Privacy Policy

Your privacy matters to us. This policy explains how we handle your information across all OmniOrbit applications.

Last updated: June 1, 2026

1. Who We Are

OmniOrbit ("we", "our", or "us") develops and publishes mobile applications for iOS and Android. Our apps are accessible via play.omniorbit.space and on the Apple App Store and Google Play Store.

For data-related inquiries, contact us at: mail@omniorbit.space

2. Scope — Which Apps This Covers

This policy applies to all OmniOrbit applications, including:

  • Orb Garden — a casual puzzle game for iOS and Android
  • Traders Gym — an educational chart-pattern training app for iOS and Android
  • Traders Alarm — a market alarm and signal-notification app for iOS and Android
  • Slicy — a bill splitting and receipt scanning app for iOS and Android
  • Pixera Nonogram — a color nonogram puzzle game for iOS and Android
  • Hive — a 2048-style hex puzzle game for iOS and Android

The data collected differs by app. Where relevant, we specify which app a section applies to.

3. Data We Collect

3.1 Common Across Apps

  • Crash and error reports: Device model, OS version, app version, and a stack trace at the time of a crash, collected via Firebase Crashlytics. Used solely to fix bugs. Collected by all of our apps. On our account-based apps (Traders Gym, Traders Alarm), server-side errors are additionally processed via Sentry, which may include the request IP address.
  • Usage analytics: Usage events (e.g., levels or puzzles completed, session duration, feature usage) collected via Firebase Analytics to improve our apps. Collected by all of our apps. For apps without accounts these events are pseudonymous (tied to a random app-instance identifier rather than your identity). For Traders Gym and Traders Alarm, which require an account, these events may be associated with your account identifier and are therefore not anonymous.

3.2 Traders Gym (additional data)

  • Account information: Email address, display name, and a hashed password when you register. You may also sign in with Google or Apple, in which case we receive the basic profile information and authentication tokens those providers return. Required to sync your progress and subscription across devices.
  • Subscription and payment data: Purchase history and entitlement status managed by RevenueCat. We never see your full payment card details — those are handled by Apple/Google and RevenueCat.
  • Session and learning data: Quiz answers, streaks, badges, energy level, and daily challenge participation. Stored to track your progress.
  • Advertising identifiers: Your device's advertising ID (IDFA/GAID) used to serve ads through Google AdMob. Where you grant tracking permission (iOS App Tracking Transparency), ads may be personalized. You can reset or opt out via your device settings.
  • Marketing and conversion analytics: We use Meta (Facebook) App Events to measure app installs, registrations, and subscriptions for advertising attribution. Subject to your tracking permission, this may involve your device's advertising identifier.
  • Push notification tokens: A Firebase Cloud Messaging (FCM) token, required to deliver streak reminders and energy refill alerts. You may disable notifications at any time in your device settings.
  • Device and session identifiers: Used to detect the same device across app reinstalls for continuity; our server also records the IP address and user-agent of your login sessions for security.

3.3 Slicy

  • Receipt images: Processed entirely on-device using the operating system's built-in OCR (Apple Vision / Google ML Kit). Images are never uploaded to us or any third party and are not stored beyond the current session.
  • Crash and error reports: Collected via Firebase Crashlytics to fix bugs (see 3.1).
  • Usage analytics: Slicy includes Firebase Analytics, which collects pseudonymous usage and diagnostic events (enabled on Android; disabled on iOS). See 3.1.
  • In-app purchases: Slicy offers an optional "tip jar". Purchases are processed by RevenueCat together with Apple/Google billing. RevenueCat is initialised when the app starts, so a network connection to RevenueCat may occur during normal use, not only on the tip screen. We never see your payment card details.
  • Slicy has no user accounts, shows no ads, and collects no email, name, location, photos, or contacts. It does require network access for the crash reporting, analytics, and purchase services described above; apart from these it does not transmit your data.

3.4 Orb Garden

  • Crash reports and pseudonymous gameplay analytics: e.g., level number, score, stars, power-ups used, and coins earned (see 3.1). These events are tied to a random app-instance identifier (and, where you allow tracking, your advertising ID) rather than your name; no other personally identifiable information is collected.
  • Advertising identifiers: Your device's advertising ID (IDFA/GAID) used to serve ads through Google AdMob (interstitial and rewarded ads). You can reset or opt out via your device settings.
  • Remote configuration: Firebase Remote Config is used to manage app settings remotely (e.g., an ad kill-switch); this transmits a Firebase app-instance identifier and basic device metadata.
  • In-app purchase data: Purchase status for coin packs and the premium upgrade managed by RevenueCat. We never see your full payment card details — those are handled by Apple/Google and RevenueCat.
  • Orb Garden has no user accounts and stores game progress locally on your device.

3.5 Pixera Nonogram

  • Advertising identifiers: Your device's advertising ID (IDFA/GAID) used to serve ads through Google AdMob (interstitial and rewarded ads). You can reset or opt out via your device settings.
  • Subscription and payment data: Purchase history and entitlement status managed by RevenueCat. We never see your full payment card details — those are handled by Apple/Google and RevenueCat.
  • Puzzle progress and preferences: Completed puzzles, in-progress grid state, language selection, and settings are stored locally on your device using SharedPreferences and are not uploaded to our servers. Note that aggregate signals such as the number of puzzles completed and your selected language may be included in the pseudonymous analytics events described in 3.1.
  • Pseudonymous analytics and crash reports: As described in 3.1, Pixera sends pseudonymous usage events and crash data via Firebase Analytics and Crashlytics. It also uses Firebase Remote Config to manage app settings remotely (e.g., an ad kill-switch).

Pixera Nonogram does not require an account and we do not collect your email, name, photos, or contacts. The Google AdMob SDK used for advertising may collect coarse (network-based) location and a device/advertising identifier for ad delivery, subject to your tracking permission; aside from this, no personally identifiable information is collected.

3.6 Hive

  • Advertising identifiers: Your device's advertising ID (IDFA/GAID) used to serve ads through Google AdMob (interstitial and rewarded ads). You can reset or opt out via your device settings.
  • In-app purchase data: Purchase status for the "Remove Ads" option managed by RevenueCat. We never see your full payment card details — those are handled by Apple/Google and RevenueCat.
  • Game progress and preferences: High scores, game state, sound, and notification settings are stored locally on your device using SharedPreferences and are not uploaded to our servers. Note that your best score and premium status may be included in the pseudonymous analytics events described in 3.1.
  • Local notifications: Hive may schedule on-device re-engagement reminders. This uses the notification permission and reads your device's time zone to schedule them locally; no notification data is sent to a server. You can disable notifications in your device settings.
  • Pseudonymous analytics and crash reports: As described in 3.1, Hive sends pseudonymous usage events and crash data via Firebase Analytics and Crashlytics. It also uses Firebase Remote Config to manage app settings remotely (e.g., an ad kill-switch).

Hive does not require an account and we do not collect your email, name, photos, or contacts. The Google AdMob SDK used for advertising may collect coarse (network-based) location and a device/advertising identifier for ad delivery, subject to your tracking permission; aside from this, no personally identifiable information is collected.

3.7 Traders Alarm

  • Account information: Email address and a hashed password when you register. You may also sign in with Google or Apple, in which case we receive the basic profile information and authentication tokens those providers return. Required to sync your alarms and subscription across devices.
  • Subscription and payment data: Purchase history and entitlement status managed by RevenueCat. We never see your full payment card details — those are handled by Apple/Google and RevenueCat.
  • Alarm and usage data: The alarms you create (coin/symbol, indicator, timeframe and conditions), your favorites, notification history, and backtest results. Stored to operate the service and deliver your alerts.
  • Usage analytics: Usage events collected via Firebase Analytics (see 3.1). Because Traders Alarm uses accounts, these events may be associated with your account identifier.
  • Push notification tokens: A Firebase Cloud Messaging (FCM) token, required to deliver your alarm and signal notifications. You may disable notifications at any time in your device settings.
  • Crash and error reports: Collected via Firebase Crashlytics to fix bugs (see 3.1).
  • Device and session identifiers: Our server records the IP address and user-agent of your login sessions for security.
  • Traders Alarm does not show ads and does not use advertising identifiers (IDFA/GAID).

4. Third-Party Services

We use the following third-party services. Each has its own privacy policy:

  • Google Firebase Crashlytics (all apps) — crash reporting. Google Privacy Policy
  • Google Firebase Analytics (all apps) — usage analytics. Google Privacy Policy
  • Google Firebase Remote Config (Traders Gym, Orb Garden, Pixera Nonogram, Hive) — remote app configuration. Google Privacy Policy
  • Google AdMob (Traders Gym, Orb Garden, Pixera Nonogram, Hive) — in-app advertising. AdMob Policy
  • Meta (Facebook) App Events (Traders Gym) — advertising attribution and conversion measurement. Meta Privacy Policy
  • RevenueCat (all apps) — subscription and purchase management. RevenueCat Privacy Policy
  • Firebase Cloud Messaging (Traders Gym, Traders Alarm) — push notification delivery. Google Privacy Policy
  • Google / Apple Sign-In (Traders Gym, Traders Alarm) — optional social login. Google · Apple
  • Sentry (Traders Gym, Traders Alarm — server-side) — error and performance monitoring; may process request metadata including IP address. Sentry Privacy Policy

5. How We Use Your Data

  • To operate and maintain the apps
  • To fix bugs and improve stability
  • To understand which features are useful
  • To sync your subscription and progress across devices (Traders Gym, Traders Alarm)
  • To deliver personalized or non-personalized advertisements (Traders Gym, Orb Garden, Pixera Nonogram, Hive)
  • To measure advertising performance and attribute installs and subscriptions (Traders Gym, via Meta)
  • To send you optional push notifications (Traders Gym, Traders Alarm)

We do not sell your personal data to third parties.

6. Data Retention

  • Crash reports: Retained for up to 90 days.
  • Analytics data: Aggregated data retained up to 24 months.
  • Account data (Traders Gym, Traders Alarm): Retained as long as your account is active. Deleted within 30 days of an account deletion request.
  • Subscription records: Retained as required by applicable financial regulations (typically 7 years).

7. Your Rights

Regardless of your location, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Delete your account and associated personal data
  • Object to processing of your data for direct marketing
  • Data portability — receive a copy of your data in a machine-readable format
  • Opt out of personalized ads via your device's privacy settings (iOS: Settings → Privacy & Security → Tracking; Android: Settings → Privacy → Ads)
  • Withdraw consent at any time where processing is based on consent

To exercise any of these rights, email us at mail@omniorbit.space. We will respond within 30 days.

If you are located in Turkey, these rights are also granted under KVKK (Kişisel Verilerin Korunması Kanunu, Law No. 6698). If you are in the European Economic Area, they apply under the GDPR. If you are in California, they apply under the CCPA.

8. International Data Transfers

Our third-party service providers (Google, Meta, RevenueCat, Sentry, Apple) may process your data in countries outside Turkey or the EU, including the United States. These transfers occur under standard contractual clauses or equivalent safeguards as required by applicable law.

9. Children's Privacy

Our apps are not directed to children under 13 (or under 16 in the EU). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact us immediately and we will delete it.

10. Security

We use industry-standard measures to protect your data, including encrypted storage for credentials (iOS Keychain / Android Keystore) and HTTPS for all data transmissions. No system is 100% secure, and we cannot guarantee absolute security.

11. Changes to This Policy

We may update this policy periodically. We will notify you of material changes by updating the "Last updated" date above. Continued use of our apps after a change constitutes acceptance of the updated policy.

12. Contact

Questions or requests about this policy:

mail@omniorbit.space