Google Play and App Store Compliance Checklist
1. Confirmed project facts
- Account: yes.
- Login: Google, Apple and PlayFab guest login.
- In-app account deletion: PlayFab CloudScript deletion appears to exist; user-facing in-app flow must be confirmed.
- AdMob: active.
- Unity LevelPlay: active.
- Unity Analytics: project settings indicate analytics may be enabled; confirm whether Unity Analytics or any Unity dashboard telemetry enters the final build.
- Crash reporting: appears off in the audit, but confirm final Unity services.
- Notifications: local Android notifications for lives/cooldowns appear in the project.
- Support form: the public support page posts to a Cloudflare Worker, which sends support email through Resend.
- Guest identifier: guest login may use a generated ID or device-derived identifier; device-derived identifiers should be minimised and disclosed as device identifiers.
- Technical/local packages identified: Unity Purchasing, Localization, Input System, URP, Cinemachine, Visual Scripting, UGUI, Vector Graphics, Adaptive Performance and Kamgam text auto-sizing; review whether any final package sends external telemetry.
- PlayFab: cloud saves, leaderboards, player statistics, inventory, entitlements and purchase validation.
- No chat, public names/profiles or user-generated content are intended.
- Purchases: one-time purchases, including Remove Ads. No subscriptions.
- Audience: includes children, teenagers and adults.
- Age goal: broadest suitable age range for a word game.
2. Google Play Data Safety
Google requires an accurate Data safety section for each app. It must cover the app's data collection, sharing and security practices, including third-party SDKs, versions, regions and user ages.
WordWildWest will likely need disclosures for account/platform identifiers, email if collected through login or support, PlayFab ID, custom/guest ID, display name, avatar/profile icon URL, device identifiers, advertising ID, IP address, technical data, gameplay activity, progress, scores, leaderboards, player statistics, cloud saves, inventory, virtual currency, purchases, receipts, remove-ads entitlement, ad interactions, local notification-related data, support messages if forms are active, and diagnostics/performance/analytics data if enabled.
3. Google Play account deletion
Because the app supports account creation, it should provide an in-app way to initiate account deletion and a functional web resource for users who cannot access the app. The recommended minimum is Settings > Account > Delete Account, plus the public Account Deletion Request page, with confirmation, warning about loss of progress/cloud saves/leaderboards/account entitlements, and a PlayFab CloudScript/backend deletion request.
4. Google Play target audience and Families
Because the target audience includes children, the Play Console target audience section should include child age groups. This triggers Families Policy requirements, including use of Families Self-Certified Ads SDKs when serving ads to children or users of unknown age.
Recommended configuration: neutral age screening or a safe-by-default child mode, non-personalised ads for children and unknown-age users, age-appropriate ad rating, no behavioural tracking for children and confirmation that all child-facing ad SDKs are permitted.
5. Apple App Privacy Labels
App Store Connect requires App Privacy Details describing data types collected, whether linked to users, purposes and tracking. Prepare answers for identifiers, display name/profile, usage data, diagnostics/analytics if enabled, purchases, coarse location via IP, contact info if email is collected, support content if forms are active, advertising data and gameplay/account data.
6. Apple ATT and tracking
If the app collects data and shares it with other companies for cross-app/site tracking, or uses IDFA for personalised advertising, it must use App Tracking Transparency before tracking. If the app does not track on iOS, remove IDFA/NSUserTrackingUsageDescription and configure SDKs accordingly.
Apple privacy manifests should also be reviewed before submission. If the app or embedded SDKs use required reason APIs, collect data, enable data collection or contact tracking domains, the final iOS build must include the required PrivacyInfo.xcprivacy declarations.
7. Apple account deletion
Apps that support account creation must let users initiate account deletion within the app. Email-only deletion is not enough for store review.
8. Age rating
Complete store age-rating questionnaires based on the actual content: word game, ads, purchases, online features, leaderboards, login, user-generated content if any and user interaction if any. To keep a broad age range, avoid free chat, unmoderated user content, inappropriate ads, behavioural tracking for children and manipulative purchase pressure.
9. Before submission
- Implement in-app account deletion.
- Confirm final SDKs and Unity services, especially whether any analytics/crash reporting service is enabled.
- Confirm Unity Analytics setting and either disable it or include it consistently in policies, Google Play Data Safety and Apple labels.
- Confirm the support form final status, Cloudflare Worker endpoint, Resend sender domain and store/privacy disclosures before release. If another form backend is later enabled, update this site, store disclosures and SDK notices.
- Confirm local notification permission flow and Android 13+ permission handling.
- Avoid or replace device-derived guest identifiers where possible; if retained, disclose them as device identifiers.
- Confirm Unity dashboard services and package manifests match the public Partners and SDKs Notice.
- Gate EU/UK consent before AdMob, LevelPlay and other non-essential SDKs.
- Configure child handling: non-personalised ads, permitted SDKs, no child behavioural tracking.
- Complete Google Play Data Safety from the real build.
- Complete Apple App Privacy Labels from the real build.
- Complete Apple privacy manifest / required reason API review for the final iOS build.
- Validate age rating and target audience.
- Ensure published policies match the app exactly.