Pub Run — Privacy Policy

About Pub Run

Pub Run is a bar golf (pub golf) organizer developed by Pix Studios and distributed through Google Play (package: com.pix.pubrun). It allows users to create bar golf courses, compete with friends, share moments, and track scores in real time. This app involves alcohol-related content and requires users to confirm they are 18 or older.

Account & Identity

Pub Run requires a Google account to sign in. When you create an account, we collect and store:

• Google account data — Display name, email address, and profile photo URL (provided via Google OAuth)
• In-app profile data — Username and display name that you set within the app
• Profile photo — If you upload a custom profile photo, it is stored on our servers
• Authentication tokens — JWT access and refresh tokens used to authenticate API requests

Content You Create

• Bar golf courses — Bar names, addresses, coordinates, drink assignments (beer, shot, cocktail, wine, wildcard), target scores, challenges, and notes per stop
• Templates — Reusable course layouts that can be saved, edited, and reordered
• Game sessions — Scores per player per stop, game mode (Self-Control or Chaos), completion status, and timestamps
• Feed posts — Photos and videos you upload during or after a game, along with the associated course name, bar name, and hole number

Social Features

Pub Run includes social features that involve sharing data with other users:

• Friend lists — You can add friends by username, friend code, or the bump-to-add feature. Friends can see your username, display name, and profile photo
• Friend requests — Sending and receiving friend requests shares your username, display name, and profile photo with the other user
• Multiplayer lobbies — You can create or join public or friends-only lobbies. Other players in the lobby can see your username, profile photo, scores, and location during gameplay
• Lobby invites — You can invite friends directly to join your lobby. Invitees see the lobby name and leader info
• Real-time score tracking — Scores are shared with all players in a lobby in real time via WebSocket
• Social feed — Photos and videos you post are visible to other users. Posts display your username, profile photo, and upload date
• Game stats — Your win count, games played, and achievements are visible on your profile

Location Data

Pub Run uses location data in the following ways:

• Bar search — Uses the Google Places API to search for nearby bars when building a course. Location is used to bias search results to your area
• Bump-to-add friends — Sends your latitude and longitude to the server briefly when you perform a bump gesture, to match you with nearby users
• Multiplayer lobbies — Your location may be shared with other players while you are in an active lobby for proximity features
• Mock location detection — The app detects spoofed or mocked locations to prevent cheating during multiplayer games

Location is only used while the app is open. There is no background location tracking. Location permissions can be revoked at any time through your device settings, though some features (bar search, bump-to-add) will not function without it.

Media Uploads

• Photos — You can upload photos from your device gallery. Maximum file size is 20 MB. Photos are stored on our servers
• Videos — You can upload videos from your device gallery. Maximum duration is 60 seconds. Videos are stored on our servers
• No direct camera access — Pub Run does not access your camera or microphone directly. All media is selected through the system gallery picker

You can delete any post you have uploaded at any time.

Data Storage

Pub Run stores data both locally and on our servers:

Local storage

• Room database (encrypted with SQLCipher) — Courses, games, scores, players, achievements, friends, and game history
• Encrypted Shared Preferences (AES-256-GCM) — Cached user profile data
• DataStore Preferences — App settings and sync state
• Tink key management — Encryption keys for the local database, backed by hardware security where available

Server storage

• Backend API (api.pixstudios.net) — User profiles, friend lists, courses, templates, game history, lobby data, feed posts, and achievements stored in a PostgreSQL database
• Media storage — Profile photos and feed media (photos and videos) stored on our servers
• Firebase Cloud Messaging — Device tokens for push notification delivery

Push Notifications

Pub Run uses Firebase Cloud Messaging (FCM) to deliver push notifications for:

• Incoming friend requests
• Friend request acceptances
• Lobby invites

You can disable notifications at any time through your device settings.

Cross-Device Sync

Your courses, templates, game history, scores, achievements, and settings are synced across devices when you are signed in. Sync occurs automatically in the background and when you open the app. Deleted items are tracked to prevent re-downloading from the server.

Permissions

• Location (Fine & Coarse) — For bar search, bump-to-add, and multiplayer proximity features (foreground only)
• Internet — For authentication, multiplayer features, data sync, and media uploads
• High Sampling Rate Sensors (Accelerometer) — For the bump-to-add-friends gesture detection
• Notifications — For push notifications (friend requests, lobby invites)

Pub Run does not access your contacts, camera, microphone, files, or any other sensitive device features beyond what is listed above.

What We Do Not Do

• No ads of any kind
• No in-app purchases or payments
• No selling or sharing of data with third parties for marketing
• No direct messaging or chat features
• No background location tracking
• No analytics or tracking SDKs beyond what is necessary for push notifications
• No access to your contacts, files, camera, or microphone

Age Restriction

Pub Run involves alcohol-related content (organizing bar golf events, assigning drinks at each stop). Users are required to confirm they are 18 years or older before accessing any content. We do not knowingly allow users under 18 to use this app.

Data Security

• All data in transit is encrypted via HTTPS (TLS) and WSS (WebSocket Secure)
• Local database is encrypted at rest using SQLCipher with AES encryption
• Encryption keys are managed by Google Tink with hardware-backed keystore where available
• User profile cache is encrypted using AES-256-GCM via Android Encrypted Shared Preferences
• Authentication uses OAuth 2.0 with JWT tokens that are automatically refreshed

Account & Data Deletion

You can delete your account and all associated data at any time:

1. Open Pub Run
2. Go to Profile > Settings > Delete Account
3. Confirm the deletion

This permanently removes all your data from our servers, including your user profile, friend connections, courses, game history, feed posts, media files, achievements, and statistics. Local data is also cleared from your device. You can also email support@pixstudios.net to request manual deletion.

Third-Party Services

• Firebase Cloud Messaging (Google) — Push notification delivery
• Google Places API — Bar and venue search
• Google Play Services — App distribution and OAuth authentication
• Google Credential Manager — Secure credential storage for sign-in

Contact

For any questions about this privacy policy or Pub Run, contact us at support@pixstudios.net.

This policy is supplementary to our general privacy policy.