IFMachine
Privacy policy
IFMachine is an Android app for playing interactive-fiction games (Z-machine and Glulx story files) published by Guppy Interactive LLC ("we", "us"). This policy explains, in plain language, what data the app touches and what it does with it.
The short version: IFMachine contains no advertising, marketing, or behavioural-analytics SDKs. The current closed-testing (beta) build uses Sentry for crash and error reporting so we can diagnose issues testers encounter; what Sentry receives is described in §5. Otherwise, the app stores your game progress and settings on your device, optionally syncs your per-story content (saves, transcripts, maps, and game-managed sidecar files) to your own Google Drive if you turn that on, and contacts the Interactive Fiction Database (IFDB) only when you explicitly search for a game, view cover art, or download a story file.
If you want the long version, read on.
1. What we don't do
We do not operate any servers that collect data from IFMachine. We do not transmit any of the following to any server we operate, and the app does not include any third-party library that would transmit them on our behalf:
- Your name, contact details, phone number, or physical address
- Your physical or device location (the app requests no location permissions)
- Your device's advertising ID, IMEI, MAC address, or other hardware identifiers
- Continuous background analytics, usage telemetry, session data, screen-view tracking, or button-tap tracking sent in real time while the app is running (the short breadcrumb trail described in §5 is captured locally and sent to Sentry only when the app crashes)
- Any data for marketing, profiling, or behavioural advertising
The app does not include Firebase Analytics, Firebase Crashlytics, Google Analytics, AdMob, the Facebook SDK, Bugsnag, or any comparable behavioural-tracking library. Crash and error data the app does send (to Sentry, in the current closed-testing build) is described in §5.
Note that Android itself also collects basic crash and ANR (application-not-responding) telemetry for apps installed via Google Play; that data goes to Google as part of the Play platform under Google's own privacy terms, not under this policy.
The situations in which information does leave your device are described in §3 (optional Google Drive sync of your per-story content), §4 (optional IFDB lookups), §5 (Sentry crash reporting, always-on in the current closed-testing build), and §6 (problem reports you choose to send). §3 and §4 are off by default and require an explicit action by you; §6 happens only when you press Send on a report whose full contents are shown to you first. Section 2 lists what the app stores locally on your device — including the Google account name once you connect Drive sync, which is kept on-device so the Settings screen can show you which account is linked.
2. What is stored on your device
IFMachine stores the following on your device only (in the app's private storage area, not accessible to other apps):
- Game files you import or download (
.z3–.z8,.ulx,.zblorb, etc.) - Save files and autosaves generated as you play
- Library metadata — title, author, IFID identifier, import date, and the path to any cover art you selected
- Cover art images you select (either from Blorb resources embedded in the game file, or from IFDB via the cover-art picker)
- App settings — theme, font, map style, navigation panel position, etc.
- A debug log (
ifminput.log) — diagnostic markers and unimplemented opcode traces used for development. The log records game text shown to you and the commands you type into games. Because game commands are free-form text, the log can contain any personal information you happen to type into a game (for example a name, an email address, or a password-like string). The log stays in the app's private storage and never leaves your device unless you explicitly export it via the Debug tab or include it in a problem report you choose to send (§6). Exporting uses the Android share sheet, which lets you pick the destination (email, file save, messaging app, etc.); the log content goes wherever you send it. To remove the log, uninstall the app or clear app data in Android Settings. - An install identifier (UUID) — a random identifier generated once when you first install the app. It is used inside save files to distinguish your devices when resolving cloud sync conflicts. It is not tied to your name, account, or any external identity.
- Connected Google account name — only if you enable Drive sync in Settings — the Google account name (usually an email address) of the account you signed in with. It is stored locally so the Settings screen can display which account is currently connected. It is never sent to any server we operate; see §3 for how it is used by Google's own Drive authentication flow.
- Age-screen date of birth — only if you open the IFDB browser — the date of birth you enter at the age screen, plus a flag recording that you passed it. Stored locally and never transmitted; kept so you are not re-prompted and so the catalogue unlocks on its own once you turn 18. Used only to keep under-18 users out of the IFDB catalogue (see §8).
This data lives in the app's private storage and is removed when you uninstall the app.
3. Cloud sync with Google Drive (optional)
If you enable cloud sync in Settings, IFMachine syncs your per-story content to a folder of your choice in your own Google Drive. The synced content for each game you play includes every file the app or the running game writes for that story:
- Saves and autosaves — the snapshots of game state created when you (or the game) issue a save command
- Transcripts — text logs of game output and the commands you typed, for games that turn transcripting on
- Maps — the auto-generated exploration map the app builds as you visit rooms
- Game-managed sidecar files — files certain games write directly to disk (for example, Kerkerkruip's
storagefolder, Counterfeit Monkey's startup-data file). These contain game-specific state and may include any text you typed that the game chose to record.
Because game commands are free-form text, any of the above can contain personal information if you type it into a game. We do not inspect or filter the content.
To make sync work:
- You pick a Google account and a Drive folder using the standard Android system pickers. We never see your password.
- The app requests the
drive.fileOAuth scope, which means it can only read and write files it has created in your Drive — it cannot see your other Drive content. - The following are not uploaded: your library metadata, app settings and preferences, or cover art images.
- Your install identifier is embedded inside each save file's metadata chunk to detect conflicts between devices. It stays in the save file if the save is uploaded.
- The Google account email address you signed in with is shown in IFMachine's Settings screen so you know which account is connected. It is stored locally on your device and sent only to Google's own servers as part of the standard OAuth flow.
- You can turn sync off, change folders, or sign out of Drive at any time from Settings. Files already uploaded remain in your Drive until you delete them yourself.
We do not run any servers that receive this content. Files go directly between your device and your own Google Drive.
How the transfer is secured: all network connections to Google Drive use HTTPS (TLS). Sign-in is handled by Google's official Android libraries and the system account picker; IFMachine never sees your Google password. The OAuth credential the app holds afterwards is limited to the drive.file scope (it can only touch files the app itself created) and is managed by the Android AccountManager. Locally, all of the files listed in §2 — including any not-yet-uploaded saves, transcripts, maps, and sidecars — live in the app's private storage area, which other apps on the device cannot read.
4. IFDB integration (optional)
When you search for a game, view cover art, or download a story file from the Interactive Fiction Database (ifdb.org), IFMachine fetches that content over HTTPS. The request contains only what's needed to fulfill what you asked for — the search term you typed, the IFDB identifier of a specific game, or the URL of a story file — plus a generic User-Agent header of IFMachine-Android/0.1. It does not include your name, email, account, device identifier, or any other information about you. IFMachine never writes, posts, rates, comments, uploads, or modifies anything on IFDB; these are read-only requests.
Story files you download from IFDB may be hosted on third-party archives (such as the Interactive Fiction Archive). Downloading a game causes IFMachine to retrieve the file from that host using a standard HTTPS request. We do not control ifdb.org or the archives it links to; their respective terms and privacy practices apply to data they receive (which from IFMachine is limited to the request information above).
5. Crash reporting (Sentry, closed-testing build)
The current closed-testing build of IFMachine ships with the Sentry error-tracking SDK (sentry.io, US region, operated by Functional Software, Inc.) enabled at app launch. Sentry collects crash and error data and forwards it to us so we can diagnose and fix problems during the closed-testing phase. There is no in-app toggle for this in the current build; if you do not want crash data sent to Sentry, do not participate in the closed test. A toggle and/or first-launch prompt will be added before any production release; this policy will be updated at that time.
When the app crashes or hits an unhandled error, Sentry receives:
- The stack trace and exception type
- The IFMachine app version, build number, and release identifier
- Device model (e.g. "Pixel 7"), manufacturer, CPU architecture, Android version, screen resolution, available memory and storage, locale, and timezone
- A short trail of recent in-app events ("breadcrumbs") — the most recent navigation, lifecycle, and log events before the crash, used to help reproduce the issue. The default breadcrumb trail does not include game text or your typed commands; if we add breadcrumbs that capture player input in the future, this policy will be updated.
Sentry does not receive your name, contact details, the Google account you may have connected for Drive sync, an advertising ID, IMEI, MAC address, location, or the contents of the debug log described in §2. The IFMachine install identifier (the UUID described in §2) is not sent with crash reports. IP address is also stripped: IFMachine initialises the Sentry SDK with sendDefaultPii = false, so Sentry does not store your IP address with the crash report.
Sentry's own SDK generates and attaches a random installation identifier of its own (separate from the IFMachine UUID), so it can group multiple reports from the same device; that identifier is not derived from your name, account, or any other personal information.
Crash reports are sent over HTTPS (TLS) to Sentry's US-based servers and retained by Sentry for 90 days, after which Sentry automatically deletes the raw events (aggregated, de-identified counts may be retained longer). Sentry's own privacy policy is at sentry.io/privacy/.
Individual deletion of past crash reports is not supported. IFMachine does not transmit any identifier you or we could use to isolate your specific reports, and we do not store anything that maps your install to your identity. This is a deliberate privacy-protective choice: the data Sentry receives is pseudonymous from our perspective, and the trade-off is that individual deletion requests cannot be honoured. To stop sending future crash data, uninstall the app or leave the closed-testing program; existing reports auto-expire after 90 days.
6. Problem reports you choose to send
Settings → About → "Report a problem" lets you send us a diagnostic report. Nothing on this screen is sent automatically or in the background — a report goes out only when you press Send, and the contents of the report are shown on screen first.
A problem report contains:
- The description you type
- The IFMachine version, build number, and release identifier
- Your device's manufacturer, model, and Android version
- The recent tail of the debug log described in §2 (up to about 2 MB). As §2 explains, this log records game text shown to you and the commands you typed into games, so it can contain personal information you happened to type into a game. The report screen previews this log; when the log is large enough that only its most recent portion is shown in the preview, the screen says so and reports the full size of the log that will be attached.
Reports are posted to a channel in the IFMachine closed-testing Discord server, using Discord's webhook service over HTTPS. That channel is visible to the development team and to the other participants in the closed test, so anything in your report — including the attached log, which may contain text you typed into a game — can be seen by other testers, not only by us. The report screen tells you this before you send, and the "View your report" link shown after sending opens the post in Discord. Discord, Inc. processes the message under its own privacy policy (discord.com/privacy). Reports remain in the channel until we delete them and are used only to diagnose and fix problems.
The report screen also offers a "Share" option that hands the same report to the Android share sheet instead; as with the Debug-tab export in §2, the content then goes to whatever destination you pick.
7. Permissions
IFMachine requests two Android permissions:
| Permission | Purpose |
|---|---|
INTERNET | Cloud sync to your Google Drive (if enabled), IFDB requests (when you initiate them), Sentry crash reporting (always-on in the closed-testing build), and problem reports you choose to send (§6). |
ACCESS_NETWORK_STATE | Detect whether you are on Wi-Fi vs. cellular, so cloud sync can respect a Wi-Fi-only preference. |
We do not request location, camera, microphone, contacts, phone, calendar, or sensor permissions.
8. Children's privacy
The current closed-testing build of IFMachine is distributed by invitation only and is not directed at or appropriate for children. The app does not show advertising and does not knowingly collect or transmit personal data from children. The one piece of age data it asks for — the date of birth entered at the IFDB age screen — stays on your device only, is never transmitted, and exists solely to keep under-18 users out of the catalogue (see the next paragraph). Any crash data collected via Sentry (described in §5) is limited to the listed diagnostic and device data and is used only for debugging; we do not attempt to identify individual users.
Some interactive-fiction games available through IFDB are written for adult audiences. Because that catalogue is open and unmoderated, the in-app IFDB browser is kept behind an age screen: the first time you open it, IFMachine asks for your date of birth and an acknowledgement before the catalogue is shown, and keeps it hidden from anyone under 18. The date of birth is stored on your device only and is never transmitted to us or anyone else — it lets the app remember you have passed the age screen and, if you were under 18 when you entered it, unlock the catalogue automatically once you turn 18. You can clear it by uninstalling the app or clearing its data in Android Settings. Parents and guardians should still supervise downloads of third-party game files as they would any other internet content.
9. Data sharing
We do not sell, rent, trade, or transfer your data for advertising, marketing, profiling, or behavioural analytics. We do not run any servers that receive data from IFMachine.
The third parties that receive information from your use of IFMachine are:
- Google, when you enable Drive sync (the per-story content listed in §3 — saves, transcripts, maps, and game-managed sidecar files — uploaded to your own Drive) or when you sign in to a Google account through the system account picker. The synced files live in your own Google Drive, under your control; we do not see them. Drive sync is off by default and requires you to enable it.
- IFDB / IFArchive, when you explicitly search for a game, view cover art, or download a story file (request contents listed in §4). These are read-only requests; we do not see them.
- Sentry (sentry.io, US region), when the app crashes or hits an unhandled error, in the closed-testing build. Sentry acts as a data processor on our behalf: we read the crash reports it collects in order to diagnose and fix bugs. The data Sentry receives is listed in §5. We do not combine crash data with any other information about you.
- Discord (discord.com), only when you explicitly send a problem report (§6). Discord acts as a data processor delivering the report to a channel in our closed-testing server that is visible to the team and to other testers; the report's contents are listed in §6 and shown to you before sending.
10. Your choices
- Crash reporting: there is no in-app toggle in the current closed-testing build (see §5). To stop sending crash data to Sentry, uninstall the app or leave the closed-testing program.
- Problem reports: entirely optional. Nothing is sent unless you press Send (or pick a share destination), and the report's full contents are shown on screen first (§6). To request deletion of a report you already sent, contact us (§12).
- Stop using cloud sync: turn it off in Settings. Files already uploaded (saves, transcripts, maps, sidecars) remain in your Drive until you delete them.
- Delete your data: uninstalling IFMachine removes all locally stored data (game files, saves and autosaves, transcripts, maps, game-managed sidecars, library metadata, cover art, debug log, settings, and the age-screen date of birth). To delete cloud-synced content, delete the synced folder in your Google Drive. Crash data already sent to Sentry cannot be individually deleted on request in the current build (see §5); it auto-expires after 90 days.
- Use the app without an account: cloud sync is opt-in. You can use every feature of IFMachine without signing in to Google.
11. Changes to this policy
If we change this policy, we'll update the "Last updated" date at the top and publish the new version at this URL. Material changes — for example, adding usage analytics, changing how crash reporting works (e.g. adding an in-app toggle or attaching save files to reports), or any other change to what data leaves the device — will be called out in the app's release notes. Where any such change adds a data type, the Google Play Data Safety disclosure for the app will be updated to match.
12. Contact
Questions about this policy can be sent to:
Guppy Interactive LLC
10938 Vivaracho Way
San Diego, CA 92124
United States