Privacy Policy

Last updated: May 22, 2026

This Privacy Policy explains what information RiskIt (“we,” “us,” or “our”) collects when you use the RiskIt iOS app (the “App”), how we use it, who we share it with, and the choices you have. By using the App you agree to this policy.

RiskIt is a simulated-casino game. The chips, currency, and in-game purchases inside RiskIt have no real-world cash value and cannot be exchanged, withdrawn, or transferred. RiskIt does not facilitate real-money gambling.

1. Information we collect

Account & sign-in

When you create an account, we collect:

• Authentication data: a Supabase-issued user ID, the email associated with your Apple, Google, or email/password sign-in, and (for guests) an anonymous auto-generated identifier.
• Username and avatar: the display name and emoji avatar you choose for leaderboards.

Game progress & activity

• Bankroll, XP, level, daily streak, lifetime totals, win/loss counts, and biggest-win history.
• Vault state, business ownership and levels, badges, and league/leaderboard standing.
• Friend list (you control who you add).
• Locally-stored gameplay history and preferences (Chippie tutorial state, big-bet-mode toggle, etc.).

Device & usage data

• App version, iOS version, device model (used for crash diagnostics and analytics).
• Anonymous gameplay analytics (which game opened, bet placed, settle outcome) — used to balance gameplay and surface bugs.
• Ad delivery and reward events (which placements were shown, when, and whether a reward was granted).

Identifier for Advertisers (IDFA)

If you grant permission via Apple’s App Tracking Transparency (ATT) prompt, our advertising provider (Google AdMob) may use your IDFA to show ads tailored to your interests. If you decline, we still serve ads — they just aren’t personalized.

2. How we use information

• Operate the App: keep your account, save your progress, sync your stats across devices.
• Run leaderboards and friend lists.
• Deliver rewarded ads through Google AdMob and credit the chip rewards.
• Diagnose crashes and improve gameplay.
• Enforce our Terms of Service and prevent abuse (rate limits, anti-cheat).

3. Third-party services

We use the following service providers. Each receives only the data necessary to perform its function. Their use of your data is governed by their own privacy policies.

• Supabase (database, auth, leaderboards). supabase.com/privacy
• Google AdMob (rewarded ads). policies.google.com/privacy
• Apple (Sign in with Apple, App Tracking Transparency, App Store, TestFlight). apple.com/legal/privacy
• Google (Sign in with Google, if you choose to use it). policies.google.com/privacy

4. Advertising & consent

RiskIt serves rewarded video ads via Google AdMob. Ads are opt-in — you only see an ad when you tap a “Watch ad for …” button.

In the EU, UK, and Switzerland, we display Google’s User Messaging Platform (UMP) consent form to gather your preferences for personalized ads, conforming to GDPR and the IAB TCF v2.2 framework. In California, the same consent surface respects CCPA / CPRA opt-out signals.

You can change your ad-personalization choice any time in iOS Settings → Privacy & Security → Tracking → RiskIt.

5. Children

RiskIt is rated 17+ for Frequent/Intense Simulated Gambling. The App is not directed at children under 17 and we do not knowingly collect data from anyone under that age. If you believe a child has provided us data, contact privacy@riskit.gg and we will delete it.

6. Data retention

We keep your account data while your account is active. If you reset your profile inside the App, your bankroll, vault, and history are zeroed locally and your Supabase row is anonymized. If you delete your account entirely, contact privacy@riskit.gg and we will remove your row within 30 days.

7. Your rights

Subject to applicable law (GDPR, CCPA/CPRA, etc.), you may have the right to:

• Access the data we hold about you.
• Correct inaccurate data.
• Delete your data.
• Object to or restrict processing.
• Receive a portable copy of your data.
• Withdraw consent for personalized advertising.

To exercise any of these rights, email privacy@riskit.gg.

8. Security

We use HTTPS for all data in transit, Apple Keychain for credentials on-device, and Supabase Row-Level Security (RLS) policies to ensure you can only read/write your own profile row. No system is perfectly secure; we make no guarantee against breach.

9. International transfers

Our infrastructure is hosted in Canada (Supabase ca-central-1). If you access RiskIt from outside Canada, your data will be transferred to and processed in Canada. By using the App, you consent to that transfer.

10. Changes to this policy

We may update this Privacy Policy. Material changes will be announced inside the App and via the “Last updated” date at the top of this page.

11. Contact

Questions or requests: privacy@riskit.gg