Privacy statement

Which data we process when you use CiphersCity, why, and what rights you have.

CiphersCity is provided by L. Genzel, based in Zwolle (Dutch CoC no. 08214517). Questions about privacy? Email info@appdevelop.nl.

This statement explains which personal data we process when you use CiphersCity, why, and what rights you have. We process no more than is needed for the app to work.

What data we process

  • Anonymous play. By default you play anonymously. We store a random device token and your progress in a route (solved questions, hints, completion). This is not traceable to you as a person. You can use this device token as a recovery code to restore your walked tours on another device; keep the code to yourself and do not share it.
  • Location. During a route, the app uses your location to determine whether you are at a stop. Your location is used on your device and not stored by us as a location trail. Only when you navigate to a stop does the app request the walking route from the OpenStreetMap routing service; like the map tiles, it receives your IP address and your position. We do not store those positions. The map uses map data from OpenStreetMap; to load the map tiles, your IP address is sent to OpenStreetMap's servers.
  • Photos. If you upload a photo for a task, we store it to show it (after review) at the stop. You are responsible for what you upload: do not do this if recognisable people who did not consent appear in it. When you upload it, we automatically strip the photo's metadata (including the capture location/GPS), so it is neither stored nor shown.
  • Error reports. If you report a possible error, we store the text of your report and which route/stop it concerns. Do not include personal data here.
  • Reviews. If you leave a review after a tour, we keep the star rating, the name you enter and your comment (the free text). After moderation, these are shown publicly with the route (in the app and on our website). Please enter only your first name or a nickname, no contact details or other personal data; you can request removal at info@appdevelop.nl.
  • Donations and payments. If you make a voluntary donation (or, in future, a payment), it runs through our payment provider Stripe. We only receive whether a payment succeeded and do not store card details; Stripe processes your payment data under its own privacy policy.

Why and on what basis

  • Providing the service (starting a route, saving progress, processing a donation): performance of the contract.
  • Moderating photos and reports and keeping the service safe: our legitimate interest.
  • Meeting legal obligations (for example, payment administration): legal obligation.

How long we keep data

We do not keep data longer than necessary:

  • Anonymous play sessions (with a device token/recovery code) are made irreversible after 12 months: we erase the device token, so your play history can no longer be restored with your device.
  • Handled error reports are deleted after 6 months.
  • Rejected reviews and photos are deleted within 30 days.
  • Payment and donation records are kept for as long as the law requires (tax retention: 7 years in the Netherlands).

Sharing with others

We do not sell your data. We only share it with service providers that help us run the app, such as our hosting provider, the payment provider (Stripe) and the map service OpenStreetMap (to display the map), and only as far as necessary.

Transfers outside the EEA

Some service providers may process your data outside the European Economic Area (EEA), for example our payment provider Stripe. Where this happens, the transfer relies on appropriate safeguards, such as the European Commission's standard contractual clauses or an adequacy decision, and only as far as necessary.

Your responsibility

You are responsible for the data you enter or upload. Do not put other people's personal data in reviews or error reports, and do not upload photos of recognisable people without their consent.

Your rights

You have the right to access, correct, delete and restrict your personal data, the right to object to processing, and the right to data portability. Where you have given consent for something, you can withdraw it at any time. Send your request to info@appdevelop.nl. You may also lodge a complaint with the competent data protection authority.

Security

We take appropriate technical and organisational measures to protect your data, including password hashing and secure connections.

Changes

We may update this statement. The most recent version is always available on this page and in the app.