Last Updated: June 11, 2026

This Privacy Policy describes how Ryan Sullenberger ("we," "us," or "our") handles information in connection with the Agari game ("the Game"), available on Steam, the Apple App Store, Google Play, and our website (agari.app).

By using the Game, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Game.

1. Information We Collect

Information Stored Locally on Your Device

The Game saves your preferences and settings locally on your device, including but not limited to:

• Display name
• Audio settings (volume levels, sound selection, voice variant, riichi BGM track selection)
• Match configuration (AI difficulty, play style, match type)
• Game save data (in-progress match state, automatically deleted when a match completes)
• A randomly-generated installation ID (used to recognize you for online-multiplayer rejoin if you disconnect mid-match, and as a short suffix on your Daily Wall display handle of the form "DisplayName#short-installation-id" to disambiguate players who choose identical display names)
• Optional match logs and aggregated statistics (created only if you enable game logging in Settings; remain on your device)
• Daily Wall result history (today's result and a lockout flag preventing same-day retries)
• Other gameplay and interface preferences (such as language selection, tile and table appearance, action timer settings, and similar configuration values used to deliver the in-game experience)

This data is stored in your device's standard application data directory. It is not transmitted to us or any third party, except as described in the sections below for online-multiplayer connections and user-initiated sharing.

Information Shared During Online Multiplayer

When you use the optional online multiplayer feature:

• Display name: Your chosen display name is shared with other players in your session via peer-to-peer connections.
• Installation ID: Your locally-generated installation ID is shared peer-to-peer with the match host so the host can recognize you if you disconnect and rejoin. It is not stored on our servers.
• Audio preferences for in-match cues: Your selected voice variant and riichi BGM track choice are shared peer-to-peer with other players at match start so everyone hears the same audio cues attributed to you.
• Gameplay actions: Your in-game actions (tile discards, calls, etc.) are shared with other players in your session via peer-to-peer connections.
• Connection metadata: Our signaling server processes IP addresses and connection metadata solely to establish peer-to-peer connections between players. Our signaling server does not log, store, or retain this data.
• Aggregate service metrics: Our signaling server keeps simple aggregate counts to monitor the health and load of the online service — for example, the number of currently-connected players and connection counts. These are plain totals only; they contain no IP addresses, identifiers, or any information tied to an individual, are not used to track, profile, or identify you, and are separate from the per-connection metadata above (which remains unretained).

Once a direct peer-to-peer connection is established, all game data flows directly between players — not through our servers. As a standard property of peer-to-peer (WebRTC) connections, your IP address may be visible to other players in your session for the duration of the match. This is inherent to peer-to-peer technology and is not specific to the Game.

When a direct peer-to-peer connection cannot be established (for example, due to a restrictive NAT, firewall, or carrier-grade NAT), the connection falls back to relaying through a third-party TURN service (Cloudflare). This is a fallback used only when a direct connection fails. In this case the relayed traffic remains end-to-end encrypted (WebRTC DTLS) — the relay forwards encrypted packets and cannot read your game data — but Cloudflare's relay processes both peers' IP addresses in order to forward the traffic. The relay is operated by Cloudflare, a third party, and not by our own servers.

The list above reflects the categories of information shared at the time of writing. If future game features broadcast additional preferences over peer-to-peer connections, we will update this policy to reflect them.

Information You Choose to Share

Some Game features generate user-visible identifiers that include a portion of your locally-stored installation ID — for example, the Daily Wall mode displays a handle of the form "DisplayName#short-installation-id" on the result screen and includes it if you choose to copy the result to your clipboard. This handle leaves your device only when you take an explicit action (such as clicking "Copy Result"). We do not transmit, collect, or store this handle.

Launch-Time Announcement Check

When the Game starts, it makes a single best-effort request to our website (agari.app) to retrieve a small static file used to display occasional in-game notices, such as advance notice of scheduled multiplayer-server maintenance. This request is made for every user at startup, including players who never use online multiplayer. It sends no personal data — it is a plain file download that, like any web request, necessarily includes your device's IP address in transit. We do not use it to identify, profile, or track you. The request is entirely best-effort: if it fails for any reason (for example, because you are offline), the Game proceeds normally with no notice shown.

Crash Reports

Aside from the launch-time announcement check described above, Agari does not collect or transmit any data automatically. If the Game crashes, a diagnostic file is saved locally to your computer (in ~/Library/Application Support/agari/crash_logs/ on macOS, %APPDATA%/agari/crash_logs/ on Windows, ~/.config/agari/crash_logs/ on Linux). If you choose to share this file with us when reporting a bug, it may include: your in-game display name, a pseudonymous installation identifier, your local game settings, and a technical backtrace of the crash. No personally identifying information (real name, email, IP address, payment information) is included. Crash reports are voluntary — Agari never uploads them automatically.

Anonymized Gameplay Data

We do not currently collect any gameplay data beyond what is stored locally on your device. We reserve the right to collect anonymized gameplay data in the future for the purposes of improving the Game, training AI models, analyzing game balance, and fixing bugs — and if we do, we will provide an opt-out in the Game's settings and update this policy accordingly.

Such data, if collected in the future, would include only:

• Match logs and game statistics
• Tile sequences and in-game decisions
• AI interaction data

Gameplay data would not include personal information — it would not be linked to your identity, device, IP address, or any account.

2. Information We Do NOT Collect

We want to be clear about what we do not do:

• We do not require or support user accounts, logins, or registration
• We do not collect names, email addresses, phone numbers, or other personal contact information
• We do not collect advertising identifiers (such as IDFA or AAID), hardware fingerprints, or device identifiers from third-party advertising networks
• We do not use cookies, web beacons, pixels, or similar tracking technologies
• We do not track your activity outside of the Game
• We do not sell, rent, or share any data with third parties for advertising or marketing purposes
• We do not use analytics services (such as Google Analytics, Firebase, or similar)

3. Third-Party Platforms

The Game is distributed through third-party platforms including Steam (Valve Corporation), the Apple App Store (Apple Inc.), and Google Play (Google LLC). These platforms may collect information about you in accordance with their own privacy policies. We do not control and are not responsible for the data practices of these platforms.

For more information, please review:

• Steam Privacy Policy
• Apple Privacy Policy
• Google Privacy Policy

4. Children's Privacy

The Game is not directed at children under the age of 13 (or such higher minimum age as required by law in your jurisdiction). We do not knowingly collect personal information from children under that age. If you are a parent or guardian and believe your child has provided personal information to us, please contact us at the email address below, and we will take steps to delete such information.

5. Data Security

Because we do not collect or store personal information on our servers, there is minimal risk of a data breach affecting your personal data through our services. Local data stored on your device is protected by your device's own security measures.

6. Your Rights

Depending on your jurisdiction, you may have rights regarding your personal data, including the right to access, correct, delete, port, restrict the processing of, or object to the processing of your data. Because we do not collect or store personal information on our servers, these rights primarily apply to data stored locally on your device, which you can manage or delete at any time by:

• Modifying settings within the Game
• Deleting the Game's local data directory
• Uninstalling the Game

If you have questions about exercising your rights, please contact us at the email address below.

For European Economic Area (EEA) Residents

To the extent that we process any personal data of EEA residents, our legal basis is legitimate interest:

• Multiplayer connections: IP addresses transiently processed by our signaling server to establish the peer-to-peer connections required to provide the online multiplayer feature you requested. This signaling connection metadata is processed in real time and is not stored. When a direct connection cannot be established, both peers' IP addresses are additionally processed by a third-party TURN relay (Cloudflare) to forward the connection — the same legitimate interest in providing the multiplayer feature you requested applies.
• Launch-time announcement check (see Section 1): the IP address necessarily present in transit when the Game retrieves the announcement file. This serves our legitimate interest in operating the Game and informing players of service status, such as scheduled maintenance. Like any web request, this IP is visible in transit to our website's content delivery network (Cloudflare).

For California Residents

Under the California Consumer Privacy Act (CCPA), you have the right to know what personal information is collected and to request its deletion. As described in this policy, we do not collect, sell, or share personal information. If you have questions, please contact us.

7. Data Retention

• Local device data: Retained until you modify it, clear the Game's data, or uninstall the Game.
• Signaling server data: Connection metadata (such as IP addresses) is not retained — it is processed transiently and discarded immediately after peer-to-peer connections are established. The server does keep aggregate, non-identifying operational counts (such as the number of connected players and connection counts) to monitor service health; these contain no IP addresses or any data tied to an individual.
• Anonymized gameplay data: If collected, retained indefinitely for game improvement and AI training purposes. Because this data is anonymized and cannot be linked to any individual, deletion requests do not apply.

8. International Data Transfers

The signaling server that facilitates online multiplayer connections is hosted in Tokyo, Japan (Fly.io). If you connect to the online multiplayer service from outside Japan, your connection metadata (IP address) will be transiently processed by this server. As noted above, this data is not stored or retained.

Japan has been recognized by the European Commission as providing an adequate level of data protection (2019 adequacy decision), so transfers of EU-resident connection metadata to the Tokyo signaling server do not require additional safeguards under the GDPR.

Separately, the launch-time announcement check described in Section 1 is served from our website on Cloudflare's globally distributed edge network. The request — including your device's IP address in transit — may therefore be handled by a Cloudflare edge location near you, which may be located outside your home country.

Likewise, when a direct peer-to-peer multiplayer connection cannot be established and the connection falls back to the third-party TURN relay described in Section 1, the relayed traffic transits Cloudflare's globally distributed edge network. The peers' IP addresses may therefore be processed by a Cloudflare location outside their home country in order to forward the traffic.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the "Last Updated" date at the top and, where practicable, provide notice through the Game or our website. Your continued use of the Game after any changes constitutes your acceptance of the revised Privacy Policy.

10. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

Email: r@rysb.dev Website: https://agari.app

Ryan Sullenberger