Welcome to Lucky Coins ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application. By using Lucky Coins, you agree to the collection and use of information in accordance with this policy.
📌 This policy applies to all users of the Lucky Coins app on Android (Google Play) and any associated web services.
1. Information We Collect
1.1 Information You Provide Directly
Account Information: Username, account name (or email address), and password when you register or log in.
Profile Information: Any information you voluntarily add to your user profile.
Payment and Financial Information: Bank card number (last 4 digits stored only), cardholder name, card expiry date, and CVV (processed in transit only, never stored on our servers). Full card details are transmitted securely for withdrawal processing purposes only.
Feedback and Communications: Any messages, questions, or feedback you submit through our in-app message/feedback feature.
1.2 Information Collected Automatically
Device Information: Device type, operating system version, unique device identifiers (Android ID, GAID/Advertising ID), hardware model, and mobile network information.
Usage Data: Tasks viewed, tasks completed, time spent on tasks, feature usage patterns, session duration, and in-app navigation history.
Log Data: IP address, access times, app crashes, and diagnostic information.
Location Data: Approximate location derived from IP address. We do not collect precise GPS location.
1.3 Information from Third Parties
Analytics Providers: Aggregated analytics data from Firebase Analytics and AppsFlyer regarding your app usage and attribution.
Attribution Data: Information about which advertising campaign or referral source led you to install the app, provided by AppsFlyer.
1.4 Android Permissions We Use
Our app requests the following Android permissions. We use them only for the stated purposes:
INTERNET, ACCESS_NETWORK_STATE, ACCESS_WIFI_STATE, CHANGE_NETWORK_STATE, CHANGE_WIFI_STATE: Required for network connectivity and to load tasks, process withdrawals, and sync data.
READ_PHONE_STATE: Used by our analytics SDKs (Firebase, AppsFlyer) to obtain device identifiers for attribution and crash reporting. We do not collect call logs, phone numbers, or any call-related data.
AD_ID (Advertising ID): Used for marketing attribution via AppsFlyer. You can opt out or reset it in device Settings → Google → Ads.
WAKE_LOCK, VIBRATE: Used to keep the app responsive during tasks and for haptic feedback. No personal data is collected.
1.5 Data We Do NOT Collect
To be fully transparent, we do not collect the following:
Precise GPS or location data
Camera or microphone data
SMS, call logs, or contacts
Photos, videos, or other media from your device storage
Calendar or health data
2. How We Use Your Information
We use the information we collect for the following purposes:
Account Management: To create, maintain, and authenticate your account.
Service Delivery: To display available tasks, track your progress, calculate and credit earned gold coins, and process withdrawal requests.
Personalization: To recommend relevant tasks and customize your in-app experience.
Analytics & Improvement: To understand how users interact with the app, identify bugs, and improve features and performance via Firebase Analytics.
Marketing Attribution: To measure the effectiveness of our advertising campaigns and understand which channels drive installs, via AppsFlyer.
Security & Fraud Prevention: To detect and prevent fraudulent activity, unauthorized access, and abuse of the rewards system.
Customer Support: To respond to your inquiries and feedback submitted through the app.
Legal Compliance: To comply with applicable laws, regulations, and legal processes.
Push Notifications: To send you task updates and reward notifications (you can opt out in device settings).
3. Information Sharing and Disclosure
We do not sell your personal information. We may share information only in the following limited circumstances:
Service Providers: With trusted third-party vendors who assist us in operating our app (hosting, analytics, payment processing), under strict data processing agreements.
Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your personal information becomes subject to a different privacy policy.
Legal Requirements: When required by law, subpoena, or other legal process, or to protect our rights, property, or safety, or the rights, property, or safety of others.
Aggregated / Anonymized Data: We may share aggregated, non-personally identifiable statistics about user behavior for research or business purposes.
⚠️ We never share your raw financial information (full card number, CVV) with third parties other than the payment processor required to execute your withdrawal.
4. Third-Party Services
Lucky Coins integrates the following third-party SDKs. Each operates under its own privacy policy:
🔥 Firebase (Google LLC)
Operated by Google LLC
We use Firebase for the following services: Firebase Analytics (user behavior tracking, event logging), Firebase Crashlytics (crash reporting and diagnostics), and Firebase Cloud Messaging (FCM) (push notifications). Firebase may collect device identifiers, IP addresses, app usage events, and crash logs. Data is processed by Google in accordance with Google's Privacy Policy.
We use AppsFlyer for mobile attribution and marketing analytics. AppsFlyer helps us understand which advertising campaigns or channels led to app installs and measures in-app events (such as task completions and registrations) to evaluate campaign performance. AppsFlyer may collect device identifiers (GAID/IDFA), IP address, install source, and in-app event data. You can opt out of AppsFlyer data collection via their opt-out mechanism.
When you use the in-app browser to complete tasks (e.g., playing a game or visiting a website), the destination website may independently collect your data according to its own privacy policy. Lucky Coins is not responsible for the privacy practices of these third-party websites or services. We recommend reviewing the privacy policy of any external site you visit.
4.1 Advertising ID
Our app accesses the Android Advertising ID (GAID) for the purpose of marketing attribution via AppsFlyer. You can reset your Advertising ID or opt out of personalized advertising at any time through your device's Google Settings → Ads.
5. Financial Information & Payment Data
When you add a bank card for withdrawal purposes, we collect:
Cardholder full name
Card number (transmitted securely; we store only the last 4 digits for display)
Card expiry date
CVV/CVC (used only during the transaction and never stored)
🔒 All financial data is transmitted using industry-standard TLS 1.2+ encryption. CVV codes are never stored on our servers at any time.
Card data is processed solely for the purpose of executing your requested withdrawal. We do not use your payment information for any other purpose, including advertising or profiling.
6. Data Retention
We retain your personal information for as long as your account is active or as needed to provide you services. Specifically:
Account data: Retained while your account is active and for up to 90 days after account deletion, then permanently deleted.
Transaction history: Retained for up to 3 years for financial record-keeping and fraud prevention.
Analytics data: Retained by Firebase for up to 14 months (configurable). AppsFlyer retains attribution data for up to 7 years unless you opt out.
Financial card data: Full card data is never stored. The last 4 digits and card brand are retained as long as the card is linked to your account.
Log data: Retained for up to 90 days.
You may request deletion of your account and associated personal data at any time by contacting us at the email below.
7. Data Security
We implement appropriate technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction, including:
TLS/SSL encryption for all data in transit
Encrypted storage for sensitive account data at rest
Access controls limiting employee access to personal data on a need-to-know basis
Regular security assessments and monitoring
Firebase App Check to protect our backend resources from unauthorized access
However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.
8. Your Rights and Choices
Depending on your location, you may have the following rights regarding your personal information:
Access: Request a copy of the personal data we hold about you.
Correction: Request correction of inaccurate or incomplete data.
Deletion: Request deletion of your personal data and account ("right to be forgotten").
Portability: Request a machine-readable export of your personal data.
Opt-Out of Analytics: Disable Firebase Analytics data collection by toggling analytics sharing in your device settings, or by contacting us.
Opt-Out of AppsFlyer: Visit appsflyer.com/optout or reset your Advertising ID in device settings.
Push Notifications: You can disable push notifications at any time through your device's notification settings.
Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing prior to withdrawal.
To exercise any of these rights, please contact us using the information in Section 12. We will respond within 30 days.
8.1 California Residents (CCPA)
California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know, the right to delete, and the right to opt-out of the "sale" of personal information. We do not sell personal information. To submit a CCPA request, contact us at the email below.
8.2 EEA / UK Residents (GDPR)
If you are in the European Economic Area or the United Kingdom, our legal bases for processing your personal data include: (a) contractual necessity (to provide our service), (b) legitimate interests (fraud prevention, analytics), and (c) your consent (for marketing and push notifications). You have the right to lodge a complaint with your local supervisory authority.
9. Children's Privacy
⚠️ Lucky Coins is not intended for children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children.
If you are a parent or guardian and believe that your child under 13 has provided us with personal information, please contact us immediately at the address below. We will take steps to delete such information from our systems promptly.
Our app does not target children and does not include content designed to appeal to children. Users must be at least 13 years of age (or the minimum legal age in their jurisdiction) to register and use Lucky Coins.
10. International Data Transfers
Lucky Coins is operated globally. Your information may be transferred to and processed in countries other than the country in which you reside. These countries may have data protection laws that differ from those in your country.
When we transfer personal data from the EEA, UK, or Switzerland to countries not deemed adequate by the European Commission, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission.
Firebase (Google) and AppsFlyer maintain their own international transfer mechanisms in compliance with applicable data protection laws. Please refer to their respective privacy policies for details.
11. Changes to This Privacy Policy
We reserve the right to update this Privacy Policy at any time. We will notify you of any material changes by:
Posting the new Privacy Policy in-app with a prominent notice
Updating the "Last Updated" date at the top of this page
Sending a push notification (if you have notifications enabled)
Your continued use of the app after any changes constitutes your acceptance of the new Privacy Policy. If you do not agree to the changes, you must stop using the app and may request deletion of your account.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: