This Privacy Policy explains how Lumizone Łukasz Blania ("we", "us", "Controller") processes personal data of users of the First Person Viewpoint mobile application and the website firstpersonviewpoint.com(together, the "Service").
This Policy is issued in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, "GDPR"), the Polish Act on the Protection of Personal Data of 10 May 2018, the Polish Act on the Provision of Electronic Services of 18 July 2002, and the Digital Services Act (Regulation (EU) 2022/2065).
1. Data Controller
| Controller | Lumizone Łukasz Blania |
|---|---|
| Legal form | Sole proprietorship (jednoosobowa działalność gospodarcza) registered in CEIDG |
| Registered address | ul. Malińska 1, 47-320 Gogolin, Poland |
| Tax ID (NIP) | 1990132289 |
| Contact email | contact@firstpersonviewpoint.com |
We have not appointed a Data Protection Officer because we are not required to do so under Article 37 GDPR. For any privacy-related matter, please write to the contact email above.
2. Categories of Data We Process
2.1 Account data
When you sign in with Google or Apple, we receive and store: your email address, display name, authentication provider identifier, account creation timestamp, and your acceptance of these terms.
2.2 Profile data
Optional information you choose to add: username, biography, avatar image, appearance preferences (font, theme, accent colour, language), notification and app-lock preferences.
2.3 User-generated content
Characters, fictional worlds, codex entries, narrative sessions and messages, community comments, likes, follows, and reports you submit. By default this content is private; it becomes visible to other users only if you explicitly publish it to the Community.
2.4 Subscription and billing data
Subscription tier, entitlement status, and an anonymous purchaser identifier provided by the relevant app store and by RevenueCat. We do not receive, store, or have access to your payment card details — these are handled exclusively by Google Play or Apple.
2.5 Usage data
Action count (monthly usage against your tier limit), streak counters, last-active timestamps, technical session metadata (session ID, timestamps, token counts for AI calls).
2.6 Diagnostic data (optional, opt-in)
If you opt in to crash reporting, we collect error type, stack trace, device model, operating system version, and app version via Sentry. User identifiers and narrative content are scrubbed on the device before upload. Crash reporting is disabled by default.
2.7 AI prompt data
Your text input, character and world descriptions, codex entries, rolling conversation context, and style preferences are transmitted to Google's Gemini API to generate narrative responses and images. See Section 6.
2.8 Advertising data (free plan only)
If you use the free plan, the application may show advertisements served by Google's AdMob platform. AdMob may process: a resettable advertising identifier (Android Advertising ID, or Apple's IDFA where you have granted App Tracking Transparency permission), coarse device and network information, ad-interaction events, and an opaque, app-scoped reward token we generate to verify legitimate reward delivery for opt-in "watch ad for actions" rewarded videos. We do not share your account identifier, email, profile data, or your narrative content with AdMob. Paid plans (Pro and Max) do not show advertisements and do not initiate any AdMob requests.
3. Purposes and Legal Bases of Processing
| Purpose | Legal basis (GDPR) |
|---|---|
| Creating and maintaining your account, providing core Service functionality (narrative generation, storage of your content, Community features) | Art. 6(1)(b) — performance of a contract |
| Processing subscription payments and enforcing tier limits | Art. 6(1)(b) — performance of a contract |
| Age verification and enforcement of the 18+ minimum age | Art. 6(1)(c) — legal obligation; Art. 6(1)(f) — legitimate interest in protecting minors |
| Content moderation, abuse prevention, handling reports, DSA notice-and-action | Art. 6(1)(c) — legal obligation under DSA; Art. 6(1)(f) — legitimate interest in platform safety |
| Security, fraud prevention, rate limiting, detecting prompt-injection and abuse | Art. 6(1)(f) — legitimate interest in Service integrity |
| Crash diagnostics (Sentry) | Art. 6(1)(a) — consent (opt-in, withdrawable in Settings at any time) |
| Showing advertisements on the free plan to support a sustainable free tier | Art. 6(1)(f) — legitimate interest in funding the Service. Personalised advertising additionally requires Art. 6(1)(a) — consent (collected through Google's User Messaging Platform consent prompt where applicable, and Apple's App Tracking Transparency on iOS). |
| Verifying rewarded-ad completions and granting bonus actions | Art. 6(1)(b) — performance of the Service (the rewarded-ad feature you initiated) |
| Tax, accounting and bookkeeping obligations | Art. 6(1)(c) — legal obligation under Polish law |
| Handling legal claims, complaints and disputes | Art. 6(1)(f) — legitimate interest in establishing or defending legal claims |
4. Who We Share Data With (Processors and Recipients)
We do not sell your personal data. We share data only with the following processors acting on our documented instructions under GDPR Article 28:
| Processor | Role | Location / transfer safeguard |
|---|---|---|
| Supabase Inc. | Authentication, database, file storage, edge functions | EU region (AWS Frankfurt / Ireland). Data Processing Addendum in place. |
| Google LLC / Google Ireland Ltd (Gemini API) | AI narrative generation, summarisation, image generation | USA. Transfer safeguard: EU Standard Contractual Clauses and EU-U.S. Data Privacy Framework. Inputs are not used by Google to train generative models on the paid API tier we use. |
| Google LLC / Apple Inc. | Authentication providers (Google Sign-In, Sign in with Apple) | USA. EU-U.S. Data Privacy Framework. |
| Google LLC / Apple Inc. | App store distribution, in-app subscription billing | USA. EU-U.S. Data Privacy Framework. |
| RevenueCat Inc. | Subscription state management | USA. EU Standard Contractual Clauses. |
| Functional Software Inc. (Sentry) | Crash diagnostics (opt-in only) | EU region (Frankfurt). Data Processing Addendum in place. |
| Google LLC / Google Ireland Ltd (AdMob) | Serving advertisements on the free plan (rewarded video ads and native ads in the Community Browse list); Server-Side Verification of rewarded-ad completions | USA. Transfer safeguard: EU Standard Contractual Clauses and EU-U.S. Data Privacy Framework. Personalised advertising is shown only with your consent (collected through Google's User Messaging Platform on first launch and, on iOS, Apple's App Tracking Transparency); otherwise contextual, non-personalised ads are served. AdMob does not show ads to users on Pro or Max plans. |
| Umami (self-hosted by the Controller) | Cookieless, privacy-friendly aggregate website traffic measurement for the Website only | EU. Operated on the Controller's own infrastructure (analytics.darkdynasty.cloud). No third-party processor involved. |
| Public authorities | Only where we are legally required to disclose data (court order, law enforcement request valid under Polish / EU law) | — |
5. International Transfers
Where processors are located outside the European Economic Area, transfers take place on the basis of (a) an adequacy decision of the European Commission (including the EU-U.S. Data Privacy Framework), or (b) Standard Contractual Clauses adopted by the European Commission, supplemented where necessary by additional technical and organisational measures. A copy of the applicable safeguards is available on request.
6. AI Processing and Transparency
The Service uses generative artificial intelligence (Google Gemini family of models) to produce narrative text and images in response to your input. In accordance with Article 52 of the EU AI Act:
- You are interacting with an AI system, not a human.
- AI output is fictional, may be inaccurate, inconsistent, or unexpected, and should not be relied upon as factual information, advice, or professional guidance of any kind.
- The AI provider (Google) processes prompts in real time to generate the response. Under the API terms we use, prompt content is not used to train generative models and is retained only for a short period by the provider for abuse monitoring before deletion.
- We apply safeguards (sanitisation of user input, prompt-injection defences, rate limiting) to protect the integrity of the system.
The Service does not perform automated decision-making that produces legal or similarly significant effects on you within the meaning of Article 22 GDPR.
6A. Advertising on the Free Plan
The free plan is supported by advertising served by Google's AdMob. We use two formats:
- Rewarded video — opt-in only. You tap a clearly labelled "Watch ad" control to earn additional in-app actions; we never start a rewarded ad without an explicit user gesture. Rewards are confirmed through Server-Side Verification before being granted, to prevent fraud.
- Native ads in the Community Browse list — labelled "Sponsored" and clearly distinguishable from user-published worlds.
Personalised advertising relies on your consent. On first launch we display Google's User Messaging Platform (UMP) consent prompt where the law requires consent (including the EEA, the UK, Switzerland, and other comparable jurisdictions). On iOS, Apple's App Tracking Transparency (ATT) prompt additionally controls whether AdMob may use the IDFA. If you decline, you will still see ads, but they will be contextual (non-personalised). You can change your choice at any time in your device settings (iOS: Settings → Privacy & Security → Tracking; Android: Settings → Google → Ads).
We rate the application 18+ and configure AdMob with maxAdContentRating = MA and tagForChildDirectedTreatment = false, so child-directed advertising is never requested. Pro and Max plans are entirely ad-free; the ad SDK does not initiate any ad requests once your tier is recognised as paid.
7. Data Retention
| Data category | Retention period |
|---|---|
| Account and profile data | For as long as the account is active. Deleted within 30 days of account deletion request. |
| User-generated content (stories, characters, worlds, codex, comments) | For as long as the account is active, or until you delete it. Deleted within 30 days of account deletion. |
| Published Community content | Until you unpublish or delete your account. Copies in other users' active sessions may persist as part of those users' own saved content. |
| Subscription and billing metadata | Retained for up to 5 years after the end of the relevant tax year as required by Polish tax law. |
| Moderation records (reports, blocked content, suspended accounts) | Up to 2 years for the purpose of handling repeated abuse, fulfilling DSA obligations, and defending legal claims. |
| Crash diagnostics (Sentry) | 90 days, then deleted automatically by Sentry. |
| Rewarded-ad reward records (anti-fraud audit) | Retained for as long as the account is active so we can investigate disputed reward grants. Deleted with the account. |
| Advertising data (AdMob) | Retained by Google in accordance with its own privacy policy. We do not retain a copy on our servers beyond the rewarded-ad audit row described above. |
| Backups | Encrypted backups are rotated on a 30-day schedule. Deleted records are purged from backups within that window. |
8. Your Rights Under the GDPR
You have the following rights with respect to your personal data:
- Access (Art. 15) — obtain confirmation whether we process your data and a copy of it.
- Rectification (Art. 16) — correct inaccurate or incomplete data.
- Erasure (Art. 17) — have your data deleted ("right to be forgotten").
- Restriction (Art. 18) — limit the processing of your data.
- Data portability (Art. 20) — receive your data in a structured, machine-readable format.
- Objection (Art. 21) — object to processing based on legitimate interest.
- Withdraw consent (Art. 7) — at any time, without affecting prior lawful processing. For crash diagnostics, use the toggle in Settings.
- Lodge a complaint with the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych, UODO), ul. Stawki 2, 00-193 Warsaw, Poland — or with the supervisory authority of your EU Member State of residence.
To exercise any right, write to contact@firstpersonviewpoint.com from the email address associated with your account. We will respond within one month of receiving a verifiable request (extendable by up to two additional months where necessary, in which case we will inform you of the extension and the reasons for it). The exercise of these rights is free of charge, except for manifestly unfounded or excessive requests.
You can delete your account and all directly associated data at any time from within the app (Settings → Delete Account). You can export your data by emailing us from your account address; we will provide a machine-readable copy within 30 days.
9. Age Requirement and Children's Data
The Service is intended exclusively for users aged 18 and older. It may generate mature narrative content including violence, horror, romance, and other adult themes. We do not knowingly collect personal data from anyone under 18. If we learn that a user is under 18, we will terminate the account and delete associated data. If you believe a minor has created an account, please contact us immediately.
10. Content Moderation and Reports (DSA)
Published Community content (worlds, comments, usernames, biographies, codex entries) is filtered against an automated profanity and hate-speech blocklist on submission. Users can flag content through the in-app "Report" function. Content that receives a small number of independent reports is automatically hidden pending review.
If your content has been removed or hidden, you may contest the decision by writing to contact@firstpersonviewpoint.com. We will review and respond. Out-of-court dispute settlement bodies certified under Article 21 DSA are available; we will provide a list on request.
11. Security
Data is transmitted over TLS (HTTPS). Databases are protected by row-level security so that each user can only read and modify their own records. Sensitive secrets (service-role keys, AI provider keys) are stored only server-side in Supabase Edge Functions and are never embedded in the client application. We perform regular security reviews and penetration-test our system. No online service can be guaranteed 100% secure; in the event of a personal data breach affecting your rights, we will notify the UODO within 72 hours and, where legally required, notify affected users without undue delay.
12. Cookies and Similar Technologies
The mobile application does not use HTTP cookies. On the free plan, AdMob may store and read identifiers (Android Advertising ID; on iOS the IDFA only with App Tracking Transparency permission) to serve and measure advertisements; you control these through the device-level controls described in Section 6A. The website uses only strictly necessary cookies and a cookieless, self-hosted traffic-measurement tool (Umami) that does not store any information on your device. See our Cookies Policy for details.
13. Changes to this Policy
We may update this Policy from time to time. The current version is always available at firstpersonviewpoint.com/privacy. If we make material changes, we will notify you in the app or by email before the change takes effect. Your continued use of the Service after an updated version enters into force constitutes acceptance of the updated Policy.
14. Governing Law
This Policy is governed by Polish law and the GDPR, without prejudice to mandatory rights granted to you under the law of your country of residence within the European Economic Area.
15. Contact
For all privacy matters, write to contact@firstpersonviewpoint.com or by post to: Lumizone Łukasz Blania, ul. Malińska 1, 47-320 Gogolin, Poland.