Privacy Policy — RPG Dice Roller

Version 1.1 — Last updated: June 20, 2026

This Privacy Policy explains how personal data is processed when you download, access, or use the mobile application RPG Dice Roller (the “App”), in accordance with Regulation (EU) 2016/679 (“GDPR”) and applicable national law.

We aim to collect only the data necessary to operate the App, process purchases, display advertising to free users, and measure purchase conversions for our advertising campaigns.

Please read this Policy carefully. We may update it from time to time; the “Last updated” date at the top indicates the current version.

1. Data Controller

The Data Controller is:

malkokai
Italy
Email: malkokaidev@gmail.com

For questions about this Policy or to exercise your privacy rights, contact us at the email above.

2. Definitions

App — the mobile application RPG Dice Roller, available on Google Play and the Apple App Store.
Developer / We / Us — malkokai, as developer and Data Controller of the App.
User / You — any natural person who downloads or uses the App.
Personal Data — any information relating to an identified or identifiable natural person.
Processing — any operation performed on Personal Data, such as collection, storage, use, or disclosure.
Store Operator — Google (Google Play) or Apple (App Store), depending on where you downloaded the App.

When you download the App, make in-app purchases, or manage subscriptions, Google or Apple may also process your data as independent data controllers. Please refer to their privacy policies:

Google: https://policies.google.com/privacy
Apple: https://www.apple.com/legal/privacy/

3. Summary: What the App Does With Your Data

Activity	Data involved	Stored / processed by
Dice rolling, presets, characters	Names and game data you enter	Your device only (local storage)
App settings & preferences	Settings flags	Your device only
Theme pack downloads	Anonymous user identifier	Supabase (when remote catalog is enabled)
In-app purchases & subscriptions	Purchase handled by store; entitlement status	Apple / Google and Adapty
Advertising (free version)	Device/ad identifiers, consent choices	Google AdMob
Purchase conversion measurement	Product ID, price, currency, transaction ID	Google Firebase Analytics (GA4) — only after consent where required
Support email	Email and message content you send us	malkokai

We do not require you to create a traditional account with an email address or password to use the core App features.

4. When and What Personal Data We Process

4.1 Using the App (local data)

Most information you create in the App is stored locally on your device, including:

character sheets and stat names you enter;
roll presets and roll history;
theme, audio, and display preferences;
onboarding and guided-tour completion flags.

This data is not transmitted to our servers unless you explicitly use a feature that requires a network connection (for example, downloading a remote theme pack or making a purchase).

You can delete much of this data by clearing the App’s storage in your device settings or uninstalling the App.

4.2 Downloads and in-app purchases

The App is distributed through the Google Play Store and/or Apple App Store.

When you make a purchase (for example Premium, Ad-Free, or a Theme Pack), payment is processed entirely by the Store Operator. We do not receive or store your payment card or billing details.

Purchase validation and entitlement management are handled by Adapty, which communicates with Apple/Google on our behalf. We receive only the information needed to unlock features (for example, product ID and active entitlement status).

You may restore previous purchases through the App (Settings → Restore purchases), subject to the rules of the store account you used originally.

4.3 Anonymous identity for theme pack services

When remote theme catalog or download features are enabled, the App may create an anonymous identifier through Supabase to associate downloaded content with your installation. This identifier is not linked to your name or email by us.

If Supabase is not configured for your build, remote theme features are unavailable and no such identifier is created.

4.4 Advertising

The free version of the App may display advertisements through Google AdMob.

Depending on your region and consent choices:

we may show non-personalized or personalized ads;
on iOS, App Tracking Transparency (ATT) may be requested before personalized advertising or cross-app measurement;
in the EEA, UK, and other regions where required, a Google User Messaging Platform (UMP) consent form is shown.

You can review or change ad consent choices at any time in Settings → Privacy choices (when available in your region).

For AdMob processing, Google acts as an independent or joint controller depending on the service. See Google’s privacy policy and AdMob program policies.

4.5 Analytics and purchase conversion measurement

We use Google Firebase Analytics (GA4) to log purchase conversion events when you complete an in-app purchase. This may include:

product identifier;
purchase amount and currency;
store transaction identifier;
paywall or product context metadata.

We use this information to measure the effectiveness of our advertising campaigns (including Google Ads) and to understand purchase performance.

We do not use Firebase Analytics to track general in-app behaviour (such as individual dice rolls) at this time.

Analytics and related advertising measurement are disabled until you provide consent where required by law (for example through UMP in the EEA/UK, or as affected by ATT on iOS).

Firebase may assign an app instance identifier to your installation. Where supported, this identifier may be shared with Adapty to improve subscription analytics integration.

4.6 Rewarded advertisements

The App may offer optional rewarded video ads that grant temporary ad-free time. Viewing these ads is voluntary. Ad interaction data is processed by Google AdMob under the same consent framework described above.

If you use the share feature, you choose what to share and through which app (messages, social media, etc.). We do not receive the content you share unless you send it to us directly (for example by email).

4.8 Contacting us

If you email us at malkokaidev@gmail.com, we process your email address, message content, and any information you include so we can respond to your request.

4.9 Store reviews

If you leave a review on Google Play or the App Store, the Store Operator processes your review and profile information under its own privacy policy. We may read public reviews to improve the App but do not control how stores process reviewer data.

5. Legal Bases for Processing (EEA / UK Users)

Where GDPR applies, we rely on the following legal bases:

Purpose	Legal basis
Providing the App and its core features	Performance of a contract (Art. 6(1)(b) GDPR) and legitimate interest in operating the service (Art. 6(1)(f))
In-app purchases and entitlement verification	Performance of a contract (Art. 6(1)(b))
Advertising and ad measurement	Your consent where required (Art. 6(1)(a)); legitimate interest where consent is not required
Purchase conversion analytics (GA4)	Your consent where required (Art. 6(1)(a)); legitimate interest where consent is not required
Compliance with law	Legal obligation (Art. 6(1)(c))
Responding to support requests	Legitimate interest / pre-contractual steps (Art. 6(1)(f) / (b))
Defending legal claims	Legitimate interest (Art. 6(1)(f))

You may withdraw consent at any time where processing is based on consent. Withdrawal does not affect the lawfulness of processing before withdrawal.

6. Third-Party Service Providers (Processors / Partners)

We use the following categories of third-party services:

Provider	Role	Privacy information
Google Firebase Analytics	Purchase conversion measurement	Google Privacy Policy
Google AdMob	Advertising	Google Privacy Policy
Adapty	In-app purchase and subscription management	Adapty Privacy Policy
Supabase	Anonymous identity and theme pack backend (when enabled)	Supabase Privacy Policy
Apple App Store / Google Play	Distribution and payments	Apple / Google privacy policies

We require service providers to process data only on our instructions and with appropriate safeguards, where applicable under Art. 28 GDPR.

7. International Data Transfers

Some providers (including Google and Supabase) may process data on servers located outside the European Economic Area, including in the United States.

Where required, transfers rely on appropriate safeguards such as:

European Commission adequacy decisions;
Standard Contractual Clauses;
provider certifications and security measures offered by the vendor.

You may request more information about transfer safeguards by contacting us.

8. Data Retention

Local App data — retained on your device until you delete it or uninstall the App.
Purchase entitlements — retained as long as needed to provide purchased features and comply with tax/accounting obligations.
Analytics data — retained according to Google Firebase / GA4 settings and policies.
Support emails — retained as long as needed to handle your request and, if necessary, to establish or defend legal claims.
Anonymous Supabase identifier — retained while needed to provide download services.

When retention periods end, data is deleted or irreversibly anonymized where possible.

9. Security

We implement appropriate technical and organizational measures to protect Personal Data against unauthorized access, loss, or misuse. However, no method of transmission over the Internet or electronic storage is completely secure.

Because much of your game data stays on your device, you are responsible for securing your device (screen lock, backups, etc.).

10. Your Rights

If GDPR or applicable local law grants you rights, you may request:

access to your Personal Data;
rectification of inaccurate data;
erasure (“right to be forgotten”) in permitted cases;
restriction of processing;
data portability, where applicable;
objection to processing based on legitimate interests or for direct marketing;
withdrawal of consent at any time, without affecting prior lawful processing.

To exercise your rights, contact malkokaidev@gmail.com. We will respond within 30 days, unless applicable law allows a longer period.

You may also lodge a complaint with your local supervisory authority. In Italy, this is the Garante per la protezione dei dati personali: https://www.garanteprivacy.it.

Additional guidance for EU users: https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/1089924

Managing advertising and analytics choices

EEA / UK / other UMP regions: Settings → Privacy choices in the App.
iOS: Settings → Privacy & Security → Tracking (system settings for ATT).
Android: Google Ads settings and device privacy settings.

11. Children’s Privacy

The App is not directed at children under 13 years of age. We do not knowingly collect Personal Data from children under 13. If you believe a child has provided us Personal Data, contact us and we will take steps to delete it.

12. Changes to This Privacy Policy

We may update this Policy to reflect changes in the App, our practices, or legal requirements. We will post the updated version with a new “Last updated” date. For material changes, we may also provide notice within the App where appropriate.

Continued use of the App after an update constitutes acknowledgment of the revised Policy, unless applicable law requires a different form of consent.

13. Contact

malkokai
Email: malkokaidev@gmail.com
Italy