Privacy Policy

Effective Date and Last Updated: April 16, 2026

Introduction

Impostor Madness! is a local multiplayer party game designed to be played with friends on the same local network (LAN).

This privacy policy explains what data the app collects, how it is used, and your rights regarding that data.

This policy accurately reflects the app's actual data practices as of the date above.

Your Consent & Control

We believe in giving you complete control over your data. When you first launch the app, you will be asked whether you want to share anonymous analytics and crash reports.

Before You Consent:

• All analytics and crash reporting are completely DISABLED
• No analytics or crash data is sent to any external servers
• The app functions fully without any online data collection

If You Accept:

• Anonymous crash reports and usage statistics are enabled
• This helps us improve the app and fix bugs faster
• You can revoke consent at any time in Settings

If You Decline:

Nothing changes. No data is collected, all features remain available, and you can change your mind later in Settings.

This consent mechanism is designed to comply with GDPR, CCPA, and other privacy regulations worldwide.

Data Stored Locally on Your Device

The following data is stored ONLY on your device and is NEVER sent to any server:

• Display Name: The username you choose for gameplay. Stored in SharedPreferences on your device.
• Avatar Image (Optional): If you take a photo for your avatar, it is stored locally as base64-encoded data in SharedPreferences. This image is never uploaded to the internet.
• Avatar Emoji (Optional): If you select an emoji as your avatar, it is stored locally.
• App Preferences: Theme setting (light/dark/system), sound effects toggle, haptics toggle, shake to reveal toggle, animated background toggle, language preference, last used lobby settings, and whether you've seen the tutorial. All stored locally via SharedPreferences.
• Premium Purchase Status and Receipt Data: If you purchase Premium Hosting, the purchase status and purchase receipt data (platform, receipt token, and product identifier) are stored locally using platform-secure storage for added security. The receipt data is retained to allow periodic re-verification of your purchase.
• Active Room State: If you disconnect from a game, the app temporarily stores your room code and player information for up to 30 minutes to allow rejoining. This data is automatically deleted after 30 minutes.

Network Communication (Gameplay)

Local Network Only for Gameplay

All gameplay in Impostor Madness! operates exclusively on your local network (LAN). No internet connection is required to play.

• All game communication uses WebSocket connections within your local network only
• The app uses Bonjour/mDNS for local device discovery on your Wi-Fi network or Personal Hotspot
• Game data (player names, avatars, votes, game state) is transmitted only to other players on your local network
• No gameplay data is ever sent to external servers, cloud services, or the internet

Note: Analytics and crash reporting use the internet only if you consent. Purchase receipt verification uses the internet separately from gameplay. See their respective sections below.

Data Transmitted During Gameplay

When playing a game, the following data is shared with other players on your local network:

• Your chosen display name
• Your avatar (photo or emoji, if set)
• Your device platform (iOS or Android)
• Game actions (votes, guesses, game state)

This data is only accessible to devices on your local Wi-Fi network or Personal Hotspot during active gameplay and is not stored persistently by other players' devices.

Deep Linking & Sharing

The app supports deep links (impostormadness://join?code=XXXX and https://impostorparty.com/join?code=XXXX) to let players join games easily. These links contain only a 4-letter room code. When sharing a game invitation, the app uses your device's built-in share sheet. No personal data is collected, transmitted, or tracked.

Data Sent Online (With Your Consent)

The following data is ONLY collected and sent to external servers if you explicitly consent when first launching the app. You can change your choice at any time in the app's Settings.

Crash Reports (Firebase Crashlytics)

When enabled, if the app crashes, a report is sent containing:

• Device model and operating system version
• App version and build number
• Crash stack trace (technical error information)
• Game context for debugging:
  • Room code (4-letter game code)
  • Game phase (e.g., "lobby", "voting")
  • Player count
  • Whether you are the host
  • Your session player ID (random, not personally identifiable)
  • Connection mode (whether you are hosting or joining)
  • Premium status
  • App language/locale setting

No personal information, such as your name, avatar, location, or advertising identifiers, is ever included in crash reports.

Crash reports help us identify and fix bugs to improve the app for everyone. This data is processed by Google Firebase and is subject to Google's Privacy Policy.

Anonymous Usage Statistics (Firebase Analytics)

When enabled, the app collects completely anonymous, aggregated usage statistics. These help us understand how the app is used so we can improve it.

Automatic data collected by Firebase:

• Daily and monthly active user counts (aggregate numbers only)
• Session counts (how many times the app is opened)
• General device type and operating system (e.g., "iPhone", "Android 14")
• App version distribution
• Country-level geographic distribution (derived from IP, not precise location)

Custom events logged by the app:

• App opens and app settings preferences
• Game configuration choices (e.g., game mode, category, number of rounds)
• Gameplay patterns (e.g., rounds played, voting participation, game outcomes)
• Connection health (e.g., disconnections, host migrations)
• Premium feature interactions (e.g., upgrade screen views, purchase outcomes)
• Purchase events (currency code, price, and product identifier when you buy Premium Hosting)
• How players join games (e.g., via deep link or LAN)

These events contain only general game data. No player names, identities, or personally identifiable information are ever included.

This data is:

• Completely anonymous - not linked to any individual user
• Aggregated - we see "142 users today", not individual identities
• Never used for advertising or sold to third parties
• Never used for personalization or user profiling

This anonymous data is processed by Google Firebase and is subject to Google's Privacy Policy.

Third-Party Services

The following third-party services may receive data from the app or website:

• Firebase Crashlytics (Google): Crash reporting, only if you consent. See "Crash Reports" above.
• Firebase Analytics (Google): Anonymous aggregate statistics, only if you consent. See "Anonymous Usage Statistics" above.
• Apple App Store / Google Play Store: Payment processing for the optional Premium Hosting purchase. See "In-App Purchases" below.
• impostorparty.com (our server): Purchase receipt verification when you buy or restore Premium Hosting, and periodic re-verification to confirm ongoing purchase validity. See "In-App Purchases" below.
• Google reCAPTCHA (Google): Spam protection on the website contact form. See "Contact Form" below for details on what data is collected.
• Formspree: Form submission processing for the website contact form. See "Contact Form" below.

On-Device Features

The app uses standard device capabilities, including local network discovery, sharing, camera (for QR codes and avatars), motion sensors (shake gesture), screen wake lock, and network status detection. These operate entirely on your device and do not collect, store, or transmit any data to external servers.

Font assets are bundled with the app at build time; no network requests are made for fonts.

In-App Purchases

The app offers an optional one-time "Premium Hosting" in-app purchase that unlocks additional game modes, categories, and features. Payment is processed entirely through Apple's App Store or Google Play Store. We do not have access to your payment information.

Purchase Receipt Verification

When you buy or restore Premium Hosting, the app verifies the purchase by sending a request to our server (impostorparty.com) over HTTPS. The app also periodically re-verifies your purchase to confirm it remains valid. Each verification request contains:

• The platform identifier (Apple or Google)
• The purchase receipt token (a cryptographic token issued by Apple or Google to confirm the transaction)
• The product identifier ("premium_hosting")

The receipt token is used solely to confirm the purchase is legitimate and is not stored on our server after verification. The receipt data is stored locally on your device in platform-secure storage to enable periodic re-verification.

Purchase status is stored locally on your device using platform-secure storage, and can be restored via the app stores.

Device Permissions

The app requests the following permissions:

Required Permissions:

• Local Network Access: Required for hosting and joining games on your Wi-Fi network or Personal Hotspot. This is essential for the app's core functionality.
• Internet Permission (Android): Required by the platform for network access. Used for LAN gameplay, purchase receipt verification, and sending crash reports/analytics to Firebase if you consent.

Optional Permissions:

• Camera: Used to scan QR codes for joining games and to take avatar photos. You can use the app without granting camera access by entering room codes manually and using emoji avatars. Camera images are used only in-game and are never uploaded online.
• Vibration: For haptic feedback during gameplay. Can be disabled in Settings.
• Motion Sensors (Accelerometer): Used for the shake-to-reveal gesture during gameplay rounds. This feature can be disabled in Settings. Sensor data is processed in real time on your device only and is never stored, recorded, or transmitted. No motion or movement data leaves your device.

Data Retention

• Preferences and avatar: Stored on your device indefinitely until you clear app data or uninstall.
• Active room state: Automatically deleted after 30 minutes.
• Game session data: Exists only during active gameplay and is not persisted.
• Analytics/crash data (if you consent): Retained by Google Firebase per their retention policies. Disable in Settings at any time to stop future collection.

Deleting Your Data

Since Impostor Madness! does not store any data on external servers, all your data is deleted by simply uninstalling the app or clearing app data in your device settings. This removes all preferences, avatar photos, and any locally stored information.

If you previously opted in to analytics and crash reporting, that data is anonymous and cannot be linked back to you. You can disable future collection at any time in the app's Settings.

International Data Transfers

If you consent to analytics and crash reporting, the anonymous data described above is transmitted to Google Firebase servers. Google may process and store this data in data centers located outside your country of residence, including in the United States.

These transfers are governed by Google's data processing terms and their compliance with applicable data protection frameworks, including:

• EU-U.S. Data Privacy Framework (for transfers from the European Economic Area)
• Google's Standard Contractual Clauses (SCCs) for international transfers
• Google's Firebase Terms of Service and Data Processing Terms

If you do not consent to analytics, no data is transferred internationally. All gameplay data remains on your local network and device.

Your Rights & Data Control

You have full control over your data:

• Right to withdraw consent: You have the right to withdraw your consent at any time by disabling analytics/crash reporting in the app's Settings
• Change your name and avatar at any time through the app
• Clear your avatar in the app's Settings
• Delete all app data by uninstalling the app or clearing app data in your device settings
• Deny optional permissions (camera) without affecting core functionality

Since all personal data is stored locally on your device, there is no account to delete or data access request to make. Simply uninstalling the app removes all stored data.

If you previously consented to analytics, you can disable it in Settings to stop future data collection. Any analytics data already sent to Firebase is anonymous and aggregate, meaning it cannot be linked back to you individually and therefore cannot be individually identified or deleted.

Children's Privacy

Impostor Madness! is designed as a party game for friends and family. The app does not:

• Collect personal information from children
• Require account creation or registration
• Contain advertising
• Share any personal data online (analytics/crash reports, if enabled, contain no personal information)

The app is suitable for players of all ages when used in a supervised party setting. Parents and guardians should ensure that display names and avatar photos chosen during gameplay are appropriate.

Security

• Sensitive data (premium purchase status) is stored using platform-provided secure storage (iOS Keychain / Android EncryptedSharedPreferences); other preferences use standard on-device storage (SharedPreferences)
• Gameplay communication stays on your local network via WebSocket
• Purchase receipt verification and analytics/crash data (if you consent) is transmitted securely via HTTPS
• The app does not require authentication or store sensitive credentials

Changes to This Policy

We may update this privacy policy from time to time. Any changes will be reflected on this page with an updated "Last Updated" date. We encourage you to review this policy periodically.

Significant changes to data collection practices (if any) will be communicated through app updates and release notes.

impostorparty.com Website

Our website at impostorparty.com provides information about the app and includes a contact form.

Contact Form

The website contact form collects:

• Your name
• Your email address
• Your message

This data is processed by Formspree (formspree.io), a third-party form service, to deliver your message to us. We use this information only to respond to your inquiry. Formspree's privacy policy applies to data submitted through the contact form.

Spam Protection (Google reCAPTCHA)

The contact form uses Google reCAPTCHA v2 to protect against spam and automated abuse. When you visit the contact page, reCAPTCHA may collect:

• Your IP address
• Cookies set by Google (including _GRECAPTCHA and other Google cookies)
• Browser and device information (user agent, screen resolution, browser plugins)
• Mouse movements and interaction patterns on the page

This data is sent to Google to determine whether you are a human visitor. It is processed under Google's Privacy Policy and Terms of Service.

reCAPTCHA is loaded only on the contact page. It is not present on any other page of the website.

Cookies & Local Storage

The website does not use analytics or tracking scripts of its own. However, the contact page loads Google reCAPTCHA, which may set cookies (see "Spam Protection" above). These cookies are set by Google, not by us, and are used solely for spam protection.

The only data we store locally is your language preference (English or Greek) in your browser's local storage, to remember your choice across visits. This is not personal data and is never transmitted.

No cookies or third-party scripts are loaded on any page other than the contact page.

Contact

If you have questions about this privacy policy, the app's data practices, wish to exercise your data rights, or would like to report a bug, please reach out:

• Contact Form: impostorparty.com/contact
• General Inquiries: [email protected]
• Privacy Inquiries: [email protected]
  • For GDPR, CCPA, or other privacy-related requests. We will respond within 30 days.

Impostor Madness! is developed and operated by Andreas Neofytou.

Summary

Your privacy is important to us.
Enjoy the game!

Back to Top