Legal
Privacy Policy
1. Overview
This Privacy Policy explains how John Newsom ("we," "us," or "our") collects, uses, and protects information when you use Cards of Myth (the "App").
We collect only the minimum information needed to create and secure accounts and enable optional sign-in and purchases.
2. Information We Collect
A) Account Information You Provide
- Username
- Password (stored in encrypted/hashed form; we do not store passwords in plain text)
B) Third-Party Sign-In (Optional)
If you choose to sign in with Apple, Google, or Facebook, we receive limited information from that provider to authenticate you, such as:
- A provider-specific user ID (unique identifier)
- Potentially your email address and/or display name, depending on the provider and your settings
We do not receive your third-party account password.
C) In-App Purchases
The App may offer in-app purchases processed by:
- Apple App Store
- Google Play Store
We do not collect or store your payment card information. Payments are handled by Apple/Google. We may process purchase/transaction status provided by the store to grant purchased items (entitlements).
D) Information We Do Not Collect
We do not collect:
- Your precise location
- Contacts
- Photos/media files
- Microphone or camera data
- Advertising identifiers for tracking
- Health information
We also do not make your personal information visible to other users.
3. How We Use Your Information
We use information only to:
- Create and manage your account
- Authenticate you and keep the App secure
- Enable optional third-party sign-in
- Enable in-app purchase entitlements
- Provide customer support
4. Legal Bases for Processing (GDPR)
If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, we process personal data under the following legal bases:
- Contract (Art. 6(1)(b)): to provide the App (account creation, login, purchased entitlements)
- Legitimate Interests (Art. 6(1)(f)): to secure accounts and prevent abuse/fraud
- Consent (Art. 6(1)(a)): where required (e.g., optional third-party sign-in choices are initiated by you)
- Legal Obligation (Art. 6(1)(c)): to comply with applicable laws
5. Sharing and Disclosure
We do not sell your personal information.
We only share information in these cases:
- Service Providers / Processors that help us provide the App:
- Apple (Sign in with Apple, App Store purchases)
- Google (Google Sign-In, Google Play purchases)
- Facebook (Facebook Login)
- Legal Requirements: if required by law, court order, or to protect rights and safety
6. Data Security
We use reasonable administrative, technical, and organizational measures to protect your information, including secure authentication and encrypted password storage.
No method of transmission or storage is 100% secure, but we work to protect your data.
7. Data Retention
We keep your account information only as long as needed to provide the App, meet legal obligations, resolve disputes, or enforce agreements.
- If you delete your account, we will delete or de-identify your account information within a reasonable period, unless retention is required by law.
8. Your Choices: Sign-In Revocation and Account Deletion
A) Revoke Third-Party Login Access
If you signed in using Apple, Google, or Facebook, you can revoke access:
- In the third-party provider's account settings (Apple/Google/Facebook), and/or
- In the App's Account Settings (if available)
Revoking access may prevent future logins unless you restore access or use another sign-in method.
B) Delete Your Account (In-App)
You can delete your account directly in the App under Account Settings.
When you delete your account, your account information will be removed from our systems, subject to any legal or operational retention requirements.
9. Your Privacy Rights
A) GDPR Rights (EEA/UK/Switzerland)
You may have the right to:
- Access your personal data
- Correct inaccurate data
- Request deletion
- Object to or restrict processing
- Data portability (where applicable)
- Withdraw consent (where processing is based on consent)
You can exercise these rights by contacting us at themythcardgame@gmail.com.
You also have the right to lodge a complaint with your local data protection authority.
B) CCPA/CPRA Rights (California)
If you are a California resident, you may have the right to:
- Know what personal information we collect, use, and disclose
- Request deletion of personal information
- Correct inaccurate personal information (in certain cases)
- Opt out of the sale or sharing of personal information (we do not sell or share for cross-context behavioral advertising)
- Not be discriminated against for exercising your rights
How to submit a request: Email us at themythcardgame@gmail.com with the subject line "Privacy Request".
Authorized agents: You may designate an authorized agent to submit requests on your behalf, consistent with applicable law.
Sensitive personal information: We do not use or disclose sensitive personal information for purposes requiring a right to limit under CPRA.
10. International Data Transfers
If you access the App from outside the United States, your information may be transferred to and processed in countries where we or our service providers operate.
Where required, we rely on appropriate safeguards for international transfers.
11. Children's Privacy
The App is not intended for children under 13 (or under the age required by local law). We do not knowingly collect personal information from children.
If you believe a child provided personal information, contact us at themythcardgame@gmail.com.
12. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will update the Effective Date and provide notice within the App or on the store listing where required.
13. Contact Us
For privacy questions or requests, contact:
John Newsom
Email: themythcardgame@gmail.com
Appendix A – Apple App Store Privacy Labels (Developer Summary)
The following is a plain-language summary intended to help complete App Store privacy questions. This does not replace Apple's questionnaire and may need adjustments depending on your exact implementation.
Data Collected
- User ID (provider ID for Apple/Google/Facebook sign-in) – for authentication
- Username – for account identity
- Password – stored in encrypted/hashed form for authentication
- Purchase/Transaction Status – to deliver purchased items (handled by Apple/Google; no payment card data collected)
Data Not Linked to You / Not Collected
- No location, contacts, photos, audio, advertising identifiers, or tracking across apps/sites
Tracking
- We do not track you across apps and websites owned by other companies for advertising or measurement purposes.
Appendix B – Google Play Data Safety (Developer Summary)
A short summary to support Play Console's "Data safety" section (verify against your build):
- Personal info collected: Username
- Security practices: Password stored securely (hashed/encrypted); data transmitted securely
- Data sharing: Not sold; only shared with authentication/payment providers as needed
- Account deletion: Available in-app