Palatia

Legal

Privacy Policy.

Last updated 2026-05-06

PlaceholderThis document is a working draft and is not legal advice. Before launch we will replace it with a version reviewed by counsel and align it with the App Store and Play Store data-safety disclosures.

What this covers

This policy describes how Palatia ("we") handles personal data when you use the Palatia mobile app or this website. The marketing website does not require an account; the mobile app does (registered or guest).

What we collect

  • Account info — for registered users: email, display name, hashed password. For guests: a server-side user row plus a token stored on your device.
  • Gameplay data — sessions you create, items shown, your answers, scores, streaks, and completion timestamps.
  • Device info — for support and analytics: app version, OS version, device model, locale, and time zone.
  • Push tokens — only if you opt in to daily reminders.
  • Purchase metadata — if you subscribe, RevenueCat shares an anonymous customer id and entitlement state with us. Your payment card is handled entirely by Apple or Google; we never see it.
  • Crash and error reports — via Sentry, used to diagnose bugs.

How we use it

  • To run the game (score sessions, advance streaks, generate the daily challenge).
  • To keep your account secure (auth tokens, refresh rotation, abuse rate-limiting).
  • To send notifications you've opted in to.
  • To provide the Pro features you've paid for.
  • To understand how the product is used in aggregate, so we can improve it.
  • To diagnose crashes and fix bugs.

Who we share it with

We use a small number of vetted service providers to operate the app:
  • Cloud hosting for our database and API.
  • Cloudflare R2 for the picture library (images served as-is, no per-user data sent).
  • RevenueCat for subscription state.
  • Apple / Google for in-app purchases.
  • Sentry for crash reporting.
  • Google AdMob for rewarded video ads when ads are enabled in a future release.
We do not sell your personal data.

Data retention

Account and gameplay data is kept for as long as your account exists. Crash reports are retained per Sentry's defaults (typically 30–90 days).

Your rights

You can: (a) view your profile in the app; (b) sign out at any time; (c) delete a guest account from the profile screen, which permanently removes your user row and gameplay history; (d) request deletion of a registered account by emailing us at the address below. Depending on where you live, you may also have rights to access, correct, port, or restrict processing of your data — contact us to exercise them.

Children

Palatia is not directed to children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has created an account, contact us and we will delete it.

Security

Passwords are stored as bcrypt hashes; access tokens are short-lived JWTs with rotation; transport is HTTPS. No system is perfect — we encourage strong, unique passwords and timely OS updates.

International transfers

Our servers may be located in jurisdictions other than yours. By using the app you consent to that transfer. Specific hosting regions and any cross-border safeguards will be detailed before launch.

Changes to this policy

We may update this policy from time to time. The "Last updated" date above will reflect the most recent change. Material changes will be flagged in-app or by email where appropriate.

Contact

Questions, requests, or complaints? Email support@palatia.app.