Privacy Policy
Wars of Ozz
Privacy Policy — Wars of Ozz Army Builder
Effective date: June 9, 2026 Last updated: June 9, 2026
Wars of Ozz Army Builder ("the App") is a companion army-building application for the Wars of Ozz miniature wargame. It is published by Tinkavu LLC / Extra Turn Games ("we", "us", "our"). This policy explains what data the App touches, where it lives, and how you can control or remove it.
This App is not affiliated with, endorsed by, or sponsored by the publisher of the Wars of Ozz game. All game trademarks and content referenced in the App belong to their respective owners.
The short version. We hold no personal data on our own servers. The only personal data involved is your Google account identity and your army-list backup files — both of which live entirely within your own Google Drive account under your control. You can delete everything by wiping army files in-app and revoking the App's Drive access at myaccount.google.com/permissions.
Data We Collect
Data You Provide Directly
The App has no registration or account system. No personal data is required to use the core army-builder.
Optional — Google Sign-In for Drive Backup:
If you choose to enable cloud backup (Settings → Connect Google Drive), you grant the App OAuth access to your Google account with the drive.appdata scope. In that case:
- Your Google account email address is displayed in-App to confirm which account is linked. It is held only in local app memory and device storage (via AsyncStorage); it is never transmitted to or stored on our servers.
- An OAuth access token (and its silent-refresh state) is managed locally on your device by the Google Sign-In SDK. We never see or store your Google password.
Army lists:
Your army compositions (faction, unit choices, army name) are stored locally on your device using WatermelonDB (SQLite). If you enable backup, one JSON file per army is written to your Google Drive appDataFolder — a hidden app-only space not visible in your regular Drive view. Army data never passes through our servers.
Local file export/import: Settings also offers an Export to File / Import from File feature. This writes a JSON snapshot to your device's cache directory and shares it via the OS share sheet. No data leaves your device in this flow beyond what you choose to do with the shared file.
Sign in with Apple (iOS, optional): On iOS, a "Sign in with Apple" button is presented alongside the Google option to comply with App Store guidelines. As of this writing, Apple authentication is scaffolded but not connected to any backup or data store — authenticating with Apple links a credential in the App UI only; no data is sent to any backend and no army files are written on Apple's infrastructure. This section will be updated if Apple-backed backup is activated in a future release.
Data Collected Automatically
| Data | How it's used | Leaves your device? |
|---|---|---|
| Firebase Firestore reads — faction, unit, and rules data | Populate the army builder with current game data | Anonymous, read-only; no PII sent |
| Network state (Wi-Fi vs. cellular) | Determine whether to run a cloud sync (optional "Wi-Fi only" preference) | No |
| WatermelonDB local IDs | Used as appProperties.localId in Drive file metadata so the App can update the right file | Sent to Drive API as metadata; not a user identifier |
Data We Explicitly Do NOT Collect
- No analytics SDKs, session recording, crash reporters, or telemetry.
- No advertising identifiers (GAID/IDFA) — the App shows no ads.
- No location data.
- No camera, microphone, contacts, calendar, biometrics, photos, or SMS data.
- No user accounts, email addresses, or profiles on our servers.
- No Firebase Authentication — end users are not authenticated to Firebase. Firestore reads are anonymous.
Per-processor data table:
| Processor | Purpose | What they receive |
|---|---|---|
| Google Firebase Firestore | Source of game data (factions, units, rules) | Anonymous read requests; no PII |
Google Sign-In SDK (@react-native-google-signin/google-signin) | Optional OAuth for Drive backup | Standard OAuth flow; token managed locally |
Google Drive API (drive.appdata scope) | Store army-list JSON files in user's own Drive | Army list files written to user's appDataFolder; metadata fields: localId, armyName, factionId, updatedAt, schemaVersion |
How We Use Your Data
- Display and manage your army lists within the App.
- If backup is enabled, sync army lists to and from your own Google Drive
appDataFolder. - Read current game data (factions, units, rules) from Firestore to keep the App up to date.
We do not sell, rent, or share your data for commercial purposes, advertising, or any purpose not described in this policy.
Third-Party Services and Sharing
We use only the services listed in the table in [#data] above. Each operates under its own privacy policy:
| Service | Privacy policy |
|---|---|
| Google (Firebase, Sign-In, Drive) | policies.google.com/privacy |
| Apple (Sign In with Apple, App Store distribution) | apple.com/legal/privacy |
We do not share data with any other third parties. We do not sell personal data.
Where Your Data Lives and Storage
| Data | Location | Controlled by |
|---|---|---|
| Army lists (local) | Your device — SQLite via WatermelonDB | You |
| Army lists (backup) | Your Google Drive appDataFolder | You |
| Google sign-in state / email | Your device — AsyncStorage | You |
| Game data (factions, units, rules) | Tinkavu LLC's Google Firebase Firestore (read-only by the App) | Tinkavu LLC |
| Personal data on Tinkavu LLC's servers | None | N/A |
Because Tinkavu LLC holds no end-user personal data server-side, the data-residency and cross-border-transfer provisions that typically apply to a data controller's infrastructure do not apply to user data for this App. All personal data (Google identity + army backups) is resident in the user's own Google Drive account, subject to Google's own data-storage terms and the user's Google account settings.
Security
Army files stored in your Google Drive appDataFolder are protected by Google's standard Drive security: TLS in transit and Google-managed encryption at rest. The appDataFolder space is accessible only to apps you have explicitly authorized — it is not visible to or accessible by other apps or other Google account holders.
The App accesses Drive exclusively via short-lived OAuth access tokens obtained through the official Google Sign-In SDK. We never see or store your Google password or long-lived refresh tokens on any server we control.
Local army data on your device is protected by your device's standard app-sandbox and file-system security.
No security system is perfect. We minimise risk by minimising the data we collect and by never storing personal data on our own servers.
Breach notification: Because we hold no personal data server-side, a breach of Tinkavu LLC's own infrastructure cannot expose user personal data. In the event that a security issue affecting the App or our Firebase project could affect user data, we will post notice at https://ddguildhall.com and, where feasible, update the App within 72 hours of becoming aware of the issue. If you discover a security concern, please contact us immediately at privacy@extraturngames.com.
Data Retention
| Data | Retention |
|---|---|
| Local army lists | Until you delete them in-App or uninstall the App |
| Google Drive backup files | Until you delete them via in-App "Wipe Cloud Backups" or revoke Drive access; subject to Google's own Drive policies |
| Google sign-in state (email, token) | Until you disconnect in Settings or uninstall |
| Game data in Firestore | Managed by Tinkavu LLC independently of end-user data; no user-linked records |
| Personal data on Tinkavu LLC's servers | Zero — none held |
Your Rights and Choices
Because all personal data lives within your own Google Drive account or on your own device, you exercise most rights directly:
| Right | How to exercise it |
|---|---|
| Access | Your army files are readable at drive.google.com → Settings → Manage Apps (hidden app data), or restored in-App |
| Deletion / Erasure | In-App: Settings → Wipe Cloud Backups; or revoke access at myaccount.google.com/permissions; then uninstall |
| Portability | Export all armies to a JSON file via Settings → Export to File |
| Withdrawal of consent | Disconnect Google Drive in Settings at any time; or revoke at myaccount.google.com/permissions |
| Correct inaccurate data | Edit armies directly in-App; they sync to Drive automatically |
| Restrict processing | Disable Auto-sync in Settings, or disconnect Google Drive entirely |
| Opt out of Apple Sign-In | Simply do not use the Apple sign-in button; it is optional and not connected to any data store |
For any rights request that cannot be addressed through the above self-service steps, contact us at privacy@extraturngames.com. We will respond within 30 days.
EEA, UK, and Switzerland (GDPR)
Data controller: Tinkavu LLC, TINKAVU LLC, 2865 Apaloosa Trl, Deltona, FL 32738.
Lawful bases under GDPR Art. 6:
| Processing activity | Lawful basis |
|---|---|
| Displaying and syncing army lists | Art. 6(1)(b) — performance of a service you requested; alternatively Art. 6(1)(a) — consent (you choose to connect Drive) |
| Reading game data from Firestore | Art. 6(1)(f) — legitimate interest in providing current game content; no personal data involved |
Data-subject rights (Arts. 15–22): As described in [#rights], you may exercise access, erasure (Art. 17), portability (Art. 20), restriction (Art. 18), and objection (Art. 21) rights. Because we hold no server-side personal data, the practical exercise of these rights is through managing your own Google Drive and device data as described above. For any residual request, contact privacy@extraturngames.com; we respond within 30 days (Art. 12(3)).
Automated decision-making (Art. 22): We do not engage in automated profiling or decision-making with legal or similarly significant effects.
International transfers: The App's game data is stored in a Google Firebase Firestore project. Firebase's infrastructure is operated by Google LLC (USA). Google maintains Standard Contractual Clauses and participates in the EU–U.S. Data Privacy Framework for its services. Because no end-user personal data is transmitted to Firestore (reads are anonymous), this transfer affects only game-content data.
If you enable Google Drive backup, your army files are stored in your own Google Drive account. Google's data-transfer safeguards (SCCs / DPF) apply as between you and Google per Google's own privacy terms.
EU/UK representative (Art. 27): Tinkavu LLC is a small-scale processor that does not process EU/UK personal data on its own servers and does not engage in large-scale or systematic processing of EU/UK residents' personal data. Accordingly, we rely on the small-operator exemption from the Art. 27 representative requirement. We will review this position if our processing activities change materially.
DPO: We have not designated a Data Protection Officer, as we do not meet the thresholds of Art. 37 GDPR (no large-scale processing of special-category data; no public authority). Privacy inquiries: privacy@extraturngames.com.
Supervisory authority: You have the right to lodge a complaint with your local EU/EEA/UK data protection authority.
California (CCPA / CPRA)
Do we "sell" or "share" personal information? No. We do not sell personal information. We do not share personal information with third parties for cross-context behavioral advertising.
Categories of personal information we collect (Cal. Civ. Code § 1798.140):
| Category | Collected? | Notes |
|---|---|---|
| Identifiers (email, device ID) | Yes — email only, and only if you use Google Drive backup; stored on your device only | Not disclosed to third parties for commercial purposes |
| Commercial information | No | |
| Internet / network activity | No | Firestore reads are anonymous |
| Geolocation data | No | |
| Sensory data | No | |
| Biometric information | No | |
| Professional / employment info | No | |
| Education information | No | |
| Inferences from personal information | No |
Your CCPA/CPRA rights:
- Right to Know: The categories and specific pieces of personal information we collect are described in [#data]. We collect minimal data; most is held only on your own device or Google Drive.
- Right to Delete: Follow the steps in [#rights]. For any residual server-side data (there is none currently), contact privacy@extraturngames.com.
- Right to Correct: Edit armies in-App; your email is not editable by us because we do not store it.
- Right to Opt Out of Sale/Sharing: Not applicable — we do not sell or share personal information.
- Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information beyond what is necessary to provide the service.
- Non-discrimination: We will not discriminate against you for exercising any CCPA/CPRA right.
- Authorized agent: Authorized agents may submit requests on your behalf by contacting privacy@extraturngames.com with written authorization from you.
Brazil (LGPD)
Legal bases (Art. 7 LGPD):
- Consent (Art. 7(I)) — for Google Sign-In and Drive backup, which you opt into.
- Legitimate interest (Art. 7(IX)) — for anonymous Firestore reads that provide current game data; no personal data is processed.
Your LGPD rights: As a data subject in Brazil you have the right to confirmation, access, correction, anonymization, portability, deletion, information about sharing, and revocation of consent. These rights are exercisable as described in [#rights]. For any request contact privacy@extraturngames.com; we respond within 30 days.
Encarregado / DPO: Given our minimal processing footprint (no server-side personal data; no large-scale processing of Brazilian residents' data), we have not appointed an Encarregado at this time. Privacy contact: privacy@extraturngames.com.
ANPD: You may lodge a complaint with Brazil's Autoridade Nacional de Proteção de Dados (ANPD) at gov.br/anpd.
Canada (PIPEDA / Provincial Laws)
We collect personal information (email address, if Drive backup is enabled) only with your knowledge and consent, for the purpose of enabling cloud backup to your own Google Drive. You may withdraw consent at any time by disconnecting Google Drive in Settings. We do not use personal information for any purpose other than those described in this policy.
Under PIPEDA you have the right to access and correct personal information we hold about you. Because we hold no personal information server-side, there is nothing for us to produce; your data is in your own Google Drive and on your own device. For any inquiry: privacy@extraturngames.com.
Accountability: Tinkavu LLC is responsible for personal information under its control. Privacy questions may be directed to privacy@extraturngames.com.
OPC: You may escalate privacy concerns to the Office of the Privacy Commissioner of Canada at priv.gc.ca.
Japan (APPI)
Under Japan's Act on the Protection of Personal Information (2022 amendments), when we share personal information with third-party services located outside Japan, we are required to provide information about the protection system in the recipient country.
- Google (USA): The App's Google Drive backup feature transfers army-list files and OAuth identity to Google's infrastructure in the United States. The United States does not have an adequacy decision equivalent to Japan's APPI framework. Google maintains its own data-protection commitments and Standard Contractual Clauses for international transfers. Details are available in Google's Privacy Policy.
You have the right to request disclosure, correction, addition, deletion, or cessation of use of your personal information. Contact privacy@extraturngames.com.
PPC: You may contact Japan's Personal Information Protection Commission (PPC) for guidance at ppc.go.jp.
Australia (Privacy Act / APPs)
The App is directed at a global audience, including Australian users. We handle personal information (email address, if Drive backup is enabled) in accordance with the Australian Privacy Principles under the Privacy Act 1988.
Given our minimal data footprint — no server-side personal data; all user-controlled data held in Google Drive — we believe we comply with the APPs in substance. Specifically:
- We collect personal information only for the disclosed purpose (Drive backup).
- We do not use or disclose it for secondary purposes without consent.
- You may access and correct your data via the steps in [#rights].
- Personal information is not held by us beyond what is stored on your own device or Google Drive account.
For Australian privacy inquiries or complaints, contact privacy@extraturngames.com. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
Children's Privacy
This App is intended for users 13 years of age and older. We do not knowingly collect personal data from children under 13. Because we hold no server-side data, there is nothing for us to delete on our end if a child has used the App. Uninstalling the App and revoking Drive access (if it was enabled) removes all data associated with App use.
If you believe a child under 13 has connected their Google Drive through this App, please contact us at privacy@extraturngames.com and also revoke the App's Drive access at myaccount.google.com/permissions.
This App is not directed at children. We do not engage in interest-based advertising and hold no children's data under COPPA.
Cookies and Advertising Identifiers
This App does not use cookies, web tracking technologies, or advertising identifiers (Google Advertising ID / GAID, Apple IDFA, or any equivalent). The App does not display ads. No App Tracking Transparency (ATT) prompt is shown because no advertising or cross-app tracking occurs.
Changes to This Policy
If we make material changes to this policy, we will:
- Update the "Last updated" date at the top of this page.
- Post a notice at https://ddguildhall.com.
Because the App has no server-side accounts, we cannot send personalised in-app notifications about policy changes. Please review this policy periodically. Continued use of the App after a material change constitutes acceptance of the revised policy.
For changes we consider significant (new data collection, new third-party sharing, or changes to your rights), we will seek to provide at least 30 days' advance notice via the App's store listing description update or a notice on https://ddguildhall.com before the change takes effect.
Contact
For privacy questions, rights requests, or concerns:
Tinkavu LLC / Extra Turn Games Email: privacy@extraturngames.com Mailing address: TINKAVU LLC, 2865 Apaloosa Trl, Deltona, FL 32738 Website: https://ddguildhall.com
We respond to all privacy inquiries within 30 days.
Wars of Ozz is a trademark of its respective owner. This App is an unofficial, fan-made companion tool and is not affiliated with, endorsed by, or sponsored by the Wars of Ozz game publisher.