Privacy

1. Privacy at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit our website or use our app. Personal data is all data with which you can be personally identified.

Who is responsible?

Data processing is carried out by the operator of this Service. The contact details can be found in section 2.

What data is collected?

On the one hand, your data is collected when you provide it to us (e.g., registration, profile information). Other data is collected automatically when visiting the website or using the app. This particularly concerns technical data (e.g., device information, IP address) as well as — within the context of the game — GPS location data.

What do we use your data for?

Part of the data is collected to ensure the error-free provision of the Service. Location data is collected to enable the GPS-based gameplay. Other data may be used to analyze user behavior, improve the game, or display personalized advertising.

What rights do you have?

You have the right at any time to receive free information about the origin, recipient, and purpose of your stored personal data. You also have the right to request the correction, blocking, or deletion of this data. For this purpose, as well as for further questions regarding privacy, you can contact us at any time at the address given in section 2. Furthermore, you have a right to lodge a complaint with the competent supervisory authority.

2. Responsible Party

The responsible party for data processing is:

RCR Interactive
Kuhlweinstraße 6
28359 Bremen
Germany

Email: runcatchrepeat@gmail.com

The responsible party is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data.

3. Legal Bases of Processing

We process personal data based on the following legal bases of the GDPR:

Art. 6 (1) lit. a GDPR (Consent): If you have given us your consent to process data, e.g., for the use of location data, push notifications, or personalized advertising.

Art. 6 (1) lit. b GDPR (Performance of a contract): If the processing is necessary for the performance of the user agreement (provision of the game and its functions) — e.g., registration, game statistics, in-app purchases.

Art. 6 (1) lit. f GDPR (Legitimate interest): If the processing is based on our legitimate interest, e.g., troubleshooting (Crashlytics), fraud prevention (App Check), analysis for product improvement (Analytics).

4. Location Data and GPS Tracking

Run Catch Repeat is a location-based game where GPS data plays a central role. This section describes in detail how we collect and use location data.

4.1 What location data is collected?

During an active game round, we collect the following data from your device:

— GPS coordinates (latitude and longitude)
— Accuracy of location determination (in meters)
— Speed
— Timestamp of the recording (UTC)
— Your game role (Runner or Catcher)

4.2 How often is location data recorded?

During an active game round, GPS positions are recorded at regular intervals (approx. every 10 seconds for Team Leaders, approx. every 30 seconds for other team members). No GPS tracking takes place outside of active game rounds.

4.3 Background Location Access

During an active game round, the app requires access to your location even in the background (when the app is minimized or the screen is locked). This is necessary so that your position continues to be transmitted to the other players and the game functions correctly. The background location access is used exclusively during active game rounds and stops automatically as soon as the round is finished.

4.4 Sharing Location Data with Other Players

A core mechanism of the game is that location data is shared with the opposing team with a time delay. This means:

— The Catcher team receives the location of the Runner team with a configurable delay (default is 10 minutes).
— The Runner team also receives the location of the Catcher team with a delay.
— In certain game situations (e.g., Final Phase, Veto Penalty, specific abilities), locations are temporarily shared in real-time.

This sharing takes place exclusively with the players in the same game round and is absolutely necessary for the game's functionality.

4.5 Storage and Deletion of Location Data

During the game round, GPS data is stored in our database (Firebase Firestore). After the game ends, the individual GPS pings are aggregated into a combined route, and the individual pings are deleted. The aggregated route (start/end point, total distance, route path) is stored as part of the game history and can be viewed by the player in the results screen. When you delete your account, all associated game results and route data are deleted.

4.6 Legal Basis

The processing of location data is based on your consent (Art. 6 (1) lit. a GDPR). You grant this consent by granting the location permission on your device. You can revoke this consent at any time by withdrawing the location permission in your device settings. In this case, the use of the GPS-based main game is no longer possible; other game modes (Daily Puzzle, PvP Challenge) remain usable.

5. Registration and User Account

5.1 Firebase Authentication

Registration is required to use the app. We use Firebase Authentication (Google Ireland Ltd.) for account management. The following data is collected and stored:

— Email address
— Password (stored encrypted, not visible to us)
— Firebase User ID (UID)
— Display name (freely selectable)
— Profile picture (optional, uploaded by the user)

5.2 Google Sign-In

Alternatively, you can log in with your Google account. In this case, we receive your name, email address, and profile picture from Google. Further information can be found in the Google Privacy Policy.

5.3 Player Profile and Statistics

In the course of using the app, the following game-related data is saved to your profile:

— Game statistics (rounds played, wins, losses, Elo rating)
— Experience points (XP) and level
— Coins (in-game currency)
— Total distance run and total playtime
— Completed tasks, achieved goals, used abilities
— Purchased content (skins, emotes, decks)

Legal basis: Art. 6 (1) lit. b GDPR (Performance of a contract — this data is required for the game functionality).

6. Game-Related Data Processing

6.1 Game Rounds and Results

For each played round, we save game results (points, XP, coins, Elo change), the role (Runner/Catcher), the route path (aggregated), completed tasks, and used abilities. This data is used for leaderboards, game history, and to calculate your statistics.

6.2 Photos (Camera Access)

When a Runner reaches a goal, a photo is taken as proof. This photo is stored in Firebase Storage and is visible to the other players in the results view of the respective round. Camera access takes place exclusively on your initiative (you trigger the capture manually). Legal basis: Art. 6 (1) lit. a GDPR (Consent by granting the camera permission).

6.3 Chat Messages

The app offers an in-game chat function as well as a matchmaking system with direct messages. Chat messages are stored in Firebase Firestore and are only visible to the involved players.

6.4 Game Notifications (In-Game)

During a game round, notifications (e.g., "Goal reached", "Catch attempt") are stored in the database so that all team members are informed. This data is part of the game round and is stored with the lobby.

7. Camera Access and Photos

The app requires access to your device's camera to take photos when game goals are reached. The captured photos are uploaded to Firebase Storage (Google Cloud) and saved as part of the game result. The photos are exclusively visible to the players of the respective round in the results view. You can revoke the camera permission at any time in your device settings. In this case, you will no longer be able to complete goals in the main game.

8. Push Notifications

We use Firebase Cloud Messaging (FCM) for push notifications. If you allow push notifications, a device-specific token (FCM Token) is generated and stored on our servers. This token does not contain personal information but serves to deliver notifications to your device (e.g., matchmaking requests, game invitations). You can disable push notifications at any time in your device settings. Legal basis: Art. 6 (1) lit. a GDPR (Consent).

9. In-App Purchases

The app offers in-app purchases (coin packages). Payment processing is handled entirely via the Google Play Store (Google) or the Apple App Store (Apple). We do not receive or store any payment or credit card data. We only receive a confirmation of the successful purchase (transaction ID, product ID) to credit the purchased in-game currency. For iOS, purchase receipts are validated server-side using Apple signatures; no personal payment data is processed in the process.

Further information on payment data processing can be found in the privacy policies of Google and Apple.

10. Advertising (Google AdMob)

The app displays advertising via Google AdMob (Google Ireland Ltd.). AdMob may use your device's advertising ID (GAID on Android, IDFA on iOS) to show personalized ads. The following data may be transmitted to Google and advertising partners in the process:

— Device advertising ID
— IP address
— Device information (model, operating system)
— Interactions with ads

We exclusively use Rewarded Ads, which you can voluntarily watch to earn in-game currency.

App Tracking Transparency (iOS)

On iOS devices, you will be asked for permission in accordance with Apple's App Tracking Transparency (ATT) Framework before your IDFA is used for advertising purposes. If you deny permission, no personalized advertising will be displayed; you can still use Rewarded Ads.

Further information: Google AdMob Privacy Policy.
Legal basis: Art. 6 (1) lit. a GDPR (Consent).

11. Firebase and Google Services Used

We use various services from Google/Firebase (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland). Below is an overview:

11.1 Firebase Firestore

Cloud database for storing all game-related data (player profiles, game rounds, statistics, chat messages, GPS data). Legal basis: Art. 6 (1) lit. b GDPR (Performance of a contract).

11.2 Firebase Storage

Cloud storage for user-uploaded content (profile pictures, goal photos). Legal basis: Art. 6 (1) lit. b GDPR.

11.3 Firebase Cloud Functions

Server-side processing of game logic (GPS interval calculation, game result calculation, Elo rating). No additional personal data is collected. Region: europe-west3 (Frankfurt).

11.4 Firebase Analytics

We use Firebase Analytics to analyze app usage. In doing so, device information (model, OS version), app usage data (session duration, functions used), and roughly estimated location data (based on IP address, not GPS) are automatically recorded. The data is anonymized and aggregated for product improvement. Legal basis: Art. 6 (1) lit. f GDPR (Legitimate interest in product improvement).

11.5 Firebase Crashlytics

We use Firebase Crashlytics to detect and analyze app crashes. This automatically creates crash reports containing device information (model, OS version, memory), the state of the app at the time of the crash, and an anonymized installation ID. No location data or personal content is transmitted in crash reports. Legal basis: Art. 6 (1) lit. f GDPR (Legitimate interest in troubleshooting).

11.6 Firebase App Check

We use Firebase App Check to ensure that only authentic app installations can access our backend services. This involves device attestation; no personal data is collected. Legal basis: Art. 6 (1) lit. f GDPR (Legitimate interest in fraud prevention).

11.7 Google Maps SDK

The app uses the Google Maps SDK for map display. When used, data is transmitted to Google (IP address, map section). The Google Privacy Policy applies. Legal basis: Art. 6 (1) lit. b GDPR (Performance of a contract — map view is necessary for the game).

12. Data Transfer to Third Countries

Our Firebase Cloud Functions run in the europe-west3 region (Frankfurt, Germany). However, some Google/Firebase services may process data on servers in the USA or other third countries. Google is certified under the EU-US Data Privacy Framework, which ensures an adequate level of data protection. In addition, the Google Cloud Standard Contractual Clauses (SCCs) apply.

Further information: Firebase Privacy and Security.

13. Storage Duration

We only store personal data for as long as it is necessary for the respective purpose:

Individual GPS pings: Stored during the game round and aggregated after the game ends. The individual pings are subsequently deleted.

Aggregated route data: Permanently stored as part of the game history until the account is deleted.

Game results and statistics: Permanently stored until the account is deleted.

Profile pictures and goal photos: Permanently stored until the account is deleted.

Chat messages: Permanently stored until the account is deleted.

User account: Stored until you request deletion.

Crashlytics data: 90 days (Firebase standard).

Analytics data: 14 months (Firebase standard), automatically deleted thereafter.

14. Account Deletion

You can delete your user account at any time via the app (Settings → Delete Account). Upon deletion, the following data is permanently removed:

— Your Firebase Authentication account
— Your player profile and all statistics
— Your game results (game_results)
— Your uploaded photos (profile picture, goal photos)
— Your chat messages
— All GPS and route data

The deletion is final and cannot be reversed. The processing is fully automated via a server-side Cloud Function.

15. Children and Minors

Run Catch Repeat is not specifically aimed at children. The app does not contain an age restriction, however, we recommend that minors only use the app with the knowledge and consent of a legal guardian — particularly due to the GPS tracking in the main game. If legal guardians become aware that their child has transmitted personal data to us without their consent, we ask you to contact us at runcatchrepeat@gmail.com so that we can delete the data.

16. Data Collection on the Website

16.1 Server Log Files

The host of the website automatically collects information in server log files that your browser automatically transmits (browser type and version, operating system, referrer URL, IP address, time of the request). This data is not merged with other data sources. Legal basis: Art. 6 (1) lit. f GDPR (Legitimate interest in the secure provision of the website).

16.2 Cookies

The website partially uses cookies. Cookies are small text files stored on your device. Most of the cookies we use are session cookies, which are automatically deleted after the end of your visit. You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases. If cookies are disabled, the functionality of the website may be restricted.

16.3 Contact Form

If you send us inquiries via the contact form, your details from the form, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry. We do not pass on this data without your consent. Legal basis: Art. 6 (1) lit. b GDPR.

16.4 Seasonal Events on the Website

For seasonal events (e.g., Easter egg hunt), registration on the website via Firebase Authentication (Email or Google Sign-In) may be required. In this context, the provisions described in Section 5 apply. Event-related data (e.g., redeemed codes) is deleted within 30 days after the end of the event.

17. Overview of Used Third-Party SDKs

The app integrates the following third-party SDKs, which may process data independently:

Privacy Policy of Google/Firebase: firebase.google.com/support/privacy

18. Your Rights as a Data Subject

According to the GDPR, you have the following rights:

Right of access (Art. 15 GDPR): You have the right to request information about your personal data stored by us.

Right to rectification (Art. 16 GDPR): You have the right to request the correction of incorrect data.

Right to erasure (Art. 17 GDPR): You have the right to request the deletion of your data. An automatic deletion function is available for this in the app (see Section 14).

Right to restriction of processing (Art. 18 GDPR): You have the right to request the restriction of processing of your data.

Right to data portability (Art. 20 GDPR): You have the right to request your data in a structured, machine-readable format.

Right to object (Art. 21 GDPR): You have the right to object to the processing of your data, provided it is based on legitimate interest.

Withdrawal of consent: You can withdraw any consent granted (e.g., location access, camera, push notifications, ad tracking) at any time — via the device settings or by contacting us.

Right to lodge a complaint: You have the right to file a complaint with a supervisory authority. The responsible authority is the State Commissioner for Data Protection and Freedom of Information of the State of Bremen.

For all inquiries, please contact: runcatchrepeat@gmail.com

19. Changes to this Privacy Policy

We reserve the right to adapt this privacy policy to adjust it to changing legal situations or in the event of changes to the Service. The current version can always be found on this page. In the event of material changes, we will inform you via the app or by email.

© Run Catch Repeat. All rights reserved.

Legal Notice Privacy Policy