Privacy Policy

1. Who We Are

The App is operated by Runiverse Technologies, based in Gujarat, India.

2. Data We Collect

We collect only the data necessary to provide and operate the App, authenticate your account, and power our core territory-claiming gameplay.

2.1 Account & Profile Information

Basic details you provide when creating an account, including username, email address, password (securely hashed and never stored in plain text), and any optional details you choose to add to your profile (such as display name, avatar, or basic fitness metrics for calorie calculation). If you sign in via Google, we use your authentication ID and never receive your Google password.

2.2 Activity & Fitness Stats

General metrics recorded during your runs, walks, or jogs, including distance, speed, duration, estimated calorie burn, elevation changes, and activity type.

2.3 Location Data

Precise geographical coordinates (GPS) collected only while you are recording an activity to map your routes, determine claimed game zones (hexes), and support core gameplay features. You can enable or disable location access at any time through your device settings.

2.4 Game Progression & Session Data

Basic progress metrics (points, rankings, and streaks) and necessary session token indicators to keep your device securely logged in.

2.5 Pseudonymous Territory Processing

Our map-conquest engine is decoupled to process claimed geographical grids pseudonymously, using randomized system identifiers rather than your personal details (like names or emails) to represent map ownership.

3. How We Use Your Data

We use your data to:

• Create and manage your account and authenticate you
• Record activities and calculate your stats
• Run the core territory, leaderboard, ranking, and seasonal features
• Generate shareable activity-summary images at your request
• Verify your email and help you recover your account (via OTPs)
• Maintain security, prevent fraud, and detect cheating (for example, GPS spoofing / teleport detection)
• Improve the App, fix bugs, and understand aggregate usage
• Communicate with you about your account, security, and important updates

We do not sell your personal data.

4. Legal Basis for Processing

We process data on these bases:

• Contract : to provide the App you signed up for
• Consent : for optional data (e.g., precise location, weight) and non-essential communications
• Legitimate interests : security, fraud/cheat prevention, and product improvement
• Legal obligation : where we must retain or disclose data by law

For users in India, we process personal data in line with the Digital Personal Data Protection Act, 2023, primarily on the basis of your consent and to provide the service you requested.

5. How We Share Data

We share data only with:

• Service providers acting on our instructions, including:
  • Authentication providers (e.g., Google Sign-In)
  • Map and routing providers (e.g., Mapbox) for displaying and rendering routes
  • Cloud hosting and database infrastructure providers
  • Email / OTP delivery providers
• Other users, where you choose to make data public
• Authorities, where required by law, court order, or to protect rights, safety, or the integrity of the service

We require service providers to protect your data and use it only for the purposes we specify.

6. Data Retention

We keep your personal data for as long as your account is active. When you delete your account, we delete or anonymise your personal data within a reasonable period, except where we must retain certain records for legal, security, or fraud-prevention purposes. Pseudonymous territory records may be retained in anonymised form to preserve game-history integrity.

OTPs are short-lived and expire automatically. Refresh tokens are invalidated on logout, password change, or account deletion.

7. Data Security

We use industry-standard measures including password hashing, encrypted transport (HTTPS/TLS), token-based authentication, and access controls. The Territory Engine stores only pseudonymous data, reducing exposure. No system is perfectly secure, and we cannot guarantee absolute security. Because the App is in Open Beta, you should not store data in it that you cannot afford to lose.

8. Your Rights

Subject to applicable law, you may:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Delete your account and associated personal data
• Withdraw consent (e.g., location, weight, marketing)
• Object to or restrict certain processing
• Request a portable copy of your data
• Lodge a complaint with a data protection authority

India (DPDP Act, 2023): you have the right to access, correction, erasure, grievance redressal, and to nominate another person to exercise your rights. Contact Us. If unresolved, you may escalate to the Data Protection Board of India.

EU/EEA/UK (GDPR): you may also complain to your local supervisory authority.

California (CCPA/CPRA): you have rights to know, delete, correct, and opt out of "sale"/"sharing" - we do not sell your data.

9. Children's Privacy

The App is not intended for children below the minimum age permitted in their jurisdiction. Under India's DPDP Act, processing a child's (under-18) data requires verifiable parental/guardian consent. We do not knowingly collect data from children without such consent. If you believe a child has provided us data improperly, contact us and we will delete it.

10. International Data Transfers

We operate from India and may use service providers located in other countries. Where data is transferred across borders, we take steps to ensure it remains protected under applicable law and through appropriate safeguards.

11. Beta Disclaimer

12. Changes to This Policy

We may update this Privacy Policy. The "Last updated" date reflects the latest version. Continued use of the App after changes means you accept the updated policy. Material changes will be notified in-app or by email.