1. Information We Collect
Account, profile, and settings information
- Email address, username, authentication records, and account status.
- Firebase user ID, supported sign-in provider identifiers, and account claims needed to secure features and Premium access.
- Optional country and optional birth year provided during registration.
- Profile fields such as avatar, banner, bio, platform details, social links, and profile theme choices.
- Privacy, notification, and email preference settings.
Content you create or submit
- Checkpoints, reviews, comments, replies, ratings, likes, dislikes, favorites, wishlist entries, price-alert state, lists, group content, quest content, recommendations, shares, and reports.
- Uploads such as profile images, group images, list images, and quest images.
- Support, moderation, and account-security interactions where relevant.
Closed-beta sign-up information
- Email address, confirmation status, signup source, and consent record when you request closed-beta access.
- Limited anti-abuse signals, such as hashed request identifiers and Cloudflare Turnstile verification results, used to protect the sign-up form from automated misuse.
Device, diagnostics, and service operation data
- App installation ID, Firebase installation ID, push notification token, platform, and device-session records used to deliver notifications and protect accounts.
- Crash reports and performance data collected through Firebase Crashlytics and Firebase Performance.
- Limited analytics events, such as screen views, game detail views, and Steam store opens, collected through Firebase Analytics.
- Remote Config assignment/state used to configure features, ads, rollouts, and safety controls.
- Security and anti-abuse signals, including Firebase App Check and related backend validation data.
- When ads are shown, Google Mobile Ads may process ad identifiers, device information, IP-derived location, and ad interaction signals according to Google and platform settings.
Optional integrations and permissions
- Camera and photo library access only when you choose to capture or upload an image.
- Push notification permission only if you choose to enable notifications.
- Steam account, library, playtime, ownership, now-playing, Steam app ID, store link, and related price data only when you connect Steam or use Steam-related game and wishlist features.
- Purchase and entitlement records from Google Play, Apple, and RevenueCat when you buy, restore, receive, or manage Premium or Premium gifts. We do not receive full payment card numbers.
- Game metadata, artwork, videos, price data, and store links may be loaded from third-party sources such as Steam Store, IGDB/Twitch, YouTube, and content delivery networks.
Checkpointr does not sell personal or sensitive user data.
Some free surfaces may show ads where supported. We do not sell personal or sensitive user data.
2. How We Use Information
- Create and manage accounts, authenticate users, and support password reset, verification, sign-in, and sign-out flows.
- Operate core product features such as profiles, checkpoints, reviews, lists, groups, social discovery, notifications, and sharing.
- Sync optional Steam-related features including owned games, playtime, now-playing status, game matching, and Steam-derived taste signals.
- Track wishlist and Steam price data, update price history, and send price-drop notifications where enabled.
- Process Premium purchases, Premium gifts, entitlement restoration, renewals, expirations, cancellations, and refunds through app-store and RevenueCat records.
- Index eligible data for search and discovery, including public profile, list, and group information.
- Serve, limit, personalize where allowed, and measure ads on supported free surfaces, and configure rollouts or feature flags with Remote Config.
- Send service emails and security emails such as password reset, verification, password-change notices, and account-deletion confirmations.
- Send closed-beta confirmation emails, invitations, and essential beta-test updates to people who explicitly request and confirm beta access.
- Enforce rules, investigate abuse, respond to reports, prevent fraud, and protect the integrity of the service.
- Measure app reliability, analyze performance, diagnose crashes, and improve product quality.
- Comply with legal obligations and respond to lawful requests.
Where applicable, our legal bases may include providing the service you request, your consent for optional features, legitimate interests such as security and product reliability, and compliance with legal obligations.
3. What Other Users May See
Checkpointr is a social gaming app. Some information may be visible to other users depending on your privacy settings and the content you choose to post.
- Your username, avatar, banner, bio, selected public profile details, and certain counts may appear on your profile.
- Reviews, comments, lists, wishlist activity, group content, recommendations, social actions, and other content you create may be visible based on the relevant visibility setting or feature design.
- If you connect Steam and do not hide related visibility settings, Steam-derived play status, ownership, playtime, or platform context may appear in supported parts of the app.
- If you request account deletion and choose not to remove public comments or reviews, those items may remain in anonymized form marked as deleted.
4. How We Share Information
We share information only as needed to operate Checkpointr, comply with law, or provide features you request.
- Google and Firebase service providers: Firebase Authentication, Firestore, Cloud Functions, Cloud Storage, Firebase Messaging, App Check, Firebase Analytics, Firebase Crashlytics, Firebase Performance, Firebase App Installations, and Firebase Remote Config.
- Purchase and entitlement providers: Google Play, Apple, and RevenueCat process purchase, subscription, restore, refund, cancellation, expiration, and Premium gift entitlement records.
- Advertising providers: Google Mobile Ads may process ad-related identifiers, device signals, IP-derived location, and ad interaction signals where ads are shown on supported free surfaces.
- Search infrastructure providers: Typesense may process limited account, profile, and public-content records needed to power search and discovery.
- Email delivery providers: transactional email providers may process your email address and message metadata so we can send security and account emails.
- Closed-beta operations: Firebase and transactional email providers may process confirmed beta email addresses solely to deliver beta invitations and essential beta communication.
- Security provider: Cloudflare Turnstile may process limited browser and device signals to prevent automated misuse of the closed-beta sign-up form.
- Steam: if you connect Steam, we exchange limited information with Steam to authenticate the connection and retrieve the profile, library, playtime, now-playing, and store/price data needed for requested Steam features.
- Game, media, and store data providers: Steam Store, IGDB/Twitch, YouTube, and content delivery networks may receive limited requests needed to load game metadata, artwork, videos, store links, and price information.
- Other users: when you choose to publish or share content, or when a feature is inherently social.
- Legal and safety disclosures: when required by law, to protect rights, investigate abuse, or respond to valid legal process.
- Business transfers: if ownership of the service changes, subject to applicable law.
5. Data Retention and Deletion
- We retain account and feature data for as long as needed to operate the service, secure the platform, and meet legal or operational requirements.
- Push tokens, device-session records, diagnostics, and logs may be retained for a limited period while they remain relevant to notifications, fraud prevention, support, or reliability.
- Purchase, entitlement, Premium gift, refund, cancellation, and expiration records are retained while needed to provide Premium access, handle disputes, comply with app-store requirements, and prevent abuse.
- Wishlist, price-alert, and Steam price-tracking records are retained while the account or related feature remains active. Non-personal aggregate price history may remain to support product functionality.
- Closed-beta sign-up records are retained for up to 120 days from signup or confirmation, then automatically deleted unless a shorter deletion is requested.
- If you request permanent account deletion from inside the app, we start a backend deletion flow that removes private account data, device data, and uploaded media from storage.
- During deletion, you can choose whether public comments and reviews should also be deleted or should remain in anonymized form.
- To protect the platform against abuse and account recycling, your deleted email address and username may remain reserved after deletion and may not be available for reuse.
- We may keep limited information where necessary for security, fraud prevention, legal compliance, or dispute handling.
6. Your Choices and Rights
- You can edit profile details, visibility settings, notification preferences, and email preferences inside the app.
- You can disconnect Steam, hide Steam now-playing status, and clear Steam-derived taste data from recommendation features.
- You can remove wishlist items, adjust notification preferences, and stop receiving price-drop notifications for games you no longer want to track.
- You can manage Premium subscriptions, cancellations, refunds, and billing history through the Google Play or Apple account used for purchase, and you can restore purchases inside the app where supported.
- You can manage advertising choices through your device, Google, Apple, or platform settings where supported.
- You can request permanent account deletion from the app settings.
- You can request deletion of a closed-beta sign-up by contacting support@checkpointr.com from the email address used for the request.
- You can contact us to request access, correction, deletion, or additional help regarding your personal data, subject to applicable law and identity verification.
7. Children's Privacy
Checkpointr is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe a child has provided personal information to us, contact us and we will review the request and take appropriate action.
8. Security and International Processing
- We use technical and organizational measures designed to protect data, including authenticated access controls and encrypted transport such as HTTPS.
- No system can be guaranteed to be completely secure, and you should also help protect your account credentials.
- Your information may be processed in countries where our service providers operate. By using the service, you understand that data may be transferred and processed internationally as permitted by applicable law.
9. Contact Us
For privacy questions, support requests, or data-related inquiries, contact support@checkpointr.com.
For account-security concerns, contact security@checkpointr.com.
For account deletion or selected data deletion requests, visit Account Deletion or Data Deletion.
10. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we may update the effective date above and provide additional notice where required by law.