1. Who is responsible
The controller under the EU General Data Protection Regulation (GDPR / DSGVO) is:
Restless UG (haftungsbeschränkt), Hamburg, Germany — full imprint to follow
Email: support@urban-passport.com
A separate legally required imprint (Impressum) will provide the full registered address, register details, and managing director information once finalized.
2. Scope of this policy
This policy covers the Urban Passport iOS app, a city-collection game: you collect city clues, visit real places, and earn stamps and cards for your personal passport.
It does not cover third-party services with their own privacy policies, such as the Apple App Store.
3. How little we collect
- We do not track you across other apps or websites. Urban Passport does not use the advertising identifier, advertising SDKs, or cross-app tracking domains.
- We do not intend to sell or share your personal data for cross-context behavioural advertising.
- There is no background location tracking and no location history or movement trail. For stamps, we store the verification result and anti-spoof check metadata, not raw coordinate trails.
- The only automated evaluation we perform is the geofence check that decides whether a stamp you deliberately try to earn is valid. This is a game mechanic and has no legal or similarly significant effect on you.
4. Account data
Urban Passport supports three ways to use the app:
- Anonymous / guest use. You can start playing without a name or email. A random technical User ID is created at first launch so your passport, stamps, and progress can be saved and returned to you.
- Email + password account. You may add an email address and password to secure your account and sign in on another device.
- Sign in with Apple. You may link your account using Apple's sign-in. If you use Apple's Hide My Email relay, we receive only the relay address.
| Data we store | When | Why | Linked to your identity? |
|---|---|---|---|
| User ID (random account identifier) | Always, from first launch | Save and return your passport, stamps, cards, and progress | Yes. This is the account key. |
| Name / display name | Only if you provide one | Personalise your profile and show friends who you are when social features are used | Yes |
| Email address, including an Apple private-relay address if used | Only with an email account or Apple sign-in | Account security, sign-in, and recovery | Yes |
| Password | Only for email accounts | Stored only as a secure hash by our auth provider; we never see the plaintext password | Yes |
Providing data is optional except the technical minimum. A random User ID is required to run the app. Name and email are optional and only stored if you choose to add them. If you do not provide name or email, some features such as cross-device sign-in and social features are unavailable.
Where you use Apple's relay, the relay email address is received from Apple, not from you directly.
Legal basis
We process account and game data to provide the app and save your passport, stamps, cards, and progress. Account security and abuse prevention are handled on the basis of our legitimate interest in keeping the service safe and functional.
5. Location data
- Foreground only. Urban Passport uses location only while you are using the app. We do not request Always/background location and do not run background location tasks.
- Just in time. We ask for location permission only when you first open the map or try to earn a stamp, not at signup.
- No history, no trails. We do not build or keep a record of where you have been over time.
Where your coordinates go, and why
- To our own server at stamp time. We verify by geofence that you are actually at the place. We store the result plus anti-spoof verification metadata: the place, timestamp, GPS accuracy in metres, computed distance to the place, device-signal evidence including a mock-location/emulator flag, and where applicable an implied-speed check.
- To Mapbox while you use the map. Mapbox draws the map and calculates routes. Mapbox may process location coordinates while the map is in use, along with technical request data such as IP address.
You can turn location off in iOS Settings at any time. The app still works, but you cannot earn location-verified stamps.
Legal basis
Stamp verification is processed to provide the game mechanic you deliberately trigger. Map and routing data is processed so the app can show places and routes while you are using it.
6. Diagnostics
To keep the app stable we use Sentry to collect crash reports, performance data, and other diagnostic data when something breaks or is slow.
We aim to minimise personal data in diagnostics. JavaScript error events pass through a scrubbing step before they are sent. Native device-level crash reports may rely on Sentry-side scrubbing.
Diagnostics are processed on the basis of our legitimate interest in keeping the service secure and functional.
7. Service providers
These providers help us run Urban Passport. They process personal data on our behalf or as part of their own app-platform role.
| Provider | Role | Data it touches | Hosting / region |
|---|---|---|---|
| Supabase | Backend, auth, database | User ID, name, email, hashed password, stamps, cards, progress, and stamp-verification results | EU region intended |
| Mapbox | Maps and routing | Location coordinates while the map is in use; technical request data | USA |
| Sentry | Crash and performance monitoring | Diagnostic data, which may include a technical User ID | EU region intended |
| Apple | App distribution and Sign in with Apple | Apple sign-in tokens and relay email if used | Per Apple |
| RevenueCat | In-app purchase management | Currently inactive / not in use | Not active |
8. International data transfers
Most processing is intended to happen in the EU. However, Mapbox processes location and technical request data in the USA, and Apple processing may occur outside the EU.
Where personal data is transferred to countries outside the European Economic Area, we rely on appropriate safeguards under Chapter V GDPR where required, such as the European Commission's Standard Contractual Clauses or a provider's EU-US Data Privacy Framework certification where applicable.
9. Retention and deletion
- Account data such as User ID, name, email, passport, stamps, cards, and progress is kept while your account exists and deleted when you delete your account.
- Stamp-verification results and anti-spoof metadata are part of your passport and deleted with your account.
- Diagnostics and server/access logs are kept only for an operational window and then age out automatically. Exact retention periods are being finalized.
- Deletion tombstone records may be used internally to avoid reactivating deleted identities. Their retention period is being finalized.
- Statutory retention may apply if payments or other legally relevant records are introduced later.
Deleting your account
The app is designed so you can delete your account and associated data from within the app. Go to You → Account → Delete. The deletion flow removes application data such as profile, stamps, cards, study records, score ledger, friendships, and session participation, then removes the login identity. Ended multiplayer sessions you hosted may be kept as shared history with your identity anonymised.
If you cannot access the app, contact support@urban-passport.com.
10. Your rights
Under the GDPR you have the right to access, rectification, erasure, restriction of processing, data portability, objection to legitimate-interest processing, withdraw consent at any time where processing is consent-based, and lodge a complaint with a supervisory authority.
To exercise any right, contact support@urban-passport.com. We may need to verify your identity before acting on a request.
For California residents, Urban Passport does not intend to sell or share personal data for cross-context behavioural advertising. If California privacy rights apply to you, contact us at the same address.
11. Children
Urban Passport is not directed to children and is not intended for users under the age required by law. We do not knowingly collect data from children below that age. If you believe a child provided us data, contact support@urban-passport.com and we will delete it.
12. Security
We protect your data with technical and organisational measures, including row-level security on our database, server-only handling of privileged keys, encrypted transport, and diagnostics minimisation.
13. Changes to this policy
We may update this policy as the app changes, for example if in-app purchases, partner rewards, or new providers are introduced. We will update the Last updated date and, for material changes, notify you in the app.
14. Contact
Restless UG (haftungsbeschränkt), Hamburg, Germany — full imprint to follow
Email: support@urban-passport.com