Pass and Run ("we", "us", or "our") operates the Pass and Run football manager game accessible at play.passn.run and via mobile applications. This Privacy Policy explains how we collect, use, and protect your personal data.
1. Data We Collect
When you use Pass and Run, we may collect the following information:
- Account data: email address, username, and password (stored as a bcrypt hash).
- Gameplay data: match results, tactical decisions, transfer history, player development, in-game currency balances, and session activity.
- Device information: device type, operating system version, app version, and anonymous device identifiers used for push notifications and crash reporting.
- Purchase data: records of in-app purchases (processed by Apple or Google via RevenueCat). We never see your full payment card details.
- Log data: IP address, access timestamps, and error logs collected automatically for security and debugging purposes.
2. How We Use Your Data
- To create and manage your account.
- To operate the game: run matches, update the league, process transfers, and deliver push notifications.
- To process in-app purchases and restore entitlements.
- To monitor for bugs, crashes, and abuse.
- To send important service communications (e.g. account security, policy changes). We do not send marketing emails without your consent.
- To analyse aggregate, anonymised gameplay patterns for game balance tuning.
3. Legal Basis (GDPR)
If you are located in the European Economic Area, we process your data on the following legal bases:
- Contract performance: to provide the game service you signed up for.
- Legitimate interests: fraud prevention, abuse detection, and security.
- Legal obligation: where required by applicable law.
- Consent: for optional features such as marketing communications.
4. Third-Party Services
We use the following third-party services, each of which operates under their own privacy policy:
- Firebase Auth (Google): user authentication.
- RevenueCat: in-app purchase management and entitlement tracking.
- Sentry: crash and error reporting.
- Apple Push Notification Service / Firebase Cloud Messaging: delivery of in-game push notifications.
We do not sell your data to any third party.
5. Cookies & Local Storage
The web app stores your authentication token (JWT) in browser localStorage. No tracking cookies, advertising cookies, or third-party analytics cookies are set. We do not use Google Analytics or similar tracking services.
6. Data Retention
We retain your account data for as long as your account is active. If you delete your account, we will erase your personal data within 30 days, except where retention is required by law (e.g. financial records).
7. Your Rights
Under GDPR and similar laws you have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Request deletion ("right to be forgotten").
- Export your data in a portable format.
- Object to or restrict certain processing.
- Withdraw consent at any time (where processing is consent-based).
To exercise any of these rights, email privacy@passnrun.com. Authenticated users may also delete their account by calling DELETE /me via the API.
8. Data Security
We use industry-standard measures to protect your data: TLS in transit, encrypted passwords, and role-based access control on our infrastructure. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.
9. Children
Pass and Run is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, contact us at privacy@passnrun.com and we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or an in-app notice. Continued use of the service after the effective date constitutes acceptance of the updated policy.
11. Contact
For any privacy-related questions or requests, contact us at:
privacy@passnrun.com