Privacy Policy
Last updated: April 28, 2026
The short version
- We collect the bare minimum we need to run the game: your email, username, password, and what you do in the app (race results, streaks, scores, achievements).
- Your username and game stats are public to other players. Your email and password are not.
- We use Supabase to store your data and Apple to handle payments. We don't sell your data, run ads, or track you across other apps.
- You can delete your account from the app at any time. When you do, we delete or anonymize your data within 30 days.
1. Who we are
Race to Revelation ("the app") is operated by Good Business HQ LLC. We are the data controller for the personal data we collect through the app.
Contact: info@racetorevelation.com
2. What we collect
Information you give us
- Email address. Used to authenticate your account and send account-related messages.
- Password. Stored only as a salted hash by our authentication provider — we never see your plaintext password.
- Username. A handle you choose. Visible publicly inside the app.
- Optional name and avatar. If you choose to provide them.
- In-app feedback. Question reports, support messages, challenge invitations.
Information collected automatically
- Race activity. Each race you play — the questions you saw, your answers, your time, your score, whether you finished, and which book / race day it was. We use this for leaderboards, streaks, badges, and to fix question errors.
- Device and app info. Your iOS version, app version, device model, language, time zone, and approximate region (derived from IP). Used to diagnose crashes and improve compatibility.
- Crash and diagnostic logs. Apple-provided crash reports if you have crash sharing enabled in iOS Settings.
What we DON'T collect
- We don't access your contacts, photos, microphone, camera, location, or health data.
- We don't run third-party ad-tracking SDKs.
- We don't link your activity to other apps or websites.
- We don't use Apple's advertising identifier (IDFA).
3. Why we collect it
If you live in the EEA or UK, the legal basis (under GDPR) is shown in the right column.
| What we use | Why | Legal basis (EEA/UK) |
|---|---|---|
| Email + password | Sign you in, recover your account | Contract |
| Username, race results, scores | Run the daily race, leaderboards, streaks, badges | Contract |
| Email reminders & notifications | Remind you about your daily race | Consent (you can opt out anytime) |
| Crash logs, device info | Keep the app from breaking on your device | Legitimate interest |
| In-app purchase records | Confirm and restore purchases | Contract |
| Question reports, feedback | Fix wrong or misleading content | Legitimate interest |
4. Who we share it with
We use a small number of third parties to operate the app:
- Supabase — our database, authentication, and realtime backend. Your account data, race history, and leaderboard standings are stored on Supabase infrastructure. See Supabase's privacy policy.
- Apple — handles all in-app purchase payments. We never see your full payment information; we only see a confirmation that a purchase succeeded. See Apple's privacy policy.
- Apple Push Notification service — delivers notifications if you enable them.
We do not:
- Sell your data to anyone.
- Share your data with advertisers.
- Use your data to train AI models or hand it to data brokers.
We may disclose data if required by law (subpoena, court order, valid legal request) or to protect the rights, safety, or property of users or the public — and we'll narrow what we disclose to the minimum needed.
5. What's public and what's private
Publicly visible inside the app to other players:
- Your username
- Your scores and finish times for daily races
- Your streak, badges, and achievements
- Your position on leaderboards
Private — only you see:
- Your email address
- Your password (always, no exceptions)
- The exact answers you gave on individual questions
- Your purchase history
- Anything you submit in feedback or support messages
6. How long we keep your data
- Account data: As long as your account is active.
- Race history: As long as your account is active. After you delete your account, your race results are anonymized (your username is removed from leaderboard rows) within 30 days.
- Crash logs and diagnostic data: Up to 90 days.
- In-app purchase records: As long as required for tax and accounting purposes (typically 7 years in the US).
- Backups: Standard database backups may retain deleted data for up to 30 additional days before they're rotated out.
7. Your rights
Wherever you live, you have the right to:
- Access the data we have about you.
- Correct inaccurate data.
- Delete your account and the data attached to it.
- Export your data in a machine-readable format.
- Object to processing based on our legitimate interest.
- Withdraw consent for things you previously opted into (like notifications).
If you live in the EEA, UK, California, Colorado, Virginia, Connecticut, Utah, or another jurisdiction with a specific privacy law, those rights are in addition to whatever the law gives you locally — you don't lose anything by being in those places.
You can exercise most rights directly in-app: open Settings → Account → Delete account (or export data). For anything else, email info@racetorevelation.com and we'll respond within 30 days.
You also have the right to lodge a complaint with your local data protection authority. (In the EU, that's typically your country's DPA; in the UK, the ICO; in California, the CPPA.)
8. Children's privacy
Race to Revelation is not directed to children under 13. We don't knowingly collect personal data from anyone under 13. If you believe a child under 13 has created an account, please contact us and we will delete the account and associated data.
In the EU/UK, the minimum age is 16 (or whatever your country's GDPR digital-consent age is). If you're under that age, you need a parent or guardian's verifiable consent.
9. Security
- All data is encrypted in transit using HTTPS / TLS.
- Passwords are stored as salted hashes; we never see your plaintext password.
- Database access is restricted to authenticated services and our admins on a need-to-know basis.
- We log unusual access attempts and review them.
No security setup is perfect. If we ever discover a breach that affects your data, we'll notify you and the relevant authorities as required by law.
10. International data transfers
Our backend (Supabase) hosts data in the United States. If you're outside that region, your data will be transferred and processed there. The US is not currently considered to have "equivalent" data protection to the EU, so for EEA/UK users we rely on Standard Contractual Clauses (or the EU-US Data Privacy Framework, where applicable) to provide a lawful basis for the transfer.
11. Cookies and tracking
The iOS app doesn't use web cookies. We don't use third-party analytics SDKs that profile users, and we don't use Apple's advertising identifier (IDFA).
12. Changes to this policy
If we make material changes, we'll notify you in-app and update the "Last updated" date. For changes that expand how we use your data, we'll ask for fresh consent where the law requires it.
13. Contact
Questions about this policy or your data?
Email: info@racetorevelation.com