pocketgg

Privacy Policy

start.gg API & Authentication

pocketgg uses start.gg's GraphQL API to retrieve data, such as tournament details. To access any information in the app, you must log in to start.gg via its OAuth 2.0 flow. The OAuth 2.0 flow allows third party applications (in this case, pocketgg) to access and utilize information about the user (for example, displaying a list of your recent tournaments in pocketgg). The OAuth 2.0 flow involves typing in your username and password in order to log into start.gg and authorize pocketgg, however neither your username or password are stored by pocketgg; the authentication is done on start.gg itself, and pocketgg is never given access to your password.

At the end of a successful authentication flow, the start.gg servers will send pocketgg an access token, which is subsequently used to fetch data from start.gg's servers. The access token is stored securely on the user's iOS Keychain, and is never sent to an external server (besides being used for authentication for start.gg's servers). A refresh token is also returned from the start.gg servers, this is used to periodically refresh the access token, and ensure that the user's session remains valid.

Both the access and refresh token do not provide pocketgg access to your start.gg password, and any personal details displayed in pocketgg (eg. the profile screen with your gamertag and recent tournaments) are never sent to an external server.

To learn more about the OAuth 2.0 flow, please visit start.gg's OAuth Overview, as well as the official OAuth 2.0 specification.

Location

pocketgg includes an option to only load tournaments near your location. If this option is enabled, pocketgg will send a location services request, at which point a system dialog will appear, asking for permission to grant pocketgg one-time access to your location. If granted, your current location is saved to pocketgg in the form of latitude/longitude coordinates, which are sent to start.gg during API requests to only have tournaments near those coordinates returned. This feature is completely optional, the location is never linked to the user's identity, and the information is never stored on an external server.

To learn more about the privacy of Location Services on iOS, please visit Apple's article about privacy and Location Services in iOS, iPadOS, and watchOS.

Changes to this Privacy Policy

This Privacy Policy may be updated from time to time. Please check this page periodically for any changes.


Last Updated: September 21, 2024