Privacy Policy.

Resolve Protocol holds your data the same way we expect you to hold the line — deliberately, with discipline, and with skin in the game. This policy describes what we collect, why we collect it, how we keep it, and the controls we hand to you.

• We collect the minimum we need to operate the protocol — nothing collected for vibes.
• We never sell your personal data. There is no advertising broker behind the curtain.
• We never train external models on your photos or logs without explicit opt-in.
• You can export everything we hold on you, on demand, in a machine-readable form.

The protocol collects three buckets of data, each scoped to a clear purpose:

• Account data — the name you enrolled with, the email you signed up with, the credentials you set, and the timezone your cadence resolves in.
• Quest data — the expeditions you joined, the photographic logs you filed, cadence counts, drop entitlements, and any notes you attached to a session.
• Device & service data — device type, app version, crash diagnostics, and request logs needed to keep the protocol upright. We retain IP addresses for fraud and abuse prevention only.

Each piece of data exists to make the protocol work. We collect:

• Account data — to identify you, secure your account, and ship the gear you earn.
• Quest data — to compute cadence, validate proof, surface progress, and unlock drops.
• Device data — to keep the platform stable, detect fraud, and meet legal obligations.
• Communications data — when you email the order, so we can respond and follow up.

The shortest section in this policy, and the most important. We do not:

• Sell, rent, or trade your personal data.
• Run third-party advertising trackers inside Resolve apps.
• Train foundation models on your photos or text without granular opt-in.
• Publish your logs publicly — your feed is yours unless you choose to share a chapter.

We work with a small set of vetted vendors that operate as data processors on our behalf. They only see what they need, only for as long as they need it, and only under contracts that mirror the obligations in this policy.

• Cloud infrastructure — hosting the database and image storage that the app runs on.
• Email and transactional delivery — verification, password reset, and drop notifications.
• Payment and shipping partners — used solely to fulfill physical drops you have unlocked.
• Analytics — privacy-first product analytics that operate on aggregated, non-identifying signals.

We may also disclose data when compelled by law, when defending the rights or safety of players and the order, or in connection with a corporate transaction — in which case the successor inherits these obligations in full.

We keep data only as long as it serves the protocol and our legal obligations.

• Active account data is retained while your account is active.
• Logs and quest history are retained for the lifetime of your account so your record stays intact.
• After account deletion, we purge personal data within 30 days, except where law requires retention (e.g. tax, fraud).
• Aggregated, anonymous metrics may be retained indefinitely for protocol analysis.

Security is a discipline, not a checkbox. The protocol uses encryption in transit and at rest, role-based access for staff, hardware-backed key management, and routine third-party penetration testing. Photographic logs are stored in segmented storage and accessed only by services that need them.

Despite the discipline, no system is invincible. If a breach occurs that affects your data, we will notify you and the relevant regulators within the windows the law requires.

Wherever you live, you can ask us to:

• Access — give you a copy of the data we hold on you.
• Export — deliver that copy in a portable, machine-readable format.
• Correct — fix any data that has gone wrong.
• Delete — end the path and erase what we hold, subject to legal exceptions.
• Object — opt out of any non-essential processing, including analytics.

Most requests can be fulfilled directly inside Settings → Data & account. Anything we cannot automate, file at protocol@resolve.app — we respond within 30 days.

Resolve is not intended for users under 16, or under the age of digital consent in their jurisdiction. We do not knowingly collect data from anyone below that bar. If you believe a minor has signed up in violation of these terms, tell us and we will delete the account.

The protocol operates globally. Your data may be processed in jurisdictions different from your own — primarily the United States and the European Economic Area. Where required, we use standard contractual clauses or equivalent safeguards to protect data moved across borders.

When the policy changes materially, we announce it in-app at least 14 days before the new version takes effect, with a plain-language summary of what shifted. Continuing to use Resolve after the effective date confirms your acceptance.

Privacy questions, data subject requests, and breach reports go to protocol@resolve.app. For everything else, see the Terms of Service.