Privacy Policy for Respawn

1. Information We Collect

1.1 Information You Provide Directly

We collect information you voluntarily provide:

• Email address – for account creation and communication
• Authentication credentials – via Apple ID or Google Sign-In (we don't store your passwords; authentication is handled by Apple/Google)
• Subscription and payment information – processed through the App Store, Google Play Store, Superwall, or payment processors (we don't directly store full payment card details)
• Profile information – username, preferences, goals, and activity data you enter
• Communications – feedback, support requests, or inquiries you send us

1.2 Information Automatically Collected

We automatically collect technical and usage information:

• Device information – device model, OS version, unique identifiers (UDID, IDFA)
• Network information – IP address, connection type, mobile network data
• Usage analytics – which features you use, how often, and for how long
• Performance data – crash logs, error reports, app performance metrics
• Location data – only if you grant permission; used only to enhance your experience
• Cookies and similar technologies – session identifiers and tracking technologies

1.3 Information from Third Parties

We may receive information from:

• Authentication providers – Apple and Google (basic profile info only)
• Analytics providers – aggregated usage data
• Payment processors – confirmation of successful transactions

2. How We Use Your Information

We use your information for the following purposes:

• Service Delivery – to operate, maintain, and improve the App and Services
• Account Management – to create and manage your account, process authentication
• Subscription & Billing – to manage subscriptions, process payments, and send billing information
• Communications – to send important updates, support responses, or technical notifications
• Analytics & Improvement – to understand user behavior and enhance features and performance
• Security & Fraud Prevention – to detect, prevent, and address fraud, abuse, and security issues
• Legal Compliance – to comply with laws, regulations, and legal requests
• Marketing** (with your consent) – to send promotional content or newsletters (you can opt-out anytime)

Legal Basis (for EU/UK users): We process personal data based on: (a) your explicit consent, (b) contractual necessity to provide Services, (c) our legitimate interests, and (d) legal obligation.

3. Sharing Your Information

We may share your information with the following entities:

3.1 Service Providers

We share necessary data with trusted service providers who assist us:

• Supabase – authentication, database management, and data storage
• Superwall – subscription management, paywall handling, and analytics
• Analytics providers – Firebase or similar services for usage analytics
• Payment processors – App Store, Google Play Store, Stripe, or other payment gateways

We have Data Processing Agreements (DPAs) in place with our service providers to ensure they protect your data according to applicable privacy laws.

3.2 Legal Requirements

We may disclose information when required by law, such as:

• Court orders or legal requests from law enforcement
• Government or regulatory investigations
• Protection of our legal rights or safety

3.3 Business Transfers

If Respawn is involved in a merger, acquisition, bankruptcy, or asset sale, your personal information may be transferred as part of that transaction. We'll provide notice if such a change occurs.

3.4 Non-Sharing Policy

We do NOT sell, rent, or trade your personal information to third parties for marketing purposes. We do NOT share data with unauthorized parties without your consent, except as required by law.

4. Data Retention

We retain personal data for as long as necessary to provide Services and fulfill legal obligations:

• Account data: Retained while your account is active, plus a reasonable period for compliance
• Payment information: Retained according to tax and financial regulations (typically 7 years)
• Analytics data: Typically aggregated and retained for 24 months
• Support/communication records: Retained for 2-3 years

Account Deletion: When you delete your account, we will securely delete or anonymize your personal data within 30 days, except where retention is required by law. Some anonymized, aggregated data may be retained for statistical purposes.

5. Your Privacy Rights

Depending on your location, you have the following rights regarding your personal data:

5.1 Rights for EU/EEA/UK Users (GDPR & UK GDPR)

• Right of Access: Request a copy of your personal data we hold
• Right to Rectification: Correct inaccurate or incomplete information
• Right to Erasure: Request deletion of your data ("Right to be Forgotten")
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a portable, machine-readable format
• Right to Object: Opt-out of certain processing activities, including marketing
• Right to Lodge a Complaint: File a complaint with your local data protection authority
• Right to Withdraw Consent: Withdraw consent at any time (doesn't affect prior processing)

5.2 Rights for California Users (CCPA/CPRA)

• Right to Know what personal data we collect and how we use it
• Right to Delete your personal data (with certain exceptions)
• Right to Correct inaccurate information
• Right to Opt-Out of data selling or sharing (note: we don't sell data)
• Right to Limit use of sensitive personal information

5.3 Other US State Rights

Users in Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Mississippi, Montana, New Hampshire, Ohio, Tennessee, Utah, and Virginia have similar rights under their respective state privacy laws.

5.4 How to Exercise Your Rights

To submit a privacy request, contact us at amenallahnefzi211@gmail.com with:

• Your full name and email
• A clear description of your request
• Verification information (e.g., your account ID)

We will respond within legally required timeframes (typically 30 days). We may request additional information to verify your identity and process your request securely.

6. Data Security

We implement comprehensive security measures to protect your personal data:

• Encryption: Data transmitted between your device and our servers is encrypted using SSL/TLS protocols
• Secure Storage: Data at rest is encrypted and stored securely via Supabase
• Access Controls: Only authorized personnel can access personal data, with role-based restrictions
• Monitoring: We monitor for unauthorized access and suspicious activities
• Third-Party Security: We ensure our service providers maintain strong security standards
• Regular Updates: We maintain and update security systems regularly

Important Note: While we implement robust security measures, no online system is 100% secure. We encourage you to protect your login credentials and report any security concerns immediately.

7. Third-Party Services & Integrations

7.1 Third-Party Links & Policies

Our App may contain links to third-party websites or services (e.g., social media, documentation). We are not responsible for their privacy practices. Please review their privacy policies before sharing information with them.

7.2 Apple App Store & Google Play Store

You may be subject to the privacy policies and terms of service of Apple and Google. We recommend reviewing:

• Apple Privacy Policy
• Google Privacy Policy

7.3 Analytics & Tracking

We use analytics services (e.g., Firebase, Mixpanel) to understand app usage and improve services. These services may collect device identifiers and usage data. You can opt-out of personalized analytics in your device settings.

7.4 Cookies & Similar Technologies

Our app uses cookies, local storage, and similar technologies to:

• Maintain your session and remember preferences
• Track app performance and errors
• Personalize your experience

You can control cookies through your device settings, but some features may not function properly.

8. Children's Privacy

Age Restriction: Our App is not intended for users under 18 years of age. We do not knowingly collect personal data from children under 18. If we become aware that we have collected data from a minor, we will delete it promptly without undue delay.

Parental Concerns: If you believe your child has provided personal information to us, please contact us immediately at amenallahnefzi211@gmail.com.

9. International Users & Data Transfers

For EU/EEA Users: Personal data may be transferred to and stored in countries outside the EU/EEA, including the United States. We ensure such transfers comply with applicable laws, including:

• EU Standard Contractual Clauses (SCCs)
• Appropriate safeguards in Data Processing Agreements

For All Users: By using our App, you consent to the transfer of your personal data internationally as necessary to provide Services.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable laws. When we make material changes, we will:

• Post the updated policy on this page with a new "Last Updated" date
• Notify you via email or in-app notification if changes are significant

Your continued use of the App after changes constitute your acceptance of the updated Privacy Policy. We recommend reviewing this policy periodically to stay informed about how we protect your information.

11. Contact Us & Privacy Requests

If you have questions, concerns, or wish to exercise your privacy rights, please reach out to us:

Response Timeframe

We aim to respond to all legitimate privacy requests and inquiries within 30 days. Complex requests may require additional time, but we will keep you informed of progress. All communications are handled confidentially and securely.

Data Protection Authority

If you are in the EU and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection authority:

• France (CNIL): https://www.cnil.fr
• Other EU Member States: Visit EDPB Member Authorities