Privacy Policy

Introduction

Bible Run — Joseph’s Escape (“the App”) is developed by Betabox Labs LLC, a Florida limited liability company (“Betabox,” “we,” “us,” “our”). The App is intended for general audiences, including players age 9 and older, and is appropriate for family play. This Privacy Policy explains how we collect, use, and protect information when you use the App.

If you have questions about this policy, contact us at privacy@betaboxlabs.dev. We reply within 48 hours.

Information We Collect

Firebase Analytics. We use Firebase Analytics to measure gameplay sessions, level progress, and performance. By default we collect non-personalized event data only. In regions where the ePrivacy Directive or comparable law requires consent for SDK access to device identifiers, we request that consent via the Google User Messaging Platform (UMP) before Analytics operates with any device identifier.

Firebase Crashlytics. We use Crashlytics to diagnose crashes. It collects device model, operating system version, app version, and stack traces. No name, email, or account identifier is attached.

Firebase Remote Config. We use Remote Config to deliver configuration values (difficulty tuning, feature flags). Remote Config does not collect per-user data.

Firebase Cloud Messaging (FCM). If you accept push notifications, we use FCM to send occasional gameplay reminders (for example, daily challenge availability). FCM processes a device token that identifies your installation. You can disable push notifications in your device settings at any time.

Sentry. We use Sentry as a secondary crash and error reporting service. Sentry receives device model, OS version, app version, stack traces, and event breadcrumbs. Sentry may also receive the IP address of the device at the time of the error report. Sentry is contractually bound as our data processor.

Game Center / Google Play Games. If you opt in to Apple Game Center (iOS) or Google Play Games (Android), your username and score submissions are processed by Apple and Google respectively. Sign-in is optional and can be skipped.

Apart from the optional account and social information described in the “Accounts and Sign-In” and “Friends and Social Features” sections below, we do not collect your phone number, precise location, photos, or microphone data, and we never upload your contacts.

Accounts and Sign-In

You can play the entire base game without an account. Creating a free account is optional and is required only to subscribe to Bible Run Pro or to use the social features described below.

Firebase Authentication. When you choose to sign in, we use Firebase Authentication to create and secure your account. Depending on the method you select, we receive and store a display name and an email address:

• Sign in with Apple— Apple provides your name and an email address. You may use Apple’s “Hide My Email” relay so your real address is never shared with us.
• Sign in with Google— Google provides your name and the email address on your Google account.
• Email and password— you provide an email address and a password. Passwords are handled and stored by Firebase Authentication; we never see your plain-text password.

Before you sign in, gameplay is tied to an anonymous device identifier. When you create an account, we link that anonymous progress to your new account so your scrolls, scores, and progress carry over. You can request deletion of your account and its data at any time using the methods in the “Your Rights” section.

Friends and Social Features

Bible Run Pro includes optional social features — ghost races and live race lobbies — that let you compete with friends. These features are available only to subscribers and only after you sign in.

Friend codes. Each subscriber is assigned a short friend code. When you add a friend by code or accept a friend request, we store the resulting connection, your chosen display name, and your game scores in Google Cloud Firestore so they can be shown to the people you connect with.

Ghost races.A “ghost” is a compact recording of a run (your inputs and score) that friends can race against. Ghost recordings are stored in Cloud Storage for Firebase and are deleted automatically after a limited retention period.

Live race lobbies. When you join a live lobby, your display name and in-race score are shared in real time with the other players in that lobby for the duration of the race.

Contact matching stays on your device. If you choose to find friends from your contacts, the matching happens locally on your device. We do not upload, transmit, or store your address book, and contact entries that are not already Bible Run players are never sent to our servers.

Advertising

Non-personalized by default. We serve non-personalized ads through Google AdMob. Non-personalized ads use contextual signals (country, language, content category) and do not rely on a profile of you.

Personalized ads only after consent.In regions where consent is required (EEA, UK, Switzerland, California, and other opt-in jurisdictions), we present the Google UMP consent form. Personalized ads are served only if you grant explicit consent. You can change your choice at any time from the app’s settings.

Apple App Tracking Transparency.On iOS, we present Apple’s ATT prompt before any SDK is allowed to track you across apps and websites. If you decline, ads remain non-personalized regardless of UMP consent.

Content controls. We block 13 sensitive ad categories at the AdMob account level and cap all ad content ratings at G (General). See our Family-Safe Commitment for the full list.

In-App Purchases

The App offers optional in-app purchases (for example, “Remove Ads,” which also unlocks premium continuation credits). Transactions are processed by Apple App Store (iOS) or Google Play Billing (Android) and are subject to each platform’s terms. Betabox does not receive, store, or have access to your payment card, bank account, or billing address information.

Subscriptions

Bible Run Pro is an optional auto-renewing subscription that unlocks ad-free play and the social features described above. Payment is charged to your Apple App Store or Google Play account at confirmation of purchase.

Auto-renewal. Your subscription renews automatically at the end of each billing period unless you cancel at least 24 hours before the period ends. Your account is charged for renewal within 24 hours before the end of the current period. You can manage or cancel your subscription in your Apple App Store or Google Play account settings; deleting the App does not cancel a subscription.

RevenueCat. We use RevenueCat to manage subscription entitlements and to confirm purchase status across your devices. RevenueCat receives your subscription identifiers, the store transaction, and an app-specific user identifier linked to your account. RevenueCat acts as our data processor. As with all purchases, Betabox never receives, stores, or has access to your payment card, bank account, or billing address.

Attribution and Referrals

Bible Run includes a “give a month, get a month” referral program that lets you invite friends with a personal link.

AppsFlyer.We use AppsFlyer to create referral and invite links and to attribute installs to the correct referrer. AppsFlyer processes device and event information — such as device model, operating system version, IP address, and a referral identifier — to match an install to the link that led to it. AppsFlyer acts as our data processor.

Advertising identifier and ATT.On iOS, accurate cross-device referral matching can use the device advertising identifier (IDFA). We request access only through Apple’s App Tracking Transparency prompt, and only if you allow it. If you decline, referrals still work using a manual invite code instead.

Data Retention

We retain Firebase Analytics event data for 14 months (Google’s default) before it is aggregated or deleted. Crashlytics data is retained for 90 days. Sentry event data is retained for 90 days. Push notification tokens are retained until you uninstall the App or disable notifications. Account, subscription, and social data — your display name, friend connections, and scores — are retained while your account is active and removed when you delete your account; ghost recordings are deleted automatically after a limited retention period.

International Data Transfers

The App processes data through Google (United States) and Sentry (United States or European Union, depending on routing). Where personal data of EEA, UK, or Swiss users is transferred outside those regions, transfers are made pursuant to the European Commission’s Standard Contractual Clauses and, where applicable, the EU–U.S. Data Privacy Framework.

Security

We do not operate our own servers for the App, so personal data stays on your device or with the processors named above. Those processors (Google, Apple, Sentry) encrypt data in transit using industry-standard TLS and at rest per their published security commitments.

Legal Bases (GDPR, UK GDPR, Swiss FADP)

Where the GDPR or UK GDPR applies, our lawful bases are:

• Consent for Firebase Analytics, Crashlytics, Cloud Messaging, Sentry, and personalized advertising where required by ePrivacy. You can withdraw consent at any time.
• Legitimate interest for fraud prevention and basic service operation.
• Performance of a contract for in-app purchases and core game functionality.

Your Rights

EEA / UK / Switzerland (GDPR / UK GDPR / FADP): access, rectification, erasure, restriction, portability, objection, and withdrawal of consent.

California (CCPA / CPRA): right to know, right to delete, right to correct, right to opt out of the sale and sharingof personal information, right to limit the use of sensitive personal information, and right to non-discrimination. We do not sell personal information. “Sharing” for cross-context behavioral advertising occurs only if you grant UMP consent for personalized ads.

Brazil (LGPD): access, correction, anonymization, portability, deletion, information about sharing, and revocation of consent.

Other U.S. states (Virginia, Colorado, Connecticut, Utah, Texas, and others with comprehensive privacy laws): rights substantially similar to the California list above.

To exercise any right, email privacy@betaboxlabs.dev. We respond within 48 hours and resolve verified requests within the statutory deadline (generally 30 days).

You can also submit a deletion request through our online deletion form. The form satisfies Google Play and Apple’s account-deletion requirements and we will process valid requests within 30 days.

Children’s Privacy

The App is rated 9+ and marketed as family-appropriate. Although it is not directed at children under 13 as a primary audience, we treat it as a mixed-audience product:

• We do not knowingly collect personal information from children under 13.
• We enable Google AdMob’s “tag for under age of consent” (TFUA) and “tag for child-directed treatment” (TFCD) signals where applicable, which restricts Google’s data collection for users identified as minors.
• All users receive non-personalized advertising by default regardless of region, until a consent step is completed.

Parents who believe their child has provided personal information may email privacy@betaboxlabs.dev and we will delete it.

Third-Party Services

• Google Firebase — Analytics, Crashlytics, Remote Config, Cloud Messaging, Authentication, Firestore, Cloud Storage
• Google AdMob — Advertising
• Google Play Billing — Android in-app purchases
• Google Play Games Services — Leaderboards and achievements (Android)
• Apple App Store — iOS in-app purchases
• Apple Game Center — Leaderboards and achievements (iOS)
• Sentry — Crash and error reporting
• RevenueCat — Subscription management
• AppsFlyer — Install attribution and referral links

Changes to This Policy

We will post updates on this page and revise the “Last updated” date. For material changes to data collection, we will notify you in-app before the change takes effect and, where required, obtain fresh consent.

Contact and Controller Information

Data controller: Betabox Labs LLC
Mailing address: 2875 S Orange Ave STE 500 #6705, ORLANDO, FL 32806
Privacy inquiries: privacy@betaboxlabs.dev