Effective Date and Last Updated: February 11, 2026
Introduction
Impostor Madness! is a local multiplayer party game designed to be played with friends on the same local network (LAN).
This privacy policy explains what data the app collects, how it is used, and your rights regarding that data.
This policy accurately reflects the app's actual data practices as of the date above.
Your Consent & Control
We believe in giving you complete control over your data. When you first launch the app, you will be asked whether you want to share anonymous analytics and crash reports.
Before You Consent:
All analytics and crash reporting are completely DISABLED
No data is sent to any external servers
The app functions fully without any online data collection
If You Accept:
Anonymous crash reports and usage statistics are enabled
This helps us improve the app and fix bugs faster
You can revoke consent at any time in Settings
If You Decline:
Nothing changes — no data is collected, all features remain available, and you can change your mind later in Settings.
This consent mechanism is designed to comply with GDPR, CCPA, and other privacy regulations worldwide.
Data Stored Locally on Your Device
The following data is stored ONLY on your device and is NEVER sent to any server:
Display Name: The username you choose for gameplay. Stored in SharedPreferences on your device.
Avatar Image (Optional): If you take a photo for your avatar, it is stored locally as base64-encoded data in SharedPreferences. This image is never uploaded to the internet.
Avatar Emoji (Optional): If you select an emoji as your avatar, it is stored locally.
App Preferences: Theme setting (light/dark/system), sound effects toggle, haptics toggle, language preference, and whether you've seen the tutorial. All stored locally via SharedPreferences.
Premium Purchase Status: If you purchase Premium Hosting, the purchase status is stored locally using platform-secure storage (iOS Keychain / Android EncryptedSharedPreferences) for added security.
Active Room State: If you disconnect from a game, the app temporarily stores your room code and player information for up to 30 minutes to allow rejoining. This data is automatically deleted after 30 minutes.
Network Communication (Gameplay)
Local Network Only for Gameplay
All gameplay in Impostor Madness! operates exclusively on your local network (LAN). No internet connection is required to play.
All game communication uses WebSocket connections within your local network only
The app uses Bonjour/mDNS for local device discovery on your WiFi network or Personal Hotspot
Game data (player names, avatars, votes, game state) is transmitted only to other players on your local network
No gameplay data is ever sent to external servers, cloud services, or the internet
Note: If you consent to analytics/crash reporting, that data is sent to Firebase servers separately (see "Data Sent Online" section below).
Data Transmitted During Gameplay
When playing a game, the following data is shared with other players on your local network:
Your chosen display name
Your avatar (photo or emoji, if set)
Your device platform (iOS or Android)
Game actions (votes, guesses, game state)
This data is only accessible to devices on your local WiFi network or Personal Hotspot during active gameplay and is not stored persistently by other players' devices.
Deep Linking & Sharing
The app supports deep links (impostormadness://join?code=XXXX and https://impostorparty.com/join?code=XXXX) to let players join games easily. These links contain only a 4-letter room code. When sharing a game invitation, the app uses your device's built-in share sheet — no personal data is collected, transmitted, or tracked.
Data Sent Online (With Your Consent)
The following data is ONLY collected and sent to external servers if you explicitly consent when first launching the app. You can change your choice at any time in the app's Settings.
Crash Reports (Firebase Crashlytics)
When enabled, if the app crashes, a report is sent containing:
Device model and operating system version
App version and build number
Crash stack trace (technical error information)
Game context for debugging:
Room code (4-letter game code)
Game phase (e.g., "lobby", "voting")
Player count
Whether you are the host
Your session player ID (random, not personally identifiable)
Connection mode (whether you are hosting or joining)
Premium status
App language/locale setting
No personal information — such as your name, avatar, location, or advertising identifiers — is included in crash reports.
Crash reports help us identify and fix bugs to improve the app for everyone. This data is processed by Google Firebase and is subject to Google's Privacy Policy.
Anonymous Usage Statistics (Firebase Analytics)
When enabled, the app collects completely anonymous, aggregated usage statistics:
Daily and monthly active user counts (aggregate numbers only)
Session counts (how many times the app is opened)
General device type and operating system (e.g., "iPhone", "Android 14")
App version distribution
Country-level geographic distribution (derived from IP, not precise location)
Purchase events (when you buy Premium Hosting):
Currency code
Price value
Product identifier
This data is:
Completely anonymous - not linked to any individual user
Aggregated - we see "142 users today", not individual identities
Never used for advertising or sold to third parties
Never used for personalization or user profiling
This anonymous data is processed by Google Firebase and is subject to Google's Privacy Policy.
Third-Party Services
The following third-party services may receive data from the app or website:
Firebase Crashlytics (Google): Crash reporting, only if you consent. See "Crash Reports" above.
Firebase Analytics (Google): Anonymous aggregate statistics, only if you consent. See "Anonymous Usage Statistics" above.
Apple App Store / Google Play Store: Payment processing for the optional Premium Hosting purchase. See "In-App Purchases" below.
Google reCAPTCHA (Google): Spam protection on the website contact form. See "Contact Form" below for details on what data is collected.
Formspree: Form submission processing for the website contact form. See "Contact Form" below.
On-Device Features
The app uses standard device capabilities — including local network discovery, sharing, camera (for QR codes and avatars), motion sensors (shake gesture), screen wake lock, and network status detection. These operate entirely on your device and do not collect, store, or transmit any data to external servers.
Font assets are bundled with the app at build time; no network requests are made for fonts.
In-App Purchases
The app offers an optional one-time "Premium Hosting" in-app purchase that unlocks additional game modes, categories, and features. This purchase:
Is processed entirely through Apple's App Store or Google Play Store
Does not require account creation with us
Does not transmit any personal information to our servers
Purchase status is stored locally on your device and can be restored via the app stores
We do not have access to your payment information. All billing is handled by Apple or Google.
Device Permissions
The app requests the following permissions:
Required Permissions:
Local Network Access: Required for hosting and joining games on your WiFi network or Personal Hotspot. This is essential for the app's core functionality.
Internet Permission (Android): Required by the platform for network access. Used for LAN gameplay, and for sending crash reports/analytics to Firebase if you consent.
Optional Permissions:
Camera: Used to scan QR codes for joining games and to take avatar photos. You can use the app without granting camera access by entering room codes manually and using emoji avatars. Camera images are used only in-game and are never uploaded online.
Vibration: For haptic feedback during gameplay. Can be disabled in Settings.
Motion Sensors (Accelerometer): Used for the shake-to-reveal gesture during gameplay rounds. Sensor data is processed in real time on your device only and is never stored, recorded, or transmitted. No motion or movement data leaves your device.
Data Retention
Preferences and avatar: Stored on your device indefinitely until you clear app data or uninstall.
Active room state: Automatically deleted after 30 minutes.
Game session data: Exists only during active gameplay and is not persisted.
Analytics/crash data (if you consent): Retained by Google Firebase per their retention policies. Disable in Settings at any time to stop future collection.
International Data Transfers
If you consent to analytics and crash reporting, the anonymous data described above is transmitted to Google Firebase servers. Google may process and store this data in data centers located outside your country of residence, including in the United States.
These transfers are governed by Google's data processing terms and their compliance with applicable data protection frameworks, including:
EU-U.S. Data Privacy Framework (for transfers from the European Economic Area)
Google's Standard Contractual Clauses (SCCs) for international transfers
Google's Firebase Terms of Service and Data Processing Terms
If you do not consent to analytics, no data is transferred internationally. All gameplay data remains on your local network and device.
Your Rights & Data Control
You have full control over your data:
Right to withdraw consent: You have the right to withdraw your consent at any time by disabling analytics/crash reporting in the app's Settings
Change your name and avatar at any time through the app
Clear your avatar in the app's Settings
Delete all app data by uninstalling the app or clearing app data in your device settings
Deny optional permissions (camera) without affecting core functionality
Since all personal data is stored locally on your device, there is no account to delete or data access request to make. Simply uninstalling the app removes all stored data.
If you previously consented to analytics, you can disable it in Settings to stop future data collection. Any analytics data already sent to Firebase is anonymous and aggregate, meaning it cannot be linked back to you individually and therefore cannot be individually identified or deleted.
Children's Privacy
Impostor Madness! is designed as a party game for friends and family. The app does not:
Collect personal information from children
Require account creation or registration
Contain advertising
Share any personal data online (analytics/crash reports, if enabled, contain no personal information)
The app is suitable for players of all ages when used in a supervised party setting. Parents and guardians should ensure that display names and avatar photos chosen during gameplay are appropriate.
Security
Sensitive data (premium purchase status) is stored using platform-provided secure storage (iOS Keychain / Android EncryptedSharedPreferences); other preferences use standard on-device storage (SharedPreferences)
Gameplay communication stays on your local network via WebSocket
Analytics/crash data (if you consent) is transmitted securely via HTTPS
The app does not require authentication or store sensitive credentials
Changes to This Policy
We may update this privacy policy from time to time. Any changes will be reflected on this page with an updated "Last Updated" date. We encourage you to review this policy periodically.
Significant changes to data collection practices (if any) will be communicated through app updates and release notes.
impostorparty.com Website
Our website at impostorparty.com provides information about the app and includes a contact form.
Contact Form
The website contact form collects:
Your name
Your email address
Your message
This data is processed by Formspree (formspree.io), a third-party form service, to deliver your message to us. We use this information only to respond to your inquiry. Formspree's privacy policy applies to data submitted through the contact form.
Spam Protection (Google reCAPTCHA)
The contact form uses Google reCAPTCHA v2 to protect against spam and automated abuse. When you visit the contact page, reCAPTCHA may collect:
Your IP address
Cookies set by Google (including _GRECAPTCHA and other Google cookies)
Browser and device information (user agent, screen resolution, browser plugins)
Mouse movements and interaction patterns on the page
reCAPTCHA is loaded only on the contact page — it is not present on any other page of the website.
Cookies & Local Storage
The website does not use analytics or tracking scripts of its own. However, the contact page loads Google reCAPTCHA, which may set cookies (see "Spam Protection" above). These cookies are set by Google, not by us, and are used solely for spam protection.
The only data we store locally is your language preference (English or Greek) in your browser's local storage, to remember your choice across visits. This is not personal data and is never transmitted.
No cookies or third-party scripts are loaded on any page other than the contact page.
Contact
If you have questions about this privacy policy, the app's data practices, wish to exercise your data rights, or would like to report a bug, please reach out: