We don't send any crash reports on android or (anywhere but Windows) yet. (There is however the "send email" script command (which is also an option in the F8 debug menu) which is intended for sending bug reports - it includes log files and saved games. But that works by opening an email app.) In future I would like to implement something on Unix, including maybe Android, so I guess we might as well future-proof the policy. Does Android actually have a built-in crash reporter? It doesn't appear to.
As Bena pointed out, crash reports currently prompt the user before uploading anything, and we should do the same on Android too.
I would assume GDPR applies if a crash report is submitted. Haven't thought about that.
I asked about crash report privacy before, but I don't think we agreed to anything. What's written in that privacy policy certainly isn't the current policy. We haven't deleted any reports, and I sent summaries of reports including file paths and partially obscured usernames to the mailing list. (The games played/edited and the computers reporting them is very useful information.) I could more thoroughly anonymise the public summaries in future but still want to keep the game names.
"we won't keep it any longer than is needed to debug the crash" -- I'm not sure we should commit to this... but it's not a time limit anyway. Many crashes will never be solved, or it could easily take 5 years to solve a crash. I don't really want to delete reports of unsolved crashes.
"we certianly won't share it with anyone" -- that's vague. "Anyone" is intended to mean non-developers? Since it is an open source project, anyone can be a developer. If someone wants to work on solving a crash, I will want to send reports to them.
On Android, any crash report probably would contain a lot less personal information than on Windows, e.g. no username.
Also I don't think the part about STORAGE permission is correct. If a game runs off internal storage, then I think it will write save games, temporary files and log files there too. I believe we only need the storage permission so that ohrrpgce-game's file browser can pick .rpg files on external storage. So if I'm right we should remove the storage permission when packaging a game, though it would be on by default for ohrrpgce-game.
In future when we add networking support to the engine we'd have less control, but the information accessible by scripts is very limited, so (at that point) we can still write something like "aside from crash reports, any network access only transfers game data, not any device or personal information".
How about (adjusting Bena's version):
OHRRPGCE Android Apps in do not collect any personal information or contact web servers with the following exception.
In case of an error you might be prompted for permission to send an error report which contains game data (such as saved games and logs) and basic data about your device. Such data will be used only for debugging the error, and will only be shared for that purpose after being anonymised.
If you have any questions, you can ask
Bob@HamsterRepublic.com
This policy was last updated XXXX-XX-XX