Privacy Policy for Sensemaking: The Game
Effective Date: January 1, 2025
Last Updated: January 1, 2025
1. Introduction
Welcome to Sensemaking: The Game (“Sensemaker”, “we”, “us”, or “our”). This Privacy Policy explains how Loveable LLC collects, uses, discloses, and protects your personal information when you use our mobile application.
Operator:
Loveable LLC
612 Cherry St
Lansing, MI 48933
United States
Privacy Contact:
Evan Carr
Email: [email protected]
We are committed to protecting your privacy and ensuring transparency about our data practices. This Privacy Policy complies with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Children’s Online Privacy Protection Act (COPPA).
2. Information We Collect
2.1 Account and Profile Information
When you create an account, we collect:
Authentication Data: Email address, password (encrypted), authentication tokens
OAuth Data: If you sign in with Google or Facebook, we collect your email address, display name, profile picture URL, and full name from your OAuth provider
Profile Information: Username, display name, avatar/profile picture, tagline/bio, location (optional), time zone (optional)
Account Settings: Profile visibility (public/friends/private), stats visibility, friend discovery preferences
Account Metadata: User ID (UUID), account creation date, trial start date, last seen timestamp
2.2 Contact Information (Optional)
If you opt-in to our friend discovery feature:
Phone Numbers: We collect phone numbers from your device contacts to help you find friends using Sensemaker
Privacy Protection: All phone numbers are hashed using SHA-256 encryption on your device before being transmitted to our servers. We never store or transmit plain-text phone numbers.
Your Phone Number: Your own phone number (hashed) for friend matching
Permissions: This feature requires your explicit permission to access contacts (READ_CONTACTS on Android, NSContactsUsageDescription on iOS)
You can opt-out of contact discovery at any time through the app settings.
2.3 Game Performance and Progress Data
To provide our core gaming functionality, we collect:
User Statistics: Level, experience points (XP), streak days, performance scores (fairness, depth, clarity averages), total missions completed, last played date
Mission/Session Data: Conversation history with AI, turn count, scores per mission, AI-generated feedback, XP awarded, completion timestamps
Skill Practice Data: Skill tree progress, practice session results, scores per skill, examples practiced, time spent per skill
Achievements: Achievement unlocks, progress tracking, unlock timestamps
2.4 Multiplayer and Social Data
When you use our social features:
Friend Relationships: Friend lists, friend requests (pending, accepted, declined), blocked users, request messages, expiration dates
Multiplayer Sessions: Session participants, turn submissions, debate arguments and responses, session scores, round-by-round performance, winner/loser data
Public Profiles: When you view other users’ profiles (may be logged for analytics)
2.5 User Settings and Preferences
Game Settings: Conversation max turns, reply length preference, topic preferences
Voice Settings: Voice input/output enabled status, selected voice ID, voice speed
Notification Settings: Daily reminder time, reminder enabled status, notification preferences per type, friend discovery notifications
App Settings: Sound effects enabled/disabled, theme preference
2.6 Payment and Subscription Data
When you make purchases or subscribe:
Credit System Data: Credit balance, credits earned, credits spent, transaction history including transaction types (trial grants, subscription grants, purchases, spending, refunds, admin adjustments)
Transaction Metadata: Mission IDs, tokens used, characters processed
Subscription Information: Subscription tier (Explorer/Analyst/Master), subscription status, start date, period dates, RevenueCat subscriber ID
Purchase Data: In-app purchase IDs, product IDs, purchase receipts
Note: Payment processing is handled by Apple App Store, Google Play Store, and RevenueCat. We do not store your credit card or payment method details.
2.7 Device and Technical Data
Device Information: Device type (iOS/Android), device name, platform OS, device model, platform version
Push Notifications: Expo push token, token platform, last used timestamp, active status
Session Data: App session information, app lifecycle events (opens, closes, backgrounding)
2.8 User-Generated Content
Conversation Messages: All text you send to and receive from our AI conversational agents
Debate Arguments: Arguments and responses you submit in multiplayer debates
Voice Recordings: Temporarily stored audio recordings for transcription (deleted immediately after transcription)
Uploaded Images: Avatar images you upload (stored in our cloud storage)
Feedback: Any feedback you submit through the app
Profile Content: Bio, tagline, and other profile text (sanitized to prevent spam and inappropriate content)
2.9 Analytics and Error Tracking
Usage Analytics (PostHog): Authentication events, mission/game events, voice usage, tutorial completion, mode selection, score submissions, friend request activities, contact sync events, challenge activities, multiplayer events, profile views/edits, subscription/purchase events
Error Data (Sentry): Error logs, stack traces, device/platform information (20% sample rate for transactions)
2.10 Information We Do NOT Collect
GPS Location: We do not track your precise geographic location
Background Activity: We do not track your activity when the app is closed
Other Apps: We do not collect information about other apps on your device
Plain-Text Phone Numbers: All phone numbers are hashed before transmission
3. How We Use Your Information
3.1 Legal Basis for Processing (GDPR)
We process your personal data under the following legal bases:
Contract Performance: To provide our gaming services, process subscriptions, and manage your account
Legitimate Interests: To improve our app, prevent fraud, and ensure security
Consent: For optional features like contact discovery, analytics cookies, and marketing communications
Legal Obligation: To comply with applicable laws and regulations
3.2 Purposes of Data Use
We use your information to:
1. Provide Core Services:
Create and manage your account
Enable gameplay, AI conversations, and skill practice
Track your progress, scores, and achievements
Facilitate multiplayer sessions and social features
Process voice input/output features
2. Process Payments:
Manage subscriptions and credit purchases
Track credit balance and transactions
Process refunds when applicable
3. Enhance User Experience:
Personalize content and recommendations
Remember your preferences and settings
Provide daily reminders if enabled
Enable friend discovery (with your consent)
4. Improve Our Services:
Analyze usage patterns and trends
Identify and fix bugs and errors
Develop new features and game modes
Optimize app performance
5. Communicate With You:
Send push notifications about game updates, friend requests, and challenges
Respond to your support inquiries
Send important account and service updates
6. Ensure Security and Compliance:
Prevent fraud and abuse
Enforce our Terms of Use
Comply with legal requirements
Protect user safety and content quality
4. How We Share Your Information
4.1 Third-Party Service Providers
We share your information with trusted third-party service providers who help us operate our app:
Supabase – Database, authentication, storage, real-time features. Shares: All user data, profiles, game data, conversations, avatars. Supabase is certified for EU-US data transfers and complies with GDPR.
RevenueCat – Subscription and payment management. Shares: Purchase transactions, subscription status, user IDs, receipts. Privacy Policy: https://www.revenuecat.com/privacy
PostHog – Product analytics. Shares: User events, session data, user IDs (hosted in US). Privacy Policy: https://posthog.com/privacy
Sentry – Error monitoring and crash reporting. Shares: Error logs, stack traces, device info. Privacy Policy: https://sentry.io/privacy/
OpenRouter – AI conversation generation (server-side only). Shares: User prompts, conversation context, game topics. Privacy Policy: https://openrouter.ai/privacy
ElevenLabs – Voice-to-text and text-to-voice services. Shares: Voice recordings (temporary), text for synthesis. Privacy Policy: https://elevenlabs.io/privacy
Expo – Push notifications. Shares: Push tokens, notification content. Privacy Policy: https://expo.dev/privacy
Apple/Google – Payment processing (via RevenueCat). Shares: Purchase information (handled by Apple/Google). Apple and Google privacy policies apply.
Important: These service providers are contractually required to protect your data and use it only for the purposes we specify.
4.2 Other Users
Depending on your privacy settings:
Public Profiles: If you set your profile to “public,” other users can view your username, display name, avatar, stats, and achievements
Friends: Friends can view information you make available to friends (based on your privacy settings)
Multiplayer Sessions: Other participants in multiplayer games can see your arguments, responses, and scores for that session
You control your privacy settings in the app.
4.3 Legal Requirements
We may disclose your information if required by law, such as:
To comply with a subpoena, court order, or legal process
To protect our rights, property, or safety, or that of our users or the public
To enforce our Terms of Use
To detect, prevent, or address fraud, security, or technical issues
4.4 Business Transfers
If Loveable LLC is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you via email and/or prominent notice in the app before your information becomes subject to a different privacy policy.
4.5 With Your Consent
We may share your information for other purposes with your explicit consent.
5. International Data Transfers
Loveable LLC is based in the United States. Your information may be transferred to and processed in the United States and other countries where our service providers operate.
For EU Users: We rely on Supabase’s certifications for EU-US data transfers. Supabase implements appropriate safeguards to protect your data in accordance with GDPR requirements. Other service providers (PostHog, Sentry) are also located in the US and process data under standard contractual clauses and appropriate safeguards.
By using Sensemaker, you consent to the transfer of your information to the United States and other jurisdictions as necessary to provide our services.
6. Data Security
We implement industry-standard security measures to protect your information:
Encryption: Passwords are encrypted, and data is transmitted using HTTPS/SSL
Authentication Security: JWT tokens, secure session storage (expo-secure-store), auto-refresh tokens
Privacy-Preserving Features: Phone number hashing (SHA-256) before upload
Database Security: Row-level security (RLS) policies on all database tables
Access Controls: Service role required for sensitive operations; API keys not exposed client-side
Content Safety: Bio/tagline sanitization to prevent XSS attacks, spam, and inappropriate content
Despite our efforts, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.
7. Data Retention
Active Accounts: We retain your data as long as your account is active
After Account Deletion: We retain your data for 30 days after you delete your account, then permanently delete it
Legal Requirements: We may retain certain data longer if required by law or to resolve disputes
Voice Recordings: Deleted immediately after transcription is complete
Analytics Data: Aggregated, anonymized analytics may be retained indefinitely
8. Your Privacy Rights
8.1 All Users
You have the right to:
Access: View your profile data, credit balance, transaction history, and subscription status within the app
Correction: Update your profile information, settings, and preferences at any time
Deletion: Delete your account and associated data (subject to 30-day retention period)
Opt-Out: Disable contact discovery, notifications, voice features, and other optional features
Data Portability: Request an export of your data in a machine-readable format
8.2 GDPR Rights (EU Users)
If you are in the European Union, you have additional rights:
Right to Erasure: Request deletion of your personal data
Right to Restriction: Request restriction of processing your data
Right to Object: Object to our processing of your data
Right to Portability: Receive your data in a portable format
Right to Withdraw Consent: Withdraw consent for processing at any time
Right to Lodge a Complaint: File a complaint with your local data protection authority
8.3 CCPA Rights (California Users)
If you are a California resident, you have the right to:
Know what personal information we collect, use, disclose, and sell (we do not sell your data)
Request deletion of your personal information
Opt-out of the sale of your personal information (not applicable; we don’t sell data)
Non-discrimination for exercising your CCPA rights
8.4 Exercising Your Rights
To exercise any of these rights, please contact us at:
Email: [email protected]
Subject Line: “Privacy Rights Request”
We will respond to your request within 30 days (or as required by applicable law).
9. Children’s Privacy (COPPA Compliance)
Sensemaker is intended for users aged 13 and older. We comply with the Children’s Online Privacy Protection Act (COPPA).
9.1 Users Under 13
Parental Consent Required: Children under 13 may only use Sensemaker with verifiable parental consent
Parental Control: Parents can review, delete, or refuse further collection of their child’s information by contacting us at [email protected]
Limited Collection: We collect only information reasonably necessary for the child to participate in the app’s activities
9.2 Information for Parents
Parents of children under 13 have the right to:
Review their child’s personal information
Request deletion of their child’s information
Refuse further collection or use of their child’s information
Withdraw consent previously provided
To exercise these rights or provide consent, please contact [email protected] with the subject line “Parental Consent – COPPA.”
9.3 What We Collect from Children
For users under 13 (with parental consent), we collect the same information as outlined in Section 2, but we:
Do NOT enable contact discovery for users under 13
Do NOT allow public profiles for users under 13 (automatically set to private)
Limit social features to age-appropriate interactions
Provide additional parental controls
10. Cookies and Tracking Technologies
We use the following tracking technologies:
Session Storage: To maintain your logged-in session (using AsyncStorage and expo-secure-store)
Analytics Cookies: PostHog uses cookies to track app usage and user behavior
Push Tokens: To send push notifications (Expo push tokens)
10.1 Your Choices
Opt-Out of Analytics: You can opt-out of PostHog analytics through app settings (if implemented) or by contacting us
Disable Notifications: You can disable push notifications through your device settings
We do not use third-party advertising cookies or sell your data to advertisers.
11. Do Not Track
Some browsers include a “Do Not Track” (DNT) feature. Because there is no industry consensus on how to respond to DNT signals, our app does not currently respond to DNT signals.
12. Your Choices and Controls
You can control your privacy through the following in-app settings:
Profile Visibility: Set to public, friends-only, or private
Stats Visibility: Show or hide your stats from other users
Friend Discovery: Opt-in or opt-out of contact-based friend discovery
Notifications: Enable/disable notifications per type (friend requests, challenges, daily reminders)
Voice Features: Enable/disable voice input and output
Contact Sync: Remove uploaded contact hashes at any time
Account Deletion: Delete your account and all associated data
13. Third-Party Links
Sensemaker may contain links to third-party websites or services (e.g., OAuth providers). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.
14. California Shine the Light Law
California residents may request information about our disclosure of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make changes:
We will update the “Last Updated” date at the top
We will notify you via email or in-app notification for material changes
Continued use of the app after changes constitutes acceptance of the updated policy
We encourage you to review this Privacy Policy periodically.
16. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Loveable LLC
Attn: Evan Carr, Privacy Officer
612 Cherry St
Lansing, MI 48933
United States
Email: [email protected]
Subject Line: “Privacy Inquiry”
For GDPR-related inquiries, please include “GDPR” in your subject line.
For COPPA-related inquiries (parental consent/requests), please include “COPPA” in your subject line.
We will respond to your inquiry within 30 days.
17. Summary of Your Privacy Rights by Region
European Union (GDPR)
Right to access, rectification, erasure, restriction, portability, object
Right to withdraw consent
Right to lodge complaint with supervisory authority
Contact: [email protected] (Subject: GDPR Request)
California (CCPA)
Right to know, delete, opt-out (we don’t sell data)
Right to non-discrimination
Contact: [email protected] (Subject: CCPA Request)
Children Under 13 (COPPA)
Parental consent required
Parents can review, delete, or control child’s information
Contact: [email protected] (Subject: Parental Consent – COPPA)
All Other Users
Right to access, correction, deletion, opt-out
Contact: [email protected] (Subject: Privacy Rights Request)
Effective Date: January 1, 2025
Thank you for trusting Sensemaking: The Game with your information. We are committed to protecting your privacy and providing a safe, educational gaming experience.