PRIVACY POLICY

1. Introduction & Data Controller

Runigo ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and protect your personal data when you use the Runigo application ("App").

The data controller responsible for your personal data is:
Runigo
Email: hello@runigo.app

This policy applies to all users of the App and is governed by applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), where applicable. By using the App, you acknowledge that you have read and understood this Privacy Policy.

2. Information We Collect

Personal Information

When you create an account, we collect your name, email address, and profile information you choose to provide.

Location Data

Runigo is a location-based game. We collect your precise location data while the App is in use to enable core gameplay features such as flag capture, territory tracking, and proximity-based challenges. Location data is not collected when the App is closed.

Health & Fitness Data

We may collect activity data such as distance travelled, steps taken, and running duration to provide fitness tracking features and game scoring. This data is used only within the App and is not sold to third parties.

Device Information

We automatically collect device type, operating system version, unique device identifiers, and crash data to maintain and improve the App.

Usage Data

We collect information about how you interact with the App, including features used, actions taken, and session duration.

Third-Party Sign-In Data

If you sign in using a third-party service (such as Sign in with Apple or Google), we may receive your name, email address, and profile identifier from that provider, in accordance with their privacy settings and your authorisation.

Payment Information

If you make in-app purchases or subscribe to paid features, payments are processed by the applicable app store (e.g. Apple App Store, Google Play Store). We do not directly collect or store your payment card details. We may receive transaction confirmations, subscription status, and purchase history from the app store to manage your account and entitlements.

3. Legal Basis for Processing

We process your personal data on the following legal bases under the UK GDPR and EU GDPR:

• Contract performance — processing of your account information (name, email, profile), gameplay data, and leaderboard standings is necessary to provide the App and its features as described in our Terms of Service.
• Consent — we process your precise location data, health and fitness data, and send marketing or promotional communications only with your explicit consent. You may withdraw consent at any time through the App settings or by contacting us, without affecting the lawfulness of processing carried out before withdrawal.
• Legitimate interests — processing of device information, usage data, and crash data is necessary for our legitimate interests in analysing usage patterns, improving the App, detecting abuse, and ensuring security. We balance our interests against your rights and freedoms and do not use this basis where it would be overridden by your interests.
• Legal obligation — we may process your data where necessary to comply with applicable laws, regulations, or legal proceedings, such as responding to a court order or regulatory request.

4. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the App and its gameplay features.
• Process your account registration and manage your profile.
• Enable location-based gameplay, leaderboards, and social features.
• Send you notifications related to your account, gameplay, and updates.
• Analyse usage patterns to improve the App experience.
• Detect, prevent, and address technical issues and abuse.

5. Cookies & Tracking Technologies

The App and its associated web services use cookies, SDKs, and similar tracking technologies to collect usage and performance data.

Essential Technologies

These are required for the App to function and cannot be disabled:

• Firebase Authentication — to manage user sign-in sessions and account security.
• Firebase Cloud Messaging — to deliver push notifications, including service-critical alerts.

Analytics & Performance

These help us understand usage and improve the App:

• Firebase Analytics — to understand how users interact with the App, including session data, feature usage, and engagement metrics.
• Firebase Performance Monitoring — to measure app performance, loading times, and identify technical issues.
• Firebase Remote Config — to deliver configuration updates and conduct A/B testing of App features.

You can manage cookie preferences through your browser or device settings. Disabling non-essential cookies or tracking technologies may limit certain features but will not prevent core App functionality.

6. Data Sharing & Third Parties

We do not sell your personal data. We may share information with:

• Google / Firebase — we use Google's Firebase platform for hosting, authentication, database, analytics, cloud messaging, and performance monitoring. Google's privacy policy is available at policies.google.com/privacy.
• Other service providers — third-party services that help us operate the App (e.g. mapping providers, crash reporting).
• Other users — your username, profile, and gameplay stats may be visible to other players via leaderboards and social features.
• Legal requirements — we may disclose information if required by law or to protect the rights and safety of Runigo, our users, or the public.

7. International Data Transfers

Your personal data may be transferred to, stored, and processed in countries outside the United Kingdom or the European Economic Area (EEA), including the United States, where our service providers (such as Google/Firebase) operate. Where such transfers occur, our service providers maintain appropriate safeguards, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission or the UK Information Commissioner's Office.
• Transfers to countries that have been deemed to provide an adequate level of data protection.

8. Data Retention

We retain different categories of data for different periods, based on necessity and legal requirements:

• Account data (name, email, profile) — retained for as long as your account is active. Deleted or anonymised within 30 days of account deletion.
• Location data — retained for the duration of your account to support gameplay history and leaderboards. Deleted or anonymised within 30 days of account deletion.
• Health & fitness data — retained for the duration of your account. Deleted or anonymised within 30 days of account deletion.
• Analytics & usage data — retained in aggregated or anonymised form and may be kept beyond account deletion for the purpose of improving the App. This data cannot be used to identify you.
• Transaction records — may be retained for up to seven (7) years after account deletion where required for tax, accounting, or legal compliance.

Where we are required by law to retain certain data beyond these periods, we will do so only for as long as legally necessary and with appropriate safeguards in place.

9. Your Rights

Depending on your location and applicable law (including the UK GDPR, EU GDPR, and CCPA), you may have the right to:

• Access — request a copy of the personal data we hold about you.
• Correction — request correction of inaccurate data.
• Deletion — request deletion of your personal data.
• Portability — request your data in a structured, commonly used, and machine-readable format.
• Restriction — request that we restrict the processing of your personal data in certain circumstances.
• Objection — object to processing based on legitimate interests.
• Withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
• Opt-out — opt out of non-essential data collection and marketing communications.

To exercise any of these rights, contact us at hello@runigo.app. We will respond to your request within one month (or as required by applicable law). You also have the right to lodge a complaint with a supervisory authority, such as the UK Information Commissioner's Office (ICO).

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA):

• Right to know — you may request details about the categories of personal information we have collected about you in the preceding twelve (12) months, the purposes for collection, and the categories of third parties with whom we share your information.
• Right to correct — you may request correction of inaccurate personal information we hold about you.
• Right to delete — you may request deletion of your personal information, subject to certain legal exceptions.
• Right to opt-out of sale or sharing — we do not sell or share your personal information for cross-context behavioural advertising. If this changes, we will provide a clear opt-out mechanism.
• Right to limit use of sensitive personal information — you may request that we limit our use of sensitive personal information (such as precise location and health data) to what is necessary to provide the App.
• Right to non-discrimination — we will not discriminate against you for exercising your privacy rights.

To exercise your CCPA/CPRA rights, contact us at hello@runigo.app. We will verify your identity before processing your request and respond within forty-five (45) days as required by law.

11. Children's Privacy

The App is not intended for children under the age of 13 (or under 16 in jurisdictions where the minimum age for processing personal data is higher). We do not knowingly collect personal data from children below these age thresholds. If you believe we have collected data from a child under the applicable age, please contact us and we will promptly delete it.

12. Security

We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit and at rest, access controls, and regular security reviews. However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes at least thirty (30) days before they take effect, by posting the updated policy within the App, sending you a notification, or by other reasonable means. Where required by law, we will seek your consent to material changes. If you do not agree with the revised policy, you may stop using the App and request deletion of your account before the changes take effect. Your continued use of the App after the updated policy takes effect constitutes your acceptance of the revised policy.

14. Governing Law

This Privacy Policy is governed by the laws of England and Wales. If you are located in the EU or UK, nothing in this policy affects your rights under applicable data protection legislation.

15. Contact

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

• Email: hello@runigo.app
• Post: Runigo, Dublin, Ireland

We aim to respond to all data protection enquiries within one month of receipt. If you are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority, such as the UK Information Commissioner's Office (ICO) or the Irish Data Protection Commission (DPC).