← backSub Rosa
sub rosa

privacy policy

last updated · June 3, 2026

summary, in plain prose

Sub Rosa is a single-player text RPG. To run it, we need to know who you are across devices. To do that we ask Apple or Google to confirm your identity, and we keep only your email address. We do not collect your name, your contacts, your location, your device identifiers, your advertising ID, or any analytics inside the app itself. The only analytics we run is on this landing page, through Google Analytics, and it is used solely to count visits and understand which pages people read.

Payments are handled entirely by the App Store and Google Play. We never see your card.

who we are

Sub Rosa is published by Releasy Corp, the data controller for the purposes of this policy.

Releasy Corp
33024 US Highway 19 North
Palm Harbor, FL 34684
United States

For any privacy question, write to support@releasy.xyz.

what we collect, and why

account · email address

When you sign in, Apple Sign In (on iOS) or Google Sign In (on Android) confirms your identity to our backend and returns your email. We store that email and a stable user identifier in our database. We need them to keep your runs, relics, and subscription tied to the same account across devices and reinstalls.

We do not request your name, profile picture, contacts, calendar, location, microphone, camera, photos, or any other permission from Apple or Google. If Apple's "Hide My Email" feature rewrites your address into a relay, we store the relay.

game state

While you play, we store data about your account on our servers: your runs (active and past), the rooms you have walked, the relics you carry, your account level, and the text generated by our AI for your dungeons. This is necessary to run the game; without it, the game does not function.

subscription status

If you purchase a subscription or lifetime access, our billing provider (RevenueCat) tells us whether your account is entitled to premium features. We store a small snapshot of that entitlement so the app knows what to show you. We do not see your card number, your billing address, or any other payment detail.

crash diagnostics

If the app crashes, we collect a stack trace through Sentry to fix the bug. Crash reports include the type of device and operating system but are not used to profile you and are not linked to advertising identifiers.

landing-page analytics

On this website (and only on this website — not in the app), we use Google Analytics to count visits and see which pages people read. Google Analytics runs in "Consent Mode" with all storage denied by default: until you click "accept" on the banner, it sends only anonymous, cookieless aggregate pings — no cookies on your device, no client identifier, no precise location.

If you accept, Google Analytics sets cookies (the _ga and _ga_* family) and processes a truncated form of your IP address to derive an approximate country-level location. Even with consent, we have advertising signals (ad_storage, ad_user_data, ad_personalization) kept denied, and we have not enabled Google Signals or any cross-site tracking feature. No personally identifiable information is collected by us.

You can revoke consent at any time by clearing site data for playsubrosa.com in your browser.

what we do not collect

  • your real name
  • your phone number
  • your address
  • your contacts
  • your location
  • your photos, microphone, or camera
  • your advertising ID (IDFA, GAID)
  • your card or banking information
  • any behavioral analytics inside the app

how your data is processed

We share the minimum data required with the following processors:

  • Apple — for Sign In with Apple on iOS.
  • Google — for Sign In with Google on Android.
  • App Store and Google Play — for all payments, subscriptions, and refunds. These transactions are governed by their own terms; we receive only an entitlement signal.
  • RevenueCat — unified subscription layer that talks to the stores on our behalf.
  • OpenAI — generates dungeon text for your runs. We send the game's context (setting, room, recent history) but not your email or any identifier that would let OpenAI tie a prompt to a person.
  • Sentry — crash diagnostics.
  • Google Analytics — landing-page traffic analytics only; not used inside the app.

Our servers are hosted in the United States. By using Sub Rosa from outside the United States, you consent to the transfer of the data described above to the United States.

how long we keep it

We keep your account and its game state for as long as the account exists. If you delete your account, your email, runs, relics, and generated text are removed from our active database within thirty days. Backups are rotated within ninety days. Anonymized crash diagnostics may be retained beyond that for stability purposes.

account deletion

You can delete your account directly from inside the app, at any time, without contacting us. Open preferences from the hub, scroll to the account section, and tap delete account. The flow asks for one confirmation and then runs immediately.

When the deletion completes, the following are removed from our active database within thirty days, and from backups within ninety:

  • your email address and the stable user identifier
  • every run you have played — active, archived, abandoned
  • every relic you have carried home
  • every dungeon text our AI generated for you
  • your refresh tokens and any record of which device signed in
  • your premium-entitlement snapshot

Two narrow categories survive in anonymized form, with no link back to you: high-level AI-call telemetry (used to track cost and quality of generations across the service), and the raw payment-event log from RevenueCat (kept for financial audit). In both, the field that used to point at your account is set to null at deletion time — there is no way to reconnect those rows to a person.

If you have an active subscription, deleting your Sub Rosa account does not cancel the subscription with Apple or Google — they are billed by the store, not by us. On iOS, cancel under Settings → [your name] → Subscriptions → Sub Rosa. On Android, cancel under Play Store → Payments & subscriptions → Subscriptions → Sub Rosa. The app shows the same reminder in the delete confirmation. If you hold the lifetime tier, deleting your account releases it — there is no refund, and a new account with the same store login will not inherit it.

your rights

You may at any time:

  • request a copy of the data we hold about you
  • request that we correct inaccurate information
  • delete your account and all associated data — directly in the app, or by email if you can no longer sign in
  • withdraw consent and stop using the service

Account deletion is self-serve through the in-app flow described above. For everything else — data access, correction, or deletion when you cannot reach the in-app flow — write to support@releasy.xyz from the email address tied to your account. We respond within thirty days.

If you are in the European Economic Area, the United Kingdom, or California, you have additional rights under GDPR, UK-GDPR, and CCPA respectively. The rights above already cover what those regulations require; the email above is the contact point for exercising them.

children

Sub Rosa is not directed at children under thirteen, and we do not knowingly collect data from anyone under that age. If you believe a child has provided us with information, write to support@releasy.xyz and we will delete it.

changes to this policy

If we ever change what we collect or how we use it, we will update this page and the "last updated" date above. Material changes will also be communicated in the app.

contact

Questions: support@releasy.xyz. Mail: Releasy Corp, 33024 US Highway 19 North, Palm Harbor, FL 34684, United States.