This Privacy Policy explains how personal data of users of the Apogeo mobile application (the "App" or "Game") is processed. We process your data in accordance with Regulation (EU) 2016/679 ("GDPR") and applicable law.
Apogeo is designed to collect the bare minimum. You can play anonymously: your email address is optional and is only used to keep your profile across devices.
| Data | Description | Visibility |
|---|---|---|
| User identifier | A unique code (UUID) generated automatically at launch for every profile, including anonymous ones. | Internal |
| Email address | Optional. Collected only if you choose to create/link an account via an email OTP code, to restore your profile on other devices. | Private (never shown to other players) |
| Display name | A name you choose or one generated automatically (e.g. "Pilota-XXXX"). May be filled from your Game Center / Google Play Games name. | Public (leaderboards, friends) |
| Friend code | A shareable code (format "APX-XXXX") used to receive friend requests. | Shared by you only |
| Creation date | When the profile was created. | Private |
| Data | Description | Visibility |
|---|---|---|
| Scores and runs | Your score (distance) and the technical data of a run: the timings of your taps/releases, boosts and any "revives". These are used to validate the score server-side (anti-cheat) and for the "ghost" replay in challenges. | Score + name: public on leaderboards. Technical data: private. |
| Social graph | Friend requests sent/received, accepted friendships and their dates. | Visible only to you and the other person involved |
| 1-vs-1 challenges | History of duels with friends: scores, outcome, opponent identity, run data for replay. | Visible to the two participants |
If you sign in to Game Center (iOS) or Google Play Games (Android), those services may provide us your player name and receive your scores and unlocked achievements for native leaderboards. This data is processed by Apple and Google under their own policies; we do not store their identifiers in our database.
| Purpose | Legal basis (Art. 6 GDPR) |
|---|---|
| Provide the game, daily leaderboards, friends and challenges | Performance of the contract / requested service (Art. 6(1)(b)) |
| Email authentication (sending the OTP code) | Performance of the service you request (Art. 6(1)(b)) |
| Score validation and prevention of cheating/abuse, service security | Legitimate interest (Art. 6(1)(f)): fair leaderboards and protecting the system |
| Personalized advertising and related identifiers | Consent (Art. 6(1)(a)), collected via the consent banner/prompt |
| Non-personalized (contextual) advertising | Legitimate interest / performance (where personalization consent is not given) |
| Legal compliance and legal claims | Legal obligation (Art. 6(1)(c)) / legitimate interest (Art. 6(1)(f)) |
Apogeo shows advertisements, in particular rewarded video ads: by watching a short video you can earn an extra life. We use Google AdMob (Google Ireland Ltd. / Google LLC) to serve ads.
We do not sell your personal data.
We do not disclose your data to third parties for their own independent purposes, except as necessary to operate the service. The main parties involved are:
| Party | Role | Data processed |
|---|---|---|
| Supabase Inc. | Backend provider (database, authentication, server functions). Data processor. | Account, email, profiles, runs, friends, challenges; technical logs and IP. |
| Resend | Sending transactional emails (login OTP code). | Email address and OTP code, only when you request email login. |
| Google AdMob (Google Ireland/LLC) | Serving and measuring ads. | Advertising identifiers and ad-interaction data (see §3). |
| Apple Game Center / Google Play Games | Native leaderboards and achievements (if you sign in). | Player name, scores, achievements. |
| Competent authorities | Only where required by law. | Strictly what is necessary. |
Leaderboards show other players only your name and score — never your email. Friend discovery is code-only: we do not access your address book and do not sync your contacts.
Our backend data is hosted on servers within the European Union (Frankfurt, Germany). Some providers (in particular Google AdMob) may process data outside the European Economic Area, e.g. in the United States. In such cases transfers rely on adequate safeguards under the GDPR (e.g. the European Commission's Standard Contractual Clauses and/or participation in the EU–US Data Privacy Framework).
As a data subject you have the right to: access your data, request its rectification or erasure, restrict or object to processing, receive your data in a portable format, and withdraw consent at any time (e.g. for personalized advertising) without affecting the lawfulness of prior processing.
You can exercise most of these rights directly in the app (edit your name, manage friends, delete your account) or by writing to support@playapogeo.app. You also have the right to lodge a complaint with the competent supervisory authority (in Italy, the Garante per la protezione dei dati personali).
You can delete your account at any time from the Profile section of the app. Deletion permanently removes your profile, email, runs, friendships and challenges. This action is irreversible and no recovery is possible.
Apogeo is not intended for children under 13 and we do not knowingly collect their data. In some EU countries, consent from a parent or guardian may be required for users under 16. If you believe a child has provided us data without proper authorization, contact us and we will delete it.
We apply appropriate technical and organizational measures: encrypted connections (HTTPS), database-level access rules (Row Level Security) limiting each user to their own data, server-side score validation, and data minimization (your email is never publicly exposed).
We may update this Policy. For material changes we will give notice through the app or this page and update the date at the top. Continued use of the App after changes constitutes acknowledgement.
For any request regarding your personal data: support@playapogeo.app.