Juice Box Group, LLC (“we,” “our,” or “us”) built Juice Pouch Games as a commercial iOS app. This policy explains what information we process when you use the app and how it is used. For users in the European Economic Area (“EEA”) or the United Kingdom, Juice Box Group, LLC is the data controller for the processing described here.

Our address is 418 Broadway, Ste N, Albany, NY 12207, United States. The app is offered primarily to users in the United States; we do not actively market or target the app to users in the EEA or United Kingdom and have not appointed a representative under Article 27 of the EU or UK GDPR. EEA and UK users who choose to install the app from the App Store may still exercise the rights described below by contacting us.

We do not collect directly identifying information such as your name, email address, postal address, phone number, precise location, or contacts. We do, however, process certain pseudonymous identifiers and device data, which are treated as personal data under the EU and UK GDPR and as “identifiers” under the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”).

Any custom text or content you enter within the app for gameplay (for example, player names or custom prompts) is stored locally on your device and is never uploaded to our servers or shared with third parties.

The following is collected automatically when you make or restore a purchase:

• A pseudonymous app user ID generated by RevenueCat
• Purchase and transaction history (via Apple App Store and RevenueCat)

We also collect product analytics and crash diagnostics through PostHog so that we can understand how the app is used, fix bugs, and improve gameplay. These events are associated with the same pseudonymous app user ID generated by RevenueCat, which lets us correlate usage and purchase activity for a given install without identifying you personally. The data we send to PostHog includes:

• App lifecycle events (app opens and session duration)
• Gameplay events (which game was started or ended, whether a session was resumed, and how it ended)
• Purchase flow events (which pack purchase was started and the result of that purchase)
• Device properties (model, platform, operating system and version, manufacturer)
• Uncaught errors and exceptions, with quoted strings and other free-text fragments stripped on a best-effort basis before sending. The app is designed so that custom text you type is not transmitted, but we cannot guarantee that no fragment ever appears in an uncaught error

Session recording is disabled. We do not send the custom text or content you enter for gameplay to PostHog or any other third party. We do not collect “sensitive personal information” as defined by the CPRA (such as government-issued IDs, precise geolocation, racial or ethnic origin, religious beliefs, health data, or biometric information).

For users in the EEA or United Kingdom, we rely on the following legal bases under Article 6 of the GDPR:

• Performance of a contract (Art. 6(1)(b)) — to process your in-app purchases, deliver pack content, and restore prior purchases.
• Legitimate interests (Art. 6(1)(f)) — to operate, secure, and improve the app, including product analytics and crash diagnostics tied to a pseudonymous identifier. We have assessed that this processing is proportionate and that you would reasonably expect it; you may object at any time as described below.
• Compliance with legal obligations(Art. 6(1)(c)) — to retain transaction records for tax, accounting, and audit purposes.

We use a small number of third-party processors. Each operates under a written data processing agreement with us where applicable.

• Apple App Store— processes all payments. Apple's privacy policy applies to payment transactions and is available atapple.com/legal/privacy.
• RevenueCat — manages in-app purchase entitlements. RevenueCat may process device identifiers and purchase history to verify and restore purchases. Seerevenuecat.com/privacy.
• PostHog — provides product analytics and error monitoring. Events are tied to the pseudonymous app user ID described above and include the device and usage data listed in the previous section. Session recording is disabled. Seeposthog.com/privacy.

We do not use advertising networks, do not engage in behavioral advertising, and do not allow third parties to use the data described in this policy for their own marketing purposes.

Juice Box Group, LLC is based in the United States, and our processors RevenueCat and PostHog are also based in the United States. If you access the app from outside the United States, your data will be transferred to, processed, and stored in the United States and other jurisdictions where our processors operate.

Where required by law, we rely on Standard Contractual Clauses approved by the European Commission (and the UK Addendum where applicable) and on the EU–US Data Privacy Framework (and UK Extension), to the extent our processors are certified, as the legal mechanism for transferring personal data from the EEA, United Kingdom, and Switzerland to the United States.

We keep personal data only for as long as we need it for the purposes described in this policy:

• PostHog analytics events — retained for up to 12 months from collection, after which they are deleted or aggregated into non-personal statistics.
• RevenueCat purchase and entitlement records— retained for the life of the entitlement plus seven (7) years thereafter, to satisfy tax, accounting, and audit obligations.
• Local data on your device (settings, gameplay state, custom text) — remains on your device until you delete it or uninstall the app.
• Support correspondence — retained for up to two (2) years to help us answer follow-up questions and resolve disputes.

We use commercially reasonable safeguards to protect personal data, including transport-layer encryption (TLS) for data in transit, restricted access to production systems, and reliance on our processors’ SOC 2-aligned controls. No method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

If we become aware of a personal data breach that creates a risk to your rights, we will notify affected users and applicable supervisory authorities as required by law (including, where applicable, Articles 33 and 34 of the GDPR and US state breach-notification laws).

If you are in the EEA or United Kingdom, you have the following rights with respect to your personal data, subject to the conditions in the GDPR / UK GDPR:

• Right of access to your personal data
• Right to rectification of inaccurate or incomplete data
• Right to erasure (“right to be forgotten”)
• Right to restriction of processing
• Right to data portability
• Right to object to processing based on legitimate interests
• Right to withdraw consent at any time, where processing is based on consent
• Right to lodge a complaint with your local supervisory authority (in the UK, the Information Commissioner’s Office at ico.org.uk; in the EEA, your national data protection authority)

To exercise any of these rights, contact us athello@juiceboxgroup.dev or use the “Contact Support” option in the app’s Settings screen. We will respond within 30 days, subject to permitted extensions under applicable law.

This section applies to California residents and supplements the rest of this policy.

Categories of personal information we have processed in the past 12 months: identifiers (pseudonymous app user ID), commercial information (in-app purchase records), internet or other electronic network activity (in-app event logs and crash diagnostics), and device information (model, OS, manufacturer).

Sources: directly from your device through the app, and from our processors (Apple, RevenueCat, PostHog).

Business and commercial purposes: to process and restore purchases, deliver app functionality, secure the app, fix bugs, and improve gameplay.

Sale or sharing of personal information:we do not sell your personal information and do not “share” it for cross-context behavioral advertising as those terms are defined under the CCPA/CPRA.

Sensitive personal information: we do not collect or process sensitive personal information as defined by the CPRA.

Your rights: to know what personal information we have collected, to request deletion, to request correction, and to be free from retaliation for exercising these rights. You may exercise these rights by contacting us athello@juiceboxgroup.dev or via the “Contact Support” option in the app’s Settings screen. We will verify requests by matching the pseudonymous app user ID associated with your device to the records we hold. If you have not made a purchase, we may ask you to provide other reasonable information (for example, the device identifier or session details associated with your usage) to locate your records; if we cannot reasonably verify your identity, we will say so and treat the request as an opt-out of further processing to the extent applicable. You may use an authorized agent to submit a request on your behalf.

Global Privacy Control (GPC): we do not sell or share personal information, so GPC signals do not currently change our processing. We treat any GPC signal as a confirmation of that status.

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects concerning you, as those terms are used in Article 22 of the GDPR.

The app is rated 13+ on the App Store and is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information through the app, please contact us and we will take appropriate steps to delete it. We do not engage in behavioral profiling or targeted advertising toward children.

Local data on your device (settings and gameplay state) can be deleted at any time by uninstalling the app.

To request deletion of any pseudonymous data held by RevenueCat or PostHog in connection with the app, you can either email us athello@juiceboxgroup.dev or use the “Contact Support” button in the app’s Settings screen, which opens an email to the same address. We will acknowledge your request and complete it within 30 days, subject to permitted extensions and to retention obligations described above (for example, we may retain purchase records as needed for tax and audit purposes).

We may update this policy from time to time. Any changes will be reflected by the “Last updated” date above. If a change is material, we will provide reasonable advance notice in the app or by other appropriate means. Continued use of the app after changes take effect constitutes acceptance of the updated policy.

Questions about this policy or to exercise any of the rights described above? Reach us athello@juiceboxgroup.dev or write to Juice Box Group, LLC, 418 Broadway, Ste N, Albany, NY 12207, United States.