Re:Gaia Online

Privacy Policy

Last updated: February 8, 2026

1. Introduction

Welcome to Re:Gaia Online. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services, whether you use the Service as a Player, Merchant, or both.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, display name, and profile information (avatar, selected worldpaper theme)
  • Merchant Information: Business name, unique handle, business description, branch addresses, logo, and banner images
  • Profile Data: Avatar, display name, party membership, and other optional profile details you choose to make public
  • Communications: Messages, party posts, feedback, and support requests you send us
  • Transaction Data: Purchase history for in-app purchases (processed by third-party payment providers — we do not store your payment card details)

2.2 Information Collected Automatically

  • Location Data: GPS coordinates when you use check-in, merchant discovery, visit verification, or marketplace features. Location data is collected only when the app is in active use and you have granted location permissions
  • Device Information: Device type, operating system, unique device identifiers, and push notification tokens
  • Usage Data: Gameplay statistics (level, rank, XP, achievements completed), feature usage, check-in history, quest progress, gacha pull history, marketplace activity, and interaction patterns
  • Log Data: IP address, access times, app activity logs, and error reports

2.3 Information from Third Parties

  • Authentication data from sign-in providers
  • Purchase verification data from Apple App Store and Google Play Store (via RevenueCat)

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Enable location-based gameplay features (check-ins, merchant discovery, nearby marketplace listings)
  • Process in-app purchases and verify entitlements
  • Track gameplay progression (XP, levels, ranks, achievements)
  • Operate the player-to-player marketplace
  • Send push notifications about in-game events (gifts received, quest completions, party activity, marketplace sales)
  • Provide merchants with aggregated and anonymized analytics about customer engagement at their storefronts
  • Communicate with you about updates, changes to the Service, and support
  • Detect, prevent, and address fraud, GPS spoofing, account abuse, and Terms violations
  • Enforce our Terms of Service and protect user safety
  • Comply with legal obligations

4. Merchant Analytics and Player Privacy

Merchants receive analytics about customer interactions with their storefront, including:

  • Total check-ins, visits, quest completions, and coupon redemptions
  • Item distribution and stock levels
  • Branch-level performance data

Important: Merchant analytics are anonymized. Merchants see aggregate counts and activity summaries, not individual player identities. Push notifications sent to merchants about player activity use "A player" rather than the player's name. Merchants cannot access individual player profiles, personal data, or location history through the analytics dashboard.

5. Sharing of Information

5.1 Other Users

Your public profile information (display name, avatar, level, rank, party membership) is visible to other users. Items you list on the marketplace are publicly discoverable. Party posts are visible to party members.

5.2 Service Providers

We share data with third-party service providers who help us operate the Service:

  • Supabase: Database hosting, authentication, and backend infrastructure
  • Cloudflare: Image storage and content delivery (R2 CDN)
  • RevenueCat: In-app purchase processing and entitlement management
  • Expo: Push notification delivery (via Apple APNs and Google FCM)
  • Resend: Transactional email delivery

These providers process data only on our behalf and are contractually obligated to protect your information.

5.3 Legal Requirements

When required by law, legal process, or to protect our rights, property, or safety, or that of our users.

5.4 Business Transfers

In connection with a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

6. Location Data

Given the location-based nature of the Service, we want to be transparent about how we handle location data:

  • When collected: Location data is collected only when you actively use location features (check-in, merchant discovery, visit verification, marketplace browsing). We do not track your location in the background
  • Precision: We collect GPS coordinates sufficient for check-in verification (typically within 100-500 meters of a merchant location)
  • Storage: Check-in and visit location data is stored as part of your activity history
  • Control: You can disable location permissions at any time through your device settings. This will limit certain gameplay features (check-ins, nearby merchant discovery) but the app will remain functional for other features

7. Push Notifications

The Service sends push notifications for in-game events. You can control notifications through:

  • Your device's notification settings (disable entirely)
  • In-app notification preferences (control which event types trigger notifications)

We use Expo Push API to deliver notifications via Apple APNs (iOS) and Google FCM (Android). Your push notification token is stored to enable delivery.

8. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Specifically:

  • Account data: Retained while your account is active
  • Gameplay data: Retained while your account is active (progression, inventory, achievements)
  • Transaction records: Retained as required for financial and legal compliance
  • Activity logs: Retained for a limited period for security and fraud prevention

You may request deletion of your account and associated data at any time. Upon account deletion, we will remove your personal data within a reasonable timeframe, except where retention is required by law. Note that items you have traded or gifted to other players will remain in those players' inventories.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Row-Level Security (RLS) policies on all database tables to prevent unauthorized data access
  • Encrypted data transmission (HTTPS/TLS)
  • Secure authentication via magic link (passwordless) login
  • Branch device session management with lockout protections

However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

10. Your Rights and Choices

Depending on your location, you may have the right to:

  • Access, correct, or delete your personal data
  • Object to or restrict processing of your data
  • Data portability (receive your data in a structured, machine-readable format)
  • Withdraw consent at any time
  • Opt-out of push notifications
  • Disable location services (note: this will limit certain gameplay features)

10.1 For Users in the European Economic Area (EEA)

If you are in the EEA, we process your data under the following legal bases: contract performance (providing the Service), legitimate interest (security, fraud prevention, analytics), and consent (location data, push notifications). You have rights under the GDPR including the right to lodge a complaint with your local data protection authority.

10.2 For Users in California

California residents have additional rights under the CCPA/CPRA, including the right to know what personal information is collected, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell your personal information.

10.3 For Users in Brazil

Brazilian users have rights under the LGPD, including confirmation of data processing, access to data, correction, anonymization, portability, and deletion.

10.4 Exercising Your Rights

To exercise any of these rights, please contact us at support@regaiaonline.com. We will respond within the timeframe required by applicable law.

11. Children's Privacy

The Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us immediately at support@regaiaonline.com and we will take steps to delete such information.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States, where our service providers operate. We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses where required by law.

13. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal data.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes through the app, by email, or via push notification. Your continued use of the Service after changes constitutes acceptance of the updated policy. The "last updated" date at the top of this page indicates when the policy was most recently revised.

15. Contact Us

If you have questions about this Privacy Policy, your personal data, or wish to exercise your rights, please contact us: