ABABA Italiano Public information
This Privacy Policy explains how ABABA, provided by Luca Foresti, handles data in the app, backend, and public website.
Last updated:
Luca Foresti is the developer of ABABA and the data controller for the processing described in this policy.
For privacy questions, data rights, or account deletion help, email support@ababa.app. For bug reports, email bugs@ababa.app.
ABABA is designed to work offline. The app stores solo progression, settings, stats, practice history, generated practice puzzles, daily challenge records, save slots, sync metadata, chat cache/outbox, and non-secret account state on your device.
Access and refresh credentials are stored through secure storage. Normal solo play does not require the backend to own minute-to-minute gameplay.
If you create or sign in to an account, ABABA stores your email address, display name, friend code, avatar color or image, password hash and salt when password login is used, Google identity link when Google sign-in is used, verification/reset records, sessions, timestamps, and related account status.
Passwords and reset/verification codes are not stored in plain text.
Cloud saves store game snapshot payloads linked to your account so you can restore or sync progress across devices.
Online features store the data needed to provide them, which may include daily leaderboard submissions, achievements, friendships, friend groups, chat threads, chat messages, message attachments, practice-lab shares and results, battle lobbies, battle invites, match state, battle results, and reconnect state.
In-app support tickets include your signed-in account email, selected reason, subject, message, session label, and optional JPEG attachments.
Public support uses email links to support@ababa.app and bugs@ababa.app. ABABA may send account emails such as verification codes, password reset links, welcome messages, ticket receipts, and account deletion confirmations.
If enabled, ABABA stores Android Firebase Cloud Messaging tokens linked to your account session so it can send battle or chat nudges. Invalid tokens may be disabled.
ABABA may request camera access for QR/friend flows and support screenshots, microphone access for voice chat attachments, notification permission for nudges, and file/photo picker access for attachments. These permissions are used only for the feature you choose to use.
The API records operational logs, request metadata, request ids, sync observations, group battle observations, and global matchmaking observations to operate, debug, secure, and improve the service.
ABABA does not include advertising SDKs, third-party ad tracking, subscriptions, or in-app purchases at launch, and does not sell personal data.
ABABA uses service providers where needed: Google sign-in for identity, Firebase Cloud Messaging for Android push notifications, an SMTP/email provider for account and support email, Cloudflare Pages for the public website, and a Hetzner-hosted API/Postgres backend for online features.
The public website may be served through Cloudflare infrastructure, and the API/Postgres backend is hosted through Hetzner. Depending on where you live, these providers may process data outside your country.
These providers are used only for the features and infrastructure they provide.
ABABA uses HTTPS, hashed secrets where appropriate, secure client credential storage, server-side rate limits, and database access controls to protect user data.
No method of storage or transmission is perfect, so you should keep your device and account credentials secure.
Local data stays on your device until you delete the app data, uninstall the app, or replace it through in-app restore flows.
Account-linked server data is kept while your account exists or while needed to provide the relevant feature. When you delete your account, ABABA deletes or de-identifies account-linked server data unless limited retention is needed for security, abuse prevention, legal obligations, or operational integrity.
You can use ABABA offline without an account for core solo play. You can request access, correction, export, deletion, objection, or restriction by contacting support.
You can delete your account from inside the app. If you cannot access the app, email support from the account email when possible.
ABABA is not directed to children. If you are under the age required by your country to manage your own account or consent to online services, use ABABA only with appropriate parent or guardian permission.
This policy may be updated as ABABA changes. Updates should be published on this page with a new effective date.