Privacy Policy

Effective June 2026 · Version 1.0 · Contact: [email protected]

This Privacy Policy explains how the System: Arise mobile application ("the App") collects, uses, stores, and protects your personal data. It complies with the Digital Personal Data Protection Act 2023 (DPDP Act), the Information Technology Act 2000, and the IT (Reasonable Security Practices and Sensitive Personal Data) Rules 2011.

1. Data We Collect

Account & Identity

• Email address, username, and Firebase UID (assigned at registration)
• IP address (logged at registration for fraud prevention)

Profile & Game Data

• Character level, XP, rank, and stats
• Quest history, clan membership, and leaderboard position

User-Generated Content

• Text descriptions of your accomplishments and quest logs
• Photo proof uploaded to verify quest completion (D-rank quests and above)

Payment Data

• Subscription type/status, Google Play order ID and purchase token, transaction timestamps
• We do not store full card numbers or banking credentials — billing is handled by Google Play

Device & Technical Data

• Device model, OS version, app version, session timestamps, and feature-usage events

2. How We Use Your Data

• Create and manage your account (consent)
• Provide the gamification and quest service (performance of contract)
• Process in-app purchases (performance of contract)
• Verify quest completion via AI review of uploaded photos (consent)
• Display your rank on the global leaderboard (legitimate interest)
• Detect fraud and enforce platform safety (legitimate interest / legal obligation)
• Send push notifications, if enabled (consent)

3. Third-Party Services

We share data only with the following processors, each bound by data-processing agreements: Firebase (Google) for authentication & push, Google Play for billing, and Cloudinary for image storage. We do not sell your personal data.

4. Data Retention

• Account & profile data: while active + 30 days after deletion
• Quest logs & task content: 12 months, then anonymised
• Uploaded images: 12 months, then permanently deleted
• Payment records: 7 years (Indian tax law); server logs: 90 days

5. Children's Privacy

System: Arise is intended for users 18 years and older. We do not knowingly collect data from anyone under 18.

6. Your Rights (DPDP Act 2023)

You may request access, correction, or erasure of your data, and withdraw consent at any time. Email [email protected] and we will respond within 30 days.

7. Data Security

We use HTTPS/TLS in transit, encryption at rest, access controls, and periodic security reviews. No internet transmission is 100% secure, so please keep your account credentials safe.

8. Changes & Contact

Material changes are communicated via in-app notification; the effective date above reflects the latest revision. Questions or requests: [email protected].