The Lost Artefacts App Privacy Policy

The Lost Artefacts

The terms by which we guard your information, set down in good faith.

Last Updated  ·  20 April 2026  ·  Effective  ·  20 April 2026

1. Introduction

This Privacy Policy explains how Johnathon Nicolaou (“we”, “us” or “our”) collects, uses, discloses, stores and protects personal information in connection with the mobile application The Lost Artefacts (the “App”) and any related services we provide.

We are committed to protecting your privacy and handling your personal information in accordance with:

  • the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs);
  • the EU General Data Protection Regulation (GDPR) and the UK GDPR, where applicable;
  • the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), where applicable; and
  • Apple’s App Store Review Guidelines and App Privacy requirements.

By downloading, accessing or using the App you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this Policy, please do not use the App.

2. Who we are

The App is published and operated by:

  • Name: Johnathon Nicolaou (operating as a sole trader)
  • Jurisdiction: New South Wales, Australia
  • Contact email for privacy matters: thelostartefacts@gmail.com

For the purposes of the GDPR, we are the “data controller” of personal information we collect through the App.

✦ ✦ ✦

3. Scope of this Policy

This Policy applies to personal information we collect:

  • when you download and install the App from the Apple App Store;
  • when you create an account, sign in, or use any account-related feature within the App;
  • when you play the App as a guest (without signing in);
  • when you make an in-app purchase;
  • when you contact us for support, enquiries or to exercise your privacy rights; and
  • when you visit any website operated by us that links to this Policy.

This Policy does not apply to the collection, use or disclosure of information by Apple Inc. in connection with the App Store, by Google LLC in connection with the Firebase platform we use, or by any third-party website or service that the App may link to. Those parties are governed by their own privacy policies.

4. Information we collect

The type of information we collect depends on how you use the App. We collect only what we reasonably need for the purposes described in this Policy.

4.1 Information you provide directly

  • Account registration information: when you choose to create an account, we collect your email address, a password, and a username of your choice (between 3 and 16 characters). Your password is encrypted and hashed by our authentication provider (Firebase Authentication by Google); we never see or store your password in plain text.
  • Account updates: if you change your username or request a password reset, we process the information necessary to action those requests.
  • Support correspondence: if you email us or otherwise contact us, we collect the contents of your message, your email address, and any other information you choose to provide.

4.2 Information generated by your use of the App

Gameplay progress is stored locally on your device at all times. If you are signed in to an account, we also synchronise that progress to the cloud so you can use it across your devices. The synchronised information includes:

  • your in-game character collection, move collection and deck configurations;
  • your in-game virtual currency balance (“Titum”) and the timestamp of the last update to that balance;
  • your story mode, mission, “Energy Mining” and “War Defence” progress and the teams you assigned to each;
  • tutorial and onboarding completion flags;
  • sort and display preferences you set within the App; and
  • a monotonically increasing version counter used to prevent outdated data from overwriting newer data.
If you play in guest mode (without signing in), this information is stored only on your device and is not transmitted to our servers.

4.3 Technical information

When you use the App, certain technical information is generated automatically by the operating system and by our service providers. This may include:

  • the unique identifier (UID) assigned to your account by our authentication provider;
  • the creation date and last sign-in date of your account;
  • device information transmitted by the App or its service providers for the purpose of delivering the service (for example, connection metadata required to communicate with Firebase); and
  • the approximate date and time of events such as logins, data syncs and pending-write flushes.

4.4 Information we do not collect

For the avoidance of doubt, the App does not:

  • collect or process location data;
  • access your camera, photo library, microphone, contacts or calendars;
  • run advertising software development kits or collect data for advertising purposes;
  • run third-party analytics or behavioural-tracking software — Google Analytics for Firebase is explicitly disabled in our configuration; or
  • collect biometric information.

4.5 In-app purchases

In-app purchases of virtual currency (“Titum”) are processed entirely by Apple through the App Store using Apple’s StoreKit 2 framework. When you make a purchase:

  • We receive a verified product identifier and transaction receipt from Apple to confirm the purchase is legitimate and to grant you the corresponding virtual currency.
  • We do not receive your credit card number, billing address, Apple ID password or any other payment credentials. These are handled by Apple.
  • Apple’s handling of your payment information is governed by the Apple Privacy Policy.

4.6 Push notifications

With your permission, the App may schedule local push notifications to let you know when an in-game mission has finished (for example, “Your Champion has completed their mission”). These notifications are generated and stored on your device; they are not delivered via a server we control and do not transmit personal information back to us. You can disable notifications at any time in your device’s Settings app.

5. How we collect your information

We collect personal information in the following ways:

  • Directly from you when you register, sign in, update your profile, make a purchase or contact us.
  • Automatically through the App and its supporting infrastructure (Firebase Authentication and Cloud Firestore) as you play and as your device synchronises gameplay data.
  • From Apple in the form of anonymised, aggregated App Store reporting (for example, download statistics) that does not identify you individually.
✦ ✦ ✦

6. Why we collect and use your information

We collect, use and disclose personal information for the following primary purposes:

  • Providing the App: creating and authenticating your account, synchronising your gameplay progress across your devices, restoring your progress if you reinstall the App, and delivering the game experience.
  • Processing purchases: granting you the in-game currency you purchase and verifying transactions with Apple.
  • Customer support: responding to your enquiries, troubleshooting issues and communicating with you about your account.
  • Security and integrity: protecting the App, our users and our systems from fraud, abuse, unauthorised access and other misuse; maintaining the integrity of competitive gameplay; and enforcing our Terms of Service.
  • Legal and regulatory compliance: meeting our obligations under applicable laws, responding to lawful requests from public authorities and protecting our legal rights.
  • Service improvement: diagnosing technical issues and improving the reliability and performance of the App.

6.1 Legal bases for processing (GDPR / UK GDPR users)

If the GDPR or the UK GDPR applies to you, we rely on the following legal bases:

  • Performance of a contract — processing necessary to provide the App to you under our Terms of Service (for example, authenticating your sign-in and syncing your progress).
  • Legitimate interests — preventing fraud, securing the App, maintaining service integrity and responding to support requests. We have balanced these interests against your rights and freedoms.
  • Legal obligation — where we are required to retain or disclose information by law.
  • Consent — where required (for example, where you have given your consent to receive device-level push notifications). You may withdraw your consent at any time.

7. Disclosure of your personal information

We do not sell your personal information.

We disclose personal information only in the limited circumstances set out below.

7.1 Service providers

We share personal information with carefully selected service providers who help us operate the App. These providers act on our written instructions and are contractually bound to protect your information. They include:

  • Google LLC / Google Ireland Limited (Firebase) — provides authentication (Firebase Authentication) and cloud database (Cloud Firestore) services that underpin sign-in and cross-device progress synchronisation. Firebase is governed by the Firebase Privacy and Security documentation and Google’s Privacy Policy.
  • Apple Inc. — distributes the App through the App Store and processes in-app purchases through StoreKit. Apple’s handling of your information is governed by its own privacy policy.
  • Professional advisers — such as legal, accounting or compliance advisers, strictly on a need-to-know basis and under duties of confidentiality.

7.2 Legal, safety and enforcement

We may disclose personal information where we reasonably believe disclosure is necessary to:

  • comply with applicable law, a court order, subpoena, regulatory demand or other lawful request;
  • enforce our Terms of Service or other agreements;
  • detect, investigate, prevent or respond to fraud, abuse, security incidents or technical issues; or
  • protect the rights, property or safety of us, our users or the public.

7.3 Business transfers

If we are involved in a corporate transaction such as a merger, acquisition, reorganisation, sale of assets or insolvency, personal information may be transferred as part of that transaction. We will take reasonable steps to ensure the recipient continues to protect your information in a manner consistent with this Policy, and we will notify you in accordance with applicable law.

8. International data transfers

Because we use Firebase, which is operated by Google, your personal information may be stored and processed on servers located outside Australia, including in the United States, the European Union and other jurisdictions where Google operates data centres. We endeavour to host user data in the australia-southeast1 Google Cloud region where practicable; however, Google may replicate or process data across other regions in accordance with its standard practices.

Where personal information is transferred outside Australia, we take reasonable steps to ensure the recipient handles the information in a manner consistent with the APPs. Where personal information is transferred outside the European Economic Area or the United Kingdom, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission or the UK International Data Transfer Agreement.

✦ ✦ ✦

9. Storage, security and retention

9.1 Security measures

We take reasonable technical and organisational measures to protect your personal information against loss, misuse, unauthorised access, modification and disclosure. These measures include:

  • encryption of data in transit between the App and our cloud infrastructure (TLS);
  • encryption of data at rest on Google Cloud infrastructure;
  • password hashing performed by Firebase Authentication (we do not store plain-text passwords);
  • Firestore security rules that restrict access to each user’s data to that authenticated user only;
  • restricted administrative access to systems containing personal information on a need-to-know basis; and
  • logging and monitoring of administrative activity.

Despite our efforts, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security, and you use the App at your own risk.

9.2 Retention

We retain personal information for as long as it is reasonably necessary to fulfil the purposes described in this Policy, including:

  • while your account is active;
  • for a reasonable period after account closure to allow for account recovery, to resolve disputes, to enforce our agreements and to comply with our legal obligations; and
  • for any longer period required by applicable law.

When we no longer need personal information, we will take reasonable steps to destroy or de-identify it in accordance with APP 11.2.

10. Your rights and choices

Subject to applicable law, you have the following rights in relation to your personal information. To exercise any of these rights, please contact us at thelostartefacts@gmail.com. We may need to verify your identity before actioning your request.

10.1 Rights available to all users

  • Access: request a copy of the personal information we hold about you.
  • Correction: ask us to correct information that is inaccurate, incomplete or out of date. You can update your username directly within the App via the Settings screen.
  • Deletion: ask us to delete your account and the personal information associated with it. Once deleted, your progress cannot be recovered.
  • Complaints: make a complaint about how we have handled your personal information (see section 15 below).

10.2 Additional rights for EEA, UK and Swiss residents

Where the GDPR or the UK GDPR applies, you also have the right to:

  • restrict our processing of your personal information;
  • object to our processing where we rely on legitimate interests;
  • receive your personal information in a structured, commonly used and machine-readable format (data portability); and
  • withdraw any consent you have given, without affecting the lawfulness of processing already carried out.

10.3 Additional rights for California residents

If you are a California resident, the CCPA and CPRA give you the right to:

  • know the categories and specific pieces of personal information we have collected about you;
  • request deletion of your personal information, subject to certain exceptions;
  • correct inaccurate personal information; and
  • not be discriminated against for exercising your rights.

We do not sell or share personal information as those terms are defined under the CCPA.

10.4 In-app controls

You can also manage your information through the App itself:

  • update your username in the Settings > Account Details screen;
  • reset your password via the Forgot Password flow;
  • sign out of your account at any time; and
  • play as a guest, in which case no personal information is transmitted to our servers (gameplay progress is stored only on your device).
✦ ✦ ✦

11. Children’s privacy

The App is not directed to, and we do not knowingly collect personal information from, children under the age of 13 (or the equivalent minimum age in the jurisdiction in which the user resides, for example 16 in parts of the European Economic Area). The App’s content includes fantasy violence and may not be suitable for young children; we recommend an age rating consistent with Apple’s classification for the App Store listing.

If you are a parent or guardian and believe that your child has provided personal information to us without your consent, please contact us at thelostartefacts@gmail.com and we will take prompt steps to delete the information.

12. Apple App Store “Privacy Labels”

Apple requires all iOS app developers to disclose their data practices on the App Store listing. The App’s App Store privacy disclosures correspond to this Policy. Where there is any apparent inconsistency, this Policy governs.

13. Cookies and similar technologies

The App is a native iOS application and does not use browser cookies. Our service providers (such as Firebase) may use local identifiers, tokens and cached data on your device to authenticate you and to deliver the service. We do not use cookies or similar technologies for advertising or cross-site tracking.

If we operate a website that links to this Policy, that website may use cookies. Details will be provided in a separate cookie notice on the website where applicable.

14. Links to third-party sites

The App or our communications may contain links to third-party websites or services (for example, links to Apple, Google or support resources). We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing any personal information to them.

15. Complaints

If you have a concern about how we have handled your personal information, please contact us first at thelostartefacts@gmail.com. We will investigate and respond to you within a reasonable timeframe (and in any event within 30 days of receipt where required by the APPs).

If you are not satisfied with our response, you may lodge a complaint with the relevant privacy regulator:

  • Australia: Office of the Australian Information Commissioner (OAIC) — www.oaic.gov.au
  • European Economic Area: your local data protection supervisory authority
  • United Kingdom: Information Commissioner’s Office (ICO) — ico.org.uk
  • California: California Privacy Protection Agency — cppa.ca.gov

16. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our practices, our service providers or the law. When we make material changes, we will update the “Last updated” date at the top of this Policy and, where appropriate, provide additional notice through the App or by email. Your continued use of the App after the updated Policy takes effect constitutes your acceptance of the revised terms.

17. Contact us

If you have any questions, requests or concerns regarding this Privacy Policy or our handling of your personal information, please contact us at:

━━━Governed by the laws of New South Wales, Australia━━━

Website Powered by WordPress.com.

Up ↑