This Privacy Policy explains how Irakli Ghachava, a sole proprietor trading as Homosapien Studio and based in Georgia (“we”, “us”), collects, uses and shares your personal data when you use the Epocha mobile game and the homosapien.studio website (together, the “Service”). We are the controller of that personal data.
Because we offer the Service to people in the European Economic Area (EEA), we handle personal data in line with the EU General Data Protection Regulation (GDPR) and other laws that apply to you. This policy sets out what we collect, why, the legal basis for each use, how long we keep it, who we share it with, and the rights you have.
Where we rely on your consent — for example for personalised advertising or push notifications — we ask for it separately in the app, and you can withdraw it at any time. Simply using the Service is not treated as consent to those things.
1. Who we are and how to contact us
The data controller is Irakli Ghachava, operating as Homosapien Studio, a sole proprietorship based in Georgia.
For any privacy question, or to exercise the rights described below, email us at irakli.ghachava@gmail.com. You can also manage and delete your data from within the app — see “Your rights and choices” below and our Account & Data Deletion page.
2. Information you provide
Account details. When you create an account we collect your email address (for email sign-up) or the email address and name shared by Google when you sign in with Google. Each account gets an auto-generated username that you can change.
Profile. You may add a profile photo (avatar) and you choose a data region, language and time zone. These are optional or have sensible defaults.
3. Game data
To run the game we store your progress and stats: which questions you have answered and whether they were correct, epoch completion, your daily-challenge streak and history, achievements, and your coin balance. Coins are an in-game currency with no real-world value.
4. Information collected automatically
Device and usage data. We collect basic technical information such as device type, operating system, app version and in-app events needed to run and secure the Service.
Diagnostics. We collect crash reports and performance data to find and fix problems.
Analytics. We use analytics to understand, in aggregate, how the game is used so we can improve it. Analytics events never contain your name or email, and analytics is turned off in development builds. Where the law requires consent for analytics that relies on identifiers stored on your device (the EEA ePrivacy rules), we ask for it separately and you can change your choice at any time in the app.
5. Push notifications
If you turn them on, we store a push-notification token so we can send the daily reminders and streak alerts you asked for. We do this on the basis of your consent and your device’s notification permission; you can withdraw it at any time in the app or your device settings, and we will stop.
6. Advertising
The game may show ads. Advertising providers may read or set device identifiers (such as your advertising ID) to show and measure ads. We run advertising that relies on these identifiers only with your consent, which we ask for separately from analytics: on iOS through Apple’s App Tracking Transparency prompt, and in the EEA we obtain your GDPR consent before such ads run. You can withdraw consent, or reset or limit your advertising ID, at any time in your device settings.
7. The legal bases we rely on
Under the GDPR we must have a legal basis for each way we use your personal data. Our bases are:
Performing our contract with you (Article 6(1)(b)) — creating and running your account, saving your progress and stats, running the daily challenge, Chronochain, streaks, achievements, coins and the leaderboard, and answering your support requests.
Our legitimate interests (Article 6(1)(f)) — keeping the game fair and secure (validating streaks and scores on our servers and preventing cheating, fraud and abuse), diagnosing crashes and performance problems, understanding usage in aggregate to improve the Service, and establishing or defending legal claims. We weigh these interests against your rights, and you can object at any time (see “Your rights and choices”).
Your consent (Article 6(1)(a)) — showing you ads that use device identifiers, and sending push notifications. We ask for each of these separately, and you can withdraw consent at any time without affecting anything we did before you withdrew it.
Complying with the law (Article 6(1)(c)) — meeting our legal obligations and responding to lawful requests.
8. Information visible to others
The leaderboard is public to other players. Your username, your chosen country (if you set one) and your avatar may be shown there alongside your streak, to run the competitive feature you take part in. Everything else about your account is private.
9. How we share your information
Service providers (processors). We use Google Firebase (sign-in, database, cloud functions, analytics and crash reporting), Expo (push-notification delivery) and Cloudflare (content delivery); the website is hosted on Google Firebase Hosting. These providers process your data only on our instructions and under written data-processing agreements.
Advertising providers. Where you consent, ad providers receive the limited device identifiers needed to show and measure ads, as described in “Advertising” above.
For legal reasons. We may disclose information where required by law or to protect the rights, safety and property of Homosapien Studio, our users or the public.
We do not sell your personal data, and we do not share it for advertising beyond the consent-based advertising described above.
10. International data transfers
You choose a data region when you sign up. If you choose the European Union, your account data is stored on Google Cloud infrastructure in the EU; if you choose the United States, it is stored there.
Some of our providers operate globally, so some data (for example analytics, crash reports, push delivery and advertising) may be processed outside the EEA, including in the United States. Where we transfer personal data outside the EEA, we rely on appropriate safeguards: providers certified under the EU–US Data Privacy Framework (Google LLC is certified) and/or the European Commission’s Standard Contractual Clauses, with additional measures where needed.
You can ask us for a copy of the safeguards we rely on by emailing irakli.ghachava@gmail.com; our main providers also publish their Standard Contractual Clauses.
11. How long we keep your data
Account and game data — kept while your account is active. When you delete your account this data is deleted (immediately for in-app deletion, and within 30 days for email requests) and removed from our backups within 90 days.
Inactive accounts — if you stop using the app, we delete your account automatically so we do not hold data we no longer need: after 6 months of inactivity for a registered account, and after 3 months for a guest account (one created by playing without signing up). This deletion is permanent and removes the same account and game data described above.
Diagnostics — crash and performance data is kept for a limited period (up to 90 days) and then deleted or aggregated.
Analytics — data that can be linked to a device is kept for up to 14 months; aggregate statistics that no longer identify you may be kept longer.
Push-notification token — kept until you turn notifications off or delete your account.
Records we must keep by law — kept only for as long as the law requires, then deleted.
12. Your rights and choices
In the app you can, at any time, edit your profile, change your username, set or clear your country, turn notifications and ad consent on or off, and delete your account.
If you are in the EEA (and in many other places), you also have the right to: access the personal data we hold about you; have it corrected; have it deleted; restrict or object to how we use it (including objecting to processing based on our legitimate interests, and an absolute right to object to direct marketing); receive your data in a portable format; and withdraw any consent you have given. You also have the right not to be subject to decisions with legal or similarly significant effects based solely on automated processing — see “Automated decision-making” below.
To exercise any of these rights, use the in-app controls or email us at irakli.ghachava@gmail.com. We will respond within one month. Exercising your rights is free unless a request is clearly unfounded or excessive, and we may need to verify your identity first.
You also have the right to lodge a complaint with a data protection authority — in the EEA, your local supervisory authority (you can find them at edpb.europa.eu). We would appreciate the chance to address your concern first.
13. Automated decision-making
We do not make decisions that produce legal or similarly significant effects about you based solely on automated processing. Some game features are automated — for example difficulty scaling and server-side anti-cheat checks — but these do not have legal or similarly significant effects on you.
14. Children
The Service is not directed to children under 13, and you must be at least 13 to use it. In some EEA countries the age at which you can agree to online services on your own is higher (up to 16); if you are under that age, a parent or guardian must agree to any consent-based features (such as ads or notifications) on your behalf. We make reasonable efforts not to collect personal data from children below the age that applies to them, and we do not knowingly do so. If you believe a child has provided us with personal data, contact us and we will remove it.
15. Cookies and local storage
The homosapien.studio website sets no advertising or analytics cookies and runs no third-party trackers, and its fonts are served from our own domain. It stores only your chosen language in your browser, so the site opens in the right language — this is strictly necessary and needs no consent.
The app stores data on your device to run the game and, where you have agreed, uses the analytics and advertising technologies described above.
16. Security
We use industry-standard measures to protect your information, including encryption in transit and access controls. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.
17. Changes to this policy
We may update this Privacy Policy from time to time. We will post the updated version here and revise the effective date above, and for significant changes we will provide a more prominent notice.
18. Contact us
If you have questions about this policy or your data, contact Irakli Ghachava (Homosapien Studio) at irakli.ghachava@gmail.com.