Privacy Policy - The Scholar's Grid

Last Updated: 2026-07-10
Document Version: 1.1

The Scholar's Grid ("the app", "we") is a mobile board-game app published by the project owner. This policy describes what data the app collects, why, and your choices.

Summary

Data Purpose Required for
Federated sign-in (Apple / Google via Cognito) Online play, Standings, cloud cosmetic and Scholar's Marks sync Online features only
Match and ELO records Async online matches and global Standings Rated online play
Push notification token (Android FCM) Notify you when it is your turn Online play (optional fallback: polling)
Local game settings and AI skill progress Offline play and Adaptive AI Local play
Personalization progress Board/piece skins and local-first Scholar's Marks with signed-in recovery Personalization

Local play (vs AI or Pass and Play) does not require an account.


Information we collect

Account and authentication

When you use online features (Find Online Match, Standings, or cloud Personalization sync), the app opens Amazon Cognito Hosted UI with federated sign-in:

We receive a Cognito user identifier (sub) and session tokens. We do not operate a separate email/password login. Identity providers may share profile fields allowed by your IdP settings; we use the Cognito sub as your player ID on our backend.

Session tokens are stored locally on your device (for example cloud_session.json) so you do not need to sign in every launch.

Online play and Standings

When you play rated async matches online, our AWS backend stores:

Standings show display names and ELO as returned by the API. Adaptive Skill Level (local AI difficulty) stays on your device and is not uploaded to Standings.

Push notifications (Android)

If you grant notification permission and play online on Android, the app registers an FCM device token with our backend so we can alert you when it is your turn. You can disable notifications in system settings; the app still works via periodic polling.

Personalization and Scholar's Marks

The Personalization panel offers cosmetic-only items (board skins and piece sets). Gameplay is never locked behind payment.

The app does not include ads or an ad SDK, and does not collect advertising data.

Local data on your device

The app may store locally:

This data stays on your device unless you sign in and use cloud sync. Owned cosmetic IDs and cumulative Scholar's Marks earned/spent totals then sync to your Player record; daily reward counters stay local.


How we use information

We do not sell personal data. We do not use LLM or active third-party ad networks.



Account and data deletion

If you signed in for online play, you may request deletion of your cloud account and associated data. Local-only play does not create a cloud account.

What we delete

When we process a verified request, we delete or anonymize:

Completed match history may be retained in anonymized form where needed for Standings integrity, or deleted where applicable law requires.

What stays on your device

Local files (settings, Adaptive AI skill profiles, session cache) are not removed by us automatically. Sign out in the app, or clear app storage in Android Settings, to remove local data on your device.

How to request deletion

Email us from the address tied to your sign-in provider (Google or Apple), if possible. Include:

Request by email: papersignalstudios@gmail.com

We aim to complete verified requests within 30 days.


Third-party services

Provider Role
Amazon Web Services (Cognito, API Gateway, Lambda, DynamoDB, SNS) Auth, game API, storage, notifications
Apple / Google (federated IdP) Sign-in when you choose Hosted UI
Google Firebase Cloud Messaging Android push delivery

Each provider has its own privacy policy governing identity and notification flows.


Children

The app is intended for a general audience. We do not knowingly collect personal information from children under 13 (or under 16 in the EEA) without appropriate consent. Contact us if you believe a child has provided data through online sign-in.


Security

We use HTTPS for API calls and Cognito-issued JWTs for authenticated requests. No system is perfectly secure; report concerns to the contact below.


Your choices


Changes

We may update this policy. The "Last Updated" date will change. Material changes may be noted in release notes or the store listing.


Contact

Email: papersignalstudios@gmail.com

Developer / Data controller: Paper Signal Studios