Legal

Privacy Policy

Effective: May 4, 2026 · Vantage Point: Gaming Catalogue

We collect the minimum data needed to run the app — your email, your game library, and your friend connections. We don't run ads, we don't sell data, and we don't load third-party tracking SDKs. Read on for the details.

Who we are

Vantage Point: Gaming Catalogue ("the app") is published by Vantage Point Ventures LLC ("we", "us", "our"). We're a small US-based software company. This policy explains what we do with personal information when you use the app or interact with this website.

Contact: dwaltonbaugh@vantage-point.online

Information we collect

Account information

Email address. Used for sign-in via one-time codes. Stored on our servers in two forms: a SHA-256 hash (for lookups) and an AES-256 encrypted blob (so we can deliver future emails). The plaintext address is never written to our database.
Handle. A short alphanumeric tag (e.g. "DW#8957") auto-generated when you sign up. You can customize the avatar colors but the handle itself is fixed.

App content you create

Library entries. The games you add — title, IGDB identifier, cover URL, your slot assignment (Front Line, Sightlines, Watchlist, Out of Vision, Archive), your rating, time-to-beat, hours played, played year, platform.
Scout connections. The other Vantage Point users you've added as scouts. Stored as a record linking your account to theirs.
Privacy settings. Per-list visibility flags controlling what each scout can see on your profile.
Gauntlet completions. Records of which challenges you've completed.
Purchases. Themes you've bought, Founder's Pin ownership, and subscription/trial state.
Feedback submissions. If you use the in-app feedback form, the type (bug / feature / other), the message text, and your handle and app version are stored on our servers and emailed to our support address.

Technical information

App version. Sent with feedback submissions so we can correlate bug reports to specific builds.
Authentication tokens. A session token issued by our backend after sign-in, stored in your device's secure keystore (Android Keystore / iOS Keychain). Never transmitted except to our backend.

Optional: Oracle (AI assistant)

The Oracle feature is opt-in and uses a Gemini API key you provide yourself from Google AI Studio. Your API key is stored only on your device, never on our servers, and Oracle requests go directly from your device to Google. We do not see, log, or proxy your Oracle conversations. If you enable "Live Web Insights", Oracle's web searches go through Google's grounding service under your own API key.

What we don't collect

No advertising identifiers (IDFA / GAID). No ads.
No location data.
No contacts, photos, microphone, or camera access.
No third-party analytics SDKs (no Firebase Analytics, no Mixpanel, no Segment, etc.).
No behavioral tracking across other apps or websites.

How we use information

To run the app — sign you in, sync your library, deliver scout profiles, run the Gauntlet, and let you customize themes.
To send transactional email — the one-time sign-in code, and the rare email tied to feedback you've submitted.
To process purchases and restore prior entitlements when you reinstall.
To respond to support requests you send us.

We do not use your information to train machine learning models, run profile-based advertising, or sell to data brokers.

Sharing and third parties

We share information with the following service providers, only to the extent necessary to operate the app:

IGDB (Twitch / Amazon). When you search for a game, the query is forwarded through our backend to IGDB's API. IGDB does not receive your account email — only the search text and the game IDs we look up.
Resend. Used to deliver one-time sign-in codes and feedback notification emails. Only the recipient email address and message body are transmitted.
Cloudflare. Our backend is reached through a Cloudflare Tunnel for HTTPS termination. Cloudflare may briefly process request metadata in transit (IP, request path) consistent with their privacy policy.
Google (only when Oracle is enabled). If you provide a Gemini API key and use the Oracle feature, your prompts go directly from your device to Google under your own key. We are not in that data path.
Apple App Store / Google Play. When you buy a subscription or in-app product, the store handles the payment and provides us with a transaction receipt. We never see your payment card or full billing details.

We do not sell or rent your personal information to anyone, and we do not share it for cross-context behavioral advertising.

Storage and security

Account and library data live on our backend, hosted on hardware we operate. We follow standard practices: encrypted-at-rest email addresses, hashed sign-in codes (never plaintext), HTTPS-only transport via Cloudflare, and minimum-privilege access for collection rules. No security setup is bulletproof — if you believe an account has been compromised, contact us at the email above and we'll revoke active sessions.

Data retention

We retain your account and library data for as long as your account exists. If you delete your account (by emailing us — in-app deletion is on the roadmap), we remove your records from active systems within 30 days. Anonymized aggregates (e.g. challenge completion counts with no user reference) may be retained indefinitely.

Sign-in OTP codes are deleted automatically after they expire (within 3 minutes) or are consumed.

Your rights and choices

Access. Email us and we'll send you a copy of the data tied to your account.
Correction. You can edit your handle's avatar colors, all your library entries, and your privacy settings in-app at any time.
Deletion. Email dwaltonbaugh@vantage-point.online with the subject "Delete account" from the address tied to your account. We confirm and process within 30 days.
Withdraw consent. You can sign out, disable Oracle, or remove individual scout connections from inside the app at any time without contacting us.

If you're in California, the EEA, or the UK, you have additional rights under the CCPA/CPRA, GDPR, or UK GDPR — including the right to lodge a complaint with your local data protection authority. We respond to all rights requests at the contact address above.

Children's privacy

The app is not directed to children under 13 (or under the applicable minimum age in your country). We do not knowingly collect personal information from children under that age. If you believe a child has provided us information, contact us and we'll delete the account.

Changes to this policy

We may update this policy as the app evolves. The "Effective" date at the top reflects the most recent revision. Material changes (anything that expands what we collect or share) will be surfaced inside the app before they take effect.

Contact

Vantage Point Ventures LLC
dwaltonbaugh@vantage-point.online