Privacy Policy

Effective Date: March 26, 2026

Introduction

Hopscotch is a digital wallet app that helps you organize your loyalty and membership cards. This privacy policy explains what information the app collects, how it's used, and how it's protected.

Hopscotch is developed by Acorn Designs, LLC ("we," "us," or "our"), operated by Rob Stout. We believe your data is yours. We've designed this app to keep your information private and secure.

This policy applies to Hopscotch on all platforms, including iOS, Android, and Apple Watch. This app is intended for users 13 and older.

Information We Collect

Information Stored on Your Device

When you use Hopscotch, the following information is stored locally on your device:

• Card information: Store names, barcode numbers, barcode types, and any notes you add
• Location data: The addresses and geofence coordinates you set for each card
• App settings: Your preferences for how the app behaves

On iOS, this data is stored using Apple's SwiftData framework. On Android, this data is stored using Room (SQLite) database. In both cases, data remains on your device. We do not have access to this information.

Information You Provide

• Camera access: When you scan a barcode, the app uses your camera to read the barcode number. No photos are captured, stored, or transmitted.
• Location coordinates: When you set a geofence for a card, you provide an address and radius. This information is stored on your device.

How We Use Your Information

Location Services

Hopscotch uses your location to show you the right card when you arrive at a store:

• Geofencing: When you set a location for a card, your device monitors when you enter that area and triggers a notification
• Background location: This is processed entirely on your device. We do not collect, transmit, or store your real-time location
• Location coordinates are only sent to our server when you choose to add a card to your device's wallet (see below)

You control location permissions in your device's Settings. The app's geofencing features require location access to function.

Camera

The camera is used only to scan barcodes. No images are saved or transmitted. The app only extracts the barcode number and type from the scan.

Wallet Pass Generation

When you add a card to Apple Wallet (iOS) or Google Wallet (Android), the following data is sent to our server (hosted on Vercel):

• Card name
• Barcode number and type
• Card color
• Location coordinates (for relevant locations on the pass, Apple Wallet only)

Our server uses this information to generate and digitally sign a wallet pass, which is then returned to your device. We do not store this data on our server. It is processed in real-time and discarded immediately after the pass is generated. As is standard with web hosting, Vercel (our hosting provider) may collect server access logs including IP addresses and timestamps. These logs are controlled by Vercel and subject to Vercel's data retention policies. See Vercel's Privacy Policy for details.

Wallet Pass Analytics

We track aggregate counts of wallet passes saved and removed (e.g., total number of cards added to Google Wallet or Apple Wallet). This data is anonymous — we do not track which users saved which passes, and no personally identifiable information is associated with these counts.

Local Notifications

When you enter a geofenced area, the app sends a local notification to alert you. These notifications are generated on your device. No notification data is sent to external servers.

Location Search

When you search for a business location to set a geofence, the app uses Google Places API to provide accurate search results. Your search query and approximate location are sent to Google to return relevant results. See Google's Privacy Policy for details on how Google handles this data.

Information We Don't Collect

• No user accounts: The app does not require registration, login, or authentication
• No analytics or tracking: We do not use analytics services, advertising networks, or any third-party SDKs that track your behavior
• No personal information: We do not collect your name, email, phone number, or any other personally identifying information
• No browsing history or usage patterns: We do not track how you use the app

Data Storage and Security

• Local storage: All app data is stored on your device using platform-native secure storage
• Cloud sync: Currently, the app does not sync data to iCloud or Google cloud services (this may change in future versions)
• Server communication: The only server communication occurs when generating wallet passes and searching for business locations. These connections use HTTPS encryption
• Device security: Your data is protected by your device's passcode, biometric authentication, or screen lock

Third-Party Services

The app uses the following external services:

• Vercel (pass generation server): When you add a card to Apple Wallet or Google Wallet, your card data is sent to a server hosted on Vercel to generate the pass. Vercel may collect server access logs (IP addresses, timestamps) as part of their hosting service. See Vercel's Privacy Policy for details.
• Google Places API: When you search for a business location, your query and approximate location are processed by Google. See Google's Privacy Policy for details.
• Upstash (anonymous analytics): Aggregate pass save/remove counts are stored using Upstash Redis. No personal data is stored. See Upstash's Privacy Policy for details.

We do not use any advertising networks, analytics platforms, or other third-party tracking services.

Children's Privacy

Hopscotch is intended for users 13 and older. We do not knowingly collect information from children under 13. The app is not directed at children. If you believe a child under 13 has provided information through the app, please contact us so we can address it.

Your Rights

Because all data is stored locally on your device:

• Access: You can view all your data within the app
• Delete: You can delete individual cards or all data by deleting the app
• Export: Currently, there is no export feature (this may be added in future versions)

If you have questions about data sent to our wallet pass server, contact us at hello@acorndesign.studio.

Changes to This Policy

We may update this privacy policy from time to time. If we make significant changes, we will update the effective date at the top of this document and display a notice within the app.

Data Retention

• On your device: Data persists until you delete cards or uninstall the app
• On our server: No card data is retained. Pass generation data is processed and immediately discarded. Only anonymous aggregate counts (total passes saved/removed) are retained.

European Users (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the following applies:

Legal basis for processing. When you generate a wallet pass, we process your card data based on your explicit request (performance of a contract — you initiated the action to create a pass). When you use location search, your query is processed by Google based on legitimate interest in providing accurate search results.

Data transfers. Our wallet pass server is hosted on Vercel, which may process data in the United States and other regions. Vercel complies with GDPR data transfer requirements via Standard Contractual Clauses. Google Places API data is processed under Google's own GDPR compliance framework.

Your rights under GDPR. In addition to the rights listed above, you have the right to:

• Restriction of processing: Request that we limit how your data is used
• Data portability: Receive your data in a portable format (all data is already on your device)
• Object to processing: Object to data processing based on legitimate interest
• Lodge a complaint: File a complaint with your local data protection authority

Because we do not retain personal data on our servers (card data is processed and immediately discarded), most data subject requests are fulfilled by the fact that all your data is on your device and under your control. To exercise any rights or ask questions, contact us at hello@acorndesign.studio.

California Privacy Rights (CCPA/CPRA)

If you are a California resident, the following applies:

Categories of personal information collected. We do not collect personal information directly. When you use location search, your search query and approximate location are processed by Google (see Third-Party Services). When you generate a wallet pass, your card data (name, barcode, color, coordinates) is transmitted to our pass server and immediately discarded — not stored or retained by us.

Sale or sharing of personal information. We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.

Your rights. You have the right to know what personal information is collected, to request deletion, and to opt out of sale or sharing. Because we do not retain personal information on our servers, there is no data to access or delete from our systems. Your card data is stored entirely on your device and under your control.

To submit a request, contact us at hello@acorndesign.studio.

International Users

The app is developed and operated in the United States. The wallet pass server is hosted on Vercel's infrastructure, which may process data in various regions. By using the app, you acknowledge that data processed through our server may be transferred to and processed in the United States.

Contact

Acorn Designs, LLC
2035 Walton Creek Road
Steamboat Springs, CO 80487
Email: hello@acorndesign.studio