Monte Carlo ("the App") is a strategy game developed and published by Enigfy ("we," "our," or "us"). This Privacy Policy explains what information the App collects, how it is used, and your rights as a user.
We take your privacy seriously. Monte Carlo does not require an account, does not collect personal data, and does not use advertising or analytics SDKs. The App communicates with an Enigfy-operated game server only when you use the Versus multiplayer mode, and only to facilitate gameplay — never for tracking, profiling, or advertising.
This policy covers the three components of Monte Carlo: the iOS app (the "Alex" client), the game server operated by Enigfy, and the browser-based companion page (the "Bob" client) that an opponent uses to join a Versus match without installing anything. The server is a Ruby on Rails application hosted on Render.com in the United States, with a PostgreSQL database managed by Render. This policy is accessible within the App (via the Help screen) and at www.enigfy.com, as required by Apple's App Store Review Guidelines (Guideline 5.1).
The following information is saved on your device only, using Apple's standard UserDefaults storage. It is never transmitted to Enigfy or any third party unless explicitly noted in section 4.
Monte Carlo uses three local counters to manage free-trial limits and purchase gating. These are simple integer values stored on your device:
advancedGamesUsed) — Counts the number of Solo games completed in 2-Star (colour-hint) mode. After 10 free games, a paywall is shown offering the Pro upgrade. This counter is never sent to the server.versusTrialCount) — Counts the number of Versus multiplayer sessions you have created. After 6 free sessions, a paywall is shown offering the Versus subscription. Stored locally on your device and additionally synced to Apple's iCloud Key-Value Store so it survives app reinstalls and device transfers (see section 3.8). This counter is never sent to the Enigfy server.cheatBalance) — The number of Casino Pack games remaining. Stored locally on your device and additionally synced to Apple's iCloud Key-Value Store so it survives app reinstalls and device transfers (see section 3.8). Decremented by one on the first Casino activation per Versus session. This counter is never sent to the Enigfy server.You may set a custom display name (default: "- -"). This name is sent to the server when you create a Versus session (see section 4.1) so that your opponent's web browser can display it instead of a generic label. The server stores it alongside the game session for the duration of the session. No real name is required — you can use any text or leave the default.
Transaction.currentEntitlements. No subscription details are persisted locally beyond an active/inactive flag and the expiration date.A list of total-game milestones at which the Pro upgrade sheet has already been shown (to avoid showing it repeatedly at the same milestone). Contains only integer values.
Monte Carlo does not store or access any of the following:
The Casino balance and Versus trial count (sections 3.2) are synced to Apple's iCloud Key-Value Store using your Apple ID's iCloud account. This allows both values to survive app reinstalls and transfer between your devices signed into the same Apple ID. The synced values are two integers (the remaining Casino game count and the number of Versus sessions created). No other App data is synced to iCloud. This sync is handled entirely by Apple's iCloud infrastructure; the data is not sent to Enigfy's server. Apple's handling of iCloud data is governed by Apple's Privacy Policy.
When you use Versus mode (two-player multiplayer), the App communicates with an Enigfy-operated game server over HTTPS and WebSocket (WSS). The server is a Ruby on Rails 8 API hosted on Render.com (Standard plan) in the United States, backed by a PostgreSQL database that Render manages. Apart from the lightweight server health check described in section 4.7 below, no server communication occurs during Solo mode.
When you create a Versus session, the App sends:
The server returns:
For the lifetime of a session, the server stores a single database row containing only: the invite code, the four column heights, whose turn it is, the game status, the two authentication tokens, your display name, a count of live WebSocket subscribers, and Casino-mode flags. It stores no identifier linking this row to your Apple ID, your device, or any other Monte Carlo game you have played or will play in the future. Session rows are never aggregated, exported, or used for analytics.
The server acts as a relay between the two players. All gameplay data sent by the App is forwarded (broadcast) by the server to your opponent's web browser, and vice versa. The data exchanged during a game consists of:
None of this data contains personal information — it is purely game state (board positions, turn order, visual effect flags) authenticated by randomly generated session tokens.
Casino mode is an optional visual enhancement for Versus games (animated column pedestals + haptic feedback showing the winning move).
The Render platform that hosts the server produces standard web-server access logs which may include the IP address of incoming requests. These logs are used only for infrastructure operations, debugging, and abuse prevention. They are never joined to session rows, display names, or gameplay, and they are not used for analytics, profiling, advertising, or geolocation. Authentication tokens are redacted from the Rails application log by the framework's standard parameter filter.
Game session data (board state, invite code, tokens, display name, Casino toggle state) exists on the server only for the duration of the game session. Sessions are not associated with any user account or persistent identifier. There is no user registration, no login, and no way to link sessions played at different times to the same person.
A scheduled cleanup job deletes every game session row older than 24 hours, regardless of whether the game finished, was abandoned, or was never started. After deletion the invite code, tokens, display name, and board state are no longer retrievable through any Enigfy-operated interface. The managed-PostgreSQL backups that Render retains for disaster recovery are the only residual copy and are used solely for infrastructure resilience — not for analytics, profiling, or any secondary purpose.
Your opponent joins Versus mode by scanning a QR code (or opening an invite link) which points to a single HTML page served directly by the Enigfy game server from the same Render.com host. This page — the Bob client — is self-contained: no third-party scripts, no fonts or images loaded from content-delivery networks, no cookies, no localStorage or sessionStorage, no analytics, no advertising code.
The invite code and a randomly generated session token are passed to the page through the URL's query string (for example, ?code=ABCD1234&token=…). The page reads those values into memory, uses them to authenticate with the Enigfy server over HTTPS and WebSocket, and renders the live game state. Because the token appears in the URL, it may be retained in the opponent's browser history; however, it is valid only for that single session and becomes inert at most 24 hours later when the session row is deleted (section 4.5). Closing the tab ends the opponent's participation; nothing is written to the browser's persistent storage.
Bob's client communicates only with the Enigfy server — never with any third party. From the server's perspective, it is handled identically to the iOS app: only moves, session tokens, and WebSocket routing data are received, and all of the guarantees in sections 4.1–4.5 apply.
Each time the App is launched or returns to the foreground, it sends a single lightweight HTTPS GET request to the server's health-check endpoint (/up). This request wakes the server from idle sleep (the hosting provider suspends idle instances) and triggers routine cleanup of stale game sessions. The request contains no authentication token, no user identifier, and no payload — it is an anonymous HTTP GET. The server responds with a simple 200 OK status.
When you open the Versus setup screen, the App also sends a single anonymous GET request to the server's root URL (/) to pre-warm the web page that your opponent will load when scanning the QR code. This request likewise contains no token, no identifier, and no payload.
Both requests are subject to the same standard Render platform access logs described in section 4.5 (IP address only, used for operations and abuse prevention, never joined to session data).
Monte Carlo offers three optional In-App Purchase products, all processed entirely by Apple through the App Store:
| Product | Type | What it unlocks |
|---|---|---|
| Monte Carlo Pro | One-time (non-consumable) | Unlimited 2-Star colour hints in Solo mode |
| Versus | 3-month auto-renewable subscription | Unlimited Versus multiplayer sessions beyond the free trial |
| Casino Pack | Consumable (20 games) | Casino mode visual effects in Versus games |
Enigfy does not receive, process, or store any payment card details or billing information. Apple handles all payment processing.
When you complete a purchase, Apple passes a verified transaction receipt to the App. The App reads this receipt to confirm the purchase status:
Transaction.currentEntitlements at runtime — no subscription details are persisted beyond active/inactive and expiration date.No Apple ID information is retained by the App or the server.
For information on how Apple handles payment data, please refer to Apple's Privacy Policy.
Monte Carlo does not integrate any third-party analytics, advertising, crash reporting, or social networking SDKs. No personal data is shared with or transmitted to any third party by the App.
The frameworks used are:
No other third-party code is included. Monte Carlo does not use any AI or machine-learning services, and no user data is shared with any third-party AI system.
When you download, install, or make a purchase within Monte Carlo, Apple may collect certain information as part of operating the App Store — for example, purchase history associated with your Apple ID, or crash logs submitted via Apple's opt-in diagnostics programme. This data is collected and controlled by Apple, not by Enigfy. Please refer to Apple's Privacy Policy for details.
Apple requires all apps to submit a Privacy Details declaration in App Store Connect, which appears on the App's product page. Monte Carlo's declaration reflects the contents of this policy:
If there is any discrepancy between the App Store privacy label and this policy, this policy controls and we will update the label promptly.
Monte Carlo does not knowingly collect any personal information from any user, including children. The App does not require account registration and collects no personal data.
The applicable minimum age for digital consent varies by jurisdiction — for example, 13 under the United States' COPPA, and 13–16 under the European Union's GDPR (depending on the member state). Regardless of age, no personal data is collected by this App, so no age-based consent is required. Parental controls and family-sharing settings are managed through Apple's Screen Time and Family Sharing features in iOS Settings.
All locally stored data (preferences, counters, statistics) lives exclusively on your device and is entirely under your control.
On-device data is retained indefinitely until you delete it. You can remove all App data at any time by:
Game session data on the server is transient and not linked to any user account or persistent identifier. A scheduled cleanup job removes every session row older than 24 hours (section 4.4). Rails' standard parameter filter redacts authentication tokens from application logs; Render's platform-level access logs may contain IP addresses but are used only for operations and abuse prevention (section 4.3). Managed-PostgreSQL backups retained by Render for disaster recovery are the only residual copy and are not used for analytics, profiling, or any secondary purpose.
If you would like to delete an in-progress session before the 24-hour window expires, email info@enigfy.com with the invite code and we will remove the row manually.
Monte Carlo does not collect personal data. No consent to data collection is sought or required. There is accordingly no consent to revoke.
Standard data-subject rights — including the right of access, rectification, portability, and erasure — are satisfied automatically: the only data that exists on your device is under your control via the deletion methods in section 10.1. Server-side rights are addressed in the server privacy policy.
If you have any questions or concerns about privacy, please contact us at info@enigfy.com. We will respond within 30 days.
Monte Carlo is available worldwide through the Apple App Store. The game server — and the web page served to Versus opponents — is hosted on Render.com in the United States, using Render's managed PostgreSQL service, also located in the United States. When you use Versus mode, game session data (board moves, display name, session tokens) is transmitted to this infrastructure. No personal data as defined by applicable privacy laws is transmitted — session tokens are randomly generated and not linked to any individual.
Users in the European Economic Area (EEA) and the United Kingdom are covered by this policy. The data transmitted during Versus gameplay (board state, randomly generated tokens) does not constitute personal data within the meaning of the EU General Data Protection Regulation (GDPR) or the UK GDPR, as it cannot be used to identify a natural person.
Users in Switzerland are similarly covered under the Swiss Federal Act on Data Protection (revDSG).
Users in California and other US jurisdictions with state privacy laws (including the California Consumer Privacy Act, CCPA) are equally covered. Monte Carlo does not collect, sell, share, or disclose personal information as defined by those laws.
In compliance with Apple's Privacy Manifest requirements (effective May 2024), Monte Carlo includes a PrivacyInfo.xcprivacy file that declares the App's use of Apple's UserDefaults API (category NSPrivacyAccessedAPICategoryUserDefaults, reason code CA92.1 — data directly tied to app functionality). The App also uses Apple's iCloud Key-Value Store (NSUbiquitousKeyValueStore) to sync the Casino balance and Versus trial count (section 3.8); this is covered by the same iCloud entitlement. No personal data types are declared as collected because no personal data is collected.
We may update this Privacy Policy from time to time. When we do, we will revise the "Effective Date" at the top of this page. For material changes, we will also update the App Store listing. We encourage you to review this policy periodically. Continued use of the App after any changes constitutes acceptance of the updated policy.
If you have any questions about this Privacy Policy or the App's data practices, please contact us: