🛡 Informativa sulla Privacy

1. Data Controller

The application MateMatt (“the App”) is developed and distributed by Davide Sironi, independent developer, based in Italy (“we”, “the Developer”).

Privacy contact: privacy@matematt.app

Requests regarding personal data are processed within 30 days.

1A. UK Users — Art. 27 UK GDPR

The Developer is established in Italy (EU) and is not established in the United Kingdom. In accordance with Art. 27 of the UK GDPR, the Developer has assessed the applicability of the requirement to designate a UK representative.

Given that:

• the App processes only pseudonymous/anonymous data (random avatars, anonymous Firebase UIDs);
• no directly identifying personal data (name, email, address, phone) is collected from UK users;
• processing is limited to the occasional, non-systematic use of the optional Family feature;
• processing is unlikely to result in a risk to the rights and freedoms of data subjects, taking into account the nature, context, scope, and purposes of the processing (Art. 27(2)(a) UK GDPR);

the Developer currently relies on the exemption under Art. 27(2)(a) UK GDPR. This assessment will be reviewed annually or whenever the scope of data processing materially changes.

For all privacy inquiries from UK residents: privacy@matematt.app
Supervisory authority: Information Commissioner's Office — ico.org.uk

2. Design Principle

MateMatt is built on the principle of Data Protection by Design and by Default (Art. 25 GDPR). Children's privacy protection is a core element of the app's architecture, not an afterthought. Every feature is designed by first asking: “What data can we NOT collect?”

• Does not require email, phone, or any contact information.
• Does not collect real names, surnames, dates of birth, or location.
• Contains no advertising of any kind.
• Does not profile users for commercial purposes.
• Does not sell or share data with third parties for marketing.
• Does not use analytical tracking tools (no Firebase Analytics or similar).

3. Intended Audience and Parental Consent

The App is designed for children aged 6–11, used under the direct supervision of a parent or legal guardian. The parent/guardian is responsible for installation, configuration, and the child's use of the App.

The App is not intended to be used independently by children without the consent and supervision of an adult.

On first launch, the parent must explicitly accept this privacy policy before any cloud service is activated. Without parental consent, no personal data is transmitted by the App and no cloud service is activated. The Firebase SDK is initialised locally for technical reasons, but data collection (Crashlytics, Firestore) remains disabled until explicit consent is given.

This mechanism complies with Art. 8 GDPR (parental consent for information society services offered to children) and the COPPA “verifiable parental consent” rule (16 CFR §312.5).

4. Data Processed and Legal Basis

4.1 Data stored on device (offline)

Data	Purpose	Legal basis
Random avatar and nickname (e.g. “Lion 42”, generated by the app)	Profile display and personalisation	Contract performance (Art. 6.1.b)
Exercise results and progress	Local reporting for parents	Contract performance
Saved homework and codes	Homework reproduction	Contract performance
MatCoin balance	Educational reward system	Contract performance

This data never leaves the device and is deleted upon uninstallation of the App.

4.2 Family Feature (optional — requires explicit parental activation)

The Family feature allows the parent to assign homework and receive the child's results from a second device. This feature is entirely optional and must be deliberately activated.

When activated, the following Google Firebase services are used:

Data	Purpose	Protection	Retention
Assigned homework (tasksJson)	Transmission to child's device	AES-256-GCM encrypted	Until deleted by owner
Result reports (anonymous avatar, exercise details, mistakes)	Transmission to parent	AES-256-GCM encrypted	90 days, then auto-deleted
Non-sensitive metadata (score, attempts, date)	Report list preview	Plaintext	90 days
Anonymous Firebase UID (generated without email or password)	Technical device authentication	Pseudonymous	Until consent revocation or data deletion from the app
Random device UUID (locally generated)	Family group identification	Pseudonymous	Until uninstallation
Encrypted parental PIN hash	PIN synchronisation across family devices	AES-256-GCM encrypted	Until group deletion
PIN unlock requests	Child requests unlock from parent	Metadata only (requester UID, timestamp)	Ephemeral (deleted after handling)
RSA-2048 public key	Group encryption key distribution	Public key (not sensitive)	Until group deletion

Legal basis: explicit parental consent (Art. 6.1.a GDPR), collected on first app launch.

No directly identifying data (real name, email, phone number, address) is requested or collected for the Family feature.

Three-level granular consent

On first launch, the parent is presented with 3 separate options:

1. Privacy policy (required) — acceptance is necessary to use the app. Without this consent no functionality is available.
2. Crashlytics (optional, default OFF) — technical error reporting. The parent may enable or leave it disabled.
3. Family cloud (optional, default OFF) — homework and report synchronisation. The parent may enable it later from Settings.

Each consent can be revoked at any time from the app Settings, independently of the others (Art. 7.3 GDPR). When the privacy policy is materially updated, the consent screen is automatically re-presented.

4.3 Technical Error Reporting (Crashlytics)

The App uses Firebase Crashlytics (Google), activated only after explicit parental consent. In the event of a crash, the following is sent:

• Device type and Android operating system version
• App version and technical error trace (stack trace)
• Crash timestamp

No personal data, exercise results, names, or child identifiers are ever transmitted. This falls under the “support for internal operations” exception per COPPA (16 CFR §312.2).

Legal basis: explicit parental consent (Art. 6.1.a GDPR).

4.4 App Integrity Verification (Firebase App Check)

Starting from version 1.7.0, the App uses Firebase App Check with the Google Play Integrity provider to attest that requests to Firebase services (Firestore, Authentication, Crashlytics) originate from a genuine, untampered instance of the App running on a legitimate Android device. This security measure protects users from fraudulent access and abuse of cloud APIs (Art. 32 GDPR — security of processing).

• Google Play Services generates a cryptographic attestation token with technical information only (integrity verdict, App package name, signing certificate hash). No personal data of the child or parent, no advertising identifiers.
• The token has a limited lifetime (~1 hour) and is renewed automatically; it is not persisted by the App or in the cloud.
• Attestation is active for all users, regardless of consent to Crashlytics or Family, because it is an essential technical security measure that does not involve the processing of identifiable personal data.

Legal basis: legitimate interest of the controller (Art. 6.1.f GDPR) to ensure the integrity of the service and prevent fraudulent access.

5. End-to-End Encryption

All sensitive data transmitted to the cloud in the Family feature is protected by end-to-end AES-256-GCM encryption:

• The group encryption key (GroupKey AES-256) is generated on the parent's device.
• The GroupKey is distributed to group members via RSA-2048 OAEP asymmetric encryption (SHA-256, MGF1-SHA1).
• At rest, the GroupKey is stored wrapped by an AES-256 master key in the device's Android hardware Keystore.
• The GroupKey is never transmitted in plaintext and is inaccessible to the cloud service provider (Google).
• Even with direct database access, sensitive data cannot be read by the server or any third party.

6. Third-Party Technical Services

Service	Provider	GDPR Role	Purpose
Firebase Authentication	Google LLC	Processor (Art. 28)	Anonymous device authentication
Cloud Firestore	Google LLC	Processor (Art. 28)	Family data synchronisation
Firebase Crashlytics	Google LLC	Processor (Art. 28)	Technical error reporting
Firebase App Check (Play Integrity)	Google LLC	Processor (Art. 28)	App/device integrity verification

The App does not use Firebase Analytics, Google Analytics, Google AdMob, or any other form of advertising, behavioural tracking, or profiling.

7. Children's Data — Special Protection

In accordance with the General Data Protection Regulation (GDPR, EU Reg. 2016/679), the Children's Online Privacy Protection Act (COPPA), and the UK Age Appropriate Design Code, we adopt the following specific measures for the protection of children:

• We do not knowingly collect direct personal data (full name, email, address, phone number) from children under 13 (COPPA / UK Data Protection Act 2018) or under 16 (GDPR default; 14 in Italy and Spain).
• The player name is randomly generated by the app (e.g. “Dolphin 42”, “Lion 15”) and is not associated with any account or online profile. The user does not enter any real identifying information.
• The Family feature is accessible from the Parent section, protected by the adults-only area, and requires activation by a parent/guardian.
• Parent sections (reports, homework, codes, family) can be protected by a 4-digit parental PIN to prevent unsupervised access by children. The PIN is stored locally as a PBKDF2-HMAC-SHA256 hash (100,000 iterations, 16-byte random salt) and, when the Family feature is active, synchronised across the group with AES-256-GCM encryption.
• Automatic lock-out: when the app is placed in the background from a protected screen, the parent area locks automatically and requires the PIN again upon return. This prevents a child from accessing the parent area simply by picking up the device.
• Screenshot protection: protected screens (reports, homework, codes, family, settings) are marked with Android's FLAG_SECURE, which prevents screenshots, screen recording, and hides content from the Recent Apps screen.
• Children cannot create groups, invite members, or access network settings.
• We do not use behavioural advertising or third-party SDKs intended for profiling.
• Data stored on Firestore does not contain directly identifying information about the child.
• The App contains no inappropriate content and no external links. Premium subscriptions (monthly €2.99 / yearly €14.99) are available as optional in-app purchases; every purchase flow is protected by a parental math gate (Khan Academy style) to prevent accidental purchases by children, in line with Google Play Designed for Families requirements.

Parental responsibility: By installing and configuring the App, the parent/guardian consents to the processing of the technical data described in this policy on behalf of the child.

8. International Data Transfers

Firebase services (Google LLC) operate on global infrastructure with primary servers in the United States and Europe. Data transfers to the United States are covered by the EU–US Data Privacy Framework (DPF), to which Google LLC adheres (European Commission adequacy decision of 10 July 2023).

For UK users: transfers from the United Kingdom to the United States are covered by the UK Extension to the EU–US Data Privacy Framework, under which Google LLC is certified. This mechanism has been recognised by the UK Secretary of State as providing adequate safeguards for personal data transfers under UK GDPR Art. 46. For further information, see the UK–US Data Bridge supporting documents.

Regardless of storage location, Family feature sensitive data is end-to-end encrypted and unreadable by the cloud service provider or any third party.

For further details: Google Data Processing Terms.

9. Data Retention

Data	Retention
On-device data	Until app uninstallation
Homework reports on Firestore	90 days from creation, then auto-deleted
Homework assignments on Firestore	90 days from creation, then auto-deleted
Family group on Firestore	Until user-initiated deletion; inactive groups auto-deleted after 365 days
Anonymous Firebase UID	Until consent revocation or data deletion from the app
Crashlytics data	90 days (Google policy)
App Check attestation token	~1 hour validity, automatic renewal, no persistence

10. Parental Rights

Parents/guardians may at any time:

• Access (Art. 15 GDPR): view the child's results in the Report section and group data in the Family section of the App.
• Rectification (Art. 16 GDPR): edit profile and avatar within the App.
• Erasure (Art. 17 GDPR): delete all data (local and cloud) from Family → “Delete all data”. When a member leaves a group, their reports are automatically deleted from the cloud.
• Restriction (Art. 18 GDPR): request restriction of processing by writing to privacy@matematt.app.
• Portability (Art. 20 GDPR): homework reports can be archived locally on the device before leaving a group.
• Objection (Art. 21 GDPR): object to processing by writing to privacy@matematt.app.
• Withdraw consent (Art. 7.3 GDPR): disable Crashlytics or the Family feature individually from the App's Settings, or delete all data. Withdrawal does not affect the lawfulness of processing based on consent before withdrawal.

Supervisory authority complaints:

• UK residents: Information Commissioner's Office — ico.org.uk
• EU residents: Garante per la Protezione dei Dati Personali — garanteprivacy.it
• US residents: Federal Trade Commission — ftc.gov

For all requests: privacy@matematt.app — we respond within 30 days.

11. Security

Transit and at-rest security: data transmitted to Firebase is protected by TLS/HTTPS connections. Firestore security rules restrict access to authenticated devices belonging to the same family group only. Sensitive local data is encrypted via EncryptedSharedPreferences (AES-256-GCM) with a master key stored in the Android hardware Keystore.

Parent area protection: parent sections can be protected by a 4-digit parental PIN (PBKDF2-HMAC-SHA256 hash with 100,000 iterations and 16-byte random salt), with recovery via a mathematical challenge and progressive rate limiting (lock-out after 3 failed attempts).

Automatic lock-out on background: when the app is sent to the background while a protected screen is active, the parent area locks automatically. Upon returning to the foreground, the app requires the PIN again before displaying any protected content.

Screenshot protection (FLAG_SECURE): protected screens are marked with Android's FLAG_SECURE flag, which prevents screenshot capture, hides content from the Recent Apps screen, and blocks screen recording. The flag is active only on parent area screens.

Production logging: all logging calls (android.util.Log) are automatically stripped from production builds via ProGuard/R8.

12. Regulatory Compliance

This policy is drafted in accordance with:

• GDPR (EU Reg. 2016/679) — Art. 5 (principles), Art. 6 (legal bases), Art. 8 (children's consent), Art. 13/14 (information), Art. 17 (erasure), Art. 25 (privacy by design), Art. 28 (processor)
• Italian Privacy Code (D.Lgs. 196/2003, as amended)
• COPPA (15 U.S.C. §§ 6501-6506; 16 CFR Part 312) — Children's Online Privacy Protection Act
• UK Age Appropriate Design Code (Children's Code) — minimisation, transparency, and best interests of the child
• UK Data Protection Act 2018 and UK GDPR

13. Changes to This Policy

In case of material changes, we will update the revision date at the top of this document. If a change requires renewed consent, the App will display the consent screen again.

14. Contact

For any privacy-related questions or to exercise the rights listed in § 10:

Online policy: https://matematt.app/privacy.html
Email: privacy@matematt.app
Subject: “Privacy MateMatt”
Developer: Davide Sironi, Italy (EU)

1. Operator / Developer

The application MateMatt (“the App”) is developed and distributed by Davide Sironi, independent developer, based in Italy (“we”, “the Developer”).

Privacy contact: privacy@matematt.app

Requests regarding personal data are processed within 30 days.

2. Design Principle

MateMatt is built on the principle of Privacy by Design. Children's privacy protection is a core element of the app's architecture, not an afterthought. Every feature is designed by first asking: “What data can we NOT collect?”

• Does not require email, phone, or any contact information.
• Does not collect real names, surnames, dates of birth, or location.
• Contains no advertising of any kind.
• Does not profile users for commercial purposes.
• Does not sell or share data with third parties for marketing.
• Does not use analytical tracking tools (no Firebase Analytics or similar).

3. Intended Audience, COPPA Compliance, and Parental Consent

The App is designed for children aged 6–11, used under the direct supervision of a parent or legal guardian. The parent/guardian is responsible for installation, configuration, and the child's use of the App.

The App is not intended to be used independently by children without the consent and supervision of an adult.

COPPA Compliance (16 CFR Part 312): the App complies with the Children's Online Privacy Protection Act (COPPA). On first launch, the parent must explicitly accept this privacy policy before any cloud service is activated. Without parental consent, no personal data is transmitted by the App and no cloud service is activated. The Firebase SDK is initialised locally for technical reasons, but data collection (Crashlytics, Firestore) remains disabled until explicit consent is given.

The App participates in the Google Designed for Families program, which requires compliance with Google's Families policies including COPPA-related requirements.

We do not knowingly collect personal information from children under 13 without verifiable parental consent (16 CFR §312.5).

4. Data Processed

4.1 Data stored on device (offline)

Data	Purpose
Random avatar and nickname (e.g. “Lion 42”, generated by the app)	Profile display and personalization
Exercise results and progress	Local reporting for parents
Saved homework and codes	Homework reproduction
MatCoin balance	Educational reward system

This data never leaves the device and is deleted upon uninstallation of the App. None of this data constitutes “personal information” as defined by COPPA (16 CFR §312.2).

4.2 Family Feature (optional — requires explicit parental activation)

The Family feature allows the parent to assign homework and receive the child's results from a second device. This feature is entirely optional and must be deliberately activated by the parent.

When activated, the following Google Firebase services are used:

Data	Purpose	Protection	Retention
Assigned homework (tasksJson)	Transmission to child's device	AES-256-GCM encrypted	Until deleted by parent
Result reports (anonymous avatar, exercise details, mistakes)	Transmission to parent	AES-256-GCM encrypted	90 days, then auto-deleted
Non-sensitive metadata (score, attempts, date)	Report list preview	Plaintext	90 days
Anonymous Firebase UID (generated without email or password)	Technical device authentication	Pseudonymous	Until consent revocation or data deletion from the app
Random device UUID (locally generated)	Family group identification	Pseudonymous	Until uninstallation
Encrypted parental PIN hash	PIN synchronization across family devices	AES-256-GCM encrypted	Until group deletion
PIN unlock requests	Child requests unlock from parent	Metadata only (requester UID, timestamp)	Ephemeral (deleted after handling)
RSA-2048 public key	Group encryption key distribution	Public key (not sensitive)	Until group deletion

No directly identifying data (real name, email, phone number, address) is requested or collected for the Family feature. The anonymous identifiers used do not constitute “personal information” under COPPA.

Three-level granular consent

On first launch, the parent is presented with 3 separate options:

1. Privacy policy (required) — acceptance is necessary to use the app. Without this consent no functionality is available.
2. Crashlytics (optional, default OFF) — technical error reporting. The parent may enable or leave it disabled.
3. Family cloud (optional, default OFF) — homework and report synchronization. The parent may enable it later from Settings.

Each consent can be revoked at any time from the app Settings, independently of the others (Art. 7.3 GDPR). When the privacy policy is materially updated, the consent screen is automatically re-presented.

4.3 Technical Error Reporting (Crashlytics)

The App uses Firebase Crashlytics (Google), activated only after explicit parental consent. In the event of a crash, the following is sent:

• Device type and Android operating system version
• App version and technical error trace (stack trace)
• Crash timestamp

No personal data, exercise results, names, or child identifiers are ever transmitted. This falls under the “support for internal operations” exception per COPPA (16 CFR §312.2), which permits the collection of information necessary to maintain the technical functioning of the app without requiring separate parental consent.

4.4 App Integrity Verification (Firebase App Check)

Starting from version 1.7.0, the App uses Firebase App Check with the Google Play Integrity provider to attest that requests to Firebase services (Firestore, Authentication, Crashlytics) originate from a genuine, untampered instance of the App running on a legitimate Android device. This security measure protects users from fraudulent access and abuse of cloud APIs.

• Google Play Services generates a cryptographic attestation token with technical information only (integrity verdict, App package name, signing certificate hash). No personal information of the child or parent under COPPA, no advertising identifiers.
• The token has a limited lifetime (~1 hour) and is renewed automatically; it is not persisted by the App or in the cloud.
• Attestation is active for all users as an essential technical security measure that does not involve the collection of personal information from children.

5. End-to-End Encryption

All sensitive data transmitted to the cloud in the Family feature is protected by end-to-end AES-256-GCM encryption:

• The group encryption key (GroupKey AES-256) is generated on the parent's device.
• The GroupKey is distributed to group members via RSA-2048 OAEP asymmetric encryption (SHA-256, MGF1-SHA1).
• At rest, the GroupKey is stored wrapped by an AES-256 master key in the device's Android hardware Keystore.
• The GroupKey is never transmitted in plaintext and is inaccessible to the cloud service provider (Google).
• Even with direct database access, sensitive data cannot be read by the server or any third party.

6. Third-Party Technical Services

Service	Provider	Role	Purpose
Firebase Authentication	Google LLC	Service provider	Anonymous device authentication
Cloud Firestore	Google LLC	Service provider	Family data synchronization
Firebase Crashlytics	Google LLC	Service provider	Technical error reporting
Firebase App Check (Play Integrity)	Google LLC	Service provider	App/device integrity verification

The App does not use Firebase Analytics, Google Analytics, Google AdMob, or any other form of advertising, behavioral tracking, or profiling.

7. Children's Data — COPPA Protections

In accordance with the Children's Online Privacy Protection Act (COPPA, 15 U.S.C. §§ 6501-6506; 16 CFR Part 312), we adopt the following specific measures for the protection of children:

• We do not knowingly collect personal information (as defined by 16 CFR §312.2) from children under 13 without verifiable parental consent.
• The player name is randomly generated by the app (e.g. “Dolphin 42”, “Lion 15”) and is not associated with any account or online profile. The user does not enter any real identifying information.
• The Family feature is accessible from the Parent section, protected by the adults-only area, and requires activation by a parent/guardian.
• Parent sections (reports, homework, codes, family) can be protected by a 4-digit parental PIN to prevent unsupervised access by children. The PIN is stored locally as a PBKDF2-HMAC-SHA256 hash (100,000 iterations, 16-byte random salt) and, when the Family feature is active, synchronized across the group with AES-256-GCM encryption.
• Automatic lock-out: when the app is placed in the background from a protected screen, the parent area locks automatically and requires the PIN again upon return.
• Screenshot protection: protected screens are marked with Android's FLAG_SECURE, which prevents screenshots, screen recording, and hides content from the Recent Apps screen.
• Children cannot create groups, invite members, or access network settings.
• We do not use behavioral advertising or third-party SDKs intended for profiling.
• Data stored on Firestore does not contain directly identifying information about the child.
• The App contains no inappropriate content and no external links. Premium subscriptions (monthly €2.99 / yearly €14.99) are available as optional in-app purchases; every purchase flow is protected by a parental math gate (Khan Academy style) to prevent accidental purchases by children, in line with Google Play Designed for Families requirements.

Parental responsibility: By installing and configuring the App, the parent/guardian consents to the processing of the technical data described in this policy on behalf of the child.

8. International Data Transfers

The Developer is based in Italy (EU). Firebase services (Google LLC) operate on global infrastructure with primary servers in the United States and Europe. As the App is available to US users, data processed through Firebase is primarily stored and processed within the United States.

For users in the European Economic Area (EEA), data transfers to the United States are covered by the EU–US Data Privacy Framework (DPF), to which Google LLC adheres (European Commission adequacy decision of 10 July 2023).

For users in the United Kingdom, transfers are covered by the UK Extension to the EU–US Data Privacy Framework, under which Google LLC is certified (recognised by the UK Secretary of State as providing adequate safeguards under UK GDPR Art. 46).

Regardless of storage location, Family feature sensitive data is end-to-end encrypted and unreadable by the cloud service provider or any third party.

For further details: Google Data Processing Terms.

9. Data Retention

Data	Retention
On-device data	Until app uninstallation
Homework reports on Firestore	90 days from creation, then auto-deleted
Homework assignments on Firestore	90 days from creation, then auto-deleted
Family group on Firestore	Until user-initiated deletion; inactive groups auto-deleted after 365 days
Anonymous Firebase UID	Until consent revocation or data deletion from the app
Crashlytics data	90 days (Google policy)
App Check attestation token	~1 hour validity, automatic renewal, no persistence

10. Parental Rights under COPPA

Under COPPA (16 CFR §312.6), parents/guardians have the right to:

• Review information collected from their child by viewing the Report section and Family section within the App.
• Delete their child's information by using Family → “Delete all data”, which removes all local and cloud data. When a member leaves a group, their reports are automatically deleted from the cloud.
• Refuse further collection by disabling the Family feature or Crashlytics individually from the App's Settings, or by uninstalling the App.
• Withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

Complaints and inquiries:

• US residents: Federal Trade Commission — ftc.gov

For all requests: privacy@matematt.app — we respond within 30 days.

11. Security

Transit and at-rest security: data transmitted to Firebase is protected by TLS/HTTPS connections. Firestore security rules restrict access to authenticated devices belonging to the same family group only. Sensitive local data is encrypted via EncryptedSharedPreferences (AES-256-GCM) with a master key stored in the Android hardware Keystore.

Parent area protection: parent sections can be protected by a 4-digit parental PIN (PBKDF2-HMAC-SHA256 hash with 100,000 iterations and 16-byte random salt), with recovery via a mathematical challenge and progressive rate limiting (lock-out after 3 failed attempts).

Automatic lock-out on background: when the app is sent to the background while a protected screen is active, the parent area locks automatically. Upon returning to the foreground, the app requires the PIN again before displaying any protected content.

Screenshot protection (FLAG_SECURE): protected screens are marked with Android's FLAG_SECURE flag, which prevents screenshot capture, hides content from the Recent Apps screen, and blocks screen recording. The flag is active only on parent area screens.

Production logging: all logging calls (android.util.Log) are automatically stripped from production builds via ProGuard/R8.

12. California Residents (CCPA/CPRA)

For California residents, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide additional rights regarding personal information. We confirm that:

• We do not sell personal information of any user, including children.
• We do not share personal information for cross-context behavioral advertising.
• We do not use sensitive personal information for purposes beyond those disclosed in this policy.
• The App collects only the minimal technical data described in § 4, and no data that would constitute “personal information” under the CCPA for children's profiles.

13. Regulatory Compliance

This policy is drafted in accordance with:

• COPPA (15 U.S.C. §§ 6501-6506; 16 CFR Part 312) — Children's Online Privacy Protection Act
• CCPA/CPRA (Cal. Civ. Code §§ 1798.100–1798.199.100) — as applicable
• Google Designed for Families program requirements
• GDPR (EU Reg. 2016/679) — applicable to EU data subjects

14. Changes to This Policy

In case of material changes, we will update the revision date at the top of this document. If a change requires renewed consent, the App will display the consent screen again.

15. Contact

For any privacy-related questions or to exercise the rights listed in § 10:

Online policy: https://matematt.app/privacy.html
Email: privacy@matematt.app
Subject: “Privacy MateMatt”
Developer: Davide Sironi, Italy (EU)

1. Responsable del tratamiento

La aplicación MateMatt (“la App”) ha sido desarrollada y distribuida por Davide Sironi, desarrollador independiente, con sede en Italia (“nosotros”, “el Desarrollador”).

Contacto de privacidad: privacy@matematt.app

Las solicitudes relativas a datos personales se procesan en un plazo de 30 días.

2. Principio de diseño

MateMatt está diseñada según el principio de Protección de Datos desde el Diseño y por Defecto (Privacy by Design, Art. 25 RGPD). La tutela de la privacidad de los menores es un elemento fundamental de la arquitectura de la app, no un cumplimiento añadido. Cada función se diseña preguntándonos primero: “¿Qué datos podemos NO recoger?”

• No requiere correo electrónico, teléfono ni datos de contacto.
• No recoge nombre real, apellidos, fecha de nacimiento ni ubicación.
• No contiene publicidad de ningún tipo.
• No perfila a los usuarios con fines comerciales.
• No vende ni comparte datos con terceros para marketing.
• No utiliza herramientas de rastreo analítico (ningún Firebase Analytics o similar).

3. Destinatarios y consentimiento parental

La App está destinada a niños de 6 a 11 años, utilizada bajo la supervisión directa de un padre, madre o tutor legal. El padre/madre/tutor es responsable de la instalación, configuración y uso de la App por parte del menor.

La App no está destinada a ser utilizada de forma autónoma por menores sin el consentimiento y la supervisión de un adulto.

Al primer inicio, el padre/madre debe aceptar explícitamente la presente política antes de que se active cualquier servicio cloud. Sin el consentimiento del padre/madre, la app no inicia ninguna conexión de red (excepto la descarga de la propia app).

De conformidad con el artículo 7 de la LOPDGDD (Ley Orgánica 3/2018), el tratamiento de datos de menores de 14 años requiere el consentimiento del titular de la patria potestad o tutela.

Este mecanismo cumple con el Art. 8 RGPD (consentimiento parental para servicios de la sociedad de la información ofrecidos a menores) y la regla COPPA de “verifiable parental consent” (16 CFR §312.5).

4. Datos tratados y base jurídica

4.1 Datos almacenados en el dispositivo (offline)

Dato	Finalidad	Base jurídica
Avatar y apodo aleatorio (ej. “León 42”, generado por la app)	Visualización de perfil y personalización	Ejecución del contrato (Art. 6.1.b)
Resultados de ejercicios y progresos	Informes locales para el padre/madre	Ejecución del contrato
Tareas guardadas y códigos	Reproducción de tareas asignadas	Ejecución del contrato
Saldo de MatCoins	Sistema de recompensas educativo	Ejecución del contrato

Estos datos nunca abandonan el dispositivo y se eliminan con la desinstalación de la App.

4.2 Función Familia (opcional — requiere activación explícita del padre/madre)

La función Familia permite al padre/madre asignar tareas y recibir los resultados del menor desde un segundo dispositivo. Esta función es completamente opcional y debe ser activada deliberadamente.

Al registrar al menor en la Función Familia, el adulto que realiza el registro declara ser el padre, madre o tutor legal con plena capacidad para prestar dicho consentimiento. En caso de titularidad compartida de la patria potestad (por ejemplo, en situaciones de separación o divorcio), ambos progenitores deberían prestar el consentimiento, aunque bastará con que lo haga aquel que conviva habitualmente con el menor.

Cuando se activa, se utilizan los siguientes servicios de Google Firebase:

Dato	Finalidad	Protección	Conservación
Tareas asignadas (tasksJson)	Transmisión al dispositivo del menor	Cifrado AES-256-GCM	Hasta eliminación por parte del owner
Informes de resultados (avatar anónimo, detalles de ejercicios, errores)	Transmisión al padre/madre	Cifrado AES-256-GCM	90 días, luego eliminación automática
Metadatos no sensibles (puntuación, intentos, fecha)	Vista previa en la lista de informes	En claro	90 días
UID anónimo de Firebase (generado sin correo ni contraseña)	Autenticación técnica del dispositivo	Seudonimizado	Hasta revocación del consentimiento o eliminación de datos desde la app
UUID aleatorio del dispositivo (generado localmente)	Identificación en el grupo familiar	Seudonimizado	Hasta desinstalación
Hash PIN parental cifrado	Sincronización del PIN entre dispositivos familiares	Cifrado AES-256-GCM	Hasta eliminación del grupo
Solicitudes de desbloqueo PIN	El menor solicita desbloqueo al padre/madre	Solo metadatos (UID solicitante, marca temporal)	Efímeras (eliminadas tras gestión)
Clave pública RSA-2048	Distribución de clave de cifrado del grupo	Clave pública (no sensible)	Hasta eliminación del grupo

Base jurídica: consentimiento explícito del padre/madre (Art. 6.1.a RGPD), recogido al primer inicio de la app.

No se requiere ni se recoge ningún dato identificativo directo (nombre real, correo electrónico, número de teléfono, dirección) para la función Familia.

Consentimiento granular a 3 niveles

Al primer inicio, el padre/madre visualiza 3 opciones separadas:

1. Política de privacidad (obligatoria) — la aceptación es necesaria para usar la app. Sin este consentimiento ninguna funcionalidad está disponible.
2. Crashlytics (opcional, desactivado por defecto) — informes de errores técnicos. El padre/madre puede activarlo o dejarlo desactivado.
3. Familia cloud (opcional, desactivado por defecto) — sincronización de tareas e informes. El padre/madre puede activarlo posteriormente desde Ajustes.

Cada consentimiento puede ser revocado en cualquier momento desde los Ajustes de la app, de forma independiente de los demás (Art. 7.3 RGPD). Cuando la política de privacidad se actualiza de forma sustancial, la pantalla de consentimiento se presenta automáticamente de nuevo.

4.3 Informes de errores técnicos (Crashlytics)

La App utiliza Firebase Crashlytics (Google), activado exclusivamente tras el consentimiento explícito del padre/madre. En caso de error se envían:

• Tipo de dispositivo y versión del sistema operativo Android
• Versión de la App y traza técnica del error (stack trace)
• Marca de tiempo del error

No se envían nunca datos personales, resultados de ejercicios, nombres ni identificadores del menor. Esto se enmarca en la excepción de “soporte a operaciones internas” según COPPA (16 CFR §312.2).

Base jurídica: consentimiento explícito del padre/madre (Art. 6.1.a RGPD).

4.4 Verificación de la integridad de la app (Firebase App Check)

A partir de la versión 1.7.0, la App utiliza Firebase App Check con el proveedor Google Play Integrity para certificar que las solicitudes a los servicios Firebase (Firestore, Authentication, Crashlytics) provienen de una instancia auténtica y no manipulada de la App ejecutándose en un dispositivo Android genuino. Esta medida de seguridad protege a los usuarios frente a accesos fraudulentos y abuso de las API en la nube (Art. 32 RGPD — seguridad del tratamiento).

• Google Play Services genera un token criptográfico de atestación con solo información técnica (resultado de la verificación, package name, hash de la firma del certificado). Ningún dato personal del menor o del padre/madre, ni identificadores publicitarios.
• El token tiene una validez limitada (~1 hora) y se renueva automáticamente; no se almacena ni en la App ni en la nube.
• La atestación está activa para todos los usuarios, independientemente del consentimiento a Crashlytics o Familia, ya que es una medida de seguridad técnica esencial y no implica el tratamiento de datos personales identificables.

Base jurídica: interés legítimo del responsable (Art. 6.1.f RGPD) para garantizar la integridad del servicio y prevenir accesos fraudulentos.

5. Cifrado de extremo a extremo

Todos los datos sensibles transmitidos al cloud en la función Familia están protegidos por cifrado de extremo a extremo AES-256-GCM:

• La clave de cifrado del grupo (GroupKey AES-256) se genera en el dispositivo del padre/madre.
• La GroupKey se distribuye a los miembros del grupo mediante criptografía asimétrica RSA-2048 OAEP (SHA-256, MGF1-SHA1).
• En reposo, la GroupKey se almacena cifrada (wrapped) con una master key AES-256 en el Keystore hardware del dispositivo Android.
• La GroupKey nunca se transmite en texto plano y no es accesible para el proveedor del servicio cloud (Google).
• Ni siquiera con acceso directo a la base de datos Firestore es posible leer los datos sensibles.

6. Servicios técnicos de terceros

Servicio	Proveedor	Rol RGPD	Finalidad
Firebase Authentication	Google LLC	Encargado (Art. 28)	Autenticación anónima
Cloud Firestore	Google LLC	Encargado (Art. 28)	Sincronización de datos familiares
Firebase Crashlytics	Google LLC	Encargado (Art. 28)	Informes de errores técnicos
Firebase App Check (Play Integrity)	Google LLC	Encargado (Art. 28)	Verificación de integridad app/dispositivo

La App no utiliza Firebase Analytics, Google Analytics, Google AdMob, ni ninguna otra forma de publicidad, rastreo de comportamiento o perfilación.

7. Datos de menores — protección especial

De conformidad con el Reglamento General de Protección de Datos (RGPD, Reg. UE 2016/679), la Ley Orgánica 3/2018 de Protección de Datos Personales y garantía de los derechos digitales (LOPDGDD), el Children's Online Privacy Protection Act (COPPA) y el UK Age Appropriate Design Code, adoptamos las siguientes medidas específicas para la protección de menores:

• No recogemos conscientemente datos personales directos (nombre completo, correo electrónico, dirección, número de teléfono) de menores de 13 años (COPPA) o de 14 años (LOPDGDD, Art. 7).
• El nombre del jugador es generado aleatoriamente por la app (ej. “Delfín 42”, “León 15”) y no se asocia a ninguna cuenta o perfil en línea. El usuario no introduce datos identificativos reales.
• La función Familia es accesible desde la sección Padres, protegida por el área de adultos, y presupone que es el padre/madre/tutor quien la activa.
• Las secciones de padres (informes, tareas, códigos, familia) pueden protegerse con un PIN parental de 4 dígitos para impedir el acceso autónomo por parte del menor. El PIN se guarda localmente como hash PBKDF2-HMAC-SHA256 (100.000 iteraciones, salt aleatorio de 16 bytes) y, si la función Familia está activa, se sincroniza en el grupo con cifrado AES-256-GCM.
• Bloqueo automático: cuando la app pasa a segundo plano desde una pantalla protegida, el área de padres se bloquea automáticamente y al regresar se solicita nuevamente el PIN. Esto impide que un menor acceda al área de padres simplemente retomando el dispositivo.
• Protección contra capturas de pantalla: las pantallas protegidas (informes, tareas, códigos, familia, ajustes) están marcadas con FLAG_SECURE de Android, que impide capturas de pantalla, grabación de pantalla y oculta los contenidos en la pantalla de Recientes del dispositivo.
• El menor no puede crear grupos, invitar miembros ni acceder a configuraciones de red.
• No utilizamos publicidad comportamental ni SDKs de terceros orientados a la perfilación.
• Los datos en Firestore no contienen información identificativa directa del menor.
• La App no contiene contenidos inapropiados ni enlaces externos. Las suscripciones Premium (mensual €2,99 / anual €14,99) están disponibles como compras dentro de la app opcionales; cada flujo de compra está protegido por una verificación matemática parental (estilo Khan Academy) para evitar compras accidentales por parte del menor, conforme a los requisitos de Google Play Designed for Families.

Responsabilidad del padre/madre/tutor: al instalar y configurar la App, el padre/madre/tutor expresa su consentimiento al tratamiento de los datos técnicos descritos en esta política en nombre del menor.

8. Transferencia internacional de datos

Los servicios Firebase (Google LLC) operan sobre infraestructuras globales con servidores primarios en Estados Unidos y Europa. La transferencia de datos a Estados Unidos está cubierta por el EU–US Data Privacy Framework (DPF), al que Google LLC se adhiere (decisión de adecuación de la Comisión Europea del 10 de julio de 2023).

Para usuarios del Reino Unido, las transferencias están cubiertas por la UK Extension al EU–US Data Privacy Framework, bajo la cual Google LLC está certificada (reconocida por el Secretario de Estado del Reino Unido como garantía adecuada según el art. 46 UK GDPR).

Independientemente del lugar de almacenamiento, los datos sensibles de la función Familia están cifrados de extremo a extremo y no son legibles ni por el proveedor del servicio cloud ni por terceros.

Para más información: Google Data Processing Terms.

9. Conservación de los datos

Dato	Conservación
Datos locales en el dispositivo	Hasta la desinstalación de la App
Informes de tareas en Firestore	90 días desde la creación, luego eliminación automática
Deberes asignados en Firestore	90 días desde la creación, luego eliminación automática
Grupo familiar en Firestore	Hasta eliminación por parte del usuario; grupos inactivos eliminados automáticamente tras 365 días
UID anónimo de Firebase	Hasta revocación del consentimiento o eliminación de datos desde la app
Datos de Crashlytics	90 días (política de Google)
Token de atestación App Check	Validez ~1 hora, renovación automática, sin persistencia

10. Derechos del padre/madre/tutor

El padre/madre/tutor puede en cualquier momento:

• Acceso (Art. 15 RGPD): consultar los resultados en la sección Informes de la app y los datos del grupo en la sección Familia.
• Rectificación (Art. 16 RGPD): modificar el perfil y el avatar a través de la app.
• Supresión (Art. 17 RGPD): eliminar todos los datos (locales y cloud) desde la sección Familia → “Eliminar todos los datos”. Cuando un miembro abandona el grupo, sus informes se eliminan automáticamente del cloud.
• Limitación (Art. 18 RGPD): solicitar la limitación del tratamiento escribiendo a privacy@matematt.app.
• Portabilidad (Art. 20 RGPD): los informes de tareas pueden archivarse localmente en el dispositivo antes de abandonar el grupo.
• Oposición (Art. 21 RGPD): oponerse al tratamiento escribiendo a privacy@matematt.app.
• Revocación del consentimiento (Art. 7.3 RGPD): desactivar individualmente Crashlytics o la función Familia desde los Ajustes de la app, o eliminar todos los datos. La revocación no afecta a la licitud del tratamiento basado en el consentimiento previo a la revocación.

Reclamaciones ante la autoridad de control:

• Residentes en España: Agencia Española de Protección de Datos (AEPD), C/ Jorge Juan 6, 28001 Madrid — aepd.es
• Residentes en la UE: Garante per la Protezione dei Dati Personali — garanteprivacy.it
• Residentes en el Reino Unido: Information Commissioner's Office — ico.org.uk
• Residentes en EE.UU.: Federal Trade Commission — ftc.gov

Para todas las solicitudes: privacy@matematt.app — respondemos en un plazo de 30 días.

11. Seguridad

Seguridad en tránsito y en reposo: los datos transmitidos a Firebase están protegidos mediante conexiones TLS/HTTPS. Las reglas de seguridad de Firestore limitan el acceso a los dispositivos autenticados pertenecientes al mismo grupo familiar. Los datos sensibles locales están cifrados mediante EncryptedSharedPreferences (AES-256-GCM) con clave maestra en el Keystore hardware de Android.

Protección del área de padres: las secciones de padres pueden protegerse con un PIN parental de 4 dígitos (hash PBKDF2-HMAC-SHA256 con 100.000 iteraciones y salt aleatorio de 16 bytes), con recuperación mediante desafío matemático y limitación progresiva de intentos (bloqueo tras 3 intentos fallidos).

Bloqueo automático en segundo plano: cuando la app pasa a segundo plano mientras está activa una pantalla protegida, el área de padres se bloquea automáticamente. Al volver a primer plano, la app solicita nuevamente el PIN antes de mostrar cualquier contenido protegido.

Protección contra capturas de pantalla (FLAG_SECURE): las pantallas protegidas están marcadas con el flag FLAG_SECURE de Android, que impide la captura de pantalla, oculta el contenido en la pantalla de Recientes y bloquea la grabación de pantalla. El flag está activo solo en las pantallas del área de padres.

Registros en producción: todas las llamadas de registro (android.util.Log) se eliminan automáticamente en las builds de producción mediante ProGuard/R8.

12. Conformidad normativa

Esta política ha sido redactada de conformidad con:

• RGPD (Reg. UE 2016/679) — Art. 5 (principios), Art. 6 (bases jurídicas), Art. 8 (consentimiento de menores), Art. 13/14 (información), Art. 17 (supresión), Art. 25 (privacidad desde el diseño), Art. 28 (encargado del tratamiento)
• LOPDGDD (Ley Orgánica 3/2018) — Art. 7 (consentimiento de menores)
• COPPA (15 U.S.C. §§ 6501-6506; 16 CFR Part 312) — Children's Online Privacy Protection Act
• UK Age Appropriate Design Code (Children's Code) — principios de minimización, transparencia y best interests of the child
• UK Data Protection Act 2018 y UK GDPR

13. Modificaciones de esta política

En caso de modificaciones sustanciales de esta política, actualizaremos la fecha de revisión en la parte superior del documento. Si la modificación requiere un nuevo consentimiento, la app mostrará nuevamente la pantalla de consentimiento al usuario.

14. Contacto

Para cualquier consulta relativa a la privacidad o para ejercer los derechos del § 10:

Política en línea: https://matematt.app/privacy.html
Correo electrónico: privacy@matematt.app
Asunto: “Privacidad MateMatt”
Desarrollador: Davide Sironi, Italy (EU)