Contents
1. Controller
This Privacy Policy explains how Cozier, developed and published by ninko.dev, processes personal data when you use the Cozier mobile app, the related backend services, and the Cozier support pages.
The data controller within the meaning of the General Data Protection Regulation (GDPR) is ninko.dev. You can contact the controller at nincozy@gmail.com.
2. Data We Process
Cozier processes the following categories of data, depending on which features you use:
| Category | Examples | Why we process it |
|---|---|---|
| Account data | Email address, user ID, signup/login metadata | Account creation, login, authentication, account recovery, account deletion |
| Profile data | Username, four-digit discriminator, profile handle | Showing your identity to you and to friends inside Cozier |
| Drink library and sessions | Custom drinks, drink type, sprite, active or completed drink sessions, timestamps, duration, status | Providing the core Cozier experience, session history, and social session features |
| Social data | Friend requests, friendships, activity events, achievement unlocks | Friend search, friend requests, friend activity, and in-app social features |
| Notification data | Push notification token, platform, notification payload metadata | Sending friend request and drink-start notifications when enabled |
| Local app data | Local settings, cached drinks, local session state, locally deleted drink IDs | Keeping the app usable and responsive on your device, including offline fallback |
| Advertising data | Advertising identifiers, device information, approximate location derived from IP address, ad interactions, consent choices | Showing and measuring ads through Google AdMob, subject to your consent where required |
| Technical data | IP address, device type, operating system, app version, security logs | Security, fraud prevention, troubleshooting, and reliable operation of the service |
Cozier does not intentionally collect:
- Precise GPS location
- Payment card information
- Microphone or camera access
- Your phone contacts or calendar data
- Special category data under Article 9 GDPR, unless you voluntarily put such data into text fields not designed for it
3. Legal Bases Under GDPR
We process personal data only where a legal basis applies:
| Purpose | Legal basis |
|---|---|
| Creating and managing your account, syncing app data, providing friend and session features | Contract performance, Art. 6(1)(b) GDPR |
| Security, abuse prevention, troubleshooting, maintaining reliable backend operation | Legitimate interests, Art. 6(1)(f) GDPR |
| Push notifications | Your consent and device permission, Art. 6(1)(a) GDPR |
| Personalized ads, ad measurement, cookies or similar local storage for ads where required | Your consent, Art. 6(1)(a) GDPR and ePrivacy rules |
| Non-personalized ads, fraud prevention, ad delivery where legally permitted | Consent where required, otherwise legitimate interests, Art. 6(1)(f) GDPR |
| Compliance with legal obligations and responding to lawful requests | Legal obligation, Art. 6(1)(c) GDPR |
4. Backend Hosting
Cozier uses a backend for authentication, database storage, realtime features, server-side functions, and app APIs. Backend data for Cozier is processed and stored on a self-hosted server in Germany.
Data transmitted between the app and the backend is protected in transit. Access to backend data is restricted by authentication, database access rules, and server-side functions where administrative privileges are required.
Cozier's own backend data is not transferred to countries outside Germany for hosting or storage.
5. Advertising with Google AdMob
Cozier uses Google AdMob to display ads inside the app. Google and its advertising partners process data such as advertising identifiers, device information, approximate location derived from IP address, app interactions, ad views, and ad clicks to deliver, limit, personalize, and measure ads.
For users in the European Economic Area, the United Kingdom, and Switzerland, Cozier requests consent through a Google-certified consent management platform where required before using personal data for personalized advertising or accessing local storage for advertising purposes. You can manage or withdraw your ad consent in the app.
If you do not consent to personalized ads, you can still see contextual or non-personalized ads where legally permitted. Google processes limited data needed for security, fraud prevention, frequency capping, aggregated ad reporting, and ad delivery.
Learn more about Google's advertising data practices: Google Advertising Privacy and Google EU User Consent Policy.
6. Retention & Deletion
Server-side account data is retained while your Cozier account exists. When you delete your account, Cozier deletes your user account and the database removes linked rows such as profile data, drinks, sessions, friend requests, friendships, activity events, achievements, and device tokens through cascade rules.
Some limited technical logs can remain for a short period where necessary for security, debugging, fraud prevention, or legal compliance. Local-only app data remains on your device until you uninstall Cozier or clear the app's storage.
Want to delete your Cozier account and server-side data?
Request Data Deletion7. Your GDPR Rights
If the GDPR applies to you, you have the following rights regarding your personal data:
You can exercise these rights by contacting nincozy@gmail.com. You also have the right to lodge a complaint with a competent data protection supervisory authority.
8. Changes
We update this Privacy Policy when Cozier changes, when providers change, or when legal requirements change. The latest version is available on this page. For material changes, we also notify you in the app or through the app store where appropriate.
9. Contact
Questions, privacy requests, or concerns can be sent to:
We aim to respond to privacy requests within the time limits required by GDPR.