Brush Quest

Effective Date: April 28, 2026

Publisher: AnemosGP LLC, doing business as Brush Quest
Address: 2108 N St, Ste N, Sacramento, CA 95816
Email: support@brushquest.app

The short version (for busy parents)

No ads. Zero advertising SDKs. No ads of any kind, ever.
No data selling. We never sell, rent, or trade your child's information with anyone.
No behavioral tracking. No advertising IDs, no profiling, no location tracking.
No account required. The app works fully offline. Cloud backup is optional and parent-controlled.
Camera stays off. If a parent turns it on, it detects motion only — no images are stored or sent anywhere.
You're in control. Delete all data from the app's Settings at any time.

Brush Quest is a toothbrushing game for children ages 6–8, built by a dad for his own kids and shared with other families. We designed it to be the kind of app we'd want on our own children's devices — safe, simple, and private by default.

This policy explains what data we handle, how we protect it, and your rights as a parent. It complies with the Children's Online Privacy Protection Act (COPPA), including the 2025 amendments, the California Consumer Privacy Act (CCPA/CPRA), and Google Play's Families Policy.

1. What We Collect

Game Progress (stored on your device)

Brush Quest saves gameplay data locally using your device's built-in storage (SharedPreferences) so your child's progress is kept between sessions:

Brush count, brushing history (dates only), and streak data
Stars earned, unlocked heroes and weapons
Settings preferences (timer duration, sound, camera toggle)

This data never leaves the device unless a parent opts in to cloud backup.

Cloud Backup (optional, parent-controlled)

A parent may choose to sign in to back up game progress to the cloud. On Android, sign-in is via Google. On iOS, sign-in is via Google or Apple (Sign in with Apple). This is entirely optional — the app works fully without it. Cloud backup is behind a parental gate (math verification) and requires the parent to tap "I Consent" before any data leaves the device.

When cloud backup is enabled, we store:

Parent's email address — to identify the cloud save account
Parent's display name — shown in Settings so you know which account is connected
Firebase UID — a unique identifier assigned by Google to secure your cloud save
Game progress data — the same brushing history, stars, and unlocks stored locally

No profile photos, contacts, or other Google account data is accessed. The child's name and age are never collected. Cloud data is stored in Google Cloud Firestore (US region) under strict security rules that ensure each user can only access their own data.

Camera (optional, off by default)

Brush Quest can use the front camera to detect brushing motion during gameplay. This feature is disabled by default and must be enabled by a parent in Settings (behind the parental gate).

Camera frames are processed entirely on the device in real time
Each frame is reduced to a small pixel grid and produces a single motion score — a number, not an image
No facial recognition, no biometrics, no identification of any kind
No images or video are ever stored, recorded, uploaded, or sent anywhere
The camera is only active during the brushing session and stops immediately when brushing ends

Crash Reports (Android only, automatic, anonymous)

On Android, the app includes Firebase Crashlytics, which automatically sends anonymous crash reports when the app encounters an error. On iOS, Crashlytics is removed from the app binary entirely (per Apple Kids Category requirements). These reports contain:

Device model and operating system version
Technical error details (stack traces)
App version number

Crash reports contain no personal information — no names, no email addresses, no gameplay data. They help us find and fix bugs.

Anonymous Usage Analytics (Android only, automatic)

On Android, the app uses Firebase Analytics, configured for child-directed treatment under COPPA, to understand how the app is used in aggregate. This helps us improve the brushing experience for all families. On iOS, Firebase Analytics is removed from the app binary entirely (per Apple Kids Category requirements).

Events like brush session completion, onboarding progress, and feature usage
No advertising IDs are collected (explicitly disabled in code)
No ad personalization, remarketing, or profiling
Data is anonymous and aggregated — it cannot identify any individual child
Google processes this data as a service provider acting on our behalf — not as an independent third party
Google is contractually prohibited from using this data for its own commercial purposes
Firebase may use installation identifiers solely for internal operations as permitted under COPPA (16 CFR 312.5(c)(7))

2. What We Don't Collect

Brush Quest does not collect any of the following:

Children's names, ages, or birthdates
Location data (no GPS, no IP-based geolocation, no approximate location)
Contacts, phone numbers, or messages
Photos, videos, or audio recordings (camera motion detection produces a number, not an image)
Advertising IDs or any identifiers used for ad targeting
Browsing history or activity outside the app
Purchase or financial information (there are no in-app purchases)

We do not use any advertising SDKs, social media integrations, or third-party behavioral tracking tools. We do not share children's data with third parties for commercial, advertising, or AI training purposes.

3. How We Use the Data We Collect

Data	Purpose
Local game progress	Save your child's brushing streaks, unlocked heroes, and settings so they persist between sessions
Cloud backup data	Let parents back up and restore game progress across devices or after reinstalling the app
Parent's email and name	Identify the cloud save account and display it in Settings
Camera motion score	Adjust in-game attack frequency based on brushing movement during gameplay
Crash reports	Find and fix bugs to keep the app working reliably
Usage analytics	Understand how the app is used in aggregate so we can improve it for all families

We do not use any collected data for advertising, profiling, or any purpose other than operating and improving Brush Quest.

4. How We Protect Your Data

Data	Where Stored	Protection
Game progress	On your device	Protected by your device's lock screen and built-in encryption
Cloud backup	Google Cloud Firestore (US)	Encrypted in transit (TLS) and at rest. Security rules ensure each user can only read/write their own data
Crash reports	Google Firebase (US)	Anonymous — no personal data included. Protected by Google infrastructure security
Analytics	Google Firebase (US)	Anonymous, child-directed mode. No advertising IDs. Cannot identify individuals
Camera frames	Not stored anywhere	Processed in device memory only, discarded immediately after producing a motion score

Data Security Practices

In compliance with COPPA (16 CFR 312.8), we maintain reasonable procedures to protect the confidentiality, security, and integrity of children's personal information, including:

Designated personnel responsible for data protection
Risk assessment for internal and external threats to children's data
Encryption in transit and at rest for all cloud-stored data
Firestore security rules that enforce per-user data isolation
Annual review and updates to our security practices

5. Third-Party Services

Brush Quest uses a small number of third-party services to operate. These are the only third parties that process any data:

Service	Platform	Purpose	What It Processes
Firebase Authentication	Android & iOS	Optional Google Sign-In for cloud backup	Parent's email address, display name, and UID
Sign in with Apple	iOS only	Optional Apple sign-in for cloud backup	Parent's Apple identifier and (if shared) email. Apple's "Hide my Email" relay is supported
Cloud Firestore	Android & iOS	Cloud backup storage (optional)	Game progress data (brushing history, stars, unlocks)
Firebase Crashlytics	Android only	Automatic crash reporting	Device info and error details (anonymous, no personal data)
Firebase Analytics	Android only	Anonymous usage understanding	Aggregated app events. No ad IDs. Child-directed mode enabled

All third-party services act as service providers under our direction. They process data on our behalf and are contractually prohibited from using it for their own independent commercial purposes. No children's personal information is shared with third parties for advertising, profiling, or sale.

On iOS, Firebase Crashlytics and Firebase Analytics are removed from the app binary entirely via build-time framework exclusion, in compliance with Apple's Kids Category guidelines. This means iOS users cannot have crash reports or analytics events sent on their behalf even if a future bug were to attempt it.

Google's privacy policy: policies.google.com/privacy
Apple's privacy policy: apple.com/legal/privacy

6. Children's Privacy (COPPA Compliance)

Brush Quest is designed for children ages 6–8 and fully complies with the Children's Online Privacy Protection Act (COPPA), including the 2025 amendments (16 CFR Part 312).

How we protect children

We do not collect personal information directly from children
The app works fully offline with no account, no sign-in, and no personal data collection
All optional data collection features (cloud backup, camera) require a parent to enable them
The camera is disabled by default and produces only a motion score — not biometric data
Children cannot make their information publicly available
We never condition a child's participation in the app on disclosing more data than necessary
There are no social features, no chat, no user-generated content, and no links to external websites within the app
There are no in-app purchases

Parental consent

We obtain verifiable parental consent before collecting any personal information:

Parental gate: The Settings screen (where cloud backup and camera options live) is protected by a math verification problem designed to prevent unsupervised child access
Consent dialog: Before enabling cloud backup, a clear dialog explains what data will be stored, where it will be stored, and links to this privacy policy. The parent must actively tap "I Consent" to proceed
Camera notice: Before enabling motion detection, a notice explains how it works and confirms no images are stored

Anonymous crash reports and usage analytics are collected under COPPA's internal operations exception (16 CFR 312.5(c)(7)) — they support the app's internal operations and do not involve collecting personal information from children.

Your rights as a parent

Under COPPA, you have the right to:

Review your child's information — Game progress is visible on the home screen and in Settings. Cloud data is accessible by signing in to your Google account. You can also email us for a complete summary
Delete all data — Use "Delete child's data" in the app's Settings to erase all local data and all cloud data simultaneously. You can also request deletion by email
Refuse further collection — Sign out of Google to stop cloud syncing. Disable the camera in Settings. The app continues to work fully offline with no data collection
Withdraw consent — You can withdraw consent at any time by signing out and/or deleting data. We will not penalize your child's experience — the app works the same with or without cloud backup

We respond to all parental requests within 30 days. Email us at support@brushquest.app.

7. Mobile App Store Family Policies

Google Play Designed for Families

Brush Quest participates in Google Play's Designed for Families program and complies with the Families Policy requirements:

The app is appropriate for children ages 6–8
All content is suitable for the target age group
The app does not contain ads
The app does not use advertising IDs or commercial profiling
APIs and SDKs used are approved for child-directed services
The app does not include social features, user-generated content, or links to external content not managed by the developer
This privacy policy is linked in the Google Play Store listing and within the app

Apple App Store Kids Category

On iOS, Brush Quest is submitted to Apple's Kids Category (Ages 6–8 band) and complies with the App Store Review Guidelines (sections 1.3, 5.1, and 5.2):

The app does not include any third-party advertising or third-party analytics SDKs in the iOS app binary. Firebase Analytics and Firebase Crashlytics are stripped from iOS builds via Pod-level framework exclusion at compile time
Sign in with Apple is offered alongside Google Sign-In on iOS, as required when a third-party login service is provided
All settings, sign-in flows, account-creation paths, and account-deletion paths are gated behind a math-verification parental gate
The App Tracking Transparency framework is not used — no IDFA is requested and no tracking permission prompt is shown to children
This privacy policy is reachable from inside the app via the Settings screen, in addition to being linked from the App Store listing
Account deletion can be performed entirely in-app from Settings — no email or external request required (Guideline 5.1.1(v) compliance). For Apple sign-in users, the Apple refresh token is revoked server-side on deletion via Apple's auth/revoke endpoint

8. California Privacy Rights (CCPA/CPRA)

AnemosGP LLC is a California company. While we may not meet current CCPA revenue thresholds, we voluntarily provide these disclosures for transparency.

Categories of personal information collected in the past 12 months

Identifiers: Parent's email address, display name, and Firebase UID (cloud backup only, with explicit consent)
Internet/electronic activity: Anonymous crash reports and app usage events

We do not collect: children's names or ages, geolocation, financial information, biometric data, browsing history, or protected classifications.

Your California rights

Right to know — Request what personal information we've collected about you
Right to delete — Request deletion of your personal information (in-app via Settings, or by email)
Right to correct — Request correction of inaccurate personal information
Right to opt-out of sale/sharing — We do not sell or share personal information as defined by the CCPA. There is nothing to opt out of
Right to non-discrimination — We will not treat you differently for exercising your privacy rights

To exercise any right, email support@brushquest.app. We will verify your identity and respond within 45 days.

9. How Long We Keep Data

Data	Retention Period
Local game progress	Until the app is uninstalled or you delete it in Settings
Cloud backup (Firestore)	While your account is active. Automatically deleted after 12 months of inactivity
Parent email and name	While cloud backup is active. Deleted when you sign out or delete data
Crash reports	90 days (Firebase Crashlytics default)
Usage analytics	14 months (Firebase Analytics default)
Camera frames	Not retained — processed in device memory and discarded immediately

You can delete all cloud data at any time using "Delete child's data" in the app's Settings, or by emailing support@brushquest.app. We process email deletion requests within 30 days.

We retain children's personal information only as long as reasonably necessary to fulfill the purpose for which it was collected, in accordance with COPPA (16 CFR 312.10).

10. Changes to This Policy

If we make material changes to this privacy policy, we will:

Update the effective date at the top of this page
Describe what changed in a summary below the date
Notify parents through the app's update notes on the Google Play Store and Apple App Store

Changes in this version (April 28, 2026)

Added Sign in with Apple as an iOS-only third-party service
Clarified that Firebase Analytics and Firebase Crashlytics are present on Android only and are removed from the iOS app binary at build time
Added Apple App Store Kids Category compliance section
Updated target age range to 6–8 to align with the App Store Kids age band
Updated contact email to support@brushquest.app (was jim@anemosgp.com)

If a change affects how we handle children's personal information, we will obtain new verifiable parental consent before applying the change. We encourage parents to review this policy periodically.

11. Governing Law

This policy is governed by the laws of the State of California and applicable federal law, including COPPA (16 CFR Part 312). Any disputes arising from this policy will be subject to the jurisdiction of the courts in Sacramento County, California.

12. Contact Us

Have questions about this policy? Want to review or delete your child's data? We're happy to help.

AnemosGP LLC (Brush Quest)
2108 N St, Ste N, Sacramento, CA 95816
support@brushquest.app

We aim to respond to all inquiries within 30 days. For urgent data deletion requests, we will process them as quickly as possible.