Español
Mi Historia
The project
  • Home
  • What is Mi Historia?
  • What's included
  • Why it's different
Legal
  • Privacy policy
  • Terms and conditions
  • Legal notice
Get early access → [email protected]
← Back to home

Privacy Policy

Last updated: May 18, 2026

1. General information

This policy describes how Mi Historia processes personal data collected through the website mihistoria.app (hereinafter, "the Site"), in compliance with Regulation (EU) 2016/679 (GDPR) and Spanish Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD).

Project brand: Mi Historia
Controller email: [email protected]

The full identification of the data controller appears at the end of this document.

2. Data we collect

When you sign up to the waiting list via the Site's form:

  • Email (mandatory): to send you project communications and notify you when the beta is available.
  • Character preference (optional): male / female / either.
  • Careers of interest (optional): football, tennis, basketball, golf, other (with a free-text field if you select "other").
  • Player profile (optional): sports fan, simulation gamer, both, curious.
  • Age confirmation (mandatory): declaration of being 16 years old or older.
  • Consent (mandatory): explicit acceptance to receive communications about the development.

Automatic technical data (collected by Cloudflare when serving the Site):

  • Visitor's IP address
  • Browser user-agent
  • Date and time of the request
  • URL requested

This technical data is used solely to serve the Site, prevent abuse and maintain security. It is not used for profiling, personalized advertising or cross-site tracking.

3. Purposes and legal basis

We process your personal data for:

  • Managing the waiting list and sending updates and project milestone notices.
    Legal basis: explicit consent (art. 6.1.a GDPR).
  • Basic statistical analysis of Site use (aggregated visits, no individual profiling).
    Legal basis: legitimate interest in maintaining and improving the service (art. 6.1.f GDPR).
  • Compliance with legal obligations applicable to the Site's operator.
    Legal basis: legal obligation (art. 6.1.c GDPR).

4. Data retention

  • Email and form responses: until you withdraw your consent or request deletion, whichever comes first.
  • Cloudflare technical logs: retained according to the provider's retention policy (typically between 7 and 90 days).

When no longer necessary, data will be securely deleted.

5. Third-party services (data processors)

The Site uses the following external providers to operate. Each acts as a data processor under contract pursuant to article 28 GDPR.

Brevo (formerly Sendinblue)

Email platform that stores form data and sends project communications.
Processing location: France (European Union).
Privacy policy: brevo.com/legal/privacypolicy

Cloudflare

Site hosting (Cloudflare Pages), CDN, DNS and attack protection. Also handles forwarding of the [email protected] email to the operator's personal account (Cloudflare Email Routing).
Location: United States (with transfers under the EU-U.S. Data Privacy Framework adequacy decision and standard contractual clauses).
Privacy policy: cloudflare.com/privacypolicy

Google Fonts

Service that delivers the Bebas Neue and Inter typefaces used on the Site. When the browser downloads the fonts, Google receives the visitor's IP address and limited technical data.
Location: United States (transfers under the EU-U.S. Data Privacy Framework).
Privacy policy: policies.google.com/privacy

6. "Mi Historia: Sueños de Élite" mobile app

When you download and play the Mi Historia: Sueños de Élite mobile app on Android, data handling differs from the Site. This section covers the app specifically.

6.1. Data stored locally on your device

All your saved game progress (character, attributes, decisions, history, unlocked milestones, in-game finances) is stored exclusively on your device within the app's private storage. It is never sent to any Project server.

If you uninstall the app, all save data is removed with it. We do not keep copies.

6.2. AdMob (advertising) + UMP consent (GDPR Consent Mode v2)

The app shows ads served by Google AdMob (bottom banner, optional rewarded videos, and native format within lists). For ads to work, Google assigns your device an Android Advertising Identifier (AAID/GAID) and processes technical metadata (device model, language, country, IP, impression and click events). This identifier may be shared with advertisers and ad networks to display relevant ads and measure performance.

If you are located in the EEA, the UK or Switzerland, on first launch the app shows the official Google User Messaging Platform (UMP) form where you decide:

  • Accept: AdMob may serve personalized ads and Firebase Analytics may collect anonymous metrics (see 6.4).
  • Reject: AdMob serves only non-personalized ads (NPA). Firebase Analytics is completely disabled. Firebase Crashlytics remains active (legitimate interest, no PII).

You can change your decision at any time from Settings → Change advertising consent within the app. You can also reset or disable the GAID from your Android device: Settings → Google → Ads → Reset advertising ID / Opt out of personalized ads.

Data controller: Google Ireland Limited.
AdMob privacy policy: policies.google.com/technologies/ads

6.3. In-app purchases (Google Play Billing)

The app offers four Premium options processed entirely by Google Play Billing. We do NOT see or store payment data (card, billing address, etc.):

  • Weekly Premium: €1.99 / week (with a 3-day free trial) — auto-renewing.
  • Monthly Premium: €4.99 / month — auto-renewing.
  • Annual Premium: €29.99 / year — auto-renewing.
  • «Lifetime» Premium: €49.99 one-time payment — does NOT renew, unlocks Premium permanently.

The prices shown are the FINAL prices to the user in Spain (VAT included). The price may vary in other countries based on currency conversion and local taxes applied automatically by Google.

When you complete a purchase, Google Play sends us the purchase token (anonymous identifier). We validate it against the official Google API (androidpublisher.googleapis.com) through an intermediate server hosted on Cloudflare Workers (EU/Global) to confirm the purchase is real. The token and its state (active / cancelled / expired) are stored encrypted on your device; they are not transmitted to any persistent server of ours.

Google Play policy: play.google.com/intl/en/about/play-terms

6.4. Firebase Analytics (only with your consent)

If you accept in the UMP form (see 6.2), the app uses Firebase Analytics to send Google anonymous game events (e.g. iap_purchased, milestone_unlocked, experiment_assignment, tutorial_complete), the app language, installed version and a pseudonymized installation identifier. The data is used for aggregated usage, retention and conversion-funnel metrics.

If you reject, Firebase Analytics is completely disabled and no event is sent. Events are only queued locally while we wait for your reply; after a rejection they are discarded without being sent.

6.5. Firebase Crashlytics (product stability)

The app uses Firebase Crashlytics to detect and diagnose errors (crash reports, device model, OS version, anonymous breadcrumbs). It does not collect personally identifiable information. This collection is based on legitimate interest (product stability, GDPR art. 6.1.f) and applies even if you reject the UMP form.

6.6. Firebase Cloud Messaging (optional notifications)

If you accept notifications, the app obtains an anonymous FCM token that allows Google to send you push notifications (game reminders, event alerts). The token does NOT contain personal data and is associated only with the installation, not with you personally. You can disable notifications at any time from System Settings → Notifications.

6.7. Firebase Remote Config (remote configuration / A/B testing)

The app uses Firebase Remote Config to tune parameters without a redeploy (native-ad frequency, UI element order, feature flags). For A/B testing, a pseudonymized installation identifier is sent which lets us assign you to a group. This functionality is also gated by UMP consent (section 6.2).

6.8. Data stored locally (encrypted)

Everything we store on your device (save games, Premium status, daily counter of ads watched, last session date) is encrypted with a key derived from OS.get_unique_id() + application_salt. This filters out casual cheating (editing the JSON with a file explorer) without needing a server.

6.9. Permissions requested

The app requests the following Android permissions, all justified:

  • Internet, Network state — to serve ads, validate purchases and send events/crashes when appropriate.
  • Billing (com.android.vending.BILLING) — to process Premium purchases via Google Play.
  • com.google.android.gms.permission.AD_ID — access to the GAID for AdMob (mandatory on Android 13+).
  • ACCESS_ADSERVICES_* — Android Privacy Sandbox for privacy-preserving ads.
  • POST_NOTIFICATIONS — display push notifications (Android 13+; we ask before using it).
  • RECEIVE_BOOT_COMPLETED, WAKE_LOCK, FOREGROUND_SERVICE, SCHEDULE_EXACT_ALARM — to re-arm scheduled reminders after device reboot.
  • REQUEST_IGNORE_BATTERY_OPTIMIZATIONS — so that scheduled reminders fire at the right time without being delayed by the system for battery saving (declared as Core App Functionality in Play Console).

The app does NOT request access to contacts, location, camera, microphone, calendar, photos, external storage, biometric sensors or any other sensitive data.

7. International transfers

Brevo processes data within the European Union, so there is no international transfer.

Cloudflare and Google Fonts may process data in the United States. These transfers are covered by the EU-U.S. Data Privacy Framework approved by the European Commission in July 2023, as well as standard contractual clauses (SCCs) signed by the providers.

8. Your rights

As a data subject, you have the right to:

  • Access: know what personal data we hold about you.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure ("right to be forgotten"): request that we delete your data.
  • Restriction of processing.
  • Object to processing based on legitimate interest.
  • Portability: receive your data in a structured and reusable format.
  • Withdraw consent at any time, without affecting the lawfulness of prior processing.
  • Lodge a complaint with the Spanish Data Protection Agency (aepd.es) if you believe any of your rights have been violated.

To exercise any of these rights, write to [email protected]. We will reply within a maximum of 30 days from receipt of the request.

To unsubscribe from communications you can also use the unsubscribe link included at the end of every email.

9. Minimum age

The Site is not directed at people under 16 years old. We do not intentionally collect personal data from minors of that age. If we discover we have collected data from a minor under 16 without verifiable parental consent, we will delete it as soon as we are aware.

If you believe a minor under 16 in your care has submitted personal data on this Site, please write to [email protected].

10. Cookies

The Site does not use first-party tracking cookies or third-party advertising cookies. There is no Google Analytics, no Facebook Pixel, no remarketing pixels.

Cloudflare may set strictly necessary cookies to protect the Site against abuse (bot detection, load balancing). These cookies do not require consent pursuant to article 22.2 LSSI-CE because they are technically essential.

11. Security

Data is always transmitted encrypted via HTTPS (TLS). Brevo and Cloudflare apply appropriate technical and organizational measures to protect data against unauthorized access, loss or alteration, in line with article 32 GDPR.

12. Changes to this policy

Any modification will be reflected on this page and will update the "Last updated" date. If changes are substantial and affect your rights as a registered user, we will notify you by email to the address provided.

13. Contact

For any question about this policy or about the processing of your personal data, you can write to [email protected].

Controller identification

For the purposes of GDPR and LOPDGDD:

Data controller: Ioritz Arroyuelos Gonzalez
Location: Durango, Bizkaia (Spain)
Email: [email protected]

Mi Historia: Sueños de Élite

mihistoria.app

Life simulation.

First sport: football.

Coming soon: more sports. Later, other paths in life.

Privacy policy Terms and conditions Legal notice

© 2026 Mi Historia: Sueños de Élite. In active development.