Privacy Policy
PackRip: Mythos is built without accounts, login forms, or third-party tracking SDKs. This page explains what little data is collected, why, and how it is handled.
Last updated: April 30, 2026.
What we don't collect
- No name, email, phone number, or social profile.
- No analytics SDKs (no Firebase Analytics, no Mixpanel, no Amplitude, no Facebook SDK).
- No advertising identifiers and no ad networks. The app shows no ads.
- No contact list, photo library, location, microphone, or camera access.
What we do collect
| Data | Why | Where it lives |
|---|---|---|
| Anonymous device UUID | Identifies your save data and links it to your subscription so you can restore on a new iPhone. | iOS Keychain on-device · Cloudflare Workers backend (`users` table) |
| Game state snapshot | Cloud save: collection, coins, XP, quests, achievements, seals, preferences. | Cloudflare D1 (`game_state` table), tied to the device UUID |
| Purchase history | Validate IAP, grant coin packs, manage PackRip Plus entitlement. | RevenueCat · Apple App Store · Cloudflare D1 (`purchases` table) |
| Device crash reports (Apple-managed) | Diagnose crashes. You can disable this in iOS Settings → Privacy → Analytics & Improvements. | Apple, only if you opted in at iOS setup |
The device UUID
On first launch the app generates a random UUID and stores it in the iOS Keychain. It is not your iCloud ID, Apple ID, or IDFA — it is a string with no link to your identity. The Keychain entry is bound to the app, so uninstalling and reinstalling produces a new UUID by default; deliberate restore-from-cloud reattaches the old save.
Storage on device
Your card collection, coins, XP, quest progress, achievements, seals, preferences, and seen-onboarding flags live on the device via SwiftData. UserDefaults stores small things like the last-seen "What's New" version and notification opt-in. On every backgrounding the app uploads a versioned snapshot to the cloud-save endpoint so you can restore on a new device.
Backend (Cloudflare Workers)
The cloud-save endpoint and config delivery run on Cloudflare Workers + D1 + KV at packrip-api.elhanarinc.workers.dev. The backend stores: your device UUID, a JWT issued for that UUID, your latest game-state snapshot, and a row per purchase. Cloudflare's standard request logs (IP, timestamps) are processed for abuse mitigation per Cloudflare's policy.
Purchases (RevenueCat)
In-app purchases are processed by Apple. RevenueCat validates the receipt and informs the backend via webhook so coins can be granted server-side. RevenueCat receives your anonymous device UUID and Apple's transaction metadata; it does not receive your Apple ID or contact info. See RevenueCat's privacy policy.
Card art delivery (Cloudflare R2)
Card, pack, and energy artwork is fetched on demand from cdn.packrip.co (Cloudflare R2). These are normal HTTPS requests for static images; no cookies, no tracking pixels.
Notifications
If you enable daily reminders, the app schedules local notifications on-device. No push token is sent off-device. The reminder skips days you already opened the app.
App Tracking Transparency
The app does not present an ATT prompt because it does not track you across other apps and websites. The IDFA is not requested.
Children
The app is rated 12+ for "Simulated Gambling — Infrequent" because pack-opening uses randomized pull rates with disclosed odds. It is not directed at children under 13. Parents can use Apple's Screen Time and Family Sharing controls to restrict purchases.
Your choices
- Delete your data: uninstall the app and contact us at the email below to ask us to delete the cloud-save row tied to your UUID. Provide your UUID (Settings → "About" displays it) so we can locate it.
- Restore purchases: Settings → Restore Purchases re-syncs your subscription state.
- Disable notifications: iOS Settings → PackRip → Notifications.
PrivacyInfo manifest
Per Apple App Store requirements, the app ships a PrivacyInfo.xcprivacy manifest declaring three categories of collected data: Device ID (linked to user), Purchase History (linked to user, used for app functionality), and UserDefaults (Apple's required-reason API entry).
Changes
Material changes to this policy will be reflected here with a new "Last updated" date and announced in the in-app "What's New" panel.
Contact
Questions, deletion requests, or anything else: elhanarinc@gmail.com.