Privacy Policy — Highrise Heist
Privacy Policy
Highrise Heist ("we", "the game") respects your privacy. This policy explains what data we collect, how we use it, and your rights.
1. Data we collect
Account data (optional): username, email, password hash. Game data: statistics, rating, replays, achievements. Technical data: IP address, user-agent, session ID. Analytics: Yandex Metrika (page views, session duration, device type). Crash reporting: Sentry (error stack traces; masked session replay only on errors and only with your consent). Mobile app only: advertising identifier via Google AdMob. You can play without registration.
2. Cookies and tracking
Essential cookies: authentication (JWT token) and preferences (theme, language, sound) — always on. On the web, analytics load only after you accept the cookie banner: Yandex Metrika by Yandex LLC (opt out: https://yandex.com/support/metrica/general/opt-out.html) and our own event analytics. Basic error monitoring (Sentry) runs on a legitimate-interest basis to keep the app stable — minimal technical data (error stack traces, URL, device/browser), no personal identifiers and no session recording; Sentry’s masked session-replay-on-error is enabled only if you accept. You can withdraw analytics consent anytime by choosing Reject on the cookie banner. The cookie banner applies to the website only. In the mobile app there are no web cookies; instead Google AdMob shows ads and may use your advertising identifier — on iOS you are asked through the system App Tracking Transparency prompt, and on any device you can reset or limit ad tracking anytime in your OS settings.
3. Data retention
Account data: until you delete your account. Game replays: anonymized, stored indefinitely for AI training. Analytics events: 90 days. Error reports: 30 days. Server located in Russia.
4. Your rights (GDPR/CCPA)
Access: export all data as JSON (Profile → Account). Delete: permanently delete account and all data (Profile → Account). Rectify: change username or email. Withdraw consent: stop using the service. Lodge a complaint with a supervisory authority.
5. Children's privacy
We do not knowingly collect data from children under 13 (under 16 in the EU). Children can play without registration. If you believe a child provided personal data, contact us — we will delete it immediately.
6. Third parties
We do NOT sell personal data. Data is shared with: Yandex Metrika (usage analytics), Sentry (crash reporting — may be processed on servers in the EU/US), and, in the mobile app, Google AdMob (advertising — may collect the advertising identifier). No social trackers, no data brokers.
7. Security
Passwords hashed with bcrypt. HTTPS only. WebSocket validation. Rate limiting. No system is 100% secure.
8. Contact
Privacy questions: t.me/igor1000rr
Last updated: July 2026


