Privacy Policy

This Privacy Policy explains how The Assemble App ("Assemble," "we," "us," or "our"), created by Jakub Awieruk, collects, uses, and protects your information when you use the Assemble mobile application and related services (collectively, the "Service"). By using the Service, you agree to the practices described here.

1. Information We Collect

Account Information

When you create an account, we collect:

• Email address
• Display name (your chosen username and numeric tag)
• Profile image (optional)
• Authentication credentials — passwords are hashed by Firebase Authentication and never stored in plaintext

Third-Party Sign-In

If you sign in with Google or Apple, we receive your name, email address, and profile image from the provider. We do not receive or store your Google or Apple password.

Phone Number (Optional)

If you opt in to SMS or voice call notifications, we collect and verify your phone number via Twilio Verify. Your phone number is stored only to deliver the notification channels you have enabled.

Discord Account (Optional)

If you connect your Discord account, we receive your Discord user ID, username, and avatar URL via Discord OAuth2. The OAuth access token is used once during the linking process and then revoked.

Usage & Device Data

We collect analytics events (e.g., session created, onboarding steps completed) via Firebase Analytics, and crash reports via Firebase Crashlytics. This includes your device platform, app version, and technical diagnostics. We do not collect your device's IP address for profiling purposes.

What We Do NOT Collect

Assemble does not collect your precise or approximate geographic location, contacts, photos, browsing history, or any data unrelated to the Service's functionality.

2. How We Use Your Information

We use the information we collect to:

• Provide and operate the Service — account creation, squad and guild management, gaming sessions
• Deliver notifications through channels you have enabled — push notifications, email, SMS, and voice calls
• Operate the multi-channel escalation system according to your personal notification preferences
• Enable Discord integration so you can coordinate sessions from Discord
• Analyze usage patterns to improve the Service (aggregated analytics)
• Diagnose and fix technical issues (crash reports)
• Communicate important updates about the Service

3. The Escalation Notification System

Assemble's core feature is a multi-channel escalation system. When a gaming session is created, members are notified through increasingly urgent channels based on their own preferences. This may include push notifications, emails, SMS messages, and automated voice calls.

You are always in control: each notification channel must be explicitly enabled by you, and you configure which escalation round activates each channel. You can also set quiet hours during which no escalation notifications are sent. Guild owners and squad admins cannot override your notification preferences.

4. Third-Party Services

We use the following third-party services to operate Assemble. Each has its own privacy policy governing data it processes:

• Firebase (Google) — authentication, database, cloud functions, push notifications, analytics, crash reporting, and file storage
• Twilio — SMS delivery, voice calls, and phone number verification
• SendGrid (Twilio) — email notifications
• Discord — account linking and bot integration (optional)
• Google Sign-In — authentication (optional)
• Apple Sign-In — authentication (optional)

We share only the minimum data required for each service to function (e.g., your phone number with Twilio to deliver an SMS, your email with SendGrid to deliver an email notification).

5. Data Retention

• Account data is retained for as long as your account is active.
• Gaming session data is automatically deleted 7 days after the session ends.
• Notification history is stored as long as your account exists and can be deleted by you at any time.
• Firebase Analytics and Crashlytics data is retained according to Google's standard retention policies.

6. Data Deletion

You can delete your account at any time from within the app. When you delete your account, we remove your user profile, authentication credentials, FCM tokens, and profile image from our systems. If you would like to request manual deletion or have questions about what data remains, contact us at support@theassembleapp.com.

7. Data Security

We implement appropriate technical safeguards to protect your data, including: Firebase Authentication for secure credential handling, server-side enforcement of data access rules, Ed25519 signature verification for Discord webhook requests, and time-limited OAuth tokens. While no system is perfectly secure, we take reasonable measures to protect your information.

8. Children's Privacy

Assemble is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at support@theassembleapp.com and we will promptly delete it.

9. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, or delete your personal data, restrict or object to its processing, and request data portability. To exercise any of these rights, contact us at support@theassembleapp.com. We will respond within a reasonable timeframe.

10. International Data Transfers

The Service uses infrastructure provided by Google (Firebase) and Twilio, which may process data in the United States and other countries. By using the Service, you consent to the transfer of your information to these jurisdictions.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last Updated" date at the top of this page. Continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

12. Contact

Questions or concerns about this Privacy Policy? Contact us at support@theassembleapp.com.