Privacy Policy
Effective Date: May 16, 2026 · Last Updated: May 16, 2026
Apotherium LLC ("Apotherium," "we," "us," or "our") operates "PODOC," a real-time multiplayer card game for iOS further defined below. This Privacy Policy (the "Policy") explains how we collect, use, disclose, and protect your Personal Information when you use our service.
Please note that this Policy is subject to our Terms of Use Agreement (the "Terms"). There are sections in the Terms that materially affect your right to bring a lawsuit against Apotherium and other rights regarding this Policy. As such, you should read the Terms in addition to this Policy.
By using PODOC, you agree to the collection and use of Personal Information (as defined below) in accordance with this Policy.
1. Services this Policy Covers
Apotherium offers PODOC, a downloadable iOS application (the "App"), through which users play a real-time multiplayer card game with other players either over their local Wi-Fi network or over the internet via a 6-character lobby code. Online (internet) play requires an active PODOC Pro subscription, purchased through the Apple App Store. To support online play, we operate a backend signaling service (the "Signaling Service"). This Policy applies to the App, the Signaling Service, and any future online services we develop (collectively the "Online Services").
2. Services this Policy Doesn't Cover
We do not operate a public website or web shop for PODOC. All purchases are processed through the Apple App Store and the way Apple processes your purchase is out of our hands. Similarly, your Apple ID, App Store account, and any payment details associated with them are governed by Apple's own privacy policy and terms. When you interact with us through the App Store or any other Apple platform, you agree to Apple's policies, and this Policy is in addition to — not in place of — those agreements. We are not responsible for errors in purchasing of third-party products or subscriptions.
3. What is Personal Information?
"Personal Information" is any information that may allow for an individual to be personally identified. For example, your name, email address, social security number, phone number, residential address, and credit card details are all considered Personal Information. Other information, such as your interests, economic status, customer number, IP address, geolocation, education, and job title, may also be considered Personal Information if that information, when combined with other information, is used to reveal your identity.
4. Personal Information We Collect
PODOC is designed to collect as little Personal Information as possible. We do not require you to create an account, log in, provide an email address, or supply your real name to use the App. Specifically:
4.1 Information You Provide
- Nickname: A short display name you choose, used to identify you to other players within the same game lobby. The nickname is stored locally on your device and only shared with players in your active lobby for the duration of that game session. We do not store nicknames on our servers.
- Subscription purchase: When you purchase PODOC Pro, Apple and our subscription processor (RevenueCat) confirm the purchase to us. We receive the subscription status (active, expired, refunded) and the anonymous identifier that links it to your device. We do not receive your Apple ID, name, email, or payment card details.
4.2 Information Collected Automatically
When you use the online (internet) play features of PODOC, we automatically collect:
- Device Attestation Public Key: When you first connect to the Signaling Service, your device generates a cryptographic key using Apple's App Attest framework. We store the public half of this key (we never see the private key, which never leaves your device) along with an anonymous identifier Apple assigns to it. This key lets us verify that connection requests come from a genuine, unmodified copy of PODOC running on real Apple hardware. It is not tied to your Apple ID and cannot be used to identify you personally.
- Ephemeral Game State: While you are in an online lobby, our Signaling Service relays game messages (whose turn it is, which card was played, etc.) between players in real time. Game state is held in memory only for the duration of the session and is not persisted to long-term storage.
- IP Address and Connection Metadata: When your device connects to the Signaling Service, our servers necessarily see your IP address and basic connection metadata (timestamps, request paths). We use this for rate limiting, abuse prevention, and operational metrics. We do not associate IP addresses with persistent user profiles.
- Operational Metrics: We collect aggregate, anonymized metrics about server activity (e.g., number of active lobbies, request latencies, error counts) using Prometheus. These metrics are not linked to individual users.
4.3 What We Do Not Collect
For clarity, when you play PODOC over local Wi-Fi only, your device communicates directly with other players on the same network using Apple's Bonjour protocol. No data is sent to our servers during local Wi-Fi play. Local games can be played entirely offline (from our perspective) without any subscription.
We also do not collect:
- Your real name, email address, phone number, or physical address
- Contacts, calendar entries, photos, microphone, or camera data
- Precise device location or GPS coordinates
- Web browsing history or activity outside of PODOC
- Advertising identifiers (PODOC does not display ads or use third-party advertising SDKs)
5. Authentication
PODOC does not use passwords or third-party identity providers (such as Google, Apple Sign-In, or Facebook). Authentication is performed cryptographically using Apple's App Attest framework. Your device proves to our Signaling Service that it is a genuine, unmodified copy of PODOC, and we issue a short-lived session token. Because no human-readable credentials are involved, there is nothing for you to remember and nothing for an attacker to steal from us in the traditional sense.
6. Cookies
PODOC is an iOS application, not a website. The App does not set or use browser cookies. The Signaling Service does not set cookies in your browser because you do not interact with it through a browser.
7. How We Use Your Personal Information
We use the limited Personal Information we collect to:
- Provide the Service: Authenticate online play sessions, route game messages between players in the same lobby, and verify subscription status.
- Process Transactions: Confirm PODOC Pro subscription status via RevenueCat and Apple.
- Maintain and Improve: Debug issues, fix bugs, monitor service health, and improve App functionality.
- Communicate: Send service-related push notifications (e.g., to alert you when another player joins your lobby), if you have enabled notifications in iOS Settings.
- Protect: Detect, prevent, and address abuse, fraud, denial-of-service attacks, and other security issues, including by enforcing per-IP rate limits.
- Enforce Terms of Use: Investigate and take action against violations of our Terms, including suspending or banning device keys that engage in prohibited behavior.
- Compliance: Comply with applicable law and respond to lawful requests from regulatory authorities.
We do not use your Personal Information for advertising, profiling, or marketing to third parties.
8. Information Sharing
We do not sell, rent, trade, or otherwise abuse your Personal Information. We only share Personal Information in the following limited circumstances:
8.1 With Other Players
When you join an online lobby, the nickname you have chosen is visible to the other players in that lobby. No other information about you is shared with other players.
8.2 Service Providers
We share limited Personal Information with third-party service providers who help us operate PODOC:
| Service | Purpose | Data Shared |
|---|---|---|
| Apple (App Attest, StoreKit, App Store) | Device attestation and subscription processing | Device attestation public key, anonymous purchase confirmation |
| RevenueCat | Subscription management and entitlement validation | Anonymous device-derived user ID, subscription status, IP address and approximate location (country/region) derived from it, and basic device/platform information |
Apple does not share your name, email, or payment details with us. RevenueCat receives the same anonymous identifier we use server-side; it does not link your subscription to your real-world identity.
8.3 Legal Requirements
We may disclose Personal Information if required to do so by law or in response to valid legal requests by public authorities (e.g., court orders, subpoenas). We will only share Personal Information when we believe, in good faith, that sharing your information is necessary to protect our business, our users, or that we are obligated under the law to provide such information. Given the minimal data we collect, the scope of information available for any such request is limited.
8.4 Business Transfers
If Apotherium LLC is involved in a bankruptcy, merger, acquisition, reorganization, or sale of assets, your Personal Information may be transferred as part of that transaction. We will notify you of any such change through the App.
9. Messages Policy
- Push notifications: If you grant PODOC permission to send notifications, we may use them for in-game events (e.g., a player joining your lobby, a game ending). You can opt out at any time by changing notification settings within the App or via your iOS device settings.
- Service messages you cannot opt out of: We may use in-App notices to inform you about material updates to this Policy or our Terms, or about security issues that affect you.
PODOC does not send marketing email, text messages, or newsletters because we do not collect your email address or phone number.
10. Data Security
We implement appropriate technical and organizational measures to protect your Personal Information, including:
- Cryptographic device attestation (Apple App Attest with ECDSA P-256)
- Short-lived (15-minute) session tokens for online play
- Encryption of data in transit (HTTPS/TLS and WSS)
- Per-IP rate limiting and replay-attack prevention
- Access controls limiting who can access backend systems
- Regular security review of server code and infrastructure
However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security. In the unlikely event that your Personal Information is compromised due to a security breach on our end, we will notify you, per the law, as soon as reasonably possible.
11. Your Rights and Choices
11.1 Access and Portability
Because PODOC does not maintain a personal profile or account for you, there is no personal "data export" to provide. Your nickname is stored on your device and you can change it at any time in App settings.
11.2 Deletion
You can effectively delete your data by deleting the PODOC app from your device. This removes your local nickname, your device's attestation keypair, and any locally saved game history. The anonymous device public key stored on our Signaling Service will expire automatically after a period of inactivity. To request immediate deletion of the public key associated with your device, contact us at legal@apotherium.com; you may be asked to perform a one-time verification action from the App so we can identify which key is yours.
11.3 Subscription Management
You can view, manage, or cancel your PODOC Pro subscription at any time through Settings → Apple ID → Subscriptions on your iOS device, or through the App Store app. Cancellation takes effect at the end of your current billing period.
11.4 Notification Controls
You can disable PODOC push notifications at any time from iOS Settings → Notifications → PODOC.
12. Children's Privacy
PODOC is suitable for general audiences but is not directed to children under 13. We do not knowingly collect Personal Information from children under 13. Because PODOC does not require an account or collect names, email addresses, or other directly identifying information, we cannot in practice tell a user's age. If you are a parent or guardian and believe your child has used PODOC in a way that has resulted in us collecting Personal Information about them, please contact us at legal@apotherium.com and we will take appropriate steps, including deleting any data we are able to identify as theirs. If you live outside of the United States, your country may apply stricter age limits.
13. Information Storage & International Users
PODOC is operated from the United States. The Signaling Service and its associated databases are hosted on infrastructure located in the United States. If you access the service from outside the United States, the limited information described in this Policy will be transferred to and processed in the United States, where data protection laws may differ from those in your country.
14. Third-Party Software, Apps & Services
We always use our best efforts to pick reputable third-party software, platforms, and services. However, we do not control such third parties and are not liable for any breach of privacy or data security that occurs due to the fault of these third parties. Your interactions with the Apple App Store, RevenueCat, and any other third-party services are governed by their respective privacy policies and terms.
15. Jurisdictional Privacy Rights
Apotherium only keeps your Personal Information for as long as necessary to provide our Online Services and per our legal obligations. Depending on your residency, under the law (e.g., the California Consumer Privacy Act and General Data Protection Regulation), you may have the right to request at any time for us to:
- Give you access to any Personal Information that we have processed;
- Disclose third parties we have shared your Personal Information with;
- Correct any Personal Information that may have been incorrectly processed;
- Delete your Personal Information from our storage systems;
- Transfer your Personal Information to another service, when technically feasible; and
- Stop using your Personal Information in specific ways by withdrawing the consent you have given us.
To exercise these rights, contact us at legal@apotherium.com. Because PODOC collects so little Personal Information, fulfilling many of these requests is straightforward; for example, "delete my data" largely amounts to revoking the anonymous public key associated with your device. We may be required to retain some Personal Information to comply with administrative, legal, or regulatory obligations (e.g., transaction records for tax purposes). For more information regarding your specific rights under the laws of the jurisdiction you reside, visit:
- US State Privacy Legislation Tracker: iapp.org
- Data Protection and Privacy Legislation Worldwide: unctad.org
16. Dispute Resolution
We will always try to resolve your concerns about our privacy practices promptly and hope that together we can find a solution without involving costly legal channels. However, if we cannot agree, by using our Online Services, you agree to binding arbitration rather than formal court proceedings to have the matter resolved. You can read more about this process in our Terms of Use. THE DISPUTE RESOLUTION TERMS IN OUR TERMS MATERIALLY AFFECT YOUR ABILITY TO BRING A LAWSUIT AGAINST US IN REGARDS TO THIS POLICY AND OUR ONLINE SERVICES. PLEASE READ THOSE TERMS CAREFULLY.
17. Additional Terms
This Privacy Policy is subject to our Terms of Use. Specifically, this agreement is subject to all clauses in our Terms regarding warranties, limitation of liability, indemnification, assignment, waiver, severability, applicable law, jurisdiction, and any other Terms of Use provisions that logically ought to apply to this Policy.
18. Entire Agreement
This Policy and our Terms of Use represent the entire and exclusive agreement between our users and us. All previous written and oral agreements and communications related to the subject matter of this Policy and our Terms of Use are superseded.
19. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the updated Policy with a new "Last Updated" date
- Notifying you through the App for significant changes
Your continued use of PODOC after changes become effective constitutes acceptance of the revised Policy.
20. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: legal@apotherium.com
Apotherium LLC
By using PODOC, you acknowledge that you have read and understood this Privacy Policy.