Privacy policy
Last updated: July 18, 2026
This Privacy Policy explains how personal data is processed in connection with the HIJOFRUTA website and game app, in line with the GDPR and applicable Spanish data protection law (LOPDGDD), and where relevant the LSSI-CE.
2.1. Controller
- Controller: Zipizapp
- Privacy / contact email: info@zipizapp.com
2.2. Principles
- Data minimization: only what is needed to provide the service.
- Personal data is not sold.
- Data is used for the technical and gameplay operation of the service (auth, rooms, game state, virtual coins, basic support), not for commercial profiling beyond what is described here (including third-party ads in the app when enabled).
2.3. Data we may process
a) Account data (if you register)
- Email address
- Password (hashed by the auth provider; not stored in clear text by the controller)
- Display name
- Internal account ID and account creation date
b) Gameplay and progress
- Virtual coins/credits
- Match, room, turn and move data needed for multiplayer
- Basic technical game stats (e.g. daily ad-reward limits, if applicable)
c) Technical / device data
- Session identifiers and local game preferences on the device
- Minimal infrastructure logs (security, errors, availability)
d) Communications
- Content of voluntary contact emails (name, email, message)
e) Advertising data (if ads are shown)
Third-party ad networks (e.g. Google AdMob) may process advertising identifiers and technical data under their own policies.
We do not collect special-category data or real-money payment card data for in-game bets, because there is no real-money gambling.
2.4. Purposes
- Provide the game service (practice and multiplayer).
- Create and manage accounts and authentication.
- Operate rooms, matches and virtual coins (simulation only).
- Security, abuse prevention and service integrity.
- Handle contact/support requests.
- Comply with legal obligations when required.
- Show ads via external providers when enabled.
- Improve technical stability (diagnostics), without commercial exploitation beyond the service.
2.5. Legal bases
- Contract / pre-contractual steps (GDPR art. 6.1.b).
- Legitimate interest (art. 6.1.f) for security, abuse prevention and technical improvement.
- Consent (art. 6.1.a) where required (e.g. certain storage tech or personalized ads).
- Legal obligation (art. 6.1.c) when applicable.
2.6. Retention
Account data is kept while the account is active and for any additional period strictly needed for legal claims or obligations after deletion. Match data is kept as needed to operate multiplayer and may be deleted or anonymized periodically. Local preferences remain until cleared or the app is uninstalled. Contact messages are kept as needed to handle the request.
2.7. Recipients
Typical processors / providers may include:
- Auth, database and realtime infrastructure (e.g. Supabase or equivalent)
- Ad providers (e.g. AdMob) if ads are shown
- Hosting / cloud for the website or backends
- App stores (Google Play, Apple App Store) under their terms
Data is not sold or shared for unrelated third-party campaigns beyond what is needed for the technical and advertising operation described.
2.8. International transfers
Some providers may process data outside the EEA. Where required, appropriate GDPR safeguards (e.g. standard contractual clauses) will apply.
2.9. Your rights
You may exercise access, rectification, erasure, objection, restriction, portability and withdrawal of consent (where applicable) by emailing info@zipizapp.com with enough information to verify identity and locate your account. You may also lodge a complaint with the Spanish DPA (AEPD): https://www.aepd.es.
To request account deletion and associated data removal, see Delete account.
2.10. Security
Reasonable technical and organizational measures are applied. No system is 100% secure; users should also protect credentials and devices.
2.11. Cookies (website / landing)
The landing may use strictly necessary cookies. Analytics or third-party cookies, if enabled, will be disclosed and consented to as required. Native apps may use local storage and, if ads are present, platform ad SDKs.
2.12. Minors
The service is not knowingly directed at minors who cannot consent under applicable law. Guardians may request deletion at info@zipizapp.com.
2.13. No real-money payments
HIJOFRUTA does not process payments or card data for in-game bets because there is no real-money play. Any future non-betting digital purchases (e.g. remove ads via stores) would update this policy and would normally be handled by the stores themselves.
2.14. Changes
This policy may be updated. The published version with its update date applies.
2.15. Contact
Privacy questions: info@zipizapp.com