1. Introduction
Welcome to Age of Aeternus ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services (collectively, the "Service").
Age Requirement: This Service is intended for users who are 18 years of age or older. We do not knowingly collect personal information from individuals under 18.
Please read this Privacy Policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy.
2. Information We Collect
2.1 Information You Provide Directly
| Data Type | Purpose | Legal Basis |
|---|---|---|
| Account Information | Email address, display name, username, profile picture, bio | Contract performance, Legitimate interest |
| Character Data | Character sheets, builds, notes, custom content, inventory | Contract performance |
| Party Information | Party membership, shared content, collaboration data | Contract performance |
| Friends List | Friend connections, friend requests | Consent, Legitimate interest |
| Preferences | App appearance settings, content preferences, trigger/veto tags | Contract performance |
| Communication Data | Support requests, feedback, in-app messages | Contract performance, Legal obligation |
2.2 Information Collected Automatically
| Data Type | Collection Method | Purpose |
|---|---|---|
| Crash Reports | Firebase Crashlytics | Bug fixes, stability improvements |
| Log Data | Server logs | Security, fraud prevention |
2.3 Information from Third Parties
- Authentication Providers: If you sign in using Google, Apple, or other OAuth providers, we receive your public profile information as permitted by your settings with that provider.
2.4 Third-Party SDK Data Collection
Our app integrates third-party SDKs that may collect data independently:
Firebase Crashlytics (Crash Reporting)
- Device state at time of crash (memory, battery, orientation)
- Stack traces and error logs
- Device model and OS version
- App version and build number
Important Notes:
- Crash reporting (Crashlytics) is disabled by default until you opt in to analytics in Settings > Privacy
- For EEA/UK users: We rely on legitimate interest for crash reporting to maintain app stability; however, you may object to this processing and disable it in Settings > Privacy, and we will honor your choice
3. How We Use Your Information
We use the information we collect for the following purposes:
3.1 Service Provision
- Create and manage your account
- Store and sync your character data across devices
- Enable party features and friend connections
- Process loyalty points earned through engagement
3.2 Service Improvement
- Analyze crash reports to improve stability
- Debug and fix technical issues
- Develop new features based on user feedback
3.3 Communication
- Send service-related notifications
- Respond to support requests
- Provide updates about the Service (with consent for marketing)
- Send transactional emails (for example: export links, security alerts, subscription notices, and legal updates)
3.4 Sponsors and Partnerships
- We may display sponsor or partnership information in the Service
- We do not sell your personal information to sponsors, and we do not provide your personal information to sponsors for their own marketing without your consent
3.5 Legal and Safety
- Comply with legal obligations
- Enforce our Terms of Service
- Protect against fraud and abuse
4. Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process personal data based on:
| Legal Basis | Examples |
|---|---|
| Contract Performance | Account creation, character storage, party features |
| Legitimate Interests | Security, fraud prevention, service improvement |
| Consent | Marketing communications (optional) |
| Legal Obligation | Tax records, legal requests |
You may withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.
5. Data Sharing and Disclosure
5.1 We Share Data With:
a) Service Providers (Sub-Processors):
| Provider | Service | Data Shared | Privacy Policy |
|---|---|---|---|
| Google LLC (Firebase) | Authentication, Firestore Database, Cloud Storage | Account data, character data, user-generated content | Firebase Privacy |
| Google LLC (Crashlytics) | Crash reporting | Device info, crash logs, app state | Google Privacy Policy |
| RevenueCat, Inc. | Subscription and in-app purchase management | Subscription status, purchase history, platform identifiers | RevenueCat Privacy Policy |
| Stripe, Inc. | Payment processing for web purchases | Payment method details, billing address, transaction history | Stripe Privacy Policy |
| Email service providers | Transactional email delivery | Email address, message metadata | Varies by provider |
b) Other Parties:
- Other Users: Your display name, username, profile picture, bio, and shared content are visible to party members and friends as configured in your privacy settings.
- Legal Requirements: We may disclose information to comply with legal processes or government requests.
- Business Transfers: In the event of a merger, acquisition, or sale, user data may be transferred.
5.2 We Do NOT:
- Sell your personal information
- Share your personal information for cross-context behavioral targeting
- Provide data to third parties for their own marketing
6. Data Retention
| Data Type | Retention Period | Justification |
|---|---|---|
| Account Information | Duration of account + 3 years after deletion | Contract, legal requirements, dispute resolution |
| Character Data | Duration of account + 30 days after deletion request | Grace period for account recovery |
| Crash Reports | 90 days | Debugging and stability analysis |
| Consent Records | 3 years from date of consent | GDPR compliance documentation |
After the retention period, data is securely deleted or anonymized.
7. Your Rights
7.1 All Users
You have the right to:
- Access your personal data
- Correct inaccurate data
- Delete your account and associated data
- Export your data in a portable format
- Opt-out of marketing communications
7.2 How to Exercise Your Rights
In-App (Recommended): Navigate to Settings > Account > Privacy to:
- View your data
- Update privacy preferences
- Disable crash reporting
- Manage analytics preferences
If you are unable to use the in-app tools, please use the email method below.
Via Email: Contact us at privacy@nerdhonest.com with:
- Your registered email address
- The specific right you wish to exercise
- Any relevant details to help us process your request
Response Timeframes:
| Request Type | Standard Response Time |
|---|---|
| Access/Export requests | Typically available immediately in-app; otherwise within 30 days as permitted by applicable law |
| Deletion requests | Within 30 days (includes 30-day grace period) |
| Correction requests | Within 15 business days |
| Other requests | Within 30 days |
For complex requests or high volumes, we may extend response times as permitted by applicable law, but will inform you of any extensions.
7.3 EEA/UK Users (GDPR)
Additional rights include:
- Restriction of processing
- Objection to processing based on legitimate interests
- Withdraw consent at any time
- Lodge a complaint with a supervisory authority
7.4 California Users (CCPA/CPRA)
California residents have the right to:
- Know what personal information is collected
- Know whether personal information is sold or disclosed
- Say no to the sale of personal information
- Access personal information
- Equal service and price
Notice at Collection: We collect the categories of personal information listed in Section 2 for the purposes described in Section 3.
Do Not Sell My Personal Information: We do not sell personal information as defined under CCPA.
7.5 Other Jurisdictions
Users in other jurisdictions may have additional rights under local law. Contact us at privacy@nerdhonest.com to inquire about rights specific to your location.
8. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encryption in transit (TLS/SSL)
- Encryption at rest (Firebase security)
- Access controls and authentication
- Regular security assessments
- Firebase Security Rules for data access control
However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.
9. International Data Transfers
Your data may be transferred to and processed in countries outside your residence, including the United States, where our service providers operate. We ensure appropriate safeguards are in place:
Transfer Mechanisms:
- EU-US Data Privacy Framework: Google LLC is certified under the EU-US Data Privacy Framework for transfers from the EEA
- Standard Contractual Clauses (SCCs): We rely on SCCs for transfers to jurisdictions without adequacy decisions
- Data Processing Agreements: All service providers have signed appropriate data processing agreements
Google's Data Processing Terms: Our use of Firebase and other Google services is governed by Google's Data Processing Terms, which include commitments regarding international data transfers. See: https://cloud.google.com/terms/data-processing-terms
10. Children's Privacy
Age of Aeternus is intended for users 18 years of age or older. We do not knowingly collect personal information from children under 18. If we learn that we have collected data from a child under 18, we will delete it promptly.
If you believe a child has provided us with personal information, please contact us at privacy@nerdhonest.com.
11. Third-Party Services
Our Service integrates with third-party services. Each has its own privacy policy:
| Service | Purpose | Privacy Policy |
|---|---|---|
| Google Firebase | Backend infrastructure | https://firebase.google.com/support/privacy |
| Firebase Crashlytics | Crash reporting | https://firebase.google.com/support/privacy |
| RevenueCat | Subscription management | https://www.revenuecat.com/privacy |
| Stripe | Payment processing (web) | https://stripe.com/privacy |
We encourage you to review these policies.
12. Cookies and Tracking Technologies
For detailed information about cookies and similar technologies, please see our Cookie Policy.
13. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes by:
- Posting the new policy with an updated "Last Updated" date
- Sending an in-app notification
- Emailing registered users (for significant changes)
Your continued use after changes constitutes acceptance of the updated policy.
14. Contact Us
If you have questions about this Privacy Policy or our data practices:
Age of Aeternus
Privacy Inquiries: Email: privacy@nerdhonest.com
Data Protection Officer: Email: dpo@nerdhonest.com
Response Time: We aim to respond to all requests within 30 days.
15. Supplemental Notices
15.1 Nevada Residents
Nevada residents may opt out of the sale of covered information. We do not currently sell covered information as defined under Nevada law.
15.2 Virginia Residents (VCDPA)
Virginia residents have rights similar to those described in Section 7, including the right to access, correct, delete, and obtain a copy of personal data. We do not use your personal information for cross-context behavioral targeting as defined under the VCDPA. If this changes, you may opt out by contacting us at privacy@nerdhonest.com.
15.3 Colorado Residents (CPA)
Colorado residents have rights to access, correct, delete, and obtain a portable copy of their personal data. We do not sell personal information or use it for cross-context behavioral targeting as defined under the CPA. If this changes, you may opt out by contacting us at privacy@nerdhonest.com.
Effective Date: February 11, 2026
Version: 1.2