Privacy Policy

1. Introduction

Two Player Labs LLC (“Company,” “we,” “us,” or “our”) respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile applications, websites, and related services (collectively, “Services”).

Two Player Labs LLC is an Oregon limited liability company owned equally by Michael Paulsen (Oregon) and Daniel Gioffre (New Jersey).

By using our Services, you consent to the practices described herein. Individual apps may have app-specific privacy policies with additional detail - those supplement this policy.

2. Information We Collect

2.1 Information You Provide

Account Information (Optional):If you create an account in any of our apps, you sign in via Google Sign-In or Apple Sign-In. We receive your name and email address (with your consent). You can use Apple's “Hide My Email” feature to minimize data sharing. We do not store passwords - authentication is handled entirely by Google and Apple.

User-Generated Content: Content you create within our apps (labels, notes, custom files, etc.) is stored locally on your device. When you have an account, key data such as app configurations, reports, and statistics may also be backed up to our servers for cloud sync and social features.

2.2 Information Collected Automatically

Local Data: App configurations, usage statistics, achievements, and preferences are stored on your device. If you have an account, key data is also synced to our database for backup and to power social features.

Device & Usage Information: Through our error tracking service (Sentry), we collect device model, operating system version, app version, crash reports, and session information. This data is associated with anonymous identifiers, not your personal identity.

2.3 Third-Party Services

Our apps may integrate with third-party services. When you connect these services, we may receive data from them:

• Health & Wearables: Apple HealthKit, Google Health Connect, Fitbit, WHOOP, Samsung Health
• Authentication: Google Sign-In, Apple Sign-In (the only sign-in methods available)
• Music: Spotify
• Smart Home: Philips Hue, LIFX, Govee

Data received from these services is used solely to provide the features you've enabled and is handled according to the requirements of each platform.

2.4 Sensitive Information

• Microphone: Used locally for audio features (e.g., voice recognition, audio detection). Audio is processed on-device; we do not transmit raw audio to our servers.
• Camera: Used locally for scanning and verification features. Images are processed on-device; we do not store or transmit captured images.
• Health Data: Health and fitness data from wearables is stored locally. We do not transmit health data to our servers unless you explicitly choose to share it through social features.
• Motion Data: Accelerometer and sensor data is used locally and not transmitted to external servers.
• Location: Approximate location (from IP address) may be used for weather features. We do not track or store precise location history.

3. How We Use Your Information

• Provide Core Services: Deliver the features and functionality of our apps
• Optional Social Features: Enable leaderboards, friend connections, and shared statistics (requires account)
• Improve Our Apps: Fix bugs and crashes, analyze usage patterns in aggregate, develop new features
• Communicate: Respond to support requests, send important service announcements
• Process Payments: Manage subscriptions through RevenueCat, which processes purchases via the Apple App Store and Google Play Store

4. How We Share Your Information

Service Providers

We share information with third-party service providers who assist in operating our Services:

• Supabase - Database, authentication, and cloud data backup
• Sentry - Error tracking and crash reporting
• RevenueCat - Subscription management and payment processing
• Google AdMob - Advertising (free tier users)

Social Features (Optional)

If you participate in leaderboards or social features, certain information (display name, scores, streaks, statistics) may be visible to other users.

Legal Requirements

We may disclose information if required by law, legal process, or government request, or to protect the rights, property, or safety of our users or others.

Business Transfers

If Two Player Labs LLC is acquired or merged with another company, your information may be transferred as part of that transaction.

What We Do NOT Do

• Sell your personal information to third parties
• Share your data for targeted advertising purposes
• Use your health data for any purpose other than app functionality

5. Data Retention & Deletion

Local Data: Data stored on your device is retained until you delete the app or clear app data. Our apps may automatically prune older data to manage storage (e.g., reports, history entries).

Cloud Data: If you have an account, data is retained until you delete your account. Deleted account data is removed within 30 days. Anonymized aggregate data may be retained for analytics.

Third-Party Data: Data held by third-party services (Sentry, RevenueCat, etc.) is subject to their own retention policies.

To delete your data:Uninstall the app (local data), or delete your account directly from the Settings > Account page within the app (removes all cloud data). You can also email [email protected] with subject “Account Deletion Request.” We process all requests within 30 days.

6. Your Privacy Rights

All users have the right to access, correct, or delete their personal information, and to withdraw consent for optional data processing.

EEA Residents (GDPR)

If you are in the European Economic Area, you have additional rights under GDPR including: right to access, rectification, erasure (“right to be forgotten”), restrict processing, data portability, object to processing, and withdraw consent at any time.

Legal bases for processing: Contract performance (providing app services), legitimate interests (improving our apps, security), and consent (optional features, marketing).

California Residents (CCPA/CPRA)

If you are a California resident, you have rights under the California Consumer Privacy Act including: right to know what personal information we collect, right to delete, right to opt-out of sale (we do not sell data), right to non-discrimination, and right to correct inaccurate information.

Categories of personal information collected: Identifiers (email, display name, device ID), internet activity (app usage, error logs), and approximate geolocation (from IP address for weather features).

7. Health Data Disclosures

Some of our apps integrate with health platforms. Our use and transfer of health information adheres to platform-specific requirements:

Apple HealthKit

We only read health data with your explicit permission. Health data is used solely to enhance app features. We do not share HealthKit data with third parties for advertising, and we do not sell HealthKit data.

Google Health Connect

We request only the minimum permissions necessary. Health data is processed locally and not transmitted to advertising networks. We comply with Health Connect's data use and disclosure requirements.

8. Security

We implement appropriate technical and organizational measures to protect your information:

• TLS 1.2+ encryption for all network communications
• Platform keychain storage (iOS Keychain, Android Keystore) for secure tokens
• JWT authentication with automatic refresh and OAuth 2.0 with PKCE
• Row-level security on our database
• Regular security reviews and monitoring

No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

9. International Data Transfers

Our servers and service providers may be located in the United States and other countries. If you are located outside the United States, your information may be transferred to, stored, and processed in the United States.

For EEA users, we rely on Standard Contractual Clauses with our service providers. For other jurisdictions, we comply with applicable transfer requirements.

10. Cookies & Tracking Technologies

Our mobile applications do not use traditional browser cookies. We use device storage technologies (AsyncStorage for preferences, platform Keychain/Keystore for secure tokens) to provide app functionality.

Our website may use essential cookies for basic functionality. We do not use third-party tracking cookies on our website.

11. Children's Privacy

Our Services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected] and we will promptly delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be communicated through an updated “Last Updated” date on this page, in-app notifications for material changes, and email if you have an account. Your continued use of our Services after changes constitutes acceptance of the updated policy.

13. App-Specific Policies

Individual apps may have their own privacy policies with additional detail specific to their features and data practices. These app-specific policies supplement this company-wide policy:

• Risely Privacy Policy

14. Contact Us

For privacy-related questions or to exercise your rights: