Privacy Policy

Effective Date: March 30, 2026

Leap Signal Labs ("we", "our", or "the Company") operates Focus Royale, a mobile productivity game. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our services. It also explains which parts of your profile, tasks, and focus activity may be visible to other authenticated users through the Service's social and island-visit features.

1. Information We Collect

Information You Provide Directly

Data Item	When Collected	Purpose	Visibility
Nickname (username)	Onboarding	In-game identity, social features	Public (leaderboard, etc.)
Birth date	Onboarding	Record personalization, life-timeline and D-day features	Private
Email address	Login (OAuth)	Authentication, customer support	Private

Information Automatically Collected

Data Item	When Collected	Purpose	Visibility
Categories	User creates them	Focus classification	Public (profile / island visit)
Todos / Tasks	User creates them	Focus targets, rewards	Public (profile / island visit)
Focus history (sessions)	Session end	Records, stats, quests	Visible to authenticated users on profile / island visit surfaces (session times, categories, stats)
Game progress	During gameplay	Trophies, currency, battles	Partial (tier, trophies, selected deck snapshot)
Purchase history	In-app purchase	Payment processing	Private
Device information	App launch	Technical support, security	Private
IP address	API requests	Security, fraud prevention	Private
Timezone	Focus sessions / quests	Day boundary calculation	Private

Information from Third Parties

Service	Data Received	Purpose
Google OAuth	Email address, profile name	Login authentication
Google AdMob	Ad identifier, device info	Banner ad display
Supabase	Auth token, email	Backend authentication
Vercel	IP address, User-Agent	Web hosting

Collection Methods

Direct input by user during registration and service use
Automatic generation and collection during app/web service use
Collection via third-party OAuth services

2. Purpose of Collection and Use

We collect and use your personal information for the following purposes:

Account creation and identity verification
Game service provision (focus tracking, battles, quests)
Social features (leaderboard, clan)
Customer support and dispute resolution
Service improvement and analytics
In-app purchase processing
Ad display (banner ads via Google AdMob)
Security and fraud prevention

Legal Bases for Processing (GDPR)

Contract performance: Account management, game service delivery, purchase processing
Legitimate interests: Security, fraud prevention, service improvement
Consent: Advertising (you may withdraw consent at any time)
Legal obligation: Compliance with applicable laws

3. Retention Period

Data	Retention Period	Legal Basis
Account info (email, username, birth date)	Until account deletion	Service provision
Focus records (focus_sessions)	Until account deletion	Service provision
Game data (player_game_state)	Until account deletion	Service provision
Purchase records	5 years	Korean E-Commerce Act, Art. 6
Consent records	5 years	PIPA consent record retention
Server access logs (IP)	3 months	Korean Telecommunications Act, Art. 15-2
Dispute records	3 years	Korean E-Commerce Act, Art. 6

4. Third-Party Disclosure

We do not sell your personal information or share it with third parties for their own marketing or advertising purposes.

In-game social features: As part of leaderboard, search/profile, clan, and island-visit features, other authenticated users may be able to view your nickname, category names, todo titles/content, completion status, focus time, focus session timestamps, tier, trophy count, and selected deck snapshot.
Legal disclosure: We may disclose your information if required by law, court order, or governmental authority.

5. Service Providers (Data Processors)

We engage the following service providers to assist in delivering our services. They process your data only as directed by us.

Provider	Service	Data Processed
Google LLC	OAuth authentication, Ad serving (AdMob)	Email, ad identifier
Supabase Inc.	Authentication service	Email, auth token
Vercel Inc.	Web hosting	IP address, User-Agent
Apple Inc. / Google LLC	In-app purchase processing	Purchase records

6. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place.

Recipient	Country	Data	Purpose	Method
Google LLC	USA	Email, ad ID	OAuth, AdMob	API transmission
Supabase Inc.	USA	Email, auth token	Authentication	API transmission
Vercel Inc.	USA	IP, User-Agent	Web hosting	Automatic
Apple / Google (IAP)	USA	Purchase records	Payment processing	Platform SDK

For transfers from the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses (SCCs) or other appropriate transfer mechanisms as required by GDPR.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

Access: Request a copy of the personal information we hold about you
Rectification: Request correction of inaccurate or incomplete data
Erasure: Request deletion of your personal information ("right to be forgotten")
Restriction: Request that we limit how we use your data
Portability (GDPR): Receive your data in a structured, machine-readable format
Opt-out (CCPA): Opt out of the sale or sharing of personal information (we do not sell your data)
Withdraw consent: Withdraw consent for processing based on consent at any time
Non-discrimination (CCPA): We will not discriminate against you for exercising your rights

How to Exercise Your Rights

Email: focusroyale@leapsignal.net
Response time: Within 10 business days (PIPA standard) / 30 days (GDPR/CCPA)
Account deletion: Submit a request by email
Nickname change: Available in-app settings

You may also designate an authorized agent to submit requests on your behalf. We may require verification of your identity or authorization before processing requests.

8. Public Profile and Island Visit Data

To provide social, profile, and island-visit features, some of your data may be visible to other authenticated users inside the Service. This is not public indexing on the open web, but it is still user-to-user disclosure within the app.

Visible data may include your nickname, category names, active todo titles/content, completion state, focus time, active focus state, current session start time, date-based focus history, session timestamps, and limited profile/game data shown on profile screens.
Private data includes your email address, payment records, device information, IP address, timezone, and internal operational metadata.
Please do not put sensitive personal information, health information, financial information, or third-party personal information into category names or todo titles/content.
The Service does not currently provide per-item visibility toggles for categories, todos, or focus history. If you do not want certain content to be visible, edit or delete it before using social features, or request account deletion.

9. Cookies and Tracking Technologies

Our website uses essential cookies for authentication and session management.
The Google AdMob SDK in our mobile app collects advertising identifiers (IDFA on iOS, GAID on Android) to serve banner ads.
You can disable cookies in your browser settings; however, some features may not function correctly.
To reset your advertising ID on mobile:
- iOS: Settings > Privacy & Security > Tracking
- Android: Settings > Google > Ads

10. Data Deletion Process

Account deletion request received via email
Data required to be retained by law is separated
All other personal data is permanently deleted immediately (database deletion and log purge)
Separated data is destroyed upon expiration of the applicable legal retention period
Deletion confirmation sent to your email address

Deletion Methods

Electronic data: Permanently deleted from our database using irreversible methods
Paper records: Not applicable (we do not maintain paper records)

11. Security Measures

We implement appropriate technical and organizational measures to protect your personal information:

SSL/TLS encryption for all data transmission
OAuth-based authentication (we do not store raw passwords)
Database access controls and authentication management
Regular security monitoring and auditing
Minimum personal data access principle (least privilege)

While we strive to protect your personal information, no security measure is 100% secure. If you believe your data has been compromised, please contact us immediately at focusroyale@leapsignal.net.

12. Privacy Contact

For any privacy-related questions, concerns, or requests, please contact our Privacy Officer:

Privacy Officer

Name: Jaewan Shin (신재완)

Title: Representative

Organization: Leap Signal Labs

Email: focusroyale@leapsignal.net

Website: https://focusroyale.leapsignal.net

We will respond to your inquiry promptly and no later than the applicable legal deadline.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date.
For material changes, we will provide notice via an in-app notification at least 7 days before the effective date.
Your continued use of the service after the effective date of changes constitutes acceptance of the updated policy.

14. Regulatory Authorities and Remedies

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with the relevant data protection authority:

Authority	Jurisdiction	Contact
Personal Information Protection Commission (PIPC)	Korea (PIPA)	https://www.pipc.go.kr
EU Supervisory Authority	European Union (GDPR)	Your member state's DPA
California Attorney General	California, USA (CCPA)	https://oag.ca.gov/privacy
Federal Trade Commission (FTC)	USA (consumer protection)	https://www.ftc.gov

These authorities are independent from our company. We encourage you to contact us first so we can resolve any concerns directly.