Privacy Policy

Last updated: 7 June 2026

This policy explains how CodeMonsters ("we", "us", "our") collects, uses, and protects your personal data in accordance with UK GDPR and the Data Protection Act 2018. If you access the service from outside the UK, your use is still governed by this policy under UK data protection law.

1. Who we are

CodeMonsters is an iOS app operated as a sole trader in England and Wales. For privacy or data protection queries, contact us at support@codemonsters.app.

2. Data we collect

Account data: email address, username, and a hashed password when you sign up.
Game data: the barcodes you scan, the monsters generated for you, your collection, battle history, and in-game currency balances.
Purchase data: in-app purchases are processed by Apple. We receive a transaction record (purchase identifier, product, timestamp) but not your card details.
Camera input: the camera is used solely to decode barcodes on-device. We do not store photos or video — only the resulting barcode string is sent to our servers.
Technical data: server logs may record your IP address and request timestamps for security and debugging.

3. How we use your data

To provide your account, generate monsters, and run battles (contractual necessity).
To process in-app purchases and apply them to your account (contractual necessity).
To send transactional emails such as verification and password reset (legitimate interest).
To maintain the security, integrity, and reliability of the service (legitimate interest).

We do not sell your data, share it with advertisers, or use third-party analytics or tracking.

4. Third-party processors

Supabase — authentication, database, and image storage. Privacy policy.
Google (Gemini API) — AI generation of monster artwork from barcode strings. Inputs are barcode strings and prompts, not your personal data. Privacy policy.
Apple — App Store distribution and in-app purchases. Privacy policy.
Resend — transactional email delivery. Privacy policy.

5. International transfers

Some of our processors operate servers outside the UK, including in the US and EU. Where personal data is transferred outside the UK, we rely on appropriate safeguards such as the UK International Data Transfer Addendum or Standard Contractual Clauses.

6. Data retention

We retain your account and game data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where we are required to retain it for legal or financial compliance (for example, payment records held for up to 6 years under UK tax law).

7. Account deletion

You can delete your account at any time from within the app: Settings → Account → Delete Account. Deletion is permanent. You may also email support@codemonsters.app from your registered address to request deletion; we will confirm completion within 30 days.

8. Your rights

Under UK GDPR you have the right to:

Access the personal data we hold about you.
Correct inaccurate data.
Request erasure of your data ("right to be forgotten").
Object to or restrict processing in certain circumstances.
Receive your data in a machine-readable format (data portability).

To exercise any of these rights, email support@codemonsters.app. We will respond within 30 days. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

9. Children

CodeMonsters is not intended for children under 13. If you are between 13 and 17 you should only use the app with permission from a parent or guardian. If you believe a child under 13 has provided us with personal data, please contact us and we will delete it.

10. Cookies and tracking

The CodeMonsters website does not use tracking, analytics, or advertising cookies. The iOS app does not use third-party analytics or advertising SDKs.

11. Security

Passwords are stored as salted hashes by our authentication provider. All data in transit is encrypted via HTTPS. We take reasonable technical and organisational measures to protect your data but cannot guarantee absolute security.

12. Changes to this policy

We may update this policy from time to time. We will notify you by email or in-app notice of material changes. Continued use of the service after notification constitutes acceptance.

Contact

support@codemonsters.app

CODEMONSTERS