← backSub Rosa
sub rosa

privacy policy

last updated · May 12, 2026

summary, in plain prose

Sub Rosa is a single-player text RPG. To run it, we need to know who you are across devices. To do that we ask Apple or Google to confirm your identity, and we keep only your email address. We do not collect your name, your contacts, your location, your device identifiers, your advertising ID, or any analytics inside the app itself. The only analytics we run is on this landing page, and it is aggregated and cookieless.

Payments are handled entirely by the App Store and Google Play. We never see your card.

who we are

Sub Rosa is published by Releasy Corp, the data controller for the purposes of this policy.

Releasy Corp
33024 US Highway 19 North
Palm Harbor, FL 34684
United States

For any privacy question, write to privacy@releasy.xyz.

what we collect, and why

account · email address

When you sign in, Apple Sign In (on iOS) or Google Sign In (on Android) confirms your identity to our backend and returns your email. We store that email and a stable user identifier in our database. We need them to keep your runs, relics, and subscription tied to the same account across devices and reinstalls.

We do not request your name, profile picture, contacts, calendar, location, microphone, camera, photos, or any other permission from Apple or Google. If Apple's "Hide My Email" feature rewrites your address into a relay, we store the relay.

game state

While you play, we store data about your account on our servers: your runs (active and past), the rooms you have walked, the relics you carry, your account level, and the text generated by our AI for your dungeons. This is necessary to run the game; without it, the game does not function.

subscription status

If you purchase a subscription or lifetime access, our billing provider (RevenueCat) tells us whether your account is entitled to premium features. We store a small snapshot of that entitlement so the app knows what to show you. We do not see your card number, your billing address, or any other payment detail.

crash diagnostics

If the app crashes, we collect a stack trace through Sentry to fix the bug. Crash reports include the type of device and operating system but are not used to profile you and are not linked to advertising identifiers.

landing-page analytics

On this website (and only on this website — not in the app), we run a cookieless analytics tool (Plausible) to count visits and see which pages people read. It does not set cookies, does not use device identifiers, and does not track you across other sites. No personally identifiable information is collected.

what we do not collect

  • your real name
  • your phone number
  • your address
  • your contacts
  • your location
  • your photos, microphone, or camera
  • your advertising ID (IDFA, GAID)
  • your card or banking information
  • any behavioral analytics inside the app

how your data is processed

We share the minimum data required with the following processors:

  • Apple — for Sign In with Apple on iOS.
  • Google — for Sign In with Google on Android.
  • App Store and Google Play — for all payments, subscriptions, and refunds. These transactions are governed by their own terms; we receive only an entitlement signal.
  • RevenueCat — unified subscription layer that talks to the stores on our behalf.
  • OpenAI — generates dungeon text for your runs. We send the game's context (setting, room, recent history) but not your email or any identifier that would let OpenAI tie a prompt to a person.
  • Sentry — crash diagnostics.
  • Plausible — cookieless analytics, landing page only.

Our servers are hosted in the United States. By using Sub Rosa from outside the United States, you consent to the transfer of the data described above to the United States.

how long we keep it

We keep your account and its game state for as long as the account exists. If you delete your account, your email, runs, relics, and generated text are removed from our active database within thirty days. Backups are rotated within ninety days. Anonymized crash diagnostics may be retained beyond that for stability purposes.

your rights

You may at any time:

  • request a copy of the data we hold about you
  • request that we correct inaccurate information
  • request that we delete your account and all associated data
  • withdraw consent and stop using the service

To do any of these, write to privacy@releasy.xyz from the email address tied to your account. We respond within thirty days.

If you are in the European Economic Area, the United Kingdom, or California, you have additional rights under GDPR, UK-GDPR, and CCPA respectively. The rights above already cover what those regulations require; the email above is the contact point for exercising them.

children

Sub Rosa is not directed at children under thirteen, and we do not knowingly collect data from anyone under that age. If you believe a child has provided us with information, write to privacy@releasy.xyz and we will delete it.

changes to this policy

If we ever change what we collect or how we use it, we will update this page and the "last updated" date above. Material changes will also be communicated in the app.

contact

Questions: privacy@releasy.xyz. Mail: Releasy Corp, 33024 US Highway 19 North, Palm Harbor, FL 34684, United States.