Privacy Policy

Sigilmon is published by Crux Coast (“Crux Coast”, “we”, “us”, “our”). We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and disclose your personal information when you use the Sigilmon mobile application and related services (“the Game”).

1. Information We Collect

Information You Provide

• Email address (for account creation and authentication)
• Username (displayed to other players)
• Password (securely hashed; we never store plaintext passwords)

Information Collected Automatically

• Gameplay data (creature stats, battle history, achievements, inventory, progression)
• Purchase and transaction records (virtual currency purchases, in-app transactions)
• Device information (device type, operating system, app version)
• Usage data (session duration, features used, crash reports)

2. How We Use Your Information

We use the information we collect for the following purposes:

• Account management: to create and maintain your account, authenticate your identity, and provide customer support.
• Gameplay: to deliver, personalise, and improve the Game experience, including matchmaking, leaderboards, and progression tracking.
• Analytics: to understand how the Game is used and to identify areas for improvement.
• Communication: to send notifications about game events, updates, and promotional offers (with your consent where required).
• Safety and security: to detect and prevent fraud, cheating, abuse, and other harmful activity.
• Legal compliance: to comply with applicable laws, regulations, and legal processes.

3. Data Storage and Security

Your data is stored on Supabase, a cloud-hosted PostgreSQL database service. All data is encrypted in transit using TLS/SSL. We implement Row Level Security (RLS) policies to ensure users can only access their own data.

Authentication is handled by Supabase Auth, which uses industry-standard security practices including bcrypt password hashing and JWT-based session management. While we implement reasonable security measures, no method of electronic transmission or storage is 100% secure.

4. Third-Party Services

We use the following third-party services that may process your data:

• Supabase (database, authentication) — stores account data and gameplay information
• Cloudflare (web hosting, CDN) — serves the web version of the Game
• Expo / React Native (app framework) — provides app infrastructure and update services

We may integrate additional third-party services, including:

• RevenueCat (in-app purchases and subscription management)
• PostHog (analytics and user behaviour insights)
• Google AdMob (rewarded advertising)

Each third-party service operates under its own privacy policy. We encourage you to review the privacy practices of these services.

5. Children’s Privacy

Sigilmon is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. In Australia, users must be at least 15 years of age due to the presence of simulated loot box mechanics.

If we become aware that we have collected personal information from a child under the applicable minimum age, we will take steps to delete that information as soon as possible. If you believe a child under the minimum age has provided us with personal information, please contact us at the email address below.

6. Australian Privacy Act Compliance

We comply with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). In accordance with these requirements:

• We only collect personal information that is reasonably necessary for the operation of the Game.
• We collect personal information only by lawful and fair means, and directly from you where practicable.
• We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access.
• You may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe your privacy has been breached.

7. Your Rights (GDPR and Applicable Law)

If you are located in the European Economic Area (EEA), the United Kingdom, or any jurisdiction with similar data protection laws, you have the following rights regarding your personal data:

• Right of access: You may request a copy of the personal data we hold about you.
• Right to rectification: You may request that we correct inaccurate or incomplete personal data.
• Right to erasure: You may request that we delete your personal data, subject to legal obligations.
• Right to data portability: You may request a copy of your data in a structured, machine-readable format.
• Right to restrict processing: You may request that we limit how we use your data.
• Right to object: You may object to processing of your data for certain purposes, including direct marketing.

To exercise any of these rights, please contact us at the email address below. We will respond to your request within 30 days.

8. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Game. If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain certain information for legal, regulatory, or legitimate business purposes (such as transaction records or dispute resolution).

Aggregated, anonymised data that does not identify you personally may be retained indefinitely for analytical and improvement purposes.

9. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the Game or via email. The “Last updated” date at the top of this page indicates when this policy was last revised. Your continued use of the Game after any changes constitutes acceptance of the updated policy.

10. Contact Information

If you have any questions about this Privacy Policy, wish to exercise your data rights, or have a privacy complaint, please contact us at:

privacy@cruxcoast.com