Legal

Privacy Policy

Last updated: April 21, 2026

1. Data Controller

2. Overview

VØID Arc can be played locally without creating an account. Network access is used only for optional online features and for selected third-party mobile SDKs: account sign-in, cloud sync, online leaderboards, supporter purchase validation, ads, optional analytics / crash reporting, and optional push notifications. This page describes which data is processed in each case.

3. Data We Process

3.1 Local data (stays on your device)

Settings such as language preference, audio settings, local display names, recent guest names, local scores, saved-game state, ad counters, and consent choices are stored on your device using standard OS storage mechanisms (such as SharedPreferences and Hive). This local data is not sent to our backend unless you later use an optional online feature that explicitly syncs related gameplay data.

3.2 Anonymous use (no account required)

VØID Arc is fully playable without an account. When you play without signing in, gameplay progress is stored locally on your device and is not sent to our backend. However, on mobile devices optional third-party SDKs may still process data if they are enabled for your installation, for example Google AdMob for ads and Firebase Analytics / Crashlytics after you have given consent.

3.3 Signed-in account (optional)

If you choose to sign in with Google or Apple to enable cloud features:

• Data: Authentication provider identifier, email address (if provided by the provider), display name / account name data made available by the provider
• Purpose: Account creation, sign-in, cross-device sync, public leaderboard participation, supporter entitlement linking, social features
• Legal basis: Performance of a contract with you (Art. 6(1)(b) GDPR)
• Retention: Until you delete your account

3.4 Cloud-synced gameplay data

When signed in, the following gameplay-related data can be stored on our backend:

• High scores per game mode
• Cumulative statistics such as jump count, play time, streaks, and related progression values
• Unlocked items such as themes, trails, and modes
• Achievement unlocks, rank progress, featured badges, and related profile progression

• Purpose: Cross-device continuity, progression restoration, and feature unlock state
• Legal basis: Performance of a contract (Art. 6(1)(b) GDPR)

3.5 Online leaderboards and public profile data

If you use online leaderboards, your submitted score data is processed on our backend. Depending on the feature surface, this can include your display name, score, selected leaderboard mode / period, supporter badge, rank summary, featured badges, and technical leaderboard metadata such as submission date, app version, or session duration where needed for ranking or display.

• Purpose: Ranking, anti-duplication, leaderboard display, and related social comparison features
• Legal basis: Performance of a contract (Art. 6(1)(b) GDPR)

3.6 Friends, invites, blocking, and moderation reports

If you use the social features, we process friendship relationships, invite codes, block relationships, and moderation reports that you submit about other users. A report contains the reporting user, the reported user, the report reason, and a timestamp.

• Purpose: Provide friend-based features, prevent unwanted contact, and review misuse of public names / social features
• Legal basis: Performance of a contract (Art. 6(1)(b) GDPR) for requested social features, and legitimate interests (Art. 6(1)(f) GDPR) for abuse prevention and moderation

3.7 In-app purchases (Supporter Pack)

If you make an in-app purchase we validate the receipt with Google Play or the Apple App Store. On our backend we store supporter entitlement data and technical purchase verification records such as provider, product ID, status, grant time, and store reference values or hashes needed to prevent duplicate use of the same purchase. Payment card or bank details are not stored by us; payment processing is handled by Google or Apple. Google and Apple act as the merchant of record for these transactions and are responsible for issuing invoices and retaining the associated billing and bookkeeping records under applicable law.

• Legal basis: Performance of a contract (Art. 6(1)(b) GDPR)
• Providers involved: Google LLC (Google Play), Apple Inc. (App Store)

3.8 Advertising (Google AdMob)

VØID Arc may display advertisements from Google AdMob to non-supporter users. When ads are active, Google may collect your device’s advertising identifier (Google Advertising ID on Android, IDFA on iOS) and use it to serve contextual or personalised advertisements in accordance with Google’s own privacy policy.

On iOS, the app may ask for Apple’s App Tracking Transparency (ATT) permission before personalised advertising is requested. On Android and other regulated regions, the app may display a Google User Messaging Platform (UMP) consent form before loading ads, where required by law.

• Purpose: Funding the free-to-play version of the game
• Legal basis: Consent (Art. 6(1)(a) GDPR) where required for personalised advertising and related ad measurement; otherwise ad delivery is based on the settings and compliance flows provided by Google AdMob / UMP
• Consent platform: Google User Messaging Platform (UMP), where applicable
• Opt-out: You can reset or opt out of ad personalisation at any time via your device’s privacy settings (Ads section under Privacy or Google services)
• Google Privacy Policy: policies.google.com/privacy

3.9 Optional analytics and crash reporting (Firebase)

On mobile platforms, VØID Arc can use Firebase Analytics and Firebase Crashlytics. Both are disabled by default and are enabled only if you opt in via the in-app consent prompt or Settings. These services are not used on web or desktop builds.

• Data: App usage events, technical device / app information, and crash diagnostics needed to analyze failures
• Purpose: Improve stability, identify bugs, and understand feature usage at an aggregated level
• Legal basis: Consent (Art. 6(1)(a) GDPR)
• Withdrawal: You can disable analytics / crash reporting at any time in Settings

3.10 Push notifications and notification center

On mobile platforms, signed-in users can receive push notifications and in-app notification center entries for friend invites, accepted invites, leaderboard changes, beat-score events, and announcements. For this, we store your push token, notification preferences, selected notification language, and notification entries.

• Purpose: Deliver account-related notifications you have enabled
• Legal basis: Performance of a contract (Art. 6(1)(b) GDPR) for the delivery of requested account notifications; the device-level notification permission constitutes your consent (Art. 6(1)(a) GDPR) to receive push notifications on that device

4. Backend Infrastructure (Supabase)

We use Supabase as our backend for authentication, database storage, and backend functions. Our project is hosted on Supabase-managed infrastructure in the European Union (AWS eu-west-1, Ireland). A Data Processing Agreement (DPA) is in place with Supabase Inc.

Supabase Privacy Policy: supabase.com/privacy

5. Authentication Providers

Google Sign-In

If you sign in with Google, Google LLC processes your authentication request. VØID Arc receives the profile and account data made available for sign-in and account linking, such as email address, display name, and provider user ID. See Google’s Privacy Policy.

Sign in with Apple

If you sign in with Apple, Apple Inc. processes your authentication request. Apple gives you the option to hide your real email address using a private relay address. See Apple’s Privacy Policy.

6. International Data Transfers

Some of the providers we use, such as Google, Apple, and Firebase-related services, may process data outside the European Union / European Economic Area. Where such transfers occur, they are governed by the transfer mechanisms described by the relevant provider, such as adequacy decisions where applicable and / or Standard Contractual Clauses and supplementary safeguards.

7. Data Retention

• Local device data: Kept on your device until you remove it, clear app storage, or uninstall the app
• Account, profile, cloud progression, friendships, supporter entitlements, and related backend records: Retained while your account exists and deleted when your account is deleted, unless a shorter or longer retention period is required for a specific operational table below
• Notification center entries: Automatically deleted after 30 days
• Friend invite codes: Expire after 7 days and may remain for a short cleanup window afterward
• Daily leaderboard rows: Retained for 14 days; all-time leaderboard rows are retained while the related account exists
• Technical anti-duplication / replay-protection records for score submission: Retained for 90 days

8. Your Rights under GDPR

Under EU data protection law you have the right to:

• Access (Art. 15): Request a copy of all personal data we hold about you
• Rectification (Art. 16): Have inaccurate data corrected
• Erasure (Art. 17): Request deletion of your data (“right to be forgotten”)
• Restriction (Art. 18): Request restricted processing while a dispute is resolved
• Portability (Art. 20): Receive your data in a structured, machine-readable format
• Object (Art. 21): Object to processing based on legitimate interests
• Withdraw consent (Art. 7(3)): Withdraw any consent at any time without affecting the lawfulness of prior processing

To exercise any of these rights, email info@void-arc.com. We will respond without undue delay and, in any event, within one month, unless the GDPR allows a longer period in the specific case.

You also have the right to lodge a complaint with the supervisory authority responsible for Bavaria:

9. Children’s Privacy

VØID Arc is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us at info@void-arc.com and we will delete it promptly.

10. Changes to This Policy

Material changes will be reflected by updating the “Last updated” date at the top of this page. For changes that significantly affect your rights, we will also provide an in-app notification.

11. Contact