Privacy Policy

Last updated: 2026-06-06

This Privacy Policy describes how Haishoku (“we,” “us,” “the app”), operated by Back Room Strategies Ltd, handles information when you use the app.

TL;DR:The camera reads color in real time and frames are never stored or transmitted. The free tier shows ads served by Google AdMob; those ads are between you and Google. The Haishoku+ subscription is processed by your platform’s store — Google Play Billing on Android, Apple’s App Store on iOS; we never see your payment information. Update in v1.1.0:Haishoku+ subscriptions are now verified through Project Flânerie, our cross-app identity layer — subscribing requires signing in with Google so the subscription can be tied to an account that follows you across devices. The same sign-in also syncs your match history. Free-tier users keep working entirely on-device.

What we collect on our side (when you have NOT signed in)

Nothing. If you have not signed in to Haishoku, we do not run anything on your behalf, we do not have a record that you exist, and we do not log, analyze, or transmit anything about how you use the app.

The camera is used to read color in real time. Sampling happens on your device, frame by frame. We do not save the camera frames anywhere. No photo or video is taken, written to your photo library, or transmitted off the device. This is true whether you sign in or not — your camera frames never leave the device under any circumstance.

Your match history, your color-vision preference, your sound and notification preferences, your Haishoku+ entitlement state, and any other app data are stored on your device using the operating system’s standard local app storage. That storage is local to your device and is never sent to us unless you choose to sign in (see below).

What Project Flânerie collects (signed-in Haishoku+ subscribers only)

Sign-in is required to subscribe to Haishoku+ (v1.1.0+). It is still optional for free-tier users. Signing in happens when you start a Haishoku+ subscription, or earlier if you tap “Sign in with Google” in Settings or on the welcome screen.

If you do sign in, three things start happening:

Google Sign-In runs once to identify you. Google returns a basic-profile token to us containing:
- Your Google account email address.
- Your Google account display name (if you have one set).
- A stable Google user identifier.
Project Flânerie (our cross-app identity layer, hosted on Supabase) creates an account for you keyed on that Google identifier, and from that point on your match history is mirrored to that account. Specifically, for each color you match, we store:
- Your Flânerie account identifier (a UUID, not your Google identifier directly).
- The puzzle date and the position of the target you matched (1st, 2nd, or 3rd).
- The color you matched (hex code).
- The internal color-science representation (Lab coordinates, ΔE distance, tier).
- The cohort setting you had selected when you played that day.
- Timestamps for when the match was created and last updated.
Subscription verification (Haishoku+ subscribers, v1.1.0+). When you subscribe to Haishoku+, the subscription is verified server-side against Google Play (Android) or the App Store (iOS) and recorded in Flânerie so we can keep your Haishoku+ active across devices and respond correctly to renewals, cancellations, and refunds. For each subscription, we store:
- Your Flânerie account identifier.
- Which platform the subscription is on (Android or iOS) and which product you bought (haishoku_plus_monthly or haishoku_plus_yearly).
- The opaque purchase token Google or Apple assigned to this subscription.
- The subscription’s current state (active, in grace period, on hold, paused, cancelled, expired, revoked), its expiry date, and whether it’s set to auto-renew.
- Timestamps for when the subscription was first verified and last updated.
We do notreceive your payment method or any other payment information. Google Play Billing / Apple’s App Store handles all of that.

That’s it. We do not store the camera frames; we do not store any other data about your device, location, behavior outside the matching mechanic, or anything else.

Where it lives.Flânerie runs on Supabase’s US-West region (California). Supabase is a third-party data processor; their handling is governed by Supabase’s Privacy Policy.

Who can see it.Only you. The Flânerie database uses row-level security — every row is keyed on your account identifier, and the database is configured to refuse any read or write that doesn’t match the signed-in user’s identifier. We (Back Room Strategies) have administrative access to the database infrastructure for operational purposes (debugging, schema migrations) but do not access individual users’ rows as a matter of course, and we will never aggregate, share, or sell match data.

Retention. Your match history persists in Flânerie as long as you have a Flânerie account. You can sign out at any time from Settings, which stops the sync but leaves your existing data in place. You can request full account deletion (including all your match history) by emailing seth@backroomstrategies.com from the address you signed in with; we’ll process the request within 30 days.

Why we offer it.Two reasons. First, so a Haishoku+ subscriber who gets a new phone doesn’t lose their match history. Second, because Flânerie is designed to eventually be a shared identity layer for our other apps (Umwelt, Urban Gallery), so a single sign-in carries your data across products in the same family.

What Google’s services collect (free tier ads)

The free tier shows ads served by Google AdMob, a Google service. When AdMob serves an ad in the app, Google may collect:

Your platform advertising identifier — on Android, the Android Advertising ID (AAID); on iOS, the Identifier for Advertisers (IDFA). Both are resettable per-device identifiers you can reset or limit in your phone’s settings. On iOS, the IDFA is only available to AdMob if you grant App Tracking Transparency permission; if you decline, AdMob proceeds without it.
Approximate location (typically inferred from IP), device type, app version, and network state.
Aggregate ad-interaction data (whether an ad was viewed or tapped).

We have configured AdMob to request non-personalized ads only, which limits how the AAID / IDFA is used for ad targeting.

We do not receive any of this data — it flows directly between your device and Google. Google’s handling of this data is governed by Google’s own policies, primarily Google’s Privacy Policy and How Google uses information from sites or apps that use our services.

If you subscribe to Haishoku+, ads are disabled and AdMob is not invoked.

What the store collects (Haishoku+ subscription)

If you choose to subscribe to Haishoku+, the purchase is processed by your platform’s store — Google Play Billing on Android, Apple’s App Store on iOS. The store handles:

The payment itself (your store account, your payment method).
The subscription record (which product you bought, when it renews, whether it’s active).
Subscription management (cancelation, refund requests) — handled in the Google Play Store or Apple’s Settings, not in Haishoku.

We receive only a yes/no entitlement signal locally on your device. We do not see your payment information, your Google or Apple account email (unless you separately sign in via the optional Flânerie flow above), or any other purchase detail through this channel.

Google’s handling of this data is governed by Google’s Privacy Policy; Apple’s is governed by Apple’s Privacy Policy.

Permissions the app requests

Camera. Required for the core feature (sampling colors from the world in real time). Frames are processed on-device and immediately discarded; nothing is recorded.
Notifications (optional, only if you opt in). Used to send a daily reminder when a new puzzle is available. Notifications are scheduled and delivered locally by your device.
Network access. Required to serve ads in the free tier, to process Haishoku+ subscription purchases, and — if you sign in (required to subscribe to Haishoku+, optional for free-tier users who want match-history sync) — to verify your subscription and sync your match history through Project Flânerie. Not used for any other purpose by us.

You can decline the camera or notification permission and continue using the app accordingly. The free tier works without ever signing in; sign-in is required only to subscribe to Haishoku+ or to opt into match-history sync.

What we do not do

We do not collect personal information from users who have not signed in.
We do not require an account or sign-in. Sign-in is opt-in for Haishoku+ subscribers.
We do not track your location.
We do not access your photo library, microphone, contacts, or calendar.
We do not store the camera frames you point at the world — they never leave the device, signed in or not.
We do not include third-party analytics SDKs or tracking SDKs beyond what AdMob, the platform store (Play Billing on Android, StoreKit on iOS), and (for signed-in users) Supabase require.
We do not sell data of any kind.

Crash reports

We do not collect crash reports at this time. If we add crash reporting in a future version, we will update this policy and disclose the specific data collected before that version ships.

Children

Haishoku is suitable for general audiences and is not directed at any specific age group. AdMob is configured for non-personalized ads, which limits behavioral targeting. The Flânerie sign-in flow uses Google Sign-In, which has its own age requirements (Google generally requires users to be 13 or older to have a Google account, depending on country). We do not knowingly collect any personal information from anyone under 13.

Changes

If we change this policy in any material way, we will update the “Last updated” date and disclose the change in the app before the updated version ships.

Contact

Questions, requests, or concerns? Email seth@backroomstrategies.com.

For account-deletion requests (signed-in Haishoku+ users), email from the address you signed in with so we can verify ownership.

Jurisdiction

Back Room Strategies Ltd is based in Colorado, United States. This policy is governed by Colorado law.