Privacy Policy

1. Introduction

TagOut ("TagOut," "we," "us," or "our") is a GPS-powered mobile tag game available on iOS and Android. This Privacy Policy explains what personal information we collect when you use the TagOut app, how we use and protect that information, and the choices you have over it.

TagOut is operated by [COMPANY NAME], a company incorporated in [JURISDICTION]. By installing or using TagOut you agree to the practices described in this Privacy Policy. If you do not agree, please uninstall the app and discontinue use.

This policy applies to the TagOut mobile application on iOS and Android, as well as any associated web interfaces hosted at our domain.

Plain-English Summary TagOut requires your GPS location to function — without it the game cannot work. We collect a minimal profile (username + avatar) and in-game activity. We show rewarded video ads via Google AdMob and offer a one-time purchase to remove them. We do not collect your real name, phone number, or contacts, and we never sell your personal data.

2. Information We Collect

We collect only the information necessary to provide and improve the TagOut experience. Here is a breakdown by category.

2.1 Information You Provide Directly

Username. A display name you choose when creating an account. This does not need to be your real name.
Avatar. A character or icon you select from a predefined set of in-app options — no photos or images are uploaded.
Email address (optional). Provided only if you choose to register an email for account recovery purposes. Email is not required to play.
Group membership. Names of game lobbies and player groups you create or join.

2.2 Location Information

Precise GPS coordinates. Your real-time latitude and longitude, accurate to approximately 5–10 meters, collected in the foreground while you are actively playing and in the background when a game session is in progress. See Section 4 — Location Data for full details.
Location history within a session. We record the path you travel during a game session to compute scores, flag captures, and tag events. This data is tied to your session, not stored indefinitely as a general movement log.

2.3 In-Game Activity Data

Tag history. Records of when you tagged or were tagged, including the timestamp and game mode (e.g., Classic Tag, Infection, Capture-the-Flag, Hide-and-Seek, Geocaching, Group Challenges).
In-game statistics. Cumulative stats such as games played, wins, tags made, longest hide, and similar performance metrics displayed on your profile.
Game session metadata. Mode, duration, number of players, and outcome for each game session you participate in.

2.4 Device and Technical Data

Device identifiers. Advertising identifiers (IDFA on iOS, Android Advertising ID on Android) used by Google AdMob to deliver and measure ads. See Section 6 for details.
Push notification tokens. Device tokens issued by Apple Push Notification service (APNs) and Firebase Cloud Messaging (FCM) used to send you in-game alerts (e.g., "Your game is starting") — not marketing messages unless you opt in.
App version and platform. iOS or Android version and TagOut app version, used to diagnose compatibility issues.
Crash and error logs. Anonymized technical logs generated when the app crashes, used solely for debugging. These logs do not contain location coordinates or your username.

2.5 Information We Do Not Collect

To be explicit, TagOut does not collect:

Your real legal name
Phone number or contacts list
Photos or camera access
Microphone or audio
Financial or payment card information (all billing is handled by Apple or Google — see Section 7)
Browsing history or data from other apps
Biometric data

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Providing and Operating the App

Displaying your username and avatar to other players in a shared game session.
Computing real-time player positions on the in-game map to determine who has been tagged, where flags are, and when game objectives are met.
Saving and displaying your in-game statistics and tag history on your profile.
Sending push notifications for game events — for example, alerting you when a friend starts a lobby or when your game is about to begin.

3.2 Advertising

Serving rewarded video ads through Google AdMob (maximum seven ads per user per day), in exchange for which you receive in-game items. You are never required to watch an ad to play; ads are opt-in rewards.
Measuring ad performance (impressions, completions) as required by our AdMob integration.

3.3 Improving TagOut

Diagnosing and fixing crashes and technical errors using anonymized error logs.
Understanding aggregate gameplay patterns (e.g., which game modes are most popular) to improve the experience. We use aggregated, non-identifiable data for this purpose.

3.4 Legal and Safety Purposes

Complying with applicable laws and regulations.
Investigating and responding to abuse reports, cheating, or safety concerns within the game.
Enforcing our Terms of Service.

3.5 Legal Bases (EU/EEA Users)

For users in the European Union and European Economic Area, we process your personal data under the following legal bases as defined in the GDPR:

Contract performance (Article 6(1)(b)): Processing your username, avatar, location, and game data is necessary to deliver the TagOut service you signed up for.
Consent (Article 6(1)(a)): We rely on your consent for optional email collection and for the serving of personalized advertisements via AdMob (collected through the AdMob Consent Management Platform).
Legitimate interests (Article 6(1)(f)): We rely on our legitimate interest in maintaining security, preventing fraud, and improving the app for anonymous crash logging and aggregate analytics.
Legal obligation (Article 6(1)(c)): Processing necessary to comply with applicable law.

4. Location Data

Why location is central to TagOut TagOut is a GPS-based physical game. Location data is not ancillary — it is the core mechanic. Without continuous access to your position, the game cannot determine who has tagged whom, where hidden players are, or whether a flag has been captured. All location collection is tied directly to active gameplay.

4.1 Foreground Location

When you open TagOut and join or create a game session, the app requests access to your precise GPS location in the foreground. This is used to render your position on the game map in real time, compute distances between players, and trigger in-game events (tags, captures, objective completions). Foreground location collection stops when you exit a game session or close the app.

4.2 Background Location

TagOut also requests background location access. Background location is used exclusively when a game session is actively in progress and you minimize the app — for example, to check a message — without ending the game. Without background location, players who briefly switch apps would disappear from the game map, breaking gameplay for the entire lobby.

Background location collection is not used to track you when you are not in an active game session. We do not build movement profiles, log your location outside of games, or share background location data with advertisers.

Both iOS and Android will display a system-level indicator (a blue bar or notification) when TagOut accesses location in the background, consistent with platform requirements.

4.3 Location Data Shared With Other Players

Your GPS coordinates are transmitted in real time to the other players in your game session so they can see your position on the shared map. This is a fundamental, visible feature of the game. Your coordinates are not broadcast to anyone outside your current game lobby. When your session ends, you are removed from the active player map.

4.4 Location Data Retention

Real-time coordinate streams are held in memory only for the duration of your active session. We do not write a timestamped log of every coordinate to persistent storage. After a session ends, we retain only the derived session summary (e.g., "Game ended at [location name or grid reference], duration 22 minutes, 3 tags") for the purpose of displaying stats and history in your profile. Raw GPS traces are discarded at session close.

Session summary data is retained for as long as your account is active. See Section 10 for the full retention schedule.

4.5 How to Disable Location Access

You may revoke location permission at any time through your device's system settings:

iOS: Settings → Privacy & Security → Location Services → TagOut → select "Never" or "While Using the App."
Android: Settings → Apps → TagOut → Permissions → Location → select "Deny" or "Only while using the app."

Note that revoking location access will prevent TagOut from functioning. The app requires location data to operate. If you revoke background location but keep foreground location, gameplay will be interrupted if you minimize the app during a session.

5. Sharing Your Information

We do not sell your personal data. We share information only in the limited circumstances described below.

5.1 Other Players in Your Game

Your username, avatar, and real-time GPS position are visible to other players inside your active game lobby. This is the intended, game-play-essential sharing described in Section 4.3. You can always leave a lobby to stop sharing your location with those players.

5.2 Google AdMob (Advertising)

We use Google AdMob, operated by Google LLC, to serve rewarded video advertisements. When an ad is displayed, AdMob may receive your device's advertising identifier (IDFA / Android Advertising ID), coarse IP-derived location (country/region level), device model, and OS version. Google uses this information to select and serve ads and to measure their effectiveness. Google's use of this data is governed by the Google Privacy Policy. See Section 6 for details on personalized vs. non-personalized ads and how to opt out.

5.3 Apple / Google Billing (In-App Purchases)

All in-app purchases (the one-time "Remove Ads" upgrade) are processed entirely by Apple's App Store (via StoreKit) or Google Play (via Google Play Billing). We never receive, store, or process your payment card number, billing address, or any other financial information. The only purchase-related data we receive from Apple or Google is a receipt confirming that a transaction occurred and which product was purchased, so we can unlock the feature in your account.

5.4 Push Notification Infrastructure

Push notification tokens are transmitted to Apple's APNs or Google's Firebase Cloud Messaging solely for the purpose of delivering gameplay alerts. Apple and Google act as delivery conduits; we do not share additional personal data with them for notification delivery beyond the token and the notification payload.

5.5 Legal Requirements and Safety

We may disclose personal data if we believe in good faith that such disclosure is necessary to: (a) comply with a legal obligation, court order, or valid governmental request; (b) protect the rights, property, or safety of TagOut, our users, or the public; or (c) detect, prevent, or address fraud, security vulnerabilities, or technical issues. We will notify affected users of any such disclosure where legally permitted to do so.

5.6 Business Transfers

If TagOut is acquired, merged, or its assets are transferred to another entity, personal data may be transferred as part of that transaction. We will notify users via in-app message or prominent notice on our website at least 30 days before any such transfer becomes effective, and users will have the opportunity to delete their accounts before the transfer occurs.

5.7 No Other Third-Party Sharing

Beyond the parties listed above, we do not share personal data with analytics providers, data brokers, marketing platforms, social networks, or any other third parties. TagOut does not include any analytics SDKs (such as Firebase Analytics, Mixpanel, or Amplitude) at this time.

6. Advertising and Analytics

6.1 Google AdMob

TagOut uses Google AdMob to display rewarded video ads. Watching a 30-second ad is entirely optional and earns you in-game items. You may watch a maximum of seven rewarded ads per day. You may purchase the "Remove Ads" upgrade (see Section 7) to permanently remove all ads.

6.2 Personalized vs. Non-Personalized Ads

AdMob can serve ads in two modes:

Personalized ads use your advertising identifier and inferred interests to select ads likely to be relevant to you.
Non-personalized ads are selected based solely on contextual information (e.g., the game's general category) and do not use your advertising history or build a profile about you.

For users in the EU, EEA, UK, and Switzerland, TagOut uses the Google AdMob User Messaging Platform (UMP) — a certified GDPR and IAB TCF 2.x consent management platform. On first launch in those regions, you will be presented with a consent dialog that explains what data AdMob collects and gives you the choice to consent to or decline personalized advertising. We request only non-personalized ads if you decline or if consent cannot be obtained.

For users subject to the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA), you may opt out of the "sale" or "sharing" of your personal information (which under California law may include targeted advertising) through the in-app privacy settings. We honor Global Privacy Control (GPC) signals where technically feasible.

6.3 Advertising Identifier

TagOut accesses the platform advertising identifier (IDFA on iOS, Android Advertising ID on Android) solely for AdMob ad delivery and measurement. On iOS 14.5 and later, Apple requires apps to request your permission to access the IDFA through App Tracking Transparency (ATT). If you deny the ATT request, TagOut will request only non-personalized ads and the IDFA will not be read.

You may reset your advertising identifier at any time:

iOS: Settings → Privacy & Security → Tracking, or Settings → Privacy & Security → Apple Advertising → Reset Advertising Identifier.
Android: Settings → Google → Ads → Delete advertising ID (Android 12+) or Reset advertising ID.

6.4 Analytics

TagOut does not currently include any dedicated analytics SDK. Aggregate, non-identifiable usage patterns (e.g., total games started per day across all users) may be derived from server logs for internal product improvement. These server logs are retained for up to 30 days and are not shared with third parties.

7. In-App Purchases

TagOut offers a single in-app purchase: "Remove Ads" for a one-time fee of $0.99 USD (or the equivalent in your local currency). This purchase permanently disables rewarded video advertisements for your account.

All payment processing is handled exclusively by:

Apple App Store (via Apple's StoreKit framework) for iOS purchases.
Google Play Store (via Google Play Billing) for Android purchases.

TagOut never receives, stores, or processes your credit or debit card number, bank account details, billing address, or any other financial information. Apple and Google handle all aspects of payment authorization, fraud prevention, and receipt generation. Your payment data is governed by Apple's Privacy Policy and Google's Privacy Policy respectively.

The only information TagOut receives from Apple or Google after a purchase is a cryptographically signed receipt confirming that a valid purchase was made for the "Remove Ads" product identifier. We store this receipt verification status on your account so the benefit persists across devices and reinstalls.

Purchases can be restored on a new device using the in-app "Restore Purchases" function, which re-queries Apple's or Google's receipt validation endpoint. No additional personal data is exchanged during a restore.

8. Children's Privacy

TagOut is rated for users 13 years of age and older on both the Apple App Store (Rating: 12+) and Google Play Store (Teen). TagOut is not directed at children under the age of 13 and is not designed or marketed for use by children under 13.

We do not knowingly collect personal information from children under 13. If you are under 13, please do not download or use TagOut. If you are a parent or guardian and you believe your child under 13 has created an account or provided personal information to TagOut, please contact us immediately at [email protected]. We will delete the account and any associated personal data as quickly as practicable.

COPPA Compliance: Because TagOut is not directed at children under 13 and does not permit users under 13 to create accounts, the Children's Online Privacy Protection Act (COPPA) does not require us to obtain verifiable parental consent for the information collected in the ordinary course of using the app. If we ever determine that a user is under 13, we will promptly delete their data and close their account.

Users aged 13–17 may use TagOut with the awareness of a parent or guardian. Parents who have questions about the data we collect are encouraged to read this Privacy Policy in full and contact us with any concerns.

9. Your Rights & Choices

Depending on where you live, you may have certain rights regarding your personal data. We honor these rights regardless of your location to the extent technically feasible.

9.1 All Users

Access. You may request a copy of the personal data we hold about you by contacting us at [email protected].
Correction. You can update your username and avatar directly within the app at any time. To correct other information, contact us.
Account deletion. You may delete your account at any time from the in-app settings (Settings → Account → Delete Account). Upon deletion, we remove your username, avatar, email (if provided), tag history, and stats from our active systems within 30 days. Anonymized aggregate data (e.g., total games played across all users) is not considered personal data and is not deleted.
Data portability. You may request an export of your personal data in a machine-readable format (JSON) by contacting us at [email protected]. We will fulfill such requests within 30 days.
Withdraw consent. Where we rely on consent as a legal basis (e.g., personalized ads), you may withdraw that consent at any time through the in-app privacy settings without affecting the lawfulness of prior processing.
Opt out of push notifications. You may disable push notifications through your device's system settings (iOS: Settings → Notifications → TagOut; Android: Settings → Apps → TagOut → Notifications) or within the TagOut app settings.

9.2 EU / EEA / UK Users (GDPR and UK GDPR)

If you are located in the European Union, European Economic Area, or United Kingdom, you have the following additional rights under GDPR (and the UK GDPR where applicable):

Right to erasure ("right to be forgotten"). You may request deletion of your personal data where the data is no longer necessary for the purposes for which it was collected, where you have withdrawn consent, or where we have no other lawful basis.
Right to restriction of processing. You may request that we restrict processing of your personal data in certain circumstances, for example while the accuracy of the data is being contested.
Right to object. You may object to processing based on our legitimate interests. We will cease such processing unless we can demonstrate compelling legitimate grounds that override your interests.
Right not to be subject to automated decision-making. We do not make solely automated decisions that produce legal or similarly significant effects on you.
Right to lodge a complaint. You have the right to lodge a complaint with your national or regional data protection supervisory authority if you believe we are processing your personal data in violation of applicable law. A list of EU supervisory authorities is available at edpb.europa.eu.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. We may need to verify your identity before fulfilling a request.

9.3 California Users (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) grants you the following rights:

Right to know. You may request information about the categories and specific pieces of personal information we have collected about you, the sources of collection, the business purposes for which it is used, and the categories of third parties with whom it is shared.
Right to delete. You may request deletion of personal information we have collected about you, subject to certain exceptions (e.g., completing transactions, security, legal obligations).
Right to correct. You may request correction of inaccurate personal information we maintain about you.
Right to opt out of sale or sharing. We do not "sell" personal information as that term is traditionally understood. To the extent that serving targeted ads via AdMob constitutes "sharing" personal information under the CPRA, you may opt out by adjusting your ad preferences in the in-app privacy settings or by enabling a Global Privacy Control (GPC) signal in your browser or device.
Right to non-discrimination. We will not discriminate against you for exercising any of your CCPA/CPRA rights.
Right to limit use of sensitive personal information. TagOut collects precise geolocation, which is classified as sensitive personal information under the CPRA. We use precise geolocation only to provide the core gameplay service and do not use it for inferring characteristics about you or for advertising targeting. You have the right to limit our use of your precise geolocation to what is necessary to provide the requested service; however, exercising this right will prevent TagOut from functioning.

To submit a California privacy rights request, contact us at [email protected] with the subject line "California Privacy Request." We respond within 45 days and will not charge a fee for reasonable requests.

10. Data Retention

We retain personal data only for as long as necessary to provide the TagOut service and fulfil the purposes described in this policy, or as required by law. Below are the specific retention periods we apply:

Real-time GPS coordinates (in-session). Held in server memory during a game session only. Discarded immediately when the session ends. Not written to persistent storage.
Session summaries (derived stats). Retained for the lifetime of your account, plus 30 days after deletion to allow for account recovery during that window.
Username and avatar. Retained for the lifetime of your account. Deleted within 30 days of account deletion request.
Email address (if provided). Retained for the lifetime of your account. Deleted within 30 days of account deletion request or upon your request.
Tag history. Retained for the lifetime of your account. Deleted within 30 days of account deletion request.
Push notification tokens. Retained until you uninstall the app, revoke notification permission, or delete your account, whichever occurs first. Tokens are automatically invalidated by Apple/Google when the app is uninstalled.
Server access logs (anonymized). Retained for up to 30 days for security monitoring and debugging, then automatically purged.
Purchase receipts. Retained for as long as your account is active to support purchase restoration, and for up to 7 years thereafter to comply with financial record-keeping obligations.
Advertising interaction data (AdMob). Governed by Google's AdMob data retention policies. See Google's Privacy Policy for details.

When you delete your account, we initiate deletion from active systems within 30 days. Note that residual copies may remain in automated backups for up to an additional 90 days before those backups are overwritten or deleted, after which time the data is permanently gone. We do not use backup copies to reconstruct deleted accounts.

11. Data Security

We take reasonable technical and organizational measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction.

Encryption in transit. All communications between the TagOut app and our servers use TLS 1.2 or higher. Data exchanged with Google AdMob and Apple/Google billing APIs is also encrypted in transit.
In-memory architecture. TagOut's current server backend holds active game state — including real-time GPS coordinates — in memory rather than writing them to a persistent database. This means the most sensitive data (your moment-to-moment location during a game) is never written to disk and cannot be exfiltrated from a database breach.
Access controls. Access to production systems is restricted to authorized personnel and protected by strong authentication.
Minimal data collection. We deliberately limit what we collect (no photos, no contacts, no real names) to reduce the sensitivity and volume of data we are responsible for protecting.

However, no method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially reasonable means to protect your personal information, we cannot guarantee its absolute security. In the event of a data breach that is likely to result in a risk to the rights and freedoms of our users, we will notify affected users and, where required by law, relevant supervisory authorities, within the timeframes specified by applicable law (72 hours under GDPR; expeditiously under US state laws).

12. International Data Transfers

TagOut's servers are hosted in [JURISDICTION / SERVER REGION] (for example, the United States). If you are accessing TagOut from the European Union, EEA, United Kingdom, or another jurisdiction with data protection laws that differ from those of our server location, please be aware that your personal data will be transferred to and processed in that jurisdiction.

Where we transfer personal data from the EU/EEA to a country that has not been determined to provide an adequate level of protection, we rely on appropriate safeguards including:

Standard Contractual Clauses (SCCs) adopted by the European Commission, incorporated into our agreements with relevant sub-processors.
Adequacy decisions issued by the European Commission where applicable.

Google LLC, our AdMob provider, participates in and certifies compliance with the EU-U.S. Data Privacy Framework. Google's international data transfer mechanisms are described in the Google Privacy Policy.

By using TagOut, you acknowledge that your information may be transferred to and processed in jurisdictions outside your country of residence.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will indicate the date of the most recent revision at the top of this page.

For material changes — those that meaningfully expand the categories of data we collect, introduce new third-party sharing, or significantly alter your rights — we will notify you through an in-app message or alert displayed on your next launch of the TagOut app at least 14 days before the changes take effect. We may also email you if you have provided an email address.

For non-material changes (e.g., clarifications, formatting updates, corrections), we will update the policy and revise the "Last Updated" date without separate in-app notice.

Your continued use of TagOut after the effective date of a revised Privacy Policy constitutes your acceptance of the updated terms. If you do not agree to the updated policy, please delete your account and uninstall the app before the effective date.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: [email protected]
Company: [COMPANY NAME]
Address: [MAILING ADDRESS]

For EU/EEA/UK data protection inquiries or to exercise your GDPR rights, please use the same email address with the subject line "Data Protection Request." We will acknowledge your request within 72 hours and respond substantively within 30 days.

For California privacy requests under the CCPA/CPRA, please email with the subject line "California Privacy Request."

To report a suspected data breach or security vulnerability, please email us at [email protected] with the subject line "Security." We take all such reports seriously and will investigate promptly.