GeoBlitz ("we," "our," or "us") operates the GeoBlitz mobile application and website (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Email address (required for account creation)
- Username (your public display name)
- Authentication tokens from Apple Sign-In or Google Sign-In
1.2 Gameplay Data
We collect data about how you play GeoBlitz:
- Game results — scores, rounds completed, time taken per question
- Performance ratings — your in-game skill rating (PR system)
- League participation — current league tier, promotion/demotion history
- Streaks — daily play streaks and milestone dates
1.3 Device Information
- Device type and operating system version
- Session identifiers (used for crash reporting and analytics)
- Installation timestamp
1.4 Advertising Identifiers
On iOS, with your consent (via App Tracking Transparency), we may collect:
- Identifier for Advertisers (IDFA) — used to deliver personalized advertising and measure ad effectiveness
On Android, we may collect:
- Google Advertising ID (GAID) — used for the same purposes
You can opt out of personalized advertising at any time in the app Settings.
1.5 Purchase History
- Product IDs purchased (e.g., GeoBlitz Pro)
- Platform (iOS or Android)
- Transaction date (we do not store full payment card details — these are handled by Apple and Google)
1.6 Crash and Error Reports
- Stack traces and error messages — collected via Sentry
- App state at time of crash — device model, OS version, app version
- Session duration and navigation path preceding the crash
2. How We Use Your Information
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Provide the Service | Account info, gameplay data | Performance of contract |
| Sync progress across devices | Account info, game results | Performance of contract |
| Display on leaderboards | Username, performance rating, league | Legitimate interest |
| Serve advertisements | Device ID, advertising identifier | Consent (ATT on iOS) |
| Analyze app performance | Device info, crash reports, session data | Legitimate interest |
| Validate purchases | Purchase history, transaction receipts | Performance of contract |
| Send push notifications | Device token | Consent |
| GDPR data export/deletion | All personal data | Legal obligation |
3. Data Sharing
3.1 Third-Party Service Providers
We share data with the following providers, each acting as a data processor under their own privacy policies:
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Database, authentication, edge functions | Account info, gameplay data, preferences |
| Sentry | Error and crash tracking | Device info, crash reports, session IDs |
| PostHog | Product analytics | Anonymous usage events (no email, no PII) |
| Google AdMob | Advertising | Device ID, advertising identifier (with consent) |
| Apple / Google | In-app purchase validation | Transaction receipts |
3.2 No Sale of Personal Data
We do not sell, rent, or trade your personal information to third parties for their marketing purposes.
3.3 Legal Requirements
We may disclose your information if required by law, court order, or governmental authority.
4. Data Retention
| Data Type | Retention Period |
|---|---|
| Account information | Until account deletion |
| Gameplay data | 24 months after last activity |
| Crash reports | 90 days |
| Analytics events (anonymized) | 12 months |
| Purchase records | 7 years (tax compliance) |
When you delete your account, we delete all personal data within 30 days in accordance with GDPR requirements.
5. Your Rights
5.1 General Rights
You have the right to:
- Access your personal data
- Correct inaccurate personal data
- Delete your account and all associated data
- Export a copy of your data in machine-readable format
- Object to certain processing
- Withdraw consent at any time (where processing is consent-based)
To exercise any of these rights, go to Settings → Privacy in the app, or email us at support@geoblitz.app.
5.2 GDPR Rights (European Economic Area)
If you are located in the EEA, you have the following additional rights under the General Data Protection Regulation:
- Right to restriction of processing — ask us to limit how we use your data
- Right to data portability — receive your data in a structured, commonly used format
- Right to lodge a complaint — file a complaint with your local data protection authority
We respond to all GDPR requests within 30 days.
5.3 CCPA Rights (California)
If you are a California resident, you have the right to:
- Know what personal information is collected and how it is used
- Delete personal information
- Opt out of the sale of personal information (we do not sell your data)
- Non-discrimination for exercising your rights
To exercise CCPA rights, contact us at support@geoblitz.app.
5.4 Account Deletion
You can delete your account from Settings → Privacy → Delete Account. This will:
- Remove your username from public leaderboards
- Delete all gameplay data associated with your account
- Revoke authentication tokens
- Cancel active subscriptions (manage via Apple App Store or Google Play settings)
Deletion is permanent and cannot be undone.
6. Data Security
We protect your data through:
- Transport Layer Security (TLS) — all data in transit is encrypted
- Row-Level Security (RLS) on our database — prevents unauthorized access
- Server-side score validation — anti-cheat ensures game integrity
- Secure key storage — authentication tokens stored in the device keychain
7. Children's Privacy
GeoBlitz is rated for ages 4 and up (App Store) and for Everyone (Google Play). However, account creation requires email sign-in and is intended for users aged 13 and older.
We do not knowingly collect personal data from children under 13. If we become aware that a user under 13 has created an account, we will delete that account and all associated data.
8. Advertising and Analytics
8.1 Google AdMob
We use Google AdMob to display advertisements. AdMob may collect and use advertising identifiers as described in Google's Privacy Policy. You can limit personalized advertising in Settings → Privacy → Ad Personalization.
8.2 PostHog Analytics
We use PostHog to understand how users interact with GeoBlitz. PostHog events are anonymized — we do not track email addresses, names, or any directly identifying information through PostHog. You can opt out of analytics in Settings → Privacy → Analytics.
8.3 ATT (iOS App Tracking Transparency)
On iOS 14+, Apple requires apps to request permission before accessing the IDFA. When you first encounter an ad, the app will display the ATT prompt. You can grant or deny permission, or change your decision later in iOS Settings → Privacy → Tracking → GeoBlitz.
9. International Data Transfers
GeoBlitz stores data on servers in the European Union (Supabase EU region). If you are located outside the EU, your data may be transferred to and processed in a jurisdiction with different data protection laws. By using the Service, you consent to such transfers in accordance with this Privacy Policy.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Notify you via an in-app banner at next launch
- Update the "Effective Date" at the top of this page
- For significant changes, require you to accept the new policy before continuing to use the Service
11. Contact Us
Data Controller: Dimitris Grigoroudis
Email: support@geoblitz.app
Website: https://geoblitz.app
For GDPR-related requests, email privacy@geoblitz.app.