Privacy Policy

Effective date: 2026-04-26 Last updated: 2026-04-26

Controller: Emil Saranpää (private person), Finland. Contact: routa.game.app@gmail.com

This Privacy Policy explains what data the Routa mobile application (“Routa”, “the app”, “we”) processes when you use it, why, and what rights you have.

1. What Routa is

Routa is a peer-to-peer mobile drinking game for adults. When you play a multiplayer round, the device that creates the room acts as the host: it runs the game logic and broadcasts state to the other players’ devices. There is no central Routa game server that stores your gameplay or accounts. Multiplayer transport is provided by Supabase Realtime (see Section 5).

2. Data we process

We process the minimum data needed to make the game work.

• Player display name. A free-text name you enter on your device. While you are in a multiplayer room, your name is broadcast to the other players in that room so they can see who is playing. We do not require this to be your real name.
• Random device identifier (userId). When you first launch Routa, the app generates a random UUID and stores it locally on your device. It is used solely to identify your device within a game room (for example, to know whose turn it is, or to allow a dropped host to be replaced). It is not linked to your name, email, phone number, advertising ID, or any other identifier.
• Room code. A six-character code that identifies a single game session. It exists only while the room is open and is shared between players in that room.
• Presence and game state. While a room is active, basic in-game data — players in the room, join order, current card or round — is broadcast over the room’s Realtime channel so all devices stay in sync. This data is transient: it is not written to a database and disappears when the room closes.
• Local preferences. Your selected language, mute setting, and any in-app purchase unlock flags are stored on your device only.
• Purchase receipts. If you buy a content unlock, the purchase is processed by Google Play Billing or the Apple App Store. Routa receives a receipt confirming that the unlock is valid; it does not see your payment card or store-account credentials.

3. What we do NOT collect

To make the surface clear:

• No real names, email addresses, phone numbers, or user accounts.
• No analytics, crash reporting, advertising identifiers, or device fingerprinting.
• No location, microphone, camera, contacts, calendar, or media library access.
• No persistent server-side database of users, games, or chat history.

4. How we use the data

The data described above is used solely to:

• Run a multiplayer game round between the connected devices.
• Show the right player names and turn order in the user interface.
• Remember your preferences and unlock status on your own device between sessions.
• Validate in-app purchases against Google Play / the Apple App Store.

We do not sell your data, share it for advertising, or use it to build profiles.

5. Third-party services

• Supabase (Supabase Inc.) — provides the Realtime broadcast transport that connects players in a room. While a room is active, the data listed in Section 2 passes through Supabase’s infrastructure. See the Supabase Privacy Policy.
• Google Play Billing (Google LLC) — processes Android in-app purchases. See Google’s Privacy Policy.
• Apple App Store (Apple Inc.) — processes iOS in-app purchases. See Apple’s Privacy Policy.
• Expo / EAS (650 Industries, Inc.) — provides build and over-the-air update infrastructure for the app binary. Expo does not process gameplay data. See the Expo Privacy Policy.

6. Data retention

• Realtime broadcasts are not stored by us. They exist only for the duration of the room and are not written to any database.
• Locally stored data (random device identifier, display name, language, mute, unlock flags) lives on your device until you uninstall Routa or clear the app’s data through your operating system.

7. International transfers

Supabase may process data in regions outside Finland. Where such transfers occur, they rely on the standard mechanisms recognised under the EU GDPR (e.g. Standard Contractual Clauses). Google and Apple process payment data under their own published transfer mechanisms.

8. Your rights

Under the EU General Data Protection Regulation you have the rights of access, rectification, erasure, restriction, objection, and data portability.

Because Routa does not link the small amount of data it processes to your real-world identity, the most direct way to exercise these rights is to clear the app’s data on your device or uninstall it. For any other request, or if you have questions about how your data is handled, write to routa.game.app@gmail.com and we will respond within a reasonable time.

You also have the right to lodge a complaint with the Finnish Data Protection Ombudsman (https://tietosuoja.fi).

9. Children

Routa is intended for adults aged 18 or older and is not directed to children. We do not knowingly collect data from anyone under 18. If you believe a minor has used the app, contact us and we will remove any associated local data on request.

10. Changes to this policy

We may update this Privacy Policy from time to time. Updates are published at the same URL with a revised “Last updated” date. Material changes will be highlighted at the top of the page.

11. Contact

Emil Saranpää Finland routa.game.app@gmail.com