Privacy Policy

Account information. When you create an account, we store an email address (or anonymous identifier), display name, chosen realms, and authentication state via Firebase Authentication.

Gameplay data. We store quiz answers, streaks, XP, achievements, duel results, and weekly rankings to operate the Service. This data is associated with your account.

Device data. We collect device identifiers, app version, language, and crash diagnostics through standard mobile tooling (Firebase, Expo). We use Expo Push Tokens to deliver notifications you opt in to.

We use information to operate the Service: to authenticate accounts, run quizzes and duels, compute rankings, deliver notifications you have enabled, prevent abuse, and improve the app over time.

We do not sell personal information. We do not use your gameplay data for advertising.

We share data with service providers who process it on our behalf: Google Firebase (database, auth, push), Expo (push delivery), Resend and Loops (email delivery, when you opt in), and our analytics provider for aggregate metrics.

We disclose information when required by law or to protect the rights and safety of our users and ourselves.

Push notifications and emails are opt-in by category (streak reminders, weekly rankings, duels, new content). You can disable any category at any time from the app’s Settings screen, or unsubscribe via the link in any email.

For users in the European Economic Area, we rely on the following legal bases:

• Contract (Art. 6 (1) lit. b GDPR) — to create and operate your account, run quizzes and duels, compute streaks and rankings.
• Legitimate interest (Art. 6 (1) lit. f GDPR) — to prevent abuse, secure the Service, and analyze aggregate usage.
• Consent (Art. 6 (1) lit. a GDPR) — for push notifications and marketing email categories. You can withdraw consent at any time without affecting prior processing.
• Legal obligation (Art. 6 (1) lit. c GDPR) — to comply with applicable law and respond to lawful requests.

You can change your display name, edit notification preferences, or delete your account from within the app. Account deletion removes your profile, gameplay history, and associated data on a best-effort basis within 30 days.

If you are in the European Economic Area or the United Kingdom, you have the following rights regarding your personal data: access (Art. 15 GDPR), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), and objection to processing (Art. 21). Where processing is based on consent, you have the right to withdraw it at any time (Art. 7 (3) GDPR).

You also have the right to lodge a complaint with a supervisory authority. For users in Germany this is the data protection authority of your federal state, or alternatively the BfDI (Bundesbeauftragte für den Datenschutz und die Informationsfreiheit). For users elsewhere in the EU/EEA it is the supervisory authority of your country of residence.

To exercise any of these rights, contact us at the email address below. We respond within 30 days.

We retain account and gameplay data for as long as your account exists. After account deletion, we remove personal data within 30 days, except for limited records we are required to keep for legal, accounting, or fraud-prevention purposes (typically up to 6 years under German tax law where applicable, anonymized where possible).

Aggregated and anonymized statistics that cannot be linked back to you may be retained indefinitely.

Some of our service providers (including Google Firebase, Expo, Resend, Loops) may process data on servers located outside the European Economic Area, including in the United States. Where this happens, transfers are protected by the Standard Contractual Clauses adopted by the European Commission, the EU–US Data Privacy Framework (where applicable), or other safeguards permitted under Chapter V GDPR.

We use industry-standard practices to protect data in transit (TLS) and at rest (encrypted Firestore). No system is perfectly secure; we encourage strong passwords and reporting suspected access issues immediately.

LoreMaster is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we learn we have, we will delete it.

We may update this policy as the Service evolves. Material changes will be announced in the app or by email before taking effect. The “Last updated” date above reflects the current version.

LoreMaster references third-party fictional universes for educational and entertainment purposes. All trademarks, logos, and intellectual property remain the property of their respective owners. LoreMaster is not affiliated with, nor endorsed by, any of those rights holders.