Privacy Policy

1. Controller, Scope, and Contact

The data controller for PointFinder is David Simões Batista, the individual developer and publisher of the PointFinder iOS app, PointFinder Android app, and PointFinder web admin at pointfinder.pt and pointfinder.ch.

Privacy contact: info@pointfinder.pt

2. Personal Data We Process

We process data required to provide gameplay, operations, security, and support functions.

• Operator/admin account data: name, email, hashed password, role, refresh-token/session records.
• Player profile data: display name, device identifier, team and game membership, player access token.
• Gameplay content: check-ins, challenge responses (text and optional photo upload), review status, feedback, scores, and activity events.
• Location data: latitude/longitude updates for team live monitoring during active sessions.
• Notification data: push token and platform (iOS/APNs or Android/FCM).
• Technical/session data: auth/session state, offline queue state, local caches, and security/operational logs.

We do not sell personal data and we do not use your data for third-party behavioral advertising.

3. How We Collect Data

• Directly from you: when operators register/log in and when players join using join code or QR code.
• From your activity: gameplay actions such as NFC check-ins, submissions, reviews, and score updates.
• From your device: when permissions are granted (location, camera, photo library, notifications, NFC).
• From organizers/operators: game setup and team management data entered in web admin.

During active player sessions, iOS and Android clients send location updates periodically (approximately every 30 seconds) and after key actions (for example check-ins/submissions) for real-time mission monitoring by authorized operators.

4. Why We Process Data and Legal Bases (GDPR)

Where GDPR applies, we rely on one or more of the following legal bases:

5. App Permissions and Device Access

• Location (when in use): used for team monitoring during active gameplay.
• Camera and photo library: used for QR scanning and optional photo-based challenge submissions.
• NFC: used for base tag interactions/check-ins.
• Notifications: used for game updates and operational messages.

You can revoke permissions in your device settings. Revoking certain permissions may limit core app features.

6. Data Sharing, Recipients, and Processors

We share data only when needed to provide and secure the service:

• Push providers: Apple Push Notification service (APNs) and Firebase Cloud Messaging (FCM).
• Mapping and map assets: All platforms use MapLibre GL (an open-source, client-side map rendering library) with external tile providers. When the map view loads tiles, your IP address is sent to the tile provider. Tile providers used: OpenFreeMap (tiles.openfreemap.org), OpenStreetMap (tile.openstreetmap.org), CartoDB/CARTO (basemaps.cartocdn.com), and SwissTopo (vectortiles.geo.admin.ch).
• Email delivery: SMTP provider used for invites and operational notifications.
• Infrastructure: hosting, storage, networking, and security providers that process data on our behalf.
• Legal/compliance disclosures: where required by applicable law, legal process, or to protect rights and safety.

We do not sell personal data and do not share personal data with data brokers for targeted advertising.

7. International Data Transfers

Some processors may process data outside your country (including outside the EEA/UK). Where legally required, we use appropriate safeguards such as contractual data protection clauses and equivalent protection measures.

8. Retention and Deletion

We retain data only as long as needed for the purposes described in this policy, based on data type and operational/legal necessity.

• Game data (teams, players, submissions, check-ins, activity, team location): retained while game records are active; deleted when a game is deleted in primary database flows.
• Operator account/session data: retained while account is active and for a limited period thereafter for security, audit, and legal obligations.
• Push tokens: retained while needed for notifications and removed/overwritten when invalidated or no longer needed.
• Uploaded challenge files: retained with related game content and removed on game cleanup or deletion routines.
• Device-local caches: remain on device until logout, app removal, or user/device cleanup actions.
• Logs: retained for a limited period required for troubleshooting, abuse prevention, and service security.

When deletion is requested, we delete or anonymize data unless retention is required by law, dispute handling, fraud prevention, or security obligations.

9. Security Measures

• TLS (HTTPS) transport security in production.
• Password hashing (BCrypt) for operator credentials.
• Token-based authentication, refresh tokens, and role-based access control.
• Mobile secure token storage (Keychain on iOS, encrypted storage on Android).
• Access controls and operational safeguards to reduce unauthorized access risk.

No internet-connected system can be guaranteed 100% secure, but we continuously improve technical and organizational safeguards.

10. Your Privacy Rights

Depending on your jurisdiction, you may have rights to:

• Access personal data we hold about you.
• Correct inaccurate data.
• Delete your personal data.
• Restrict or object to certain processing.
• Data portability (where applicable).
• Withdraw consent at any time where processing is consent-based.
• Lodge a complaint with your local data protection authority.

Where GDPR applies, we respond to valid rights requests within the legally required timeline (typically within one month, subject to lawful extensions).

11. Account and Data Deletion

Players: players can delete their account at any time from Settings > Delete Account in the app. Operators can also remove players from their game. In both cases, all personal data (profile, display name, device identifier, push token, check-ins, and location data) is permanently deleted from our servers. Team-level data such as challenge submissions remains as anonymous team records with no link to the deleted player.

Operators/admins: operators can delete their account at any time from Settings > Delete Account in the app or web admin. Account deletion removes all personal data (name, email, credentials, push tokens, and session data). Operators must first delete or end all games they own before deleting their account.

• Some records may be retained where legally required or strictly necessary for security/fraud defense.

This page serves as the public web resource for account/data deletion as required by app store policies.

12. Children and Youth Data

PointFinder is designed for organized youth activities supervised by responsible adults. Organizers are expected to obtain any parental/guardian permissions required by local law before registering minors. We process participant data only to run and monitor authorized event activities.

13. Automated Decision-Making

PointFinder does not use automated decision-making or profiling that produces legal or similarly significant effects on users.

14. Policy Updates

We may update this policy when our product, processors, or legal requirements change. Material updates will be reflected by the "Last updated" date and, where appropriate, additional in-app or website notice.

15. Contact and Complaints

For privacy questions, rights requests, or complaints, contact info@pointfinder.pt.

If you are in the EEA/UK, you may also lodge a complaint with your national data protection authority.