Privacy Policy

Journey Catcher ApS ("we," "us," or "our") operates the JourneyCatcher mobile application and related services (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our location-based adventure and scavenger hunt application.

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws. Please read this policy carefully. By using JourneyCatcher, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Username
• Email address
• Password (stored securely using encryption)

1.2 Location Data

Our core functionality requires access to your device's GPS. We collect:

• Real-time GPS coordinates during active gameplay sessions
• Location data associated with adventures you create or complete

Important: Location tracking is only active when you are actively playing an adventure. We do not track your location in the background when the app is closed or when you are not engaged in gameplay.

1.3 Adventure and Session Data

We collect data related to your use of the Service:

• Adventure progress and completion status
• Session timing and duration
• Number of attempts per location
• Hints used during gameplay

1.4 User-Created Content

If you create adventures, we store:

• Adventure titles, descriptions, and story text
• Location coordinates for adventure stops
• Riddles, answers, and hints you create
• Photos you upload for locations
• Translations in supported languages (English, Danish, German, French, Spanish)

1.5 Device and Technical Information

We automatically collect certain technical information:

• Device type and operating system
• App version
• Language preferences
• Error logs and crash reports

2. How We Use Your Information

We use the collected information for the following purposes:

• Provide the Service: Enable core gameplay features including location verification, progress tracking, and adventure creation
• Account Management: Create and manage your user account, authenticate your identity
• Improve the Service: Analyze usage patterns to enhance features and user experience
• Communication: Send service-related notifications and respond to your inquiries
• Safety and Security: Detect and prevent fraud, abuse, or unauthorized access
• Legal Compliance: Comply with applicable laws and legal obligations

3. Legal Basis for Processing (GDPR)

Under the GDPR, we process your personal data based on the following legal grounds:

• Consent: For location data collection during gameplay. You can withdraw consent at any time through your device settings.
• Contract Performance: Processing necessary to provide the Service you requested when creating an account.
• Legitimate Interests: For improving our Service, ensuring security, and analyzing usage patterns.
• Legal Obligation: When required to comply with applicable laws.

4. Data Sharing and Disclosure

We do not sell your personal data. We may share your information in the following circumstances:

• Service Providers: We use third-party services to host our backend (Railway) and database (PostgreSQL). These providers process data on our behalf under strict data processing agreements.
• Google Maps: We use Google Maps SDK to display maps and provide location-based features. When you use the app, Google may collect certain data including your IP address and location data in accordance with Google's Privacy Policy.
• Public Adventures: If you create public adventures, certain information (adventure content, your username as creator) will be visible to other users.
• Legal Requirements: We may disclose information if required by law, court order, or governmental authority.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.

5. Data Retention

We retain your personal data for as long as necessary to provide the Service and fulfill the purposes described in this policy:

• Account Data: Retained until you delete your account
• Adventure Session Data: Retained for historical tracking and statistics while your account is active
• Location Data: Session location data is processed in real-time and not stored long-term beyond what is necessary for gameplay verification
• User-Created Content: Published adventures remain part of our content library permanently to ensure continuity for other users, even after account deletion. Personal data associated with content (creator identity) can be anonymized upon request

6. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), you have the following rights:

• Right of Access: Request a copy of your personal data we hold
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten"). Note: While personal information can be deleted, published adventures remain on the platform to preserve content continuity for other users
• Right to Restrict Processing: Request limitation of how we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time for consent-based processing

To exercise these rights, please contact us at simon@journeycatcher.dk. We will respond to your request within 30 days.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes secure data transmission (HTTPS), encrypted password storage, and access controls to our systems. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

8. International Data Transfers

Your data may be processed on servers located outside your country of residence, including in the United States (where our hosting provider Railway operates). When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

9. Children's Privacy

JourneyCatcher is not intended for children under the age of 13 (or 16 in some EEA countries). We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information. If you believe we have collected information from a child, please contact us immediately.

10. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Effective Date" at the top. For significant changes, we may also notify you via email or in-app notification. We encourage you to review this policy periodically.

12. Contact Us

If you have any questions about this Privacy Policy, your personal data, or wish to exercise your rights, please contact us: