Scope RPG

Privacy Policy

Effective date: 25 April 2026 Last updated: 25 April 2026 Version: 1.0

1. Who we are

Scope RPG ("Scope RPG", the "App", "we", "us", "our") is operated by:

  • Robin Chmelík, sole proprietor
  • Place of business: Brno, Czech Republic
  • Contact e-mail: scopeit.dev@gmail.com

Robin Chmelík is the data controller for personal data processed in connection with the App, within the meaning of Article 4(7) of the EU General Data Protection Regulation 2016/679 ("GDPR").

For any privacy-related question, request or complaint, please write to scopeit.dev@gmail.com. We will respond within 30 days, as required by Article 12(3) GDPR.

If you believe we have processed your personal data unlawfully, you have the right to lodge a complaint with the Czech supervisory authority (Úřad pro ochranu osobních údajů), or with the supervisory authority in your country of residence.

2. Scope of this Policy

This Policy applies to:

  • the Scope RPG mobile application on iOS and Android,
  • the back-end services we operate to support the App,
  • any related communications you may receive from us at the e-mail address you registered with.

This Policy does not cover websites, services or applications operated by third parties, even if they are linked from inside the App.

3. Summary

Non-binding overview

The binding terms are in the sections below, but in plain language:

  • Most personal content you create in the App (your goals, tasks, habits, journal entries, notes and similar free-text fields) is encrypted on your device with a key that never leaves your devices in readable form. We literally cannot read it.
  • We do collect some data we cannot encrypt, because the App and the game systems would not work otherwise: your e-mail, your username, your avatar, basic gameplay metadata (levels, gold, achievements, timestamps) and technical/diagnostic data.
  • Some of your data is intentionally public to other players inside the App (for example on the leaderboard). We tell you which fields these are.
  • We do not sell your personal data. We do not run advertising. We do not profile you for marketing.
  • The App is currently free with no in-app purchases. This will change in future versions and this Policy will be updated when it does.

4. Who may use the App

Scope RPG is intended for users aged 13 and over. By using the App you confirm that you are at least 13 years old.

If you are located in the European Economic Area, the United Kingdom or Switzerland and are under 16, you may use the App only with the consent of the holder of parental responsibility. In the Czech Republic the relevant minimum age for digital consent under Section 7 of Act No. 110/2019 Coll. is 15; users aged 13–14 in the Czech Republic must likewise have parental consent.

We do not knowingly collect personal data from children below the minimum age stated above. If you believe a child has registered without proper consent, please write to scopeit.dev@gmail.com and we will delete the account and associated data.

5. What data we collect

We only collect data that is necessary to operate the App, secure it, debug it, and provide its features. The categories below are exhaustive to the best of our knowledge as of the effective date of this Policy.

5.1 Account data (plaintext, stored on our servers)

  • E-mail address (used as your login identifier; required)
  • Username (chosen by you; visible to other players; required)
  • User ID (a randomly generated identifier; required)
  • Authentication identifiers from third-party sign-in providers (Google account identifier, Apple identifier; only if you sign in with Google or Apple). If you sign in with Apple's "Hide My Email" feature, we receive Apple's private relay address and not your real e-mail.
  • Account flags and timestamps: account creation date, last update, deletion flag, anonymous-account flag.

5.2 Profile data you choose to provide (plaintext)

  • Selected avatar class (visible to other players)
  • Optional profile picture (stored as an image file in Google Cloud Storage; the filename is referenced from your profile)
  • Optional onboarding answers: gender, birth year
  • Optional self-rated real-life attributes used by the game's scaling system (strength, intelligence, social, vitality, clarity, charisma, willpower; numeric scales)
  • Onboarding checklist completion status

5.3 Personal content you create in the App (encrypted end-to-end)

The following free-text fields are encrypted on your device using AES-256-GCM with a key derived from a secret stored only on your devices, before they are uploaded for sync. The server only ever sees ciphertext. We cannot decrypt them, and no employee, contractor or administrator can decrypt them.

  • Goal names, descriptions, motivations and desired outcomes
  • Task names and descriptions
  • Habit names and descriptions
  • Habit completion log notes
  • Project names and descriptions
  • Journal entry titles and bodies

5.4 Game and progression metadata (plaintext)

To make the game work, the following data is stored in plaintext on our servers and synchronised across your devices:

  • Identifiers, timestamps and relationships between your goals, tasks, habits, journal entries, projects and similar entities (the entities themselves are encrypted as described in 5.3 — only the structural metadata is plaintext).
  • Gameplay state: level, experience, gold and silver balances, inventory and equipped items, achievements, skill allocations, arena history, dungeon progress, adventure-board state, leaderboard rank.
  • Game ledger entries (records of in-game currency and stat changes used to compute balances server-side).
  • Notification preferences and reminder times.

5.5 Public profile data

Visible to other players

The following fields about you are visible to other players inside the App, in particular on the leaderboard and in player-versus-player game modes:

  • Username
  • Avatar class and avatar image
  • Level, experience, gold balance, achievements, equipped items, inventory contents, arena history, leaderboard rank.

By creating an account you acknowledge and agree that these fields are public to other players. You can change your username and avatar in the App's settings at any time.

5.6 Technical and diagnostic data

  • Device model, operating system version, manufacturer, application version, and timezone identifier (used for correctly scheduling local notifications and for diagnostics).
  • Crash reports (stack traces, application state at the time of the crash, and limited device metadata) collected via Google Firebase Crashlytics. Our logging pipeline scrubs known sensitive patterns (e-mail addresses, authentication tokens, recovery codes, transfer PINs) before transmission, and we do not log the content of the free-text fields described in 5.3.
  • Performance traces (anonymous timings of internal operations such as synchronisation phases) collected via Google Firebase Performance Monitoring.
  • Product analytics events (which features are opened, button taps, counts, durations) collected via Google Firebase Analytics. We do not include the content of the encrypted fields in 5.3 in any analytics event. Analytics collection is enabled by default and can be disabled at any time in the App's settings.
  • Server-side request logs generated by Google Cloud Run (including a truncated IP address) for the limited purpose of operating and securing the back-end.
  • Bug reports submitted from inside the App, including any description and metadata you choose to attach.

5.7 Authentication tokens

  • Firebase Authentication issues a short-lived JSON Web Token used to authenticate your requests to our back-end. We do not store your password; password verification is performed by Google Firebase Authentication.
  • Firebase App Check tokens are issued by your device and sent with each request to confirm the request originates from a genuine, unmodified instance of the App.

5.8 Push and local notifications

The App schedules local notifications on your device for habit reminders. We do not currently send remote push notifications from our servers. If we introduce remote push notifications in a future version, this Policy will be updated to describe them.

6. What we do not collect

  • We do not collect precise location (GPS).
  • We do not collect your contacts, calendar, SMS or call data.
  • We do not collect biometric data.
  • We do not access photos beyond images you explicitly pick from the photo library inside the App (e.g. for your profile picture or wishlist items).
  • We do not access camera images beyond QR codes you explicitly scan inside the App for the encryption-key transfer feature; QR scans are processed locally and the camera feed is not uploaded.
  • We do not run third-party advertising SDKs.
  • We do not sell, rent or trade personal data.

7. Why we process your data and on what legal basis

We rely on the following legal bases under Article 6(1) GDPR:

(a) Performance of a contract — Article 6(1)(b)

To create and maintain your account, synchronise your data across devices, run the gameplay systems, and provide the App itself. Without this processing, the App cannot work for you.

Data: account data, profile data, encrypted personal content, gameplay metadata, public profile data, authentication tokens.

(b) Legitimate interests — Article 6(1)(f) — security and operations

To keep the App secure and operational: detecting abuse, preventing fraud, diagnosing crashes and performance issues, and improving stability.

Data: technical and diagnostic data, server-side request logs, crash reports, performance traces.

Our legitimate interest is running a stable and secure service. You can object to this processing on grounds relating to your particular situation by writing to scopeit.dev@gmail.com.

(c) Legitimate interests — Article 6(1)(f) — product analytics

To understand which features are used so we can improve the App, using aggregated product analytics events.

Data: Firebase Analytics events.

You can disable analytics at any time in the App's settings, or by uninstalling the App.

(d) Consent — Article 6(1)(a)

For features you explicitly opt into, such as receiving reminders, scanning a QR code for key transfer, or uploading a profile picture. You can withdraw consent at any time by revoking the relevant device permission or by removing the data through the App.

(e) Compliance with a legal obligation — Article 6(1)(c)

Where we are required by law to retain or disclose data (for example, in response to a lawful order from a competent authority).

8. Encryption and how we protect your data

8.1 Client-side encryption

The personal content listed in section 5.3 is encrypted on your device before it is sent to our servers. The encryption key:

  • is generated on your device,
  • is stored only on your devices in the operating system's secure storage (Keychain on iOS, Keystore on Android),
  • is never uploaded to our servers in readable form,
  • cannot be recovered by us if you lose all your devices and have not used the in-app recovery code or device-to-device transfer feature.

Key loss is irreversible

If you lose access to your encryption key (for example, by losing all your devices without saving a recovery code and without transferring the key to a new device), the encrypted data on our servers becomes permanently unreadable. We have no administrative backdoor and no ability to "reset" the encryption.

8.2 Transport security

All communication between the App and our back-end is encrypted in transit with TLS (HTTPS). Requests are additionally signed with an HMAC and validated through Firebase App Check to reject tampered or unauthenticated requests.

8.3 Server-side storage

Plaintext data (sections 5.1, 5.2, 5.4) is stored in a managed PostgreSQL database operated by us on Google Cloud, hosted in the europe-central2 (Warsaw, Poland) region. Profile pictures and other uploaded images are stored in Google Cloud Storage. Disk-level encryption at rest is provided by Google Cloud Platform.

8.4 Access control

Only the developer (Robin Chmelík) has administrative access to the production back-end and database. There are no other employees, contractors or processors with administrative access at the date of this Policy.

9. Sharing with third parties (processors)

We do not sell your personal data. We share data only with the following service providers, who act as our processors and only process the data to provide their service to us:

ProviderPurposeRegion
Google Ireland Limited / Google LLCFirebase Authentication, Crashlytics, Analytics, Performance Monitoring, App Check, Remote Config; Google Cloud Run (back-end hosting), Google Cloud Storage (image storage), Google Cloud SQL (database hosting)europe-central2 (Warsaw, Poland) for hosting; Firebase services may process data in additional Google regions
Apple Inc.Sign in with Apple — only if you choose to use it. May return a private relay e-mailApple-managed
Google LLCSign in with Google — only if you choose to use it. Returns a Google account identifier and e-mail addressGoogle-managed

We do not use third-party advertising or marketing SDKs. We do not run analytics with companies other than Google Firebase. If we add a new processor, this Policy will be updated to list it.

10. International transfers

Our primary hosting region is in the European Union (Warsaw, Poland). However, Google LLC is established in the United States, and some Firebase services and support functions may transfer or access data outside the European Economic Area.

Such transfers are protected by:

  • the European Commission's adequacy decision for the EU–U.S. Data Privacy Framework, where applicable, and
  • the European Commission's Standard Contractual Clauses, included in Google's Data Processing Addendum,

so that your data continues to receive a level of protection essentially equivalent to that under EU law.

You can request a copy of the relevant safeguards by writing to scopeit.dev@gmail.com.

11. Retention

  • Active accounts: account data, profile data, encrypted personal content, and gameplay metadata are retained for as long as your account is active.
  • Inactive accounts: if you do not sign in to the App for a continuous period of 24 months, we may delete your account and associated data after attempting to notify you at the e-mail address on file. This is to comply with the GDPR's storage limitation principle and to keep our database manageable.
  • Account deletion (initiated by you in the App): when you delete your account, all associated server-side data, including encrypted blobs, profile, gameplay state and uploaded images, is deleted. The associated authentication record at the identity provider is also removed. Local data on the device is wiped. The process is irreversible.
  • Account reset (separate, in-app): erases your goals, tasks, habits, journal entries, projects and gameplay progression but keeps your identity (e-mail, username).
  • Crash reports, analytics events, performance traces: retained according to Google Firebase's default retention periods. We do not extend these defaults.
  • Server access logs at Google Cloud Run: retained according to Google Cloud's default settings.
  • Bug reports submitted from inside the App: retained until the underlying issue is resolved, at which point they are deleted. Only the developer has access to bug reports.
  • Backups: routine database backups taken by the hosting provider may persist for a short period after deletion (typically up to 35 days) before being overwritten in the normal course of business.

12. Permissions requested by the App

The App requests the following operating-system permissions, each only when needed and each only used for the stated purpose:

  • Notifications — to deliver habit reminders and gameplay alerts you have configured.
  • Camera — only when you explicitly use the QR-code scanner for the encryption-key transfer feature. The camera feed is processed locally on your device and is not uploaded.
  • Photo library — only when you explicitly choose to attach an image (e.g. profile picture, wishlist item). Only the image you pick is read.

You can revoke any of these permissions at any time in your device's system settings.

13. Your rights

If you are in the European Economic Area, the United Kingdom or Switzerland, you have the following rights with respect to your personal data:

  • Right of access (Article 15 GDPR)
  • Right to rectification (Article 16 GDPR)
  • Right to erasure / "right to be forgotten" (Article 17 GDPR)
  • Right to restriction of processing (Article 18 GDPR)
  • Right to data portability (Article 20 GDPR)
  • Right to object (Article 21 GDPR), in particular to processing based on legitimate interests
  • Right to withdraw consent at any time, where processing is based on consent (Article 7(3) GDPR), without affecting the lawfulness of processing carried out before withdrawal
  • Right to lodge a complaint with a supervisory authority (Article 77 GDPR)

How to exercise these rights

  • Erasure: you can delete your account directly inside the App (Settings → Account → Delete account). This is the fastest route.
  • Rectification: you can change your username, avatar and similar profile fields directly inside the App.
  • Access, portability, restriction, objection or any other request: please write to scopeit.dev@gmail.com from the e-mail address associated with your account. We do not currently offer an automated data-export tool; we will fulfil portability and access requests manually within the 30-day deadline of Article 12(3) GDPR. We may extend this period by up to two further months for complex or numerous requests, and we will inform you of any such extension.

We may ask you for additional information to verify your identity before fulfilling a request, where this is reasonable.

There is no fee for exercising these rights, except where requests are manifestly unfounded or excessive (Article 12(5) GDPR).

14. Automated decision-making

We do not carry out automated decision-making producing legal or similarly significant effects on you within the meaning of Article 22 GDPR. The App uses algorithms to compute in-game outcomes (combat, progression, scaling) but these are gameplay mechanics with no real-world legal effect.

15. Payments

The App is currently provided free of charge and has no in-app purchases or subscriptions. In future versions we intend to introduce optional in-app purchases and/or subscriptions. When that happens, the relevant payments will be processed by Apple (App Store) or Google (Google Play) as the merchant of record, in accordance with their respective payment terms and privacy notices. We will update this Policy to reflect such changes before they are introduced.

16. Changes to this Policy

We may update this Policy from time to time, for example to reflect changes in functionality, in the third-party services we rely on, or in applicable law. The current version is always available inside the App and on this page.

  • For changes that materially affect your rights or significantly expand the categories or purposes of processing, we will notify you in advance through an in-app notice or by e-mail to the address on file, and where required by law we will obtain your consent.
  • For non-material changes (clarifications, corrections, additions of new sub-processors of the same kind, formatting), we will update the "Last updated" and "Version" fields at the top of this Policy, and continued use of the App after the new version takes effect constitutes acceptance of the updated Policy.

By continuing to use the App after the effective date of an updated version of this Policy, you agree to be bound by the most recent version. If you do not agree to a change, you must stop using the App and you may delete your account.

17. Contact

For any question relating to this Policy or the processing of your personal data: