← Back to homepage

Privacy Policy

Last updated: 2026-06-19

Hot & Cold is operated by Lambda 7 Tech LLC (“we”, “us”). This policy explains what data the app may process, why we process it, and your choices.

1. Data we generally do not collect

2. Data stored on your device

The app stores gameplay state locally so your experience can resume between sessions, including progress, stats, display preferences, and a locally-generated identifier used for multiplayer presence.

You can wipe local data via Settings → Reset data → Reset everything, or by uninstalling the app. Note that this only affects local storage; for server-side data tied to a signed-in account, see §11.

3. Multiplayer (challenge rooms)

When you join or host a challenge room, the display name you choose and the gameplay data needed to run the match are processed by our backend. Challenge rooms are temporary and retained only as long as needed to operate active sessions.

4. Optional sign-in (Apple / Google)

Sign-in is optional and only required for the public leaderboard, cross-device stats sync, and reporting other players' display names. You can play Daily, Endless, and Challenge modes anonymously without signing in.

We use Apple's “Sign in with Apple” and Google Sign-In with the minimal scope needed to identify your account (the provider's “subject” identifier). We do not request your email address or your provider profile name. After sign-in we store on our backend:

Apple and Google receive standard authentication metadata (your IP address, the redirect to Hot & Cold, etc.) when you sign in. Their privacy policies apply to that exchange.

5. Display name and public leaderboard

The display name you set when signed in is shown publicly on the daily leaderboard and to opponents in challenge rooms. We display it together with a short tag derived from your account ID (for example, Cooper #A1B2) so two players with the same name aren't visually identical. The leaderboard also shows your score, guess count, whether you completed the puzzle, and (if any) a small supporter badge described in §14.

Anonymous players appear on the leaderboard as a generic Player #XXXX handle and can sign in later to claim their score for that day.

6. Reports and display-name moderation

Signed-in players can report another player's display name from the leaderboard. When you submit a report we store the report (your account ID, the target's account ID, the category you chose, a snapshot of the offending name at the time of report, and a timestamp) so we can act on it. Reports are visible to our moderators; they are not shown to other players.

When enough distinct reporters flag the same display name, we automatically hide that name on the leaderboard and replace it with the generic Player #XXXX handle. The affected player can recover by picking a new display name in the app.

Hidden names are also added to a permanent banlist so the same name (and trivial morphs of it) can never be reused on Hot & Cold. The banlist stores the offending name and a normalised form used for matching; it does not store who originally used the name.

7. Cloud-stored stats (signed-in players)

When you are signed in, your aggregate Daily-mode stats (games played, won, current streak, total score, etc.) are stored on our backend so they sync across devices that sign in to the same account. Anonymous play stays on your device only.

8. App content

The app may download and cache game content over HTTPS so features work reliably across sessions.

9. Daily mode

Daily mode uses our backend to run the puzzle and keep your progress consistent across sessions. The backend records anonymous gameplay (guess counts, hints used, time taken, final result) tied to a per-day identifier so we can build aggregate statistics and, for signed-in players, the public leaderboard described in §5.

10. Analytics and diagnostics

On the web (hotandcold.app and related pages, including the in-browser game at /play), we use Google Analytics 4 to understand aggregate usage. Google Analytics may collect standard web request metadata such as IP address (used to derive approximate, non-precise location), user agent, device and browser information, referrer, page path, and interaction events. It may set cookies or use local storage to operate. See Google's Privacy Policy and How Google Analytics handles data for details. You can opt out using the Google Analytics opt-out browser add-on or by blocking analytics cookies in your browser. The mobile app does not include an analytics SDK.

We may also collect diagnostic data to maintain reliability. If this changes materially, we will update this policy.

11. Your rights and account deletion

You can:

Two narrow exceptions apply on deletion: (a) entries on the display-name banlist (§6) are kept for ongoing moderation integrity, and (b) we may retain limited records required to comply with legal obligations.

12. Service providers

We rely on infrastructure, identity, hosting, and analytics providers to operate the Service. As with any internet service, providers may receive standard request metadata (for example IP address and user agent) in transit.

13. Children

Hot & Cold is suitable for general audiences and does not knowingly collect data from children under 13. If you believe a child has provided personal data via our Service, contact us and we will delete it.

14. Advertising

Web. On the web (hotandcold.app and the in-browser game at /play) we show ads served by Google AdSense.

Mobile app. The iOS and Android app includes an optional “Support the developer” rewarded video, served by Unity LevelPlay (ironSource) ad mediation. It is entirely voluntary — no part of the game is gated behind watching an ad, and the app shows no other ads. When you choose to watch, LevelPlay and its mediated ad networks may process device and advertising identifiers (such as Apple's IDFA / Google's Advertising ID), coarse device and network information, and ad interaction events to serve and measure the ad. On iOS we ask, via Apple's App Tracking Transparency prompt, before any cross-app advertising identifier is used; you can decline and still use the app (ads, if you choose to watch one, are then non-personalized). You can reset or limit your advertising identifier in your device settings (iOS: Settings → Privacy & Security → Tracking / Apple Advertising; Android: Settings → Privacy → Ads). See Unity's privacy policy for how LevelPlay handles this data.

If you watch a support ad while signed in, we increment a supporter count on your account. This is a cosmetic tally with no effect on gameplay or ranking. It is shown on your own menu and, for signed-in players, as a small badge next to your display name on the public leaderboard. Anonymous play keeps the count on your device only until you sign in.

Google and its ad partners may use cookies, device identifiers, and similar technologies to serve and measure ads, including to show ads based on your prior visits to this and other websites. Google may collect standard request metadata such as IP address (used to derive approximate, non-precise location), user agent, and the pages you view, and may combine it with data it holds. We do not share your account identity, display name, or gameplay data with advertisers.

For users in the European Economic Area, the United Kingdom, and Switzerland, we present a Google-certified consent message (a Consent Management Platform) before personalized ads are served, so you can grant or refuse consent for ad personalization. You can change your choice at any time via the privacy/consent control on the page.

You can manage or opt out of personalized advertising through Google My Ad Center, the controls at aboutads.info and youronlinechoices.eu, or by blocking ad cookies in your browser. See How Google uses cookies in advertising for details.

15. Changes

We may update this policy. Material changes will be reflected by an updated date at the top of this page.