Privacy Policy

1. Introduction

EnterStacks ("we," "our," or "us") is operated by STX TECH SRL and is committed to protecting your privacy. This Privacy Policy describes our practices related to the EnterStacks mobile application ("App") on iOS and Android, including how we collect, use, and protect your data when you sign in with Google and use our services.

By using the App, you consent to this policy. If you do not agree, please do not access or use the App.

2. Non-Custodial Wallet

EnterStacks is a non-custodial wallet application with a built-in game, in-game virtual currency with no cash or cryptocurrency value, and an ad-supported experience. This means for your wallet:

• We never have access to your private keys or seed phrases
• Your cryptographic keys are generated and stored locally on your device and backed up on your google drive account.
• We cannot recover your wallet if you lose access to your device or credentials
• You have full control and responsibility over your digital assets
• Transactions are broadcast directly to the blockchain without passing through our servers

3. Google Sign-In and Google Drive

The App uses Google Sign-In for authentication. When you sign in, we request the following OAuth scopes:

• openid, profile, email — to identify your account and display your name and profile picture within the App
• https://www.googleapis.com/auth/drive.appdata — to store and retrieve your encrypted wallet backup in a private, app-specific folder in your Google Drive that is not visible to you or other apps

What is stored in Google Drive:Your wallet recovery phrase (mnemonic) and wallet data are encrypted using PBKDF2 key derivation and AES-GCM encryption with a password you set. The encrypted backup is stored in Google Drive's appDataFolder — a sandboxed space only accessible to EnterStacks. We never have access to your unencrypted keys or recovery phrase.

Important: Your wallet encryption password is never transmitted to our servers. If you lose it, the backup cannot be decrypted and your wallet cannot be recovered.

Our use of information received from Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements.

4. Information We Collect

4.1 Information from Google Sign-In

• Google ID: A unique identifier from Google used to associate your account
• Name and profile picture: Displayed within the App as your identity
• Email address: Used to identify your account and for support communication

4.2 Information We Store on Our Servers

• Account data: Google ID, display name, profile photo URL, account creation date
• Game data: Points balance, daily streak, last streak completion date
• Referral data: Your unique referral code and referral relationships
• Consent records: Analytics consent, ads personalization consent, consent version and timestamp

4.3 Information We Do NOT Collect

• Private keys or seed phrases (these never leave your device unencrypted)
• Your wallet encryption password
• Precise geolocation data
• Contact lists or phone numbers
• Financial account or payment card information (all transactions occur on-chain)

3. App Tracking and Advertising Identifiers

On iOS devices, we comply with Apple's App Tracking Transparency (ATT) framework. We will request your permission before tracking your activity across other companies' apps and websites for certain advertising or analytics uses. You may grant or deny this permission at any time through your device settings.

If you deny tracking permission on iOS, we will not access your device's Identifier for Advertisers (IDFA) for cross-app/website tracking as described by Apple, and we will limit associated data sharing with ad partners accordingly.

On Android, advertising partners may use the Google Advertising ID (GAID) or similar device identifiers subject to your device and Google Play settings. You can reset or opt out of personalized ads in your Google account or device settings where available.

4. Advertising and Ad Partners

EnterStacks is ad-supported. We and our advertising partners may show ads (for example banner, interstitial, native, or video ads) and may offer optional ads that grant in-game virtual currency if you choose to engage. Ad partners may collect or receive identifiers and usage signals to deliver and measure ads, prevent fraud, and cap how often you see an ad.

Ad partners operate under their own privacy policies. We encourage you to review the privacy notices linked in the App or provided by your platform (Apple App Store, Google Play) for the SDKs we use.

In-game virtual currency has no cash value, is not a digital asset on a blockchain, and cannot be withdrawn as cryptocurrency or fiat.

5. Third-Party Services and Analytics

We may use third-party services that collect information to help us improve the App:

• Google Analytics / Firebase: For app analytics, crash reporting, and performance monitoring
• Google Sign-In: For authentication services
• Blockchain APIs: For querying blockchain data and broadcasting transactions
• Advertising and Mediation SDKs: Third-party ad networks and mediation platforms that serve and measure advertisements in the App

These services have their own privacy policies governing the use of your information. We encourage you to review their privacy policies. Links to relevant third-party privacy policies are available within the App.

Account Deletion

You may delete your account and all associated data at any time through either of the following:

• In the App:Settings → Delete Account
• On the web: enterstacks.com/delete-account
• By email: contact@enterstacks.com with subject "Account Deletion Request"

When you delete your account, the following happens in order:

1. Your encrypted wallet backup is deleted from your Google Drive's app-specific folder
2. Your account record and all associated data are deleted from our servers (game progress, points, streak, referral history, consent records)
3. Local app data is cleared from your device

Important: Blockchain transactions are immutable and remain on-chain regardless of account deletion. Your cryptocurrency assets remain accessible through your recovery phrase — ensure you have it saved before deleting your account. This action cannot be undone.

6. Links to Third-Party Websites

The App may contain links to third-party websites or services that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policy of every site you visit.

7. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy in the App
• Updating the "Last updated" date at the top of this page

Your continued use of the App after any changes indicates your acceptance of the updated Privacy Policy.

8. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

We will make every effort to resolve your concerns in a timely manner.