Privacy Policy
Bauman Games · Last updated: July 3, 2026
1. Who We Are
Bauman Games LLC ("Bauman Games," "we," or "us") operates mobile games and related services (each a "Service," together the "Services"). We are the data controller for personal information collected through the Services.
Contact: privacy@baumangames.com
2. Which Apps This Policy Covers
This Policy covers the following Bauman Games apps. The data practices of each are different — read the section that applies to the app you use.
2.1 Chimera TCG ("Chimera")
Chimera is an online collectible card game with accounts, cloud-synced inventory, multiplayer features, in-app purchases, and AI-generated card content. Sections 3 through 12 below describe Chimera's data practices in detail. When those sections refer to "the Service," they refer to Chimera.
2.2 Good Melon, Bad Melon
Good Melon, Bad Melon does not collect, transmit, or share any
personal data. It has no user accounts, no login, no analytics,
and no third-party tracking. A small amount of gameplay state
(the current screen, the per-round scores, and the all-time best
total) is stored locally on your device using the platform's
standard local-storage mechanism (AsyncStorage, backed by
SharedPreferences on Android and
NSUserDefaults on iOS) and never leaves the device.
The Android release build explicitly removes the
INTERNET and ACCESS_NETWORK_STATE
permissions from the application manifest, and the iOS privacy
manifest declares no data collection and no tracking.
Uninstalling the app removes all stored data.
Because Good Melon, Bad Melon collects no data, the data-handling sections below (3 through 7, plus 11) describe Chimera only and do not apply to Good Melon. Sections 1, 2, 8, 9, 10, 12, and 13 apply to all Bauman Games apps.
2.3 Mech Tide
Mech Tide does not collect, transmit, or share any personal
data. It has no user accounts, no login, no analytics, no
third-party tracking, and no server — gameplay runs entirely on
your device. A small amount of progression state (run progress,
unlocked upgrades, and the permanent skill tree) is stored
locally in your browser's localStorage and never
leaves the device. Clearing your browser data removes all
stored progress.
Because Mech Tide collects no data, the data-handling sections below (3 through 7, plus 11) describe Chimera only and do not apply to Mech Tide. Sections 1, 2, 8, 9, 10, 12, and 13 apply to all Bauman Games apps.
2.4 Voltaic
Voltaic is a single-player slide-to-connect puzzle game. It has no user accounts, no login, no cloud sync, and no server — every puzzle is generated and solved on your device. Voltaic does use a small amount of privacy-respecting, opt-out analytics, described below.
Local storage. Your daily-puzzle progress, streaks,
settings, and unlocked cosmetics are stored locally — in your
browser's localStorage on the web, or the platform's
standard local store on native — and never leave your device.
Clearing your browser data (or uninstalling the app) removes all
stored progress.
Analytics. Voltaic sends anonymous product-analytics events (for example: app opens, puzzles started and solved, and which features are used) to PostHog (US Cloud) to help us understand how the game is played and improve it. These events include a randomly generated, anonymous identifier and basic technical information such as browser/device type, operating-system version, and app version. They are not tied to your real-world identity, and we do not use them for advertising or cross-app tracking. You can turn analytics off at any time in the game's Settings under "Share usage analytics"; while it is off, no analytics events are sent.
Purchases. Voltaic offers optional in-app purchases — a Tip Jar and cosmetic "Patron" items. Purchases are processed by the Apple App Store (and Google Play on Android). We receive a receipt confirming that a purchase occurred and what was purchased; we do not receive your payment-card details. Cosmetic items are unlocked directly by purchase — there are no random-outcome ("loot box") mechanics.
What Voltaic does not collect: no real name, email, address, phone number, or government ID; no payment-card details; no precise location; no contacts, photos, microphone, or camera data (Voltaic requests none of these permissions); and no advertising identifiers (Voltaic shows no ads and does no ad tracking).
Because Voltaic has no accounts and no server, the Chimera-specific data sections below (3 through 7, plus 11) do not apply to it — its data handling is fully described above. Its only third-party recipients are PostHog (analytics) and the Apple App Store / Google Play (purchase processing; they are independent controllers for purchase data, and their privacy terms apply). Sections 1, 2, 8, 9, 10, 12, and 13 apply to Voltaic. Because Voltaic stores no personal data on a server, the access and deletion rights in Section 10 are exercised by clearing your local browser/app storage and toggling analytics off in Settings.
3. What We Collect
3.1 Information You Provide
- Display name (optional) for marketplace listings and leaderboards.
- Email address (optional) — only if you choose to back up your account for cross-device recovery. We use it solely to send a one-time sign-in code and to restore your account on a new device. We do not use it for marketing, and we do not share it with third parties for their own purposes.
- Content reports you submit through the in-app reporting flow.
- Support communications when you email us.
3.2 Information Collected Automatically
- Anonymous user identifier generated at first launch (a server-generated UUID) used to associate your inventory, currencies, and progression with your account.
- Gameplay events required to operate the Service (matches played, packs opened, splices attempted, marketplace transactions).
- Device information such as device model, operating system version, and app version, for diagnostic and analytics purposes.
- Crash logs and performance metrics, which may include stack traces and memory state at the time of a crash.
- Analytics events such as screen views, feature usage frequency, and session duration, collected to understand how the Service is used and to improve it. These events are associated with your anonymous user identifier, not with your real-world identity.
- If you enable notifications, a push notification token provided by Firebase Cloud Messaging (Google), used only to deliver notifications such as friend requests and battle invitations. You can turn notifications off at any time in your device settings.
3.3 In-App Purchase Information
Purchases are processed by the Apple App Store and Google Play. We receive a receipt confirming a purchase occurred and what was purchased; we do not receive your payment card information.
3.4 What We Do NOT Collect
- Real name, address, phone number, or government ID.
- Payment card details.
- Precise location data (we do not request location permissions).
- Contacts, photos, microphone, or camera data (no permissions requested).
- Advertising identifiers (we do not use ad tracking or run third-party advertising).
4. How We Use Your Information
- To run the Service — your inventory, progression, and in-game economy.
- To operate matchmaking and leaderboards.
- To detect, prevent, and respond to abuse, cheating, or violations of our Terms.
- To review and moderate game content to ensure it meets our standards and platform-store policies.
- To diagnose crashes and improve the Service.
- To analyze usage patterns and improve game features and user experience.
- To respond to your support requests and content reports.
5. AI-Generated Content
Some features of the Service generate text and images using AI models hosted by third-party providers. Our servers send requests to these providers containing only game data — card names, traits, environments, and sizes. No personal information about you is included in these requests.
We retain a moderation log of these generations to comply with app-store content-moderation requirements. The log includes only the generated content and your anonymous user identifier.
6. Who We Share Data With
We share information only with the service providers that help us operate the Service:
- Supabase — database, authentication, storage, and server hosting. Supabase processes your anonymous user identifier, gameplay data, and account information on our behalf.
- Apple / Google — payment processing for in-app purchases. Apple and Google are independent data controllers for purchase data; their respective privacy terms apply.
- PostHog (US Cloud) — product analytics events including anonymous user identifier, device model, OS version, and feature usage. Used to understand how the Service is used and to improve it.
- Firebase Crashlytics (Google) — crash reports including device model, OS version, and stack traces. Used to diagnose and fix bugs.
- Firebase Cloud Messaging (Google) — a device push token, used solely to deliver notifications you have enabled (such as friend requests and battle invitations). Not used for tracking.
We do not sell personal information. We do not share data with advertisers. We do not use your data for cross-app tracking.
7. Data Retention
We retain account and gameplay data for as long as your account is active. Account data includes any backup email address you provided; deleting your account removes it. If you request deletion (see Section 10), we will delete or anonymize your account data within 30 days, except where we are required to retain it (for example, tax records of in-app purchases for the period required by law, or data necessary to comply with a legal obligation or resolve disputes).
8. Data Security
We protect your data with industry-standard measures, including encryption in transit (TLS), server-authoritative game state to prevent client tampering, and row-level security on our database. No system is perfectly secure, but we work to protect your information.
9. Children's Privacy
Chimera is not directed to children under 13 (or the applicable age in your jurisdiction). We do not knowingly collect personal information from children under 13. If you believe a child under 13 has used Chimera, please contact us at privacy@baumangames.com and we will delete the associated data promptly.
Good Melon, Bad Melon collects no personal information from any user, including children, so no parental notice or consent is required.
Voltaic is not directed to children under 13 and collects only anonymous, opt-out usage analytics, never personal information. We do not knowingly use it to collect personal information from children under 13.
10. Your Rights
10.1 Chimera (account data)
Chimera is the only Bauman Games app with an account and personal data stored on our servers, so these request-based options apply to Chimera. You may request access to, correction of, or deletion of your Chimera account data at any time. Three paths are available:
- Inside the app: Profile → Danger Zone → Delete Account. Deletes immediately.
- From the web (no app install required): submit our account deletion form. Processed within 30 days.
- By email: privacy@baumangames.com. Processed within 30 days.
The other apps — Good Melon, Bad Melon, Mech Tide, and Voltaic — have no accounts and store no personal data on our servers; everything lives on your own device. There is nothing for us to delete on request, so you remove that data by clearing the app/browser storage or uninstalling. (Voltaic's only collection is anonymous, opt-out usage analytics — turn it off any time in the game's Settings under "Share usage analytics.")
10.2 California Residents (CCPA / CPRA)
California residents have the right to know what personal information we have collected, to request its deletion, to correct inaccurate information, and to opt out of any sale or sharing of personal information. In practice the only personal information we hold is Chimera account data — the other apps collect none. We do not sell or share personal information as defined by the CCPA. To exercise these rights, contact us at the address above.
10.3 European Economic Area / UK (GDPR)
Residents of the EEA or UK have rights of access, rectification, erasure, restriction, portability, and objection under the GDPR. To exercise these rights, contact us at the address above. Our lawful basis for processing is the performance of the contract you enter into when you accept the Terms, plus our legitimate interest in operating and securing the Service.
10.4 Other Jurisdictions
If you reside in a jurisdiction with data protection laws granting you specific rights regarding your personal information, we will honor those rights to the extent required by applicable law. Contact us at the address above.
11. Random-Outcome Probability Disclosure
Certain features of the Service involve random outcomes (such as card packs). The probability of receiving each rarity tier is disclosed within the Service prior to purchase, in compliance with Apple App Store and Google Play policies. These probabilities are not altered based on a player's spending history.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above and, for material changes, provide notice within the Service. Your continued use of the Service after such notice constitutes acceptance of the updated policy. If you do not agree, please stop using the Service.
13. Contact
Privacy questions or data requests: privacy@baumangames.com