Hurricane Athletic Combat — Privacy Policy

Last updated: July 9, 2026 · Applies to the Hurricane Athletic Combat VR game (also referred to as "HAC") and its related online services ("the Game"), operated by David Seek ("we," "us"). Contact: davidseek1986@gmail.com.

1. Summary (plain English)

2. What we collect

CategoryExamplesSourceWhy
Platform identityMeta (Oculus) user ID, display name; on future platforms: PlayStation Network / Steam IDPlatform SDK when you sign inAccount sign-in, leaderboard identity, cheat prevention
Gameplay dataScores, per-song results (punch quality counts, combos, multiplier time), difficulty/stance/height settingsGenerated by playLeaderboards, personal bests, restoring your settings
Telemetry & diagnosticsSession start/end, feature timings, aggregated performance statistics (e.g., frame-rate summaries), error events, app version, headset model/OS, coarse region (from IP at our service providers)Firebase Analytics / our backendStability, performance, understanding feature use
Fitness dataPer-workout estimated calories, workout minutes, active minutes; only if you pair a heart-rate monitor: average and peak heart rate per workoutGenerated by play; an optional Bluetooth heart-rate monitor you choose to connectYour in-game fitness history, calorie totals, fitness achievements
PurchasesEntitlement to the Game and any future add-ons (we receive purchase state, not your payment details)Platform commerce APIsDelivering what you bought

What we deliberately do not collect: raw motion-capture/body-tracking recordings (punch velocity and position are computed on your device and discarded after scoring), continuous heart-rate streams (processed on your headset; a local per-workout log stays on your device and is never uploaded), audio, video passthrough, biometric identifiers, contacts, precise geolocation, health/medical records.

3. Legal bases (EEA/UK)

Contract performance (sign-in, leaderboards, purchases); legitimate interests (security, anti-cheat, aggregate analytics — balanced, with opt-out where required); consent where local law requires it for analytics.

4. How your data is used and who receives it

We use the data in Section 2 solely to operate the Game: signing you in, running leaderboards, delivering purchases, and keeping the Game stable and performant. It is shared only with the service providers that make the Game work:

We do not sell personal information and do not share it for cross-context behavioral advertising. Beyond the processors above, we disclose data only to comply with law or in a corporate transaction (with notice).

5. Leaderboards are public

Your display name, rank, and score are visible to other players. Compete under the display name you're comfortable showing. You can ask us to remove your entries (Section 8).

6. Retention

Account, leaderboard, and fitness-summary data: kept while your account is active and for up to 24 months of inactivity, then deleted or de-identified. Telemetry: 14 months (Firebase Analytics retention), then only aggregated statistics remain. Purchase/entitlement records: as required for accounting and legal obligations.

7. Children

The Game is intended for players 13 and older and is not directed to children under 13. Where the platform permits younger players via parent-supervised accounts, we rely on the platform's parental-consent framework and collect no more than the data described above.

8. Your rights — including data deletion

To request deletion of your data (leaderboard entries, account record, associated telemetry), email davidseek1986@gmail.com and include your platform display name or user ID so we can locate your records. We honor verified requests within the legally required window (generally 30–45 days).

Depending on your region (GDPR, UK GDPR, CCPA/CPRA, and similar laws) you may also have rights to access, correct, port, restrict, or object to processing of your data — exercised through the same contact. We don't discriminate against you for exercising your rights.

California: we do not "sell" or "share" personal information as defined by the CPRA; this section serves as our Notice at Collection. EEA/UK: you may also complain to your local supervisory authority.

9. Security

Transport encryption (TLS), database security rules restricting each player to writing only their own records, least-privilege access, and no storage of payment credentials. No system is 100% secure; we will notify you and regulators of breaches as required by law.

10. International transfers

Data is processed in the United States (and our processors' regions) with appropriate safeguards (e.g., Standard Contractual Clauses via Google's and Meta's processor terms) for EEA/UK users.

11. Changes

We'll update this policy as the Game evolves and flag material changes in-game or on the store page. Continued play after notice is acceptance.