Privacy Policy — The Merchant's Bag

1. Who we are

This Privacy Policy describes how Stars Encoding (CNPJ 46.609.057/0001-93), the data controller, processes personal data when you use The Merchant's Bag mobile app, website (merchantsbag.com), and related services (collectively, the "Service").

Contact:
admin@merchantsbag.com · support@merchantsbag.com

2. Scope

This policy applies to the Service as it exists today. Some features described on our website (such as paid subscriptions, AI-assisted content generation, or push notifications) may be added in the future. When they are, we will update this policy before or when they become available.

3. Data we collect

3.1 Account and identity data

When you create or use an account, we may collect:

Email address (email/password, Google, or Apple sign-in)
Display name (optional; you may set or edit it in the app)
Authentication provider type (anonymous guest, email, Google, or Apple)
Firebase user identifier (UID)
Account creation and last login timestamps

You may use the Service as an anonymous guest. Guest accounts receive a temporary identifier and a default display name. You may later link a guest session to a registered account.

3.2 Device and session data

On login and during use, we may collect:

Device platform (Android, iOS, or web)
Operating system version
Device model or name
App version
Language/locale and timezone preferences

3.3 Approximate location

We do not access your device's GPS. When you sign in, our servers may derive an approximate location (city, region, country, and coarse coordinates) from your IP address using a geolocation database. This helps us understand usage patterns and improve security.

3.4 Content you create in the app

Depending on how you use the Service, we may store:

Campaign names, rules system, and descriptions
City and shop information (names, notes, economy settings)
Player display names at the table
Inventory items, quantities, weights, and wallet balances
Custom items and personal item library entries
Character sheet fields you enter
Campaign history and transaction notes
Invite codes and campaign membership records

Within a campaign, inventory and certain game data are visible to other members of that table. The Game Master (campaign owner) can see member data relevant to running the session.

3.5 Local storage on your device

The app stores data locally for offline use, including:

Cached campaign and inventory data (SQLite via WatermelonDB)
Authentication session tokens (AsyncStorage)
App preferences such as language and theme
Pending campaign invite codes

On our invite web page (/join), your browser may store a pending invite code in localStorage so you can return after installing the app.

3.6 What we do not collect today

We do not currently collect or use:

Precise GPS location
Photos, contacts, calendar, or microphone data
Payment card or banking details (no in-app billing is active)
Advertising identifiers or behavioral analytics profiles
Push notification tokens

4. How we use your data

We use personal data to:

Provide, operate, and maintain the Service
Authenticate you and secure API requests (including Firebase App Check)
Sync your data between your device and cloud storage (registered accounts)
Enable campaign collaboration (invites, membership, shared inventory)
Enforce plan limits (free vs. Premium item library quotas)
Respond to support requests and protect against abuse
Comply with legal obligations

Under Brazil's Lei Geral de Proteção de Dados (LGPD), our legal bases include: performance of a contract (providing the Service you requested), legitimate interests (security, fraud prevention, product improvement), and consent where required (for example, optional sign-in methods you choose).

5. How we share data

5.1 Within your campaign

Data you add to a campaign may be visible to other players and the Game Master in that campaign, as designed for tabletop play.

5.2 Service providers (processors)

We use third-party services to run the Service, including:

Google Firebase — authentication, cloud database (Firestore), server functions, and web hosting
Google Sign-In — optional account sign-in on Android, iOS, and web
Apple Sign-In — optional account sign-in on iOS and web
Google Play Integrity / Apple App Attest — app integrity checks via Firebase App Check
geoip-lite — IP-to-location lookup on our servers
Google Play Store — app distribution (Android)

These providers process data on our behalf under their own terms and privacy policies. Firebase/Google Cloud infrastructure may store or process data outside Brazil.

5.3 What we do not do

We do not sell your personal data. We do not share your data with advertisers. We do not send your in-app text to third-party AI/LLM providers today.

5.4 Legal requirements

We may disclose data if required by law, court order, or government request, or to protect the rights, safety, and security of users and the Service.

6. International transfers

Your data may be processed on servers operated by Google and other providers in countries other than Brazil, including the United States. Where required, we rely on appropriate safeguards permitted under applicable law for such transfers.

7. Retention

We retain personal data for as long as your account is active and as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Campaign and user content remains stored until you or the campaign owner deletes it or requests deletion. Server logs containing operational identifiers (such as user IDs) are kept for a limited period for security and troubleshooting.

8. Security

We use industry-standard measures including encrypted connections (HTTPS/TLS), Firebase security rules, authenticated API access, and App Check attestation. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

9. Your rights under LGPD

If you are in Brazil, you have rights under LGPD, including to:

Confirm whether we process your data
Access your data
Correct incomplete, inaccurate, or outdated data
Anonymize, block, or delete unnecessary or unlawfully processed data
Port your data to another service, where applicable
Withdraw consent where processing is based on consent
Obtain information about entities with whom we have shared data
Revoke consent and request deletion, subject to legal retention needs

To exercise these rights, contact support@merchantsbag.com. We will respond within the timeframes required by law.

Account deletion: There is no in-app delete-account button today. To request deletion of your account and associated cloud data, email support@merchantsbag.com from the address linked to your account. Signing out of the app removes local data from your device.

You may also file a complaint with Brazil's National Data Protection Authority (ANPD).

10. Children

The Service is not directed at children under 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will take steps to delete it.

11. Analytics, ads, and notifications

We do not use third-party advertising networks or behavioral analytics SDKs in the app today. We do not send push notifications today. Server logs may record operational events (such as sync activity and login events) for reliability and security.

12. Planned features

Our website and app may describe future Premium features, including AI-assisted shop and item generation, paid subscriptions, and PDF export. These features are not active in the current release. If we introduce them, we will update this Privacy Policy to describe any new data collection (for example, sending campaign descriptions to an AI provider, or payment data handled by app stores).

13. Changes to this policy

We may update this Privacy Policy from time to time. We will post the revised version on this page and update the "Last updated" date. For material changes, we may provide additional notice in the app or by email where appropriate.