Privacy Policy

1. Who we are

RoxyKovu LLC ("RoxyKovu," "we," "us," or "our") is the data controller responsible for your personal information.

• Company: RoxyKovu LLC
• Location: North Carolina, USA
• Email: Support@roxykovu.com
• Website: roxykovu.com

This Privacy Policy applies to all RoxyKovu products and services, including our website (roxykovu.com), mobile apps distributed through the Apple App Store and Google Play, and desktop software distributed through the Microsoft Store. By using our services, you agree to the practices described in this policy. Please also review our Terms of Service.

2. Our privacy-first approach

• App data stays on your device unless a specific feature explicitly requires otherwise.
• No accounts are required to use our apps unless a specific feature says otherwise.
• We do not sell, rent, or trade your personal information.
• We collect only the minimum data necessary to provide and improve our services.
• We do not use or disclose sensitive personal information for purposes beyond what is necessary to provide our services.

3. Information we collect

We collect different categories of information depending on how you interact with our services.

3.1 Information you provide directly

• Contact form submissions: Name, email address, subject, and message content when you use our contact form or email us.
• Feedback and support requests: Any information you include in communications with us (bug reports, feature requests, support inquiries).
• AI chat assistant messages: When you use the Kovu chat assistant on our website, your messages are sent to our servers for processing. We send your messages (and up to six prior messages from the same session for context) to a third-party AI service (Google Gemini) to generate responses. We do not permanently store your chat messages or conversation history on our servers.

3.2 Information collected automatically (website)

• Server logs: IP address, user agent (browser type and version), referring URL, pages visited, and timestamps. Collected for security, uptime monitoring, and abuse prevention.
• Google Ads conversion tracking (gtag.js): With your consent, Google may collect page-view data, IP address, browser information, and set cookies for ad campaign measurement. See Section 7 (Cookies) for details.
• Cloudflare Turnstile: IP address and browser signals processed by Cloudflare on contact forms for bot protection.
• Font delivery: IP address and user agent sent to third-party CDN providers when loading web fonts.
• AI chat assistant rate limiting: A cryptographic hash (not the actual value) of your IP address is temporarily stored with a daily message count to prevent abuse of the chat assistant. This data is automatically deleted after 48 hours.

3.3 Information collected by our apps

• 20 Questions (iOS, iPadOS, iMessage, Apple TV): Game data, preferences, and scores stored locally on your device. The solo Battle Mosey mode runs Apple's on-device Foundation Models - your category, secret word, and questions are processed only on your device and never transmitted (see Section 14.2). Family and Friends multiplayer, TV Group Play, and the iMessage app use peer-to-peer connections over Wi-Fi and Bluetooth via Apple's MultipeerConnectivity framework - these connections do not route through RoxyKovu servers (see Section 14.4). On the iPhone, iPad, and iMessage variants, Google AdMob may collect device identifiers and ad interaction data when optional rewarded ads are displayed (see Section 6). The Apple TV (tvOS) variant collects no personal data, no identifiers, and serves no ads (see Section 14.6).
• SumSquare (iOS): Puzzle data, preferences, scores, and streaks stored locally on your device. Google AdMob may collect device identifiers and ad interaction data when ads are displayed (see Section 6).
• Fitness for the Fighting Man / FFM (iOS and Android): Workout data, training history, and fitness metrics stored locally on your device. With your explicit permission, FFM may access Apple HealthKit (iOS) or Health Connect (Android) data and device sensors for fitness tracking. Location data may be accessed for run distance tracking (see Section 5).
• PatchShepherd (Windows): Software update scanning results, health scores, update history, and preferences stored locally on your device. PatchShepherd 2.0 features including health scoring, multi-source scanning, and update history are processed and stored entirely on your device. PatchShepherd Pro subscription status is validated through the Microsoft Store (see Section 5).
• VitalQuest: Ascend: Game progress, character data, and preferences will be stored locally on your device. Additional data practices will be disclosed here before the app is released.

3.4 Information we do NOT collect

• We do not collect Social Security numbers, government IDs, financial account numbers, or biometric identifiers.
• We do not collect precise geolocation for advertising or profiling purposes.
• We do not create advertising profiles based on your activity across our apps.
• We do not process payment information - all purchases are handled by Apple, Google, or Microsoft through their respective stores.

4. How we use your information

We use the information we collect for the following purposes:

• To provide and maintain our services: Delivering app functionality, processing contact form submissions, and responding to support requests.
• To improve our services: Understanding how our website and apps are used so we can fix bugs, improve performance, and develop new features.
• To communicate with you: Responding to your inquiries, sending service-related notices, and providing support.
• To measure advertising performance: With your consent, using Google Ads conversion tracking to understand ad campaign effectiveness.
• To protect our services: Detecting, preventing, and addressing fraud, abuse, security issues, and technical problems.
• To comply with legal obligations: Meeting applicable laws, regulations, legal processes, or enforceable governmental requests.

We do not use your information for automated decision-making or profiling that produces legal or similarly significant effects on you.

5. Health and fitness data

FFM accesses health and fitness data only with your explicit permission, and this data stays on your device.

5.1 iOS (Apple HealthKit)

• FFM can read and write workout data and Apple Watch activity through HealthKit only when you grant permission through the iOS Health permissions prompt.
• HealthKit data is processed locally on your device and is never sent to RoxyKovu servers, used for advertising, sold to third parties, or shared with data brokers.
• You can revoke HealthKit access at any time in your device Settings under Health > Data Access.

5.2 Android (Health Connect)

• FFM may access health and fitness data through Health Connect and device sensors (accelerometer, gyroscope) only when you grant explicit permission.
• Health Connect data is processed locally on your device and is never sent to RoxyKovu servers, used for advertising, sold to third parties, or shared with data brokers.
• You can revoke Health Connect permissions at any time in your device Settings.

5.3 Location data

• FFM may access your location to track distance during outdoor runs. Location access is optional and requires your explicit permission.
• Location data is processed locally on your device and is not transmitted to RoxyKovu servers.
• You can disable location access at any time in your device settings.

5.4 PatchShepherd

• PatchShepherd runs local package managers (WinGet, Chocolatey, Scoop); updates are downloaded directly from their official sources.
• PatchShepherd Pro subscription status is validated through the Microsoft Store. No personal data beyond what Microsoft provides for license validation is collected by RoxyKovu.

6. Advertising

SumSquare and 20 Questions may display ads powered by Google AdMob.

• When ads are enabled, Google and its certified ad partners may collect device identifiers (IDFA on iOS, Advertising ID on Android), IP address, and ad interaction data for ad delivery, measurement, frequency capping, and fraud prevention.
• Where required by law, we display consent prompts (GDPR/EEA/UK/Switzerland) or opt-out choices (US state privacy laws) before personalized ads are served.
• You can change your ad consent choices in-app via Privacy Options (where available) or by resetting your device advertising ID in your device settings.
• Google's privacy policy governs ad data processing: policies.google.com/privacy
• FFM, PatchShepherd, VitalQuest: Ascend, and the 2Q Apple TV (tvOS) variant do not display advertisements.

7. Cookies and tracking technologies

Our website uses cookies and similar technologies. You can manage your preferences through our cookie consent banner or the "Cookie Settings" link in the footer.

7.1 Essential (always active)

• Cloudflare Turnstile: Session-based tokens for bot protection on contact forms. No persistent cookies.
• Cookie consent preference (localStorage): Stores your cookie consent choices locally in your browser so we can respect your preferences on return visits.

7.2 Analytics (requires consent)

• Google Analytics (gtag.js): Measures website traffic and usage patterns. May set cookies including _ga (expires after 2 years) and _ga_* (expires after 2 years). Collects page views, session duration, approximate location (country/city level from IP), and browser/device information.

7.3 Marketing (requires consent)

• Google Ads conversion tracking: Measures ad campaign performance and conversions. May set cookies for ad attribution and retargeting. Collects conversion events, ad click data, and browsing activity for ad measurement.

7.4 Managing cookies

• On your first visit, our cookie consent banner lets you accept all, reject all, or choose specific categories.
• You can change your choices at any time by clicking "Cookie Settings" in the website footer.
• You can also block or delete cookies through your browser settings. Note that blocking essential cookies may affect website functionality.
• All non-essential cookies and tracking are blocked by default until you provide consent.

7.5 Do Not Track and Global Privacy Control

Some browsers send a "Do Not Track" (DNT) signal. There is no uniform industry standard for how websites should respond to DNT signals. Our website respects your cookie consent choices as described above. When you reject analytics and marketing cookies through our consent banner, no tracking occurs regardless of your DNT setting.

We recognize and honor Global Privacy Control (GPC) signals. When we detect a GPC signal from your browser, we treat it as a valid opt-out request for the sale or sharing of personal information and for targeted advertising, as required by the CCPA/CPRA and other applicable state privacy laws. If you have GPC enabled, non-essential cookies and tracking will remain disabled even if you have not interacted with our consent banner.

8. Who we share data with

We do not sell, rent, or trade your personal information. We share data only with the following categories of service providers, and only as necessary to operate our services.

• Google (AdMob, Analytics, Ads): Ad delivery and measurement in 2Q and SumSquare; website analytics and ad conversion tracking on roxykovu.com. Data shared only with your consent for non-essential processing.
• Cloudflare: Bot protection on contact forms (IP address and browser signals).
• Google (Gemini AI): Chat messages submitted through the Kovu chat assistant are sent to Google's Gemini API for AI-generated responses. Google's privacy policy governs their processing of this data: policies.google.com/privacy. Google's Gemini API terms apply: ai.google.dev/gemini-api/terms.
• Amazon Web Services (AWS): Website hosting (S3, CloudFront), contact form processing (Lambda, SES), and AI chat assistant infrastructure (Lambda, DynamoDB). AWS processes data as a sub-processor under our instructions.
• Apple, Google, Microsoft (app stores): Distribution, purchase processing, and subscription management for our apps. Each platform has its own privacy policy governing data they collect during transactions.
• Font CDN providers: IP address and user agent data transmitted to deliver web fonts.

We may also disclose your information if required by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect our rights, safety, or property, or that of our users or the public.

9. Data retention

• Local app data: Stays on your device until you delete it or uninstall the app. We have no access to this data.
• Server logs: IP address, user agent, and timestamps are retained for up to 90 days for security and operational purposes, then automatically deleted.
• Contact form submissions and support emails: Retained for up to 2 years to provide ongoing support and maintain conversation history, then deleted unless a longer retention period is required by law.
• Google Analytics data: Retained according to Google's standard data retention settings (default 14 months).
• Cookie consent preferences: Stored in your browser's localStorage with no expiration; cleared when you clear browser data or update your preferences.
• AI chat assistant data: Chat messages are processed in real time, forwarded to the Gemini API for a response, and discarded immediately after the response is delivered. Messages are not logged or stored on our servers. Rate-limiting records (hashed IP addresses and message counts) are automatically deleted after 48 hours.
• Google Ads cookies: Conversion tracking cookies (_gcl_*) are retained for up to 90 days per Google's standard settings.
• Font CDN data: IP addresses transmitted to font CDN providers during font delivery are subject to those providers' own retention policies and are not stored by RoxyKovu.

When data reaches the end of its retention period, it is securely deleted or anonymized. If deletion is not immediately possible (for example, because data is stored in backup archives), we will securely store and isolate the data until deletion is possible.

10. Data security

• We use reasonable administrative, technical, and physical safeguards to protect information in our possession, including encryption in transit (HTTPS/TLS for all web traffic) and secure infrastructure (AWS with CloudFront CDN).
• Our contact form uses Cloudflare Turnstile and a honeypot field to prevent automated abuse.
• Email addresses on our website are obfuscated to prevent scraping.
• No method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Data breach notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users and relevant supervisory authorities as required by applicable law (including within 72 hours under GDPR where applicable).

11. Your rights and choices

Regardless of where you live, you have the following choices regarding your data.

• Device permissions: You can manage app permissions (location, health data, notifications) in your device settings at any time.
• Cookie preferences: You can change your cookie consent choices by clicking "Cookie Settings" in the website footer.
• Ad preferences: You can change ad personalization choices in-app (where available) or by resetting your device advertising ID.
• Delete app data: You can delete locally stored app data by uninstalling the app or using any in-app reset option if provided.
• Opt out of email communications: You can stop receiving responses from us by not contacting us. We do not send marketing emails or newsletters.
• Request data access, correction, or deletion: Contact us at Support@roxykovu.com. We will verify your identity and respond within the timeframes required by applicable law.

12. International privacy rights

Depending on where you live, you may have additional rights under local data protection laws.

12.1 European Economic Area, United Kingdom, and Switzerland (GDPR / UK GDPR)

• Legal bases for processing: We process personal data based on: (a) your consent (e.g., cookie preferences, ad personalization); (b) contract performance (e.g., responding to your contact form submissions); and (c) legitimate interests (e.g., security monitoring, service improvement), where those interests are not overridden by your rights.
• Your rights: You have the right to access, rectify (correct), erase (delete), restrict processing of, object to processing of, and port your personal data. You may also withdraw consent at any time without affecting the lawfulness of prior processing.
• How to exercise your rights: Contact us at Support@roxykovu.com. We will respond within 30 days.
• Data protection authority: You have the right to lodge a complaint with your local supervisory authority. A list of EU data protection authorities is available at edpb.europa.eu. UK residents may contact the Information Commissioner's Office (ICO) at ico.org.uk.
• International transfers: RoxyKovu LLC is based in the United States. When personal data is transferred outside the EEA/UK, we rely on Standard Contractual Clauses (SCCs) adopted by the European Commission, or other approved transfer mechanisms, to ensure adequate protection.

12.2 California, USA (CCPA / CPRA)

• We do not sell or share personal information as defined under the CCPA/CPRA.
• Categories of personal information collected in the preceding 12 months: Identifiers (name, email address, IP address); internet or electronic network activity (browsing history, interactions with our website, chat assistant messages); and geolocation data (approximate location from IP address). See Section 3 for complete details on each category, its source, and the business purpose for collection.
• Categories of personal information sold or shared: None. We have not sold or shared personal information in the preceding 12 months.
• Your rights: California residents have the right to know what personal information is collected and how it is used, request deletion of personal information, request correction of inaccurate personal information, opt out of the sale or sharing of personal information (we do not sell or share), and limit the use and disclosure of sensitive personal information.
• Sensitive personal information: We do not use or disclose sensitive personal information (including health and fitness data accessed by FFM) for purposes other than those necessary to provide our services as permitted under the CPRA.
• How to exercise your rights: Contact us at Support@roxykovu.com. We will verify your identity and respond within 45 days (extendable by an additional 45 days with notice). You may also designate an authorized agent to make a request on your behalf. Authorized agents must provide written proof of authorization (such as a signed letter or power of attorney) along with verification of their own identity. We may contact you directly to confirm the request.
• Global Privacy Control: We honor GPC signals as a valid opt-out of the sale or sharing of personal information, as required by the CCPA/CPRA.
• Non-discrimination: We will not discriminate against you for exercising your privacy rights (e.g., by charging different prices, providing a different quality of service, or denying you services).

12.3 Other US states

• Residents of states with comprehensive consumer privacy laws, including Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), Utah (UCPA), Oregon (OCPA), Montana (MCDPA), Delaware (DPDPA), Iowa (ICDPA), Tennessee (TIPA), Indiana (INCDPA), Kentucky (KCDPA), Rhode Island, and other states with active or upcoming privacy legislation, may have rights to access, correct, delete, and obtain a copy of their personal data, as well as the right to opt out of targeted advertising, the sale of personal data, and profiling.
• We do not engage in the sale of personal data or targeted advertising based on cross-context behavioral data.
• Authorized agents: You may designate an authorized agent to submit a privacy request on your behalf. Authorized agents must provide written proof of authorization and verify their own identity. We may contact you directly to confirm the request.
• Right to appeal: If we deny your privacy request, you have the right to appeal our decision. To appeal, contact us at Support@roxykovu.com with the subject line "Privacy Appeal." We will respond within the timeframe required by applicable law (typically 45-60 days). If your appeal is denied, you may contact your state's attorney general.
• How to exercise your rights: Contact us at Support@roxykovu.com. We will verify your identity and respond within the timeframe required by your state's law.

12.4 Brazil (LGPD), Canada (PIPEDA), and other jurisdictions

• If you are located in a jurisdiction with data protection laws, you may have similar rights to access, correct, delete, or port your personal data.
• To exercise your rights, contact us at Support@roxykovu.com. We will respond within the timeframes required by applicable law in your jurisdiction.

13. Children's privacy

• Our services are intended for users aged 13 and older. We do not knowingly collect personal information from children under 13. All of our apps require users to be at least 13 years of age.
• FFM is intended for older teens and adults and involves physical fitness activities. It is rated 12+ on the App Store.
• 2Q and SumSquare are family-friendly games rated 4+ on the App Store. While children under 13 may use these apps, we do not knowingly collect, use, or disclose personal information from children under 13 without verifiable parental consent as required by COPPA. These apps do not require account creation or the submission of personal information to play. When ads are present, we configure ad content settings appropriate for all audiences and do not serve personalized ads to users identified as children.
• PatchShepherd is a desktop utility for Windows and does not collect personal information beyond anonymous usage analytics (when consented to).
• If we learn that we have collected personal information from a child under 13 without verifiable parental consent, we will take steps to delete that information as promptly as possible.
• Parents or guardians who believe a child under 13 has provided personal information may contact us at Support@roxykovu.com and we will delete the information within 30 days.

14. Automated systems, on-device AI, and peer-to-peer connectivity

14.1 AI chat assistant on the website

• Our website features an AI-powered chat assistant ("Kovu") that uses Google's Gemini API to generate responses. When you submit a message, it is sent to our server and forwarded to Google's Gemini API for processing. The AI generates a response based on your message and a knowledge base about RoxyKovu products. We do not use your chat messages to train AI models. Google's Gemini API terms govern their processing of this data.
• No automated decision-making: We do not use AI, algorithms, or automated processing to make decisions that produce legal or similarly significant effects on you. The chat assistant provides informational responses only and does not make decisions about your access to services, pricing, or eligibility for anything.

14.2 On-device Apple Intelligence (2Q Battle Mosey)

• 2Q's solo Battle Mosey mode uses Apple's Foundation Models framework to run an on-device language model that plays 20 Questions against you. Everything runs entirely on your device.
• The category, secret word, and every question you ask are processed only on your device.
• No prompts, no responses, and no game state are sent to RoxyKovu, Apple, or any third party for the AI to function.
• Apple's on-device model is not trained on your prompts. Apple's Apple Intelligence privacy commitments apply.
• Battle Mosey requires a device that supports Apple Intelligence (iPhone 15 Pro+ and M-series iPads). It is not available on the Apple TV variant of 2Q (see Section 14.6).

14.3 Other on-device app processing

• SumSquare runs entirely on your device. Puzzle generation, scoring, streaks, and preferences are processed locally; no gameplay data is transmitted to RoxyKovu.
• FFM's FFAI on-device coach uses Apple Intelligence on iPhone 15 Pro+ and M-series iPads, or our locally bundled Ember model on other supported devices, to generate workouts, meal plans, and recovery guidance directly on your device. Optional cloud-tier AI features are clearly opt-in and disclosed in-app.
• PatchShepherd processes scan results, health scores, and update history entirely on your Windows device.

14.4 Peer-to-peer multi-device features (2Q)

• 2Q's Family and Friends multiplayer, TV Group Play, and iMessage app use peer-to-peer connections over Wi-Fi and Bluetooth via Apple's MultipeerConnectivity framework. These connections are direct between your devices and do not route through RoxyKovu servers.
• No game state, scores, or chat from these multi-device sessions is transmitted to RoxyKovu, and we have no visibility into peer-to-peer game traffic.
• The iMessage app variant of 2Q is governed by the same privacy practices as the main iPhone app and shares this Privacy Policy.

14.5 Microphone use in 2Q

• During TV Group Play, the microphone on each player's iPhone or iPad is used solely for live, on-device speech transcription so spoken questions appear on the TV screen. Audio is never recorded, retained, or uploaded.
• You can revoke microphone access at any time in your device Settings under Privacy & Security > Microphone.

14.6 2Q on Apple TV (tvOS)

The Apple TV (tvOS) version of 2Q is a strict subset of the iPhone/iPad experience and collects no personal data, no identifiers, and serves no ads:

• The Google AdMob SDK is not included in the tvOS build, so no advertising ID, IP address, or ad interaction data is processed on Apple TV.
• The Battle Mosey on-device AI mode is not available on Apple TV; the Foundation Models framework is not used.
• Apple TV does not have a built-in microphone, so the tvOS app does not request microphone or speech-recognition permissions. Voice transcription during TV Group Play happens on each player's paired iPhone, not on the Apple TV.
• Multi-device features use Apple's MultipeerConnectivity over peer-to-peer Wi-Fi and Bluetooth. Connections are direct between your devices and never route through RoxyKovu servers.
• In short, the Apple TV app is an offline, ad-free, AI-free, peer-to-peer hub for the iPhone-driven game.

15. Age verification and minors

• Our apps are distributed through the Apple App Store and Google Play Store. These platforms may implement age verification, parental consent, and age-rating mechanisms as required by applicable law, including the Texas App Store Accountability Act, Utah App Store Accountability Act, and similar legislation in other states.
• We comply with platform-level age-rating requirements and accurately represent the content and data practices of our apps in App Store and Google Play submissions.
• Any age-related data provided through platform APIs (such as Apple's Declared Age Range API or Google's Play Age Signals API) is used solely for compliance purposes, including determining appropriate content and ad settings. We do not use age data for advertising targeting, user profiling, or any purpose beyond compliance.
• For our practices regarding children under 13, see Section 13 (Children's privacy).

16. Third-party links and services

Our services may contain links to third-party websites, services, or content that are not owned or controlled by RoxyKovu. This includes app store listings, social media pages, and external resources referenced in our apps or website. We are not responsible for the privacy practices or content of these third-party services. We encourage you to read the privacy policy of every website or service you visit. Inclusion of a link does not imply endorsement by RoxyKovu.

17. Changes to this policy

• We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
• When we make changes, we will update the "Last updated" date at the top of this page.
• If we make material changes that significantly affect how we handle your personal information, we will make reasonable efforts to notify you (such as via a prominent notice on our website or an in-app notification) before the changes take effect.
• Your continued use of our services after the revised Privacy Policy has been posted constitutes your acceptance of the changes.
• We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

18. Contact us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: Support@roxykovu.com
• Website: roxykovu.com/contact-us
• Company: RoxyKovu LLC, North Carolina, USA

We aim to respond to all privacy inquiries within 30 days. For requests under specific privacy laws (GDPR, CCPA, etc.), we will respond within the timeframes required by applicable law.