Privacy Policy

Last updated: 20 May 2026

This Privacy Policy explains how Eswarden ("we", "us", "Eswarden") handles personal data when you use the Streak Hunter mobile app (the "App"). Streak Hunter is a habit-tracking and recovery-support application. The App handles information about behavioural habits — including substance use, gambling, eating, screen time, and similar categories — which most data-protection laws treat as sensitive. We have tried to keep our footprint small. Read this carefully.

1. Who is the data controller

Eswarden is the controller of personal data processed through Streak Hunter. You can reach us at privacy@eswarden.com.

2. The short version

We don't sell your data. Ever. To anyone.
We do not run ads inside Streak Hunter and we do not use advertising identifiers.
Your hunts, relapses, SOS sessions, and notes are stored in Google Firebase (Firestore + Storage) under your account so the App can sync across your devices and survive a reinstall.
You can export and delete everything from Settings → Account at any time.
Streak Hunter is intended for adults (18+).

3. Data we collect

3.1 Account & profile

Sign-in: we use federated sign-in only (Sign in with Apple, Sign in with Google). We never see or store your password. From the federated provider we receive a Firebase user ID, your email address, your display name if you choose to share it, and (for Apple) an opaque relay address if you choose private email relay.
Hunter profile: a hunter name, optional avatar image, timezone, locale, theme, your generated 8-character invite code, and the timestamp your account was created.

3.2 Habit & recovery data (sensitive)

Because Streak Hunter is a recovery tool, by definition it processes information about behavioural health. Specifically:

The monster (habit category) you choose, e.g. smoking, drinking, vaping, scrolling, gambling, gaming, sugar, shopping, caffeine, overeating, procrastination.
Streak data — start dates, end dates, current and historical streak length.
Relapse events — timestamps, trigger tags you select, and any free-text note you write.
Onboarding answers — frequency, duration, last relapse date, perceived cost per day, trigger hour buckets, motivations you tag.
SOS sessions — which emotion you picked, which mini-game you ran, duration, whether you completed it, and any "why" note you saved at the end.
Quest completion, XP, hunter rank, achievements, and badge unlocks.
Optional journal-style notes you write inside the App.

You decide what to write in free-text fields. We recommend writing only what you would be comfortable seeing if your account were ever compromised.

3.3 Diagnostics & device data

Firebase Crashlytics — crash reports including OS name & version, device model, App version, and stack traces. A randomly-generated installation ID is used; this is not your real device identifier.
Firebase Analytics — coarse usage events (e.g. "paywall_viewed", "hunt_created") associated with your Firebase user ID. We do not log free-text fields, monster choice (treated as sensitive), or SOS content into analytics events.
Firebase Cloud Messaging push token — used to send the notifications you enable.
OS name/version and App version, read via device_info_plus and package_info_plus, for crash and bug-report context.

We do not collect: precise location, IP-based location stored against your account, the IDFA / Android Advertising ID, contacts, calendars, microphone audio, or HealthKit / Google Fit data.

3.4 Subscription & payment data

Subscriptions are sold by Apple or Google through their App Store / Play billing systems. We never see your full card number. We use RevenueCat to verify entitlement and receive subscription state (active / cancelled / expired, product ID, renewal date, will-renew flag). RevenueCat receives a stable user identifier tied to your Firebase user ID.

3.5 Social / friend features

If you create an invite code, accept one, or appear on a leaderboard, your hunter name, avatar, and aggregated streak metrics can be visible to your friends or to other users of the leaderboards you opt into.
You can turn leaderboard visibility off at any time in Settings → Community.

4. How we use your data

To run the App — show your hunts, sync across devices, render your codex, deliver quests, run the SOS flow.
To send the notifications you enable, respecting any quiet hours you set.
To verify subscription entitlement and manage trials.
To diagnose crashes and bugs.
To measure feature usage in aggregate so we know what to fix.
To enforce these terms — for example, deactivating accounts used to abuse leaderboards.

We do not use your data for advertising or profiling. We do not sell or rent data. We do not feed your data into third-party machine-learning training pipelines.

5. Legal bases (GDPR / UK GDPR)

Performance of a contract — to give you the App you signed up for (Art. 6(1)(b)).
Explicit consent — for sensitive (health-category) data tied to your chosen monster, relapse events, and SOS notes (Art. 9(2)(a)). You give this consent during onboarding when you pick a monster, and you can withdraw it at any time by deleting your account.
Legitimate interests — for crash logs, fraud / abuse prevention, and aggregate analytics that don't include sensitive content (Art. 6(1)(f)).
Legal obligation — to keep records when required by law.

6. Sub-processors we use

We use the following processors. Each has its own privacy program; links go to their public policies.

Google Firebase (Auth, Cloud Firestore, Cloud Storage, Cloud Messaging, Crashlytics, Analytics, Remote Config) — storage and infrastructure.
RevenueCat — subscription entitlement and webhook processing.
Apple App Store / Google Play — payment and distribution.
Sign in with Apple, Google Sign-In — federated identity providers.

We do not currently use ad networks (no AdMob, no Meta Audience Network), third-party product-analytics providers (no Mixpanel, Amplitude, Segment), or third-party error trackers besides Crashlytics. If we add a new sub-processor, we will update this list before it starts receiving your data.

7. International transfers

Firebase, RevenueCat, and the federated identity providers are operated by US-based companies and may process data in the United States or other regions. Where required, we rely on the European Commission's Standard Contractual Clauses (and the UK addendum, where applicable) as the transfer mechanism. Google's adequacy documentation for Firebase is referenced in their Privacy & Security in Firebase page.

8. Retention

While your account exists: we keep your data so the App works.
If you delete your account: server-side data tied to your user ID is removed within 30 days, except where we are required by law to keep it (e.g. tax records relating to a purchase you made — kept by Apple / Google / RevenueCat per their own retention).
Aggregate analytics (counts, retention curves, no personal content) may be retained indefinitely.
Crash logs are retained per Crashlytics defaults (90 days).

9. Your rights

Depending on where you live, you have some or all of the following rights:

Access — see what we hold about you.
Rectification — fix anything wrong.
Erasure — delete your account and your data.
Portability — export your data.
Restriction & objection — limit certain processing or object to it.
Withdraw consent — for the sensitive data processing covered by Article 9 GDPR.
Complain — to your local data-protection authority.

Most of these you can exercise yourself from Settings → Account: export, edit, or delete. For anything else, email privacy@eswarden.com and we'll respond within 30 days.

10. Notifications

Streak Hunter sends push notifications you can configure: morning & evening rituals, danger-hour reminders, milestone celebrations, friend activity, leaderboard updates, quest reminders, and subscription expiry reminders. All notification categories can be turned off individually in Settings → Notifications, and you can set quiet hours.

11. Security

Data is encrypted in transit (TLS). At rest, Firebase encrypts data with Google-managed keys. Access to production systems is limited and audit-logged. No system is perfect, but we do not collect data we don't need, which is the strongest form of risk reduction.

12. Children

Streak Hunter is intended for users aged 18 and over. The App's content includes references to addiction, recovery, and substance use. We do not knowingly collect personal data from anyone under 18. If you believe a child has used Streak Hunter, write to privacy@eswarden.com and we will delete the data.

13. California, Colorado, Virginia, and other US state rights

If you are a resident of a US state with a comprehensive privacy law, you have the right to know, delete, correct, and opt out of "sales" or "sharing" of personal information. We do not sell or share personal information for cross-context behavioural advertising. To exercise other rights, email privacy@eswarden.com.

14. Health-related disclaimer

Streak Hunter is a self-help tool. It is not a medical device and does not provide medical advice, diagnosis, or treatment. If you are struggling with a substance-use disorder, an eating disorder, gambling, or mental-health symptoms, please consult a qualified professional or local helpline alongside the App.

15. Changes to this policy

If we make material changes, we will notify you in-app at next launch and update the "Last updated" date above. Continued use of Streak Hunter after the change means you accept the updated policy.

16. Contact

Privacy & data-subject requests — privacy@eswarden.com
Anything else — support@eswarden.com