Privacy Policy

Welcome to Levelium ("we", "us", or "our"). Levelium is a gamified productivity application available on mobile (Android/iOS) and web (levelium.app).

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our application and website (collectively, the "Service"). By using the Service, you agree to the practices described in this policy.

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR), the Spanish Organic Law 3/2018 on Personal Data Protection (LOPDGDD), and all applicable data protection laws.

The data controller responsible for your personal data is:

• Entity: Levelium
• Contact: privacy@levelium.app

We collect the following categories of personal data:

3.1 Information You Provide

• Account Information: Email address and display name when you create an account.
• Profile Data: Character customization preferences, selected class, race, and attributes within the RPG system.
• Waitlist Registration: Email address when you sign up for the beta waitlist.

3.2 Information Generated by Usage

• Gamification Data: Missions created, completed, and tracked; habits; streaks; experience points (XP); character level and rank; attributes and stats progression.
• Purchase Data: Records of in-app purchases and subscriptions (Battle Pass, Gem purchases). Payment processing is handled entirely by Google Play / Apple App Store; we do not collect or store payment card information.

3.3 Automatically Collected Information

• Device Information: Device type, operating system, and app version.
• Usage Analytics: Pages visited on the website, features used within the app, session duration, and crash reports. This data is collected in aggregated or anonymized form where possible.

We use the information we collect to:

• Provide the RPG Experience: Power your character progression, missions, habits, streaks, ranking system, and AI coaching features ("The Architect").
• Manage Your Account: Authenticate your identity, manage your profile, and sync data across devices.
• Process Purchases: Fulfill in-app purchases, manage subscriptions, and deliver premium content (gems, cosmetics, Battle Pass).
• Send Communications: Notify you about beta access, account updates, and important service changes. We will never send unsolicited marketing emails without your explicit consent.
• Improve the Service: Analyze usage patterns to fix bugs, optimize performance, and develop new features.
• Comply with Legal Obligations: Fulfill legal requirements provided by applicable law.

We process your personal data based on the following legal grounds:

• Contractual Necessity: Processing is necessary to provide the Service you have requested (account management, gamification features, purchases).
• Consent: For non-essential purposes such as marketing communications and waitlist registration. You can withdraw consent at any time.
• Legitimate Interest: For analytics and security purposes, to improve our Service and protect against fraud.

We use the following third-party services to operate Levelium. Each processes data according to their own privacy policies:

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit (TLS/HTTPS) and at rest.
• Secure authentication via Firebase Auth with industry-standard protocols.
• Access controls limiting data access to authorized personnel only.
• Regular security reviews and monitoring.

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We encourage you to use a strong, unique password for your account.

We retain your personal data for as long as your account is active or as needed to provide you the Service. If you request account deletion, we will erase your personal data within 30 days, except where retention is required by law (e.g., purchase records for tax compliance).

Anonymized and aggregated data that cannot identify you may be retained indefinitely for analytical purposes.

Under the GDPR and applicable data protection laws, you have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure ("Right to be Forgotten"): Request deletion of your account and all associated personal data. You can initiate this from within the app settings or by contacting us at privacy@levelium.app.
• Right to Restriction: Request that we limit the processing of your data in certain circumstances.
• Right to Data Portability: Receive your data in a structured, commonly used, and machine-readable format.
• Right to Object: Object to the processing of your data based on legitimate interest grounds.
• Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@levelium.app. We will respond within 30 days. You also have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD) or your local supervisory authority.

Levelium is not directed to children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete that information promptly. If you believe your child has provided us with personal data, please contact us at privacy@levelium.app.

Your data may be processed on servers located outside the European Economic Area (EEA), particularly in the United States (through Firebase/Google Cloud and Resend). Where such transfers occur, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or reliance on the service provider's participation in recognized data transfer frameworks.

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the updated policy on this page and updating the "Last updated" date. For material changes, we may also send a notification through the app or via email. We encourage you to review this page periodically.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: