Privacy Policy

Game: Never Ending Hero RPG · Studio: Missroot · Effective: May 25, 2026

This Privacy Policy explains how Missroot ("we", "us", "our") collects, uses, and shares information when you play Never Ending Hero RPG (the "Game") and use any related websites and services (together, the "Service"). We aim to collect only what we need to run the Game and keep your account safe.

Contents

Summary
Information we collect
How we use information
Sharing and third parties
Children
Retention
Security
International transfers
Your rights (EEA/UK/California/Korea)
Deleting your account
Changes to this policy
Contact

1. Summary

We collect the minimum needed to give you a stable, secure account and a working game.
We do not sell your personal information.
We do not use third-party advertising SDKs or tracking pixels in the Game.
You can permanently delete your account and all associated data from inside the Game (Settings → Delete Account) or via our account-deletion page.

2. Information we collect

2.1 Account information

Email address — when you sign in with email/password.
OAuth identifier — when you sign in with Google or Apple, we receive a stable user identifier (and, depending on your provider settings, your email or a relay address).
Hashed password — only for email/password sign-in; we never see or store the plaintext password.

2.2 Player profile and game data

Nickname — a public display name you choose. Visible to other players in chat and on the leaderboard.
Game save data — hero level, gold, gems, equipment, zone progress, prestige count, achievements, and other in-game state.
Settings — sound, speed, auto-mode, accessibility, and similar preferences.
Wallet & loyalty — Gem balance, daily check-in streak, subscription state, and a record of recent transactions for fraud prevention.
Chat messages and leaderboard entries — messages you send in the global or regional chat, and your hero's score on the leaderboard.

2.3 Purchase information

Purchases of Gems and subscriptions are processed by your platform store (Apple App Store, Google Play, or Steam). We do not receive your full payment-card or billing details.
We receive and store a purchase receipt or order identifier from the store, the product purchased, and the result of receipt validation (so we can credit Gems / subscription benefits and prevent duplicate or fraudulent grants).

2.4 Device and technical information

Platform (iOS / Android / Web / Steam), app version, and language.
Approximate region (derived from request IP at sign-in) for chat regionalization. We do not store full IP addresses long-term.
Diagnostic logs when an error occurs (limited to the error itself, anonymized where possible).

2.5 Information we do not collect

We do not collect your contacts, photos, microphone, or location data.
We do not embed third-party advertising SDKs or tracking pixels in the Game.
We do not use cross-app tracking (no IDFA prompt on iOS).

3. How we use information

To create and maintain your account and provide cloud saves.
To run multiplayer features such as chat and the leaderboard.
To process purchases, credit Gems, and manage subscriptions.
To detect and prevent fraud, abuse, and exploitation.
To respond to support requests.
To comply with legal obligations and enforce our Terms of Service.
To diagnose crashes and improve game balance and stability.

We share information only with the providers below and only to operate the Service.

Supabase — our backend host. Stores your account, game saves, settings, wallet, and chat. Hosted on infrastructure operated by Supabase Inc. and its sub-processors. See Supabase Privacy Policy.
Apple Inc. — for Sign in with Apple, App Store purchases, and receipt validation on iOS. See Apple Privacy Policy.
Google LLC — for Google Sign-In, Google Play purchases, and receipt validation on Android. See Google Privacy Policy.
Valve Corporation — for Steam authentication and Steam in-game purchases on the Steam build. See Steam Privacy Policy.
Cloudflare, Inc. — content delivery and DDoS protection for our website. See Cloudflare Privacy Policy.

We may also disclose information when required by law, to protect the rights, property, or safety of Missroot, our players, or the public, or in connection with a corporate transaction (such as a merger or asset sale), in which case the recipient will be bound by this policy or one with materially similar protections.

We do not sell your personal information.

5. Children

The Game is not directed to children under 13 (or under 16 in the EEA where required by local law), and we do not knowingly collect personal information from such children. If you believe a child has provided us with personal information, please contact us at support@missroot.com and we will delete it.

6. Retention

Account and game-save data are kept while your account is active.
If you do not sign in for 24 months, we may close inactive accounts and delete associated data, after a reasonable notice attempt to your last known email.
Chat messages are retained for up to 30 days unless retained longer for moderation review.
Purchase records are retained for up to 7 years to comply with tax and consumer-protection laws.
When you delete your account, your personal data is deleted within 30 days, except where retention is required by law (e.g. financial records) or for legitimate fraud prevention.

7. Security

We use HTTPS for all transit, row-level security in our database, and industry-standard hashing for passwords. No system is perfectly secure; if we learn of a security incident affecting your information, we will notify you and the appropriate regulators where required by law.

8. International transfers

We are based in South Korea. The infrastructure providers listed in Section 4 may process your information in the United States or other countries. Where required, transfers rely on appropriate safeguards such as the Standard Contractual Clauses adopted by the European Commission.

9. Your rights

Depending on where you live, you may have the right to:

Access the personal information we hold about you;
Correct inaccurate information;
Delete your account and personal information;
Object to or restrict certain processing;
Receive a copy of your information in a portable format;
Withdraw consent (where processing is based on consent);
Lodge a complaint with your local data-protection authority.

California (CCPA / CPRA): California residents may request to know, delete, or correct personal information, and may opt out of "sale" or "sharing" of personal information. We do not sell or share personal information for cross-context behavioral advertising.

EEA / UK (GDPR): the legal bases we rely on are contract performance (running your account and Service), legitimate interests (fraud prevention, security, product improvement), legal obligation (tax records), and consent (where applicable).

Korea (PIPA): users in Korea may request access, correction, deletion, or suspension of processing of their personal information. The data protection officer is the studio contact below.

To exercise any right, email support@missroot.com from the email address on your account, or use the in-game Settings → Delete Account option.

10. Deleting your account

You can permanently delete your account and game data:

From inside the Game: Settings → Delete Account;
From the web: https://missroot.com/never-ending-hero-rpg/delete-account;
By emailing support@missroot.com from the email on your account.

Once deleted, your save data, settings, wallet balance, and unredeemed Virtual Items are not recoverable. Active subscriptions must be canceled separately through the relevant store (Apple ID / Google Play / Steam).

11. Changes to this policy

We may update this Privacy Policy. The updated version will be posted at this URL with a new effective date. Material changes will, where practicable, be communicated through the Game or our website.

12. Contact

Privacy questions or requests: support@missroot.com.

Missroot · Anyang-si, Gyeonggi-do, Republic of Korea