This Privacy Policy explains what data Ruck Rugby collects, why we collect it, how we use it, and the choices you have. It applies to the Ruck Rugby mobile application on iOS and Android and the ruckrugby.com website.
In this Policy, "Ruck Rugby", "we", "us", and "our" refer to Dingoshouse LLC, a limited liability company formed in the State of Vermont, USA, which operates Ruck Rugby. "You" refers to the person using Ruck Rugby or visiting the website.
1. Summary
The short version, for fans who do not want to read the whole thing:
- We collect the minimum data needed to run the app: your email, a display name, a country choice, optional avatar, and your gameplay history.
- We use that data to run the app, save your progress, show leaderboards, and send only the notifications you opt into.
- We do not sell your data. We do not track you across other apps or websites. We plan to introduce optional rewarded ads and sponsored content in a future version; this policy will be updated before we do.
- You can delete your account and associated app data from the Profile tab or request deletion at ruckrugby.com/account-deletion.
2. Data we collect
We collect data in three ways: data you give us, data created by playing, and data collected automatically.
Data you give us
- Account data. Email address, password (stored as a salted hash, never in plain text), display name, optional avatar URL, and team / country selection.
- Avatar photo. If you choose a profile avatar, we process the image on your device, upload a resized version to Supabase Storage, and show it publicly next to your profile and leaderboard entries. Avatar upload is optional.
- If you sign in with Apple or Google. We receive the information those services share with us, typically a name (sometimes anonymised by Apple via the "Hide My Email" relay) and an email address.
- Feedback and support data. If you contact us via the in-app feedback modal or email, we receive your message and your email.
- Purchase history. When you make an in-app purchase, Apple processes the payment and we receive a transaction reference and product identifier. We do not receive your payment card details.
Data created by playing
- Gameplay history. Questions you answered, whether you got them right, time taken per question, scores, streaks, XP, level, grade, badges unlocked, country contributions.
- Multiplayer history. Rooms you created or joined, head-to-head duels initiated or accepted, country-league participation.
- Friend connections. When friend features are enabled, the list of users you have friended.
Data collected automatically
- Device and session data. Approximate device type (iOS or Android), App version, operating-system version, language, and approximate locale (used to render dates and times). We do not collect precise location.
- Authentication data. Session tokens issued by Supabase Auth. These are stored securely on your device using Apple Secure Enclave or Android Keystore via expo-secure-store.
- Product analytics data. App events such as session start, answers submitted, rounds completed, badge unlocks, and match events. These may be linked to your account ID, username, grade, level, team, and device metadata so we can understand product quality and usage. We use PostHog for this. Session replay is disabled.
- Push tokens. Once push notifications launch, we will store the Expo push token associated with your device so we can send the notifications you opt into. You can revoke this at any time in the App.
We do not collect:
- Precise location.
- Contacts, microphone, camera, calendar, or motion data.
- Advertising IDs (IDFA on iOS, AAID on Android). Ruck Rugby does not currently run ads and does not integrate with ad networks.
- Web tracking pixels on ruckrugby.com (except a privacy-respecting analytics tool if introduced; see Section 6).
3. How we use your data
We use the data above only for these purposes:
- Running the app. Authenticating you, saving your progress, computing leaderboards, matching you with opponents, awarding badges.
- Future advertising. We plan to introduce optional rewarded ads and sponsored content in a future version. When we do, we will update this policy and notify you in the app. We will not use your data for cross-context behavioural advertising.
- Country leagues. Aggregating XP per country so the weekly nation-vs-nation matchups work.
- Notifications you opt into. Once push notifications launch, sending daily reminders, duel invites, league results, and other notifications you have toggled on. You can switch off any category in the App.
- Support. Responding to feedback and account-deletion requests.
- Security. Detecting and preventing abuse, fraud, leaderboard manipulation, and account compromise.
- Improvement. Aggregate, de-identified analytics to understand which game modes are used, identify bugs, and prioritise features. We do not use this for advertising.
- Legal compliance. Where required by law, including responding to lawful requests from authorities.
4. Legal bases (for users in the EEA, UK, and Switzerland)
If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases under the GDPR / UK GDPR:
- Contract. Most processing (creating your account, running gameplay, saving progress) is necessary to provide the service you signed up for.
- Legitimate interest. Security, abuse prevention, and aggregate analytics for product improvement. We balance our interest against your privacy and only use data minimally.
- Consent. Push notifications and any future marketing emails beyond essential service updates. You can withdraw consent at any time.
- Legal obligation. Where we need to retain or disclose data to comply with applicable law.
5. Sharing your data
We do not sell your data. We share data only with:
- Service providers we depend on, listed in Section 6.
- Apple and Google, for purchases (if you make one). Apple and Google handle the payment; we receive a transaction reference, not your payment card details.
- Other Ruck Rugby users, but only the data you choose to make visible: your display name, country, level, grade, badges, and leaderboard standing. We do not share your email with other users.
- Authorities, where required by valid legal process and only to the extent legally required.
If Ruck Rugby is ever acquired or merged into another entity, your data may be transferred as part of that transaction. We will notify you and update this Policy if that happens.
6. Third-party services we use
Ruck Rugby is built on a small number of vendors. Each one processes data on our instructions under their own privacy commitments.
- Supabase Inc. Authentication, database, storage, and realtime
infrastructure. Receives gameplay, account, feedback, optional avatar data, and beta
waitlist signups (your email, country selection, and, if you arrived via a campaign or
referral link, the campaign tag from that link), stored on AWS in the US East (Ohio,
us-east-2) region. supabase.com/privacy - Apple Inc. App Store distribution, Apple Sign In, payments. Receives account data shared at sign-in and payment data for purchases. apple.com/legal/privacy
- Google LLC. Play Store distribution, Google Sign In, payments. Receives account data shared at sign-in and payment data for purchases. policies.google.com/privacy
- Expo (650 Industries Inc.). Build and over-the-air update infrastructure. Receives app update channel data; no personal data tied to your account. expo.dev/privacy
- PostHog Inc. Product analytics. Receives user/distinct ID, username, grade, level, team ID, session and gameplay event properties, and app/device metadata. Session replay is disabled. posthog.com/privacy
- Cloudflare, Inc. Website hosting, DNS, and the secure form endpoint that processes beta waitlist signups. Receives your email, country selection, and, if you arrived via a campaign or referral link, the campaign tag from that link when you submit the landing-page form. cloudflare.com/privacypolicy
- Resend. Delivery of waitlist confirmation and beta update emails. Receives your email address and country selection in order to send those emails. resend.com/legal/privacy-policy
We will update this list if we add or remove a vendor.
7. Data retention
We keep your data for as long as your account exists. When you delete your account:
- Your profile, gameplay history, friend connections, unlocked items, and uploaded avatar are deleted from production systems when the deletion request is processed.
- Backups containing your data may persist for up to 90 days before they are overwritten in normal backup rotation.
- Aggregate, de-identified data (for example, "how many users completed the Daily Test this week") may be retained indefinitely. It cannot be linked back to you.
- Email opt-in records may be retained as required for compliance with anti-spam law (for example, CAN-SPAM, CASL, GDPR).
8. Data storage and security
Your data is stored on Supabase infrastructure, hosted on AWS in the US East (Ohio,
us-east-2) region in the United States. Connections between the App and Supabase
are encrypted in transit using HTTPS / TLS.
Passwords are stored as salted hashes managed by Supabase Auth. We never see your plaintext password.
We use Row Level Security (RLS) policies on every database table so that, with the exception of intentionally public data (leaderboard entries, public profile fields), only you can read your own records.
Despite these protections, no system is perfectly secure. If we discover a data breach that affects you, we will notify you as required by applicable law.
9. Your choices
- See your data. Most of it is visible in the App on the Profile tab.
- Edit your display name, avatar, and team. From the Profile tab.
- Turn off notifications. From the Profile tab or your device system settings.
- Request a copy of your data. Use Profile → Request my data, or email [email protected]. We may ask you to verify account ownership before sending account data.
- Delete your account. Use Profile → Delete account in the App, or visit ruckrugby.com/account-deletion if you no longer have the App installed. We will process verified deletion requests within 30 days.
- Unsubscribe from emails. Use the unsubscribe link at the bottom of any non-essential email, or email [email protected].
10. Rights for users in the EEA, UK, and Switzerland
Under the GDPR and UK GDPR you have the right to:
- Access the personal data we hold about you.
- Have inaccurate data corrected.
- Have your data deleted (the "right to be forgotten").
- Restrict or object to certain processing.
- Receive your data in a portable, machine-readable format.
- Withdraw consent at any time, where processing relies on consent.
- Lodge a complaint with your local data-protection authority.
To exercise any of these, email [email protected]. We respond within 30 days. We may ask you to verify your identity before processing the request.
11. Rights for users in California (CCPA / CPRA)
If you are a California resident you have the right to:
- Know what personal information we collect, use, disclose, and share.
- Request deletion of your personal information.
- Correct inaccurate personal information.
- Limit the use and disclosure of sensitive personal information.
- Opt out of the "sale" or "sharing" of personal information.
Ruck Rugby does not sell or share personal information as defined under the CPRA. We do not use personal information for cross-context behavioural advertising.
To exercise any of these rights, email [email protected].
12. Children's privacy
Ruck Rugby is not directed at children under 13 and we do not knowingly collect personal information from children under 13. The App's terms require users to be at least 13.
If you believe a child under 13 has created an account, please contact us at [email protected] and we will delete the account and associated data promptly.
For users between 13 and 16 in the EEA or UK, we rely on parental or guardian acknowledgement of these Terms and this Policy where required by local law.
13. International transfers
Ruck Rugby operates from the United States. Your data is stored and processed in the United States (Supabase / AWS US East, Ohio). If you access Ruck Rugby from outside the United States, including from the EEA, UK, or Switzerland, your data is transferred to and processed in the United States.
Where data is transferred out of the EEA, UK, or Switzerland to the United States, we rely on the European Commission's Standard Contractual Clauses (and the UK International Data Transfer Addendum where applicable) as the safeguard required by the GDPR / UK GDPR.
14. Cookies and similar technologies
The Ruck Rugby mobile app does not use web cookies because it is a native application.
The ruckrugby.com website uses a small number of strictly necessary cookies to power form submission and remember your preferences. If we introduce analytics in future, we will only use a privacy-respecting tool (for example, Plausible or Fathom) that does not set tracking cookies and does not require a cookie banner under GDPR.
We will update this section if that ever changes.
15. Changes to this Policy
We may update this Policy from time to time. When we make a material change, we will notify you in the App or by email and update the "Last updated" date above. Continued use of Ruck Rugby after the update takes effect constitutes acceptance of the updated Policy.
16. Contact
For privacy questions, requests, or complaints:
Dingoshouse LLC
460 Malletts Bay Ave, Colchester, VT 05446, USA
Email: [email protected]
Website: ruckrugby.com