Processing Terms and use Standard Contractual Clauses (SCCs) for transfers of personal data from the European Economic Area.

6. Data Storage & Security

Your data is stored on Google's Firebase infrastructure in the United States (us-central1). All data in transit between the App and Firebase uses TLS encryption. Firebase handles server-side encryption at rest.

Authentication tokens are stored in the App's local storage inside the WebView sandbox, isolated from other apps on your device.

We implement reasonable security measures, but no system is completely secure. Please use a strong password and keep your device secure.

7. Multiplayer Session Data

During a multiplayer game session, your in-game position, movement, and game actions (placing bombs, firing projectiles) are transmitted in real time to Firebase Realtime Database. This data:

Is visible only to the other player(s) in the same private room
Is identified only by your Firebase UID (not your name or email)
Is automatically deleted when the game session ends, you leave the room, or your connection drops
Is never stored permanently — no session history is kept

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

Access — view the personal data we hold about you (visible in the Profile screen)
Correction — update your display name or email via your Google or Apple account settings
Deletion — delete your account and all associated data directly in the App: Profile icon → Delete Account. This permanently deletes your Firebase Auth record. Multiplayer session data is already ephemeral.
Portability — contact us to request an export of your data
Withdraw consent — sign out at any time; signing out stops further data transmission

For GDPR requests, please contact us at contact@khenitech.com. We will respond within 30 days.

9. International Users (GDPR / UK GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, your personal data is transferred to and processed in the United States by Google LLC. This transfer is covered by Google's Standard Contractual Clauses as described in Firebase's privacy documentation.

The legal basis for processing your personal data is contract performance — processing is necessary to provide the App's authentication and multiplayer features as requested by you.

10. Children's Privacy (COPPA)

The App is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. Sign-in with Google or Apple requires users to have an account with those services, which themselves require users to be at least 13 years old. If you believe a child under 13 has provided us with personal information, please contact us and we will delete it.

11. Changes to This Policy

We may update this policy from time to time. If we make material changes, we will update the "Last updated" date at the top of this page. Continued use of the App after changes constitutes acceptance of the updated policy.

12. Contact

If you have questions about this policy or wish to exercise your rights, please contact:

KheniTech
Email: contact@khenitech.com