Privacy Policy
This document is a translation. In case of any discrepancy, the Korean version (for Korean users) or the English version (for international users) shall prevail.
Effective Date: March 3, 2026
Leap Signal Labs ("we", "our", or "the Company") operates Focus Royale, a mobile productivity game. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our services. This policy complies with the Korean Personal Information Protection Act (PIPA), the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Children's Online Privacy Protection Act (COPPA).
1. Information We Collect
Information You Provide Directly
| Data Item | When Collected | Purpose | Visibility |
|---|---|---|---|
| Nickname (username) | Onboarding | In-game identity, social features | Public (leaderboard, etc.) |
| Birth date | Onboarding | Age verification (16+), profile display | Public (profile / island visit) |
| Email address | Login (OAuth) | Authentication, customer support | Private |
Information Automatically Collected
| Data Item | When Collected | Purpose | Visibility |
|---|---|---|---|
| Categories | User creates them | Focus classification | Public (profile / island visit) |
| Todos / Tasks | User creates them | Focus targets, rewards | Public (profile / island visit) |
| Focus history (sessions) | Session end | Records, stats, quests | Partial (time/stats only) |
| Game progress | During gameplay | Trophies, currency, battles | Partial (tier/trophies) |
| Purchase history | In-app purchase | Payment processing | Private |
| Device information | App launch | Technical support, security | Private |
| IP address | API requests | Security, fraud prevention | Private |
| Timezone | Focus sessions / quests | Day boundary calculation | Private |
Information from Third Parties
| Service | Data Received | Purpose |
|---|---|---|
| Google OAuth | Email address, profile name | Login authentication |
| Google AdMob | Ad identifier, device info | Banner ad display |
| Supabase | Auth token, email | Backend authentication |
| Vercel | IP address, User-Agent | Web hosting |
Collection Methods
- Direct input by user during registration and service use
- Automatic generation and collection during app/web service use
- Collection via third-party OAuth services
2. Purpose of Collection and Use
We collect and use your personal information for the following purposes:
- Account creation and identity verification
- Game service provision (focus tracking, battles, quests)
- Social features (leaderboard, clan)
- Age verification to enforce the 16+ requirement
- Customer support and dispute resolution
- Service improvement and analytics
- In-app purchase processing
- Ad display (banner ads via Google AdMob)
- Security and fraud prevention
Legal Bases for Processing (GDPR)
- Contract performance: Account management, game service delivery, purchase processing
- Legitimate interests: Security, fraud prevention, service improvement
- Consent: Advertising (you may withdraw consent at any time)
- Legal obligation: Compliance with applicable laws
3. Retention Period
| Data | Retention Period | Legal Basis |
|---|---|---|
| Account info (email, username, birth date) | Until account deletion | Service provision |
| Focus records (focus_sessions) | Until account deletion | Service provision |
| Game data (player_game_state) | Until account deletion | Service provision |
| Purchase records | 5 years | Korean E-Commerce Act, Art. 6 |
| Consent records | 5 years | PIPA consent record retention |
| Server access logs (IP) | 3 months | Korean Telecommunications Act, Art. 15-2 |
| Dispute records | 3 years | Korean E-Commerce Act, Art. 6 |
4. Third-Party Disclosure
We do not sell your personal information or share it with third parties for their own marketing or advertising purposes.
- In-game social features: As part of the game's social features (leaderboard, clan), your nickname, tier, trophy count, and focus time statistics may be visible to other users.
- Legal disclosure: We may disclose your information if required by law, court order, or governmental authority.
5. Service Providers (Data Processors)
We engage the following service providers to assist in delivering our services. They process your data only as directed by us.
| Provider | Service | Data Processed |
|---|---|---|
| Google LLC | OAuth authentication, Ad serving (AdMob) | Email, ad identifier |
| Supabase Inc. | Authentication service | Email, auth token |
| Vercel Inc. | Web hosting | IP address, User-Agent |
| Apple Inc. / Google LLC | In-app purchase processing | Purchase records |
6. International Data Transfers
Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place.
| Recipient | Country | Data | Purpose | Method |
|---|---|---|---|---|
| Google LLC | USA | Email, ad ID | OAuth, AdMob | API transmission |
| Supabase Inc. | USA | Email, auth token | Authentication | API transmission |
| Vercel Inc. | USA | IP, User-Agent | Web hosting | Automatic |
| Apple / Google (IAP) | USA | Purchase records | Payment processing | Platform SDK |
For transfers from the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses (SCCs) or other appropriate transfer mechanisms as required by GDPR.
7. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal information:
- Access: Request a copy of the personal information we hold about you
- Rectification: Request correction of inaccurate or incomplete data
- Erasure: Request deletion of your personal information ("right to be forgotten")
- Restriction: Request that we limit how we use your data
- Portability (GDPR): Receive your data in a structured, machine-readable format
- Opt-out (CCPA): Opt out of the sale or sharing of personal information (we do not sell your data)
- Withdraw consent: Withdraw consent for processing based on consent at any time
- Non-discrimination (CCPA): We will not discriminate against you for exercising your rights
How to Exercise Your Rights
- Email: focusroyale@leapsignal.net
- Response time: Within 10 business days (PIPA standard) / 30 days (GDPR/CCPA)
- Account deletion: Submit a request by email
- Nickname change: Available in-app settings
You may also designate an authorized agent to submit requests on your behalf. We may require verification of your identity or authorization before processing requests.
8. Children's Privacy
Focus Royale is restricted to users aged 16 and older. We do not knowingly collect personal information from children under 16.
- Users provide their birth date during onboarding for age verification. Users under 16 are blocked from registration.
- If we discover that a user is under 16, we will immediately delete their account and all associated personal data.
- Our age restriction satisfies COPPA (13+), Korean PIPA (14+), GDPR (16+), and CCPA (16+) requirements.
- If you believe a child under 16 has registered, please contact us at focusroyale@leapsignal.net.
9. Cookies and Tracking Technologies
- Our website uses essential cookies for authentication and session management.
- The Google AdMob SDK in our mobile app collects advertising identifiers (IDFA on iOS, GAID on Android) to serve banner ads.
- You can disable cookies in your browser settings; however, some features may not function correctly.
- To reset your advertising ID on mobile:
- iOS: Settings > Privacy & Security > Tracking
- Android: Settings > Google > Ads
10. Data Deletion Process
- Account deletion request received via email
- Data required to be retained by law is separated
- All other personal data is permanently deleted immediately (database deletion and log purge)
- Separated data is destroyed upon expiration of the applicable legal retention period
- Deletion confirmation sent to your email address
Deletion Methods
- Electronic data: Permanently deleted from our database using irreversible methods
- Paper records: Not applicable (we do not maintain paper records)
11. Security Measures
We implement appropriate technical and organizational measures to protect your personal information:
- SSL/TLS encryption for all data transmission
- OAuth-based authentication (we do not store raw passwords)
- Database access controls and authentication management
- Regular security monitoring and auditing
- Minimum personal data access principle (least privilege)
While we strive to protect your personal information, no security measure is 100% secure. If you believe your data has been compromised, please contact us immediately at focusroyale@leapsignal.net.
12. Privacy Contact
For any privacy-related questions, concerns, or requests, please contact our Privacy Officer:
Privacy Officer
Name: Jaewan Shin (신재완)
Title: Representative
Organization: Leap Signal Labs
Email: focusroyale@leapsignal.net
Website: https://focusroyale.leapsignal.net
We will respond to your inquiry promptly and no later than the applicable legal deadline.
13. Changes to This Policy
- We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date.
- For material changes, we will provide notice via an in-app notification at least 7 days before the effective date.
- Your continued use of the service after the effective date of changes constitutes acceptance of the updated policy.
14. Regulatory Authorities and Remedies
If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with the relevant data protection authority:
| Authority | Jurisdiction | Contact |
|---|---|---|
| Personal Information Protection Commission (PIPC) | Korea (PIPA) | https://www.pipc.go.kr |
| EU Supervisory Authority | European Union (GDPR) | Your member state's DPA |
| California Attorney General | California, USA (CCPA) | https://oag.ca.gov/privacy |
| Federal Trade Commission (FTC) | USA (COPPA) | https://www.ftc.gov |
These authorities are independent from our company. We encourage you to contact us first so we can resolve any concerns directly.