Last updated: June 14, 2026
Coreshatter by Idle Flow Games ("we", "us") is an idle tower-defense game for mobile and web. This policy explains what data we collect, how we use it, and which third-party services are involved. Coreshatter has no required account; on Android you can optionally sign in to Google Play Games for cloud save and cross-device purchases (described below), but otherwise you do not give us your name, email, or any login.
Your entire game (currencies, upgrades, unlocked Cores and Glyphs, settings, and offline progress) is saved locally on your device using standard app/browser storage. Clearing the app's storage or uninstalling the app erases this local copy. We do not store your game save on our own servers.
On the Android app, you can optionally sign in to Google Play Games (Google). When you do, Coreshatter backs up your save to Google Play Games Saved Games so you can restore your progress after reinstalling or on a new device. This backup is held in your own Google account by Google's Saved Games service, not on our servers. Signing in also gives us your Play Games player identifier and display name: the display name is shown only on the in-game Settings screen, and the identifier is used to keep your in-app purchases and entitlements linked to you across devices (see below). Play Games sign-in is optional, you can decline and play entirely offline, and the web and iOS versions do not use Play Games. Google's handling of this data is covered by Google's Privacy Policy.
We use Firebase Analytics (Google) to collect anonymous gameplay events (such as runs played, waves reached, prestige milestones, and which features were used) so we can improve balance and content. This analytics is always on; there is no in-app opt-out toggle. The events contain no personally identifiable information beyond the standard Firebase install identifier.
To keep the game stable, we collect anonymous crash and error reports. On the Android and iOS apps this uses Firebase Crashlytics (Google); on the web build, errors are reported as anonymous analytics events. These reports include technical information such as the error message, stack trace, app version, platform, and operating system. Like analytics, this is always on. No personally identifiable information is collected.
Coreshatter offers optional in-app purchases, including a one-time "Remove Ads" upgrade and packs of in-game currency. Purchases are processed through your device's app store (Google Play or Apple App Store) and verified by RevenueCat, which receives an app-store user identifier (anonymous by default, or derived from your Google Play Games player identifier when you are signed in, so your purchases follow your account), your purchase receipt/token, your platform and country code, and the product identifier so it can confirm and restore your entitlements across your devices. We do not receive or store your payment card details or billing address; those stay with Google or Apple.
On the Android and iOS apps, Coreshatter offers optional rewarded video ads served by Google AdMob. You only ever see an ad if you choose to watch one for an in-game reward (for example, to double an offline payout). There are no banner ads and no forced interstitials, and an ad is never shown unless you tap to watch it. To serve and measure these ads, AdMob may access your device's advertising identifier; in the European Economic Area, UK, and Switzerland we show Google's consent (UMP) prompt first, and on iOS we ask permission through the system App Tracking Transparency prompt, and you can decline (ads still work, just non-personalized). See Google's Privacy Policy for how Google handles AdMob data. The web version does not show ads. The one-time "Remove Ads" purchase disables rewarded ads entirely.
We do not collect your email address, phone number, precise location, contacts, photos, or microphone audio. Apart from the optional Google Play Games sign-in described above, we have no accounts or login, and we never ask for your real name. We do not sell user data, and we do not use the advertising identifier to track or fingerprint you across other apps or websites.
Coreshatter uses the following third-party services:
Each service has its own privacy policy linked above. We only share the minimum data described in this policy with each service.
Your game save lives on your device, and you can erase it at any time by clearing the app's storage or uninstalling — that removes all on-device progress immediately.
Coreshatter has no traditional account, so there is no login or personal profile for us to delete. The data that lives off your device is: the anonymous, identifier-keyed telemetry described above (Firebase Analytics and Crashlytics records tied to a random Firebase install identifier, and RevenueCat purchase-verification records tied to your app-store or Play Games identifier); and, if you used Google Play Games cloud save, your save backup, which is held in your own Google account rather than by us.
Your Google Play Games cloud save is under your control: you can delete it at any time from the Google Play Games app (your Library, select Coreshatter, then delete the saved data), and it is also removed when you delete the game's Play Games data from your Google account.
To request deletion of the off-device data we hold, email us at [email protected] with the subject "Coreshatter data deletion request". We will delete the analytics and crash records associated with your device and ask RevenueCat to delete your purchase-linked records, and we will confirm within 30 days. Purchase and refund records that Google Play or Apple are legally required to retain for billing stay with those stores under their own policies.
Coreshatter is not directed at children under 13. We do not knowingly collect personal information from children. The anonymous data described above (gameplay events, crash reports) does not identify any individual user regardless of age.
We may update this policy when new features are added. Changes will be posted on this page with an updated date.
Questions about this policy? Contact us at [email protected].