Privacy Policy
Last updated: 26 June 2026
This Privacy Policy explains what information the Penrose Park Puzzles apps collect, how it is used, and the choices you have. We have deliberately built our apps to collect as little personal data as possible.
1. Who we are
The Penrose Park Puzzles apps (including Tiny Tiles, Mini Mosaic, Super Sudoku, Color Connect, Mini Monarchs, Letter Labyrinth, Chess Codex, and Mine Mania, the "Apps") are provided by Penrose Park Puzzles, a sole proprietorship (eenmanszaak) established in the Netherlands ("we", "us", "our").
- Chamber of Commerce (KvK) number: 42090395
- Registered address: Nico Scheepmakerpad 4, 4103VG Culemborg, Netherlands
- Contact: support@penrose-park.com
For the purposes of the EU General Data Protection Regulation (GDPR) and the Dutch implementation act (UAVG), we are the data controller for the limited personal data described below. We have not appointed a Data Protection Officer, as we are not required to.
2. Scope
This policy applies to all of the Apps and to this website. It does not apply to the platforms that distribute the Apps (the Apple App Store and Google Play) or to third-party services such as advertising networks, which process data under their own privacy policies (see section 4).
3. What we collect and why
Information you provide
The Apps have no accounts and no sign-up, so there is no name, email, or login to give us. The only thing we ask you for is your age at first launch, described next.
At first launch we ask for your age. We use it to provide an age-appropriate experience (for example, users under 16, the digital age of consent in the Netherlands, are never shown personalised ads and their gameplay is not sent to us). We do not store your date of birth: we keep only a coarse, anonymous age band (such as "16–24"), with no link to your device or identity, and use it in aggregate to understand our audience.
Information collected automatically (first-party)
What we store on our own servers is intentionally minimal and not tied to your identity:
- A random device identifier generated on your device at first launch. It is not derived from any hardware ID and is not linked to your name, email, or any account.
- Coarse, bucketed gameplay events, for example that a puzzle was started or completed, a coarse difficulty, an approximate solve time or score, and the app version. Sensitive ranges are grouped into buckets on your device before being sent. These events are stored together with the random device identifier above. Although they contain no name, email, or account, they are treated as pseudonymous personal data under the GDPR.
- Anonymous solve/score records used to calibrate game difficulty and ranking. These contain no device identifier and are fully anonymous.
We use this to operate and improve the Apps, balance difficulty and ranking, detect abuse, and understand aggregate usage. We do not collect your name, email address, phone number, contacts, photos, or precise location, and we do not store your IP address on our servers.
Your choice. This first-party usage collection is optional. You can turn it off at any time in the app under Settings → Ads & privacy → Share usage data. When it is off, no gameplay events or solve records are sent from your device. Players under 16 never send this data at all.
Purchases
The Apps are free and ad-supported. Should we offer any in-app purchases in the future, they would be processed entirely by Apple or Google: we would receive confirmation that an entitlement is active but never receive or store your payment-card details. See our Terms of Use for purchase and refund details.
4. Advertising and third parties
The Apps may be supported by advertising. When ads are enabled, our advertising partner(s), primarily Google AdMob and any networks it mediates, act as independent controllers and may collect and process:
- your device's advertising identifier and similar identifiers;
- your IP address and coarse location derived from it;
- information about your device and how you interact with ads,
in order to serve, cap, and measure advertising, including personalised ads where you have given consent. This means that, by showing ads, we share data with these third parties.
Your consent and choices. Where required (in the European Economic Area, the UK, and Switzerland), we ask for your consent before personalised ads are shown, using a Google-certified consent mechanism. On iOS, Apple's App Tracking Transparency prompt additionally controls access to the advertising identifier. You can change or withdraw these choices at any time in your device settings, and you can reset or limit your advertising identifier in the operating system's privacy settings. If you do not consent, you may still see non-personalised ads.
To understand how these partners handle data, see:
5. Legal bases (GDPR)
- Consent (Art. 6(1)(a)): for personalised advertising and access to the advertising identifier where required.
- Legitimate interests (Art. 6(1)(f)): for running and securing the Apps and for first-party, pseudonymous usage analytics (linked only to a random device identifier), balanced against your interests. You can object at any time using the in-app Share usage data switch.
- Performance of a contract (Art. 6(1)(b)): to deliver any purchases and entitlements you request.
- Legal obligation (Art. 6(1)(c)): where we must retain records to comply with law.
6. Who we share data with
We do not sell your personal data. We share data only with:
- Advertising partners (e.g. Google AdMob): as described in section 4;
- Apple and Google: as distributors and payment processors of the Apps;
- Infrastructure providers that host our backend on our behalf (e.g. Vercel Inc. for hosting and a managed PostgreSQL database provider), acting as our processors;
- Authorities where required by law.
7. International transfers
Some of these providers are based outside the European Economic Area, including in the United States. Where data is transferred outside the EEA, it is protected by an appropriate safeguard under the GDPR, such as the European Commission's Standard Contractual Clauses or an adequacy decision (including the EU–U.S. Data Privacy Framework where applicable).
8. Retention
We keep data only as long as it is useful for the purposes above. Bucketed gameplay events are automatically deleted after 180 days. Anonymous solve and score records, which contain no device identifier, are kept to calibrate difficulty and ranking. Because most of what we store is either not linked to your identity or only pseudonymously linked to a random device identifier, it generally cannot be traced back to you.
9. Security
We use appropriate technical and organisational measures to protect data, including encrypted connections and access controls. No method of transmission or storage is completely secure, but the limited, largely anonymous nature of the data we hold reduces the risk to you.
10. Children
The Apps are not directed to children under the age of 16, which is the digital age of consent in the Netherlands. We do not knowingly collect personal data from children under 16. The Apps include an age check; where a user indicates they are under 16, we do not request consent for personalised advertising, we treat advertising as non-personalised, and we do not collect their gameplay or other behavioural data (only the anonymous age band described above). If you believe a child under 16 has provided personal data without appropriate consent, please contact us at support@penrose-park.com and we will delete it.
11. Your rights
Under the GDPR you have the right to:
- access the personal data we hold about you;
- have inaccurate data corrected;
- have your data erased;
- restrict or object to processing;
- data portability; and
- withdraw consent at any time, without affecting prior processing.
To exercise these rights, email support@penrose-park.com and quote the device identifier shown in the app under Settings → Legal → Device ID, which we need to locate the pseudonymous records linked to your device. You can also view or delete that data yourself, instantly, on our data request page, and stop further collection at any time with the in-app Share usage data switch. Our anonymous solve, score, and age-band records contain no device identifier and therefore cannot be linked to, retrieved for, or erased for an individual (GDPR Art. 11). You also have the right to lodge a complaint with the Dutch Data Protection Authority, the Autoriteit Persoonsgegevens, or your local supervisory authority.
12. Changes to this policy
We may update this policy from time to time. We will change the "Last updated" date above and, where changes are significant, provide notice in the Apps. Continued use after an update means you accept the revised policy.
13. Contact
Questions or requests: support@penrose-park.com. Penrose Park Puzzles, Nico Scheepmakerpad 4, 4103VG Culemborg, the Netherlands.