GDPR & Privacy Rights

App: Mailbox Hopper
Developer: Enes Aktaş
Contact: enesaktash25@gmail.com
Last updated: May 17, 2026

This page explains your rights under the General Data Protection Regulation (GDPR) (EU 2016/679) and how Mailbox Hopper complies with them. If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, these rights apply to you.

1. Data Controller

The data controller responsible for your personal data is:

2. Data We Process

Mailbox Hopper does not collect personal data directly. However, three third-party services (all operated by Google LLC) process limited data automatically:

Service Data Collected Purpose Legal Basis (GDPR Art. 6)
Google AdMob Advertising ID (AAID/IDFA), coarse location, device info, IP address (discarded after use), ad interaction events Displaying ads to support free distribution; frequency capping and personalization Consent (Art. 6(1)(a)) for personalized ads; Legitimate interest (Art. 6(1)(f)) for non-personalized ads and fraud prevention
Firebase Analytics Pseudonymous app-usage events, session duration, device model, OS version, country/region Understanding how players use the game; improving gameplay Legitimate interest (Art. 6(1)(f))
Firebase Crashlytics Crash logs, stack traces, device state (model, OS, memory, language, last score), random installation UUID Detecting and fixing technical errors Legitimate interest (Art. 6(1)(f))

Note on personalized advertising: When personalized ads are shown, this constitutes profiling under GDPR Art. 4(4). You can withdraw consent at any time via your device's OS-level advertising controls (see Section 5: Right to Object).

No special category data: We do not process health data, biometric data, racial or ethnic origin, political opinions, or any other special-category data under GDPR Art. 9.

3. Data Retention

After these periods, data is automatically deleted by Google.

4. International Data Transfers

Firebase services are operated by Google LLC, headquartered in the United States. Data collected by Firebase may be transferred to and processed in the United States or other countries outside the EEA.

Google relies on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure an adequate level of protection for these transfers, in accordance with GDPR Art. 46.

See Google's Data Processing Terms for details.

5. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

Right of Access (Art. 15)

You have the right to request a copy of the personal data we hold about you.

Right to Rectification (Art. 16)

You have the right to request correction of inaccurate personal data.

Right to Erasure / "Right to be Forgotten" (Art. 17)

You have the right to request deletion of your personal data. Since crash and analytics data is pseudonymous and linked to a random installation ID (not your identity), please contact us with your device's installation UUID if known, or request a full deletion by email and we will instruct Google to delete the associated data.

Right to Restrict Processing (Art. 18)

You have the right to request that we restrict the processing of your data under certain circumstances.

Right to Data Portability (Art. 20)

You have the right to receive your personal data in a structured, machine-readable format.

Right to Object (Art. 21)

You have the right to object to processing based on legitimate interest, and to withdraw consent for personalized advertising. To opt out, reset or limit your device's advertising ID:

After opting out, you will still see ads in Mailbox Hopper (they support free distribution), but they will be generic/non-personalized.

Right to Lodge a Complaint (Art. 77)

You have the right to lodge a complaint with your local supervisory authority. If you are in the EU, you can find your authority at edpb.europa.eu.

6. How to Exercise Your Rights

To exercise any of the rights above, please contact us at:

Email: enesaktash25@gmail.com

We will respond to your request within 30 days as required by GDPR Art. 12.

7. KVKK – Turkish Data Protection Law

For users in Turkey, this App also complies with the Kişisel Verilerin Korunması Kanunu (KVKK) (Law No. 6698). Under KVKK, you have the same rights as described above, including the right to apply to the data controller and receive information about your data.

To exercise your KVKK rights, contact: enesaktash25@gmail.com

8. Changes to This Document

We may update this GDPR document from time to time. Changes will be reflected by updating the "Last updated" date above.