Google Play Console working draft
Data Safety Form - Mhele
Last updated: 25 June 2026
How To Use This Draft
This document is a Play Console data-safety working form for Mhele, package name com.kemlow.mhele. It is based on the current app behavior and should be reviewed before final Play Console submission.
Current Release Position
Data Type Review - Current Build
| Google Play Category | Current Answer | Mhele Notes |
|---|---|---|
| Location | Collected | Approximate location - the app does not request location permission or GPS, but Google AdMob and Analytics for Firebase derive coarse (city-level) location from the device IP address for ad serving and analytics. No precise location is collected. |
| Personal info | Collected | User IDs - the Google Play Games player ID (on sign-in) and a temporary Firebase anonymous player ID (during an online match), used to record achievements/scores and to associate online match events with a player in a room. Name - the chosen game name / nickname is shared with the opponent and passes through Firebase to run an online match (optional; not a real name). For online matches the app also shares a small self-set profile with the opponent: a cosmetic avatar emblem, a coarse country/region (derived from the device's language/region settings - not from GPS or any location permission; user-overridable), and the player's in-app level. Bluetooth match names stay on-device / pass only to the opponent. None sold; not shared with third parties. |
| Financial info | Collected | Purchase history - the app sells a Remove-Ads lifetime unlock, a VIP subscription (monthly or yearly), and consumable coin packs via Google Play Billing, so purchase status is processed to grant/restore entitlements and credit coins. In-app coins are a virtual currency with no real-world value and no cash-out. Payment card / bank details are handled entirely by Google Play and never seen or stored by the app. |
| Health and fitness | Not collected | No health or fitness features. |
| Messages | Not collected | The game has no chat feature exposed to players in this build, so no messages are collected. (A chat UI exists in the code but is not wired in.) If chat is enabled in a future release, declare "Messages - Other in-app messages". |
| Photos and videos | Not collected | The app does not request or upload user photos or videos. |
| Audio files | Not collected | The app does not request or upload user audio. |
| Files and docs | Not collected | The app does not request or upload user files or documents. |
| Calendar | Not collected | No calendar access. |
| Contacts | Not collected | No contacts access. |
| App activity | Collected | App interactions - online match events through Firebase; ad interactions (AdMob); and app-usage events collected by Google Analytics for Firebase (screens/features opened). Other actions - achievement unlocks and leaderboard scores sync to Google Play Games on sign-in. Local stats, match history, unlocks, and settings otherwise stay on the device. |
| Web browsing | Not collected | The app is not a browser and does not collect web history. |
| App info and performance | Not collected | No crash analytics or diagnostics SDK is active in the current build. |
| Device or other IDs | Collected | The advertising ID (Google AdMob, free version), a Firebase analytics/installation identifier, a temporary Firebase anonymous online-session ID, and identifiers used by Google Play services to deliver Play Games Services. |
Permissions Declaration Notes
| Permission | Purpose | Disclosure Wording |
|---|---|---|
android.permission.INTERNET |
Google Play Games Services (achievements / leaderboards) and Firebase online multiplayer. | Mhele uses internet access for optional Google Play Games achievements and leaderboards, and to synchronize online matches through Firebase. |
android.permission.BLUETOOTH_CONNECT |
Connect to nearby devices for Bluetooth multiplayer. | Mhele uses Bluetooth only for nearby game sessions between participating devices. |
android.permission.BLUETOOTH and android.permission.BLUETOOTH_ADMIN |
Compatibility support for older Android versions. | Used for nearby multiplayer support on supported Android versions. |
android.permission.POST_NOTIFICATIONS |
Show an optional on-device daily-reward reminder notification. | Mhele shows a local reminder to claim your daily reward. The reminder is generated on the device and sends no data off the device; it can be turned off in Settings. |
Online Multiplayer (Firebase) - Implemented
Online multiplayer is live in this build, powered by Firebase Realtime Database and Firebase Anonymous Authentication. The data types below are reflected in the "Current Release Position" and the data-type table above.
| Data Type | Collect? | Purpose | Required / Optional | Shared? |
|---|---|---|---|---|
| Personal info - Name & profile | Collected | The chosen game name / nickname plus a small cosmetic profile (avatar emblem, coarse country/region from device language settings, in-app level), shared with the opponent to run and personalise the match. During Quick Match the nickname + anonymous id + room code are briefly placed in a temporary matchmaking queue to pair players, then removed. | Optional; nickname can be any generic name (not a real name); the region is derived from device settings (not GPS) and is user-overridable. | No sale. Passes through Firebase only for match functionality. |
| App activity - App interactions | Collected | Moves, undo/takeback, rematch, resign, room and connection status needed to run the match. | Required for online multiplayer. | No sale. Firebase processing only. |
| Messages - Other in-app messages | Not collected | No chat feature is exposed to players in this build (the chat UI exists in code but is not wired in). | n/a - declare only if chat is enabled later. | n/a |
| Device or other IDs | Collected | Temporary Firebase anonymous session ID used to associate match events with a player in a room. | Required for online multiplayer session synchronization. | No sale. Firebase processing only. |
Google Play Games Services - Implemented
Google Play Games Services is now integrated (optional sign-in, achievements, leaderboards). This is reflected in the "Current Release Position" and the data-type table above:
- User ID declared - the Play Games player ID identifies the player for achievements/leaderboards.
- App activity (Other actions) declared - achievement unlocks and leaderboard scores are uploaded to Google.
- Device or other IDs declared - used by Google Play services to deliver Play Games Services.
- Deletion - players reset Play Games data via the Google Play Games app / Google Account, or request deletion via teraflopspeedapps@gmail.com.
- Provider - Google is the Play Games Services provider (collection on our behalf, not third-party sharing).
Still a future cloud-sync item: uploading local board/token unlocks, stats, and save data for cross-device restore. Update this form again if that is added.
Advertising, Analytics & Billing - Implemented
- Google AdMob (free version) - serves app-open, interstitial, rewarded, and native ads. Collects/shares the advertising ID, approximate location (IP-based), and ad interactions for the Advertising or marketing purpose. Removed entirely by the Premium / Remove-Ads purchase.
- Google Analytics for Firebase - app-usage analytics (App interactions, device/analytics identifier, coarse location) for the Analytics purpose. Not sold; not used to identify the player.
- Google Play Billing - a Remove-Ads lifetime unlock, a VIP subscription, and consumable coin packs. Purchase history (Financial info) is processed to grant/restore entitlements and credit coins; card/bank details are handled by Google Play and never seen by the app.
- Deletion - reset/limit ads via the device advertising-ID controls; analytics/billing data handled by Google; deletion requests via teraflopspeedapps@gmail.com.
- Consent (to do) - integrate the Google UMP / consent SDK before serving ads to EEA/UK users.
Submission Checklist
- Confirm online multiplayer (Firebase) is live and that the data-type declarations below include the online data, not just Play Games.
- Confirm the active SDKs are declared: Google AdMob (ads), Google Analytics for Firebase (analytics), Google Play Billing (purchases), Firebase Realtime Database/Auth (online play), Play Games. No crash-reporting SDK (Crashlytics) is included.
- Confirm the declared types: Personal info - User IDs & Name/profile (nickname + cosmetic avatar, in-app level, and a coarse country/region derived from device language settings, shared with the opponent; not from location services); Location - Approximate location (IP-based, via AdMob/Analytics only); Financial info - Purchase history (incl. VIP subscription + coin packs; coins have no cash-out); App activity - App interactions & Other actions; Device or other IDs (incl. advertising ID). No Messages (no chat feature is exposed).
- Set purposes per type: App functionality, Analytics, and Advertising or marketing. Mark "Shared" = Yes for the advertising data (AdMob); the rest is collection via Google service providers.
- Consent: integrate the Google UMP / consent SDK before serving ads to EEA/UK users, and confirm AdMob ad-content rating / families-policy settings.
- Confirm "Yes" to encrypted in transit and "Yes" to data deletion (with the policy URL).
- Confirm the privacy policy URL points to https://www.thekemlowcapital.com/mhelepolicy.html and that it describes the Play Games + Firebase online data and deletion.
- Confirm the Play Console contact email is active: teraflopspeedapps@gmail.com.
- Confirm Firebase online play uses anonymous auth, encrypted transit, participant-only security rules, and short room retention (rooms deleted at match end).