Privacy Policy for Stryked

Last Updated: December 8, 2025

Updated to accurately reflect analytics data collection practices and provide enhanced data processing details

1. Information We Collect

1.1 Location Data

We collect and process your precise location data to enable the core functionality of Stryked.

What location data we collect:

• GPS coordinates (latitude and longitude)
• Altitude, speed, and direction of travel
• Location accuracy and timestamp
• Device motion data (accelerometer, gyroscope, magnetometer) for anti-spoofing

When we collect location data:

• Continuously while the app is open
• Periodically in the background (every 30 minutes when you enable background location services) to detect nearby trophies and validate visits
• When you are near a trophy location (within 1000 meters)
• When you visit a trophy (within 50 meters)

Why we collect location data:

• Essential: To detect nearby trophies and validate your visits
• Analytics (optional): To understand how users discover and interact with trophies (only if you grant Behavioral Analysis consent)
• Anti-Fraud: To prevent location spoofing and ensure fair gameplay

1.2 Photos and Media

We collect photos you upload as part of the Snapventure feature.

• Photos you capture or select for Snapventures
• We do not intentionally collect embedded photo metadata (EXIF). Images are processed and re-encoded during upload.
• Photo thumbnails for display purposes

Snapventure location: If a fresh location is available at the moment you upload, we may store the Snapventure's GPS coordinates (a GeoPoint) so it can be shown on maps or used for location-based discovery. This is separate from photo metadata.

These photos can be shared with other users as part of the social features of the app. You can control the visibility of each snapventure individually - you can make them public (visible to all users) or private (visible only to you). You can change the privacy setting of any snapventure at any time after uploading.

1.3 User Profile Data

• User ID (automatically generated by Firebase)
• Username and display name you choose
• Email address (if you sign in with Google)
• Profile picture (optional)
• Game statistics (points, trophies visited, achievements)

1.4 Purchase Information

• In-app purchase history (subscription status, unlocked tiers)
• Purchase dates and renewal status
• Payment information is processed by Apple and is not accessible to us

1.5 Device and Usage Data

We collect device and usage information for security, performance, and analytics purposes:

• Device information: Device type, model, iOS version, screen resolution (automatically collected by Firebase Analytics when behavioral analytics consent is granted)
• App information: App version and build number (automatically collected by Firebase Analytics)
• Security data: Device integrity status (to detect jailbroken devices for security), device attestation tokens (via Apple App Attest) for security verification
• Usage patterns: App usage patterns and interaction data (only when behavioral analytics consent is granted, anonymized and aggregated)
• Approximate location: City-level geolocation (automatically collected by Firebase Analytics, not precise GPS coordinates)

Security Verification: We use Firebase App Check (Apple App Attest) to verify that requests come from legitimate, unmodified app installations. This helps prevent abuse and protects your data.

Note: Most device and usage data collection requires your consent for behavioral analytics. You can control this in Settings > Account Management > Privacy & Consent.

1.6 Crash and Error Data

We collect crash reports and error information to improve app stability and fix bugs.

• Crash reports and stack traces when the app encounters errors
• Device information associated with crashes (model, OS version)
• Custom context data to help diagnose issues
• Error logs and diagnostic information

Why we collect this: To identify and fix bugs, improve app stability, and ensure a better user experience.

Service Provider: Firebase Crashlytics (Google LLC)

2. How We Use Your Information

2.1 Core Game Functionality

• Detect nearby trophies based on your location
• Validate trophy visits to award points and achievements
• Display your progress and statistics
• Enable Snapventure social features

2.2 Anti-Spoofing and Security

We use behavioral analysis and automated systems to maintain game integrity:

• Movement Pattern Analysis: We analyze your movement patterns, travel speed, and location history to detect location spoofing and ensure fair gameplay for all users. This includes analyzing GPS coordinates, speed, direction, and device motion sensor data (accelerometer, gyroscope, magnetometer).
• Device Integrity Verification: We verify device integrity to detect jailbroken devices and prevent cheating. This includes checking device attestation tokens via Apple App Attest.
• Automated Security Measures: Our system may automatically apply temporary bans (typically 24 hours) when suspicious activity is detected. These automated decisions are based on analysis of movement patterns, trust scores, and violation history.
• Trust Score Calculation: We maintain a trust score for each user based on validation results from location checks. This score helps identify patterns of suspicious behavior over time.
• Fair Gameplay: All security measures are designed to maintain fair gameplay and prevent cheating that would negatively impact other users' experience.

2.3 Service Improvement

• Analyze usage patterns to improve app features
• Optimize performance and fix bugs
• Develop new features based on user behavior

Analytics Events We Track:

• User actions: Trophy redemptions (with trophy ID and bonus information), challenge activations (with challenge ID), snapventure uploads (with challenge ID and privacy settings)
• User lifecycle: Sign-in events (with sign-in method), sign-out events

Automatically Collected Analytics Data (Firebase Analytics):

Firebase Analytics automatically collects the following information to help us understand app usage and improve performance:

• Device information (device type, model, iOS version)
• App version and build number
• Approximate geolocation (city-level, not precise GPS coordinates)
• Screen resolution and device capabilities
• User ID (Firebase Analytics identifier, not your personal information)

Data Anonymization:

• All analytics data is anonymized and aggregated by Firebase Analytics
• No personally identifiable information (email, name, phone number) is stored in analytics
• Analytics data is used only for understanding app usage patterns and improving features

Note: Analytics respects your GDPR consent preferences. You can opt out of behavioral analytics in Settings > Account Management > Privacy & Consent.

3. Data Storage and Security

3.1 Where We Store Your Data

• Firebase/Google Cloud: User profiles, trophy visit history, trust score validation logs, photos, and game data
• On Your Device: Temporary location data, app preferences, cached content
• Apple Servers: Purchase and subscription information (managed by Apple)

Data Storage Location: All your data is stored on servers located in the European Union (Belgium, europe-west1 region). We use Google Cloud Platform's EU data centers to ensure your data remains within the EU and complies with GDPR requirements. This means your data is not transferred outside the European Union.

3.2 How Long We Retain Your Data

• Location data: Processed in real-time for trophy validation and anti-spoofing. For most gameplay actions, raw GPS coordinates are not stored long-term; instead we store the outcome of validation checks (e.g., trust score validation results). For Snapventures, we may store GPS coordinates (a GeoPoint) associated with your uploaded Snapventure (see Section 1.2).
• Trust score validation logs: Retained for 49 hours, then automatically deleted. These logs contain validation results (not GPS coordinates) for anti-spoofing purposes.
• Trophy visit history: Retained for the lifetime of your account
• User profile: Until you delete your account
• Snapventure photos: Until you delete them or your account. You can also hide individual snapventures at any time, which will make them private and invisible to other users, but they will remain stored until you delete them or your account.
• Purchase history: Retained as required by law (typically 7 years for tax purposes)
• Analytics data: User data retained for 14 months, event data retained for 2 months (Firebase Analytics default), then automatically anonymized
• Crash reports: Retained for 90 days, then automatically deleted
• Device information: Retained while your account is active, deleted upon account deletion
• Ban records:
  • Temporary bans: 24 hours after ban expires
  • Permanent bans: Retained indefinitely for security purposes
  • Appeal status (in-app): Stored with your ban record and removed when the underlying ban record is deleted (temporary bans) or when the ban record is removed as part of account deletion.
  • Appeal communications (email): We may retain appeal emails and related support communications as needed to respond to your request and for compliance/security record-keeping.

3.3 Security Measures

• Data encryption in transit (HTTPS/TLS)
• Firebase authentication and security rules
• Regular security audits
• Access controls and monitoring

4. Data Sharing and Disclosure

4.1 With Other Users

• Your chosen display name (alias), profile picture, and public statistics are visible to other users. You can change your alias anytime.
• Snapventure photos and captions you choose to make public are visible to all users. You can set any snapventure to private at any time; private snapventures are only visible to you.
• Leaderboard rankings and achievements are publicly visible

4.2 With Service Providers

• Firebase/Google Cloud: For hosting, database, authentication, and analytics
• Apple: For in-app purchases and App Store services

4.3 Legal Requirements

We may disclose your information if required by law or to:

• Comply with legal processes or government requests
• Enforce our Terms of Service
• Protect the rights, property, or safety of our users or others
• Prevent fraud or security issues

4.4 We Do NOT:

• Sell your personal data to third parties
• Share your data for advertising purposes
• Use your data for cross-app tracking

5. Your Rights and Choices

5.1 Location Services

• Disable location tracking: Go to iPhone Settings > Stryked > Location
• Note: Disabling location will prevent trophy discovery and visit validation

5.2 Account Management

• Update profile: Edit your username, display name, and profile picture in Settings
• Control Snapventure visibility: Make individual snapventures public or private at any time
• Delete or hide Snapventures: Remove your uploaded photos anytime, or hide a snapventure without deleting it
• Manage subscriptions: Go to iPhone Settings > Your Name > Subscriptions

5.3 GDPR Rights (EU Users)

If you are in the European Union, you have additional rights:

• Right to Access: Request a copy of your personal data. You can export your data through the app's data export feature in Settings > Account Management > Export Data, or contact us directly.
• Right to Rectification: Correct inaccurate personal data. You can update your profile information directly in the app (Settings > Edit Public Profile) or contact us for assistance.
• Right to Erasure: Request deletion of your account and data. You can delete your account directly in the app (Settings > Account Management > Delete Account) or contact us for assistance.
• Right to Data Portability: Receive your data in a machine-readable format (JSON). Use the data export feature in Settings > Account Management > Export Data to download your complete data.
• Right to Object: Object to automated decision-making (including anti-spoofing bans). You can appeal any automated ban decision through the in-app appeal system (see Section 6.2 for details).
• Right to Withdraw Consent: Withdraw your consent for data processing at any time. Go to Settings > Account Management > Privacy & Consent to modify your consent preferences. Note: Withdrawing consent for location tracking will prevent core app functionality.
• Right to Restrict Processing: Request that we limit how we process your data in certain circumstances. Contact us if you wish to exercise this right.
• Right to Lodge a Complaint: If you are not satisfied with how we handle your data, you have the right to lodge a complaint with your local data protection authority.

5.4 Account Deletion

To delete your account and all associated data:

1. Go to Settings in the app
2. Select "Delete Account"
3. Confirm your decision

Upon deletion:

• Your profile, trophy visit history, trust score validation logs, and uploaded photos will be permanently deleted
• Your username will become available for others to use
• This action cannot be undone
• Purchase records may be retained as required by law

6. Automated Decision-Making

6.1 Anti-Spoofing System

The app uses automated systems to detect location spoofing and cheating. This system:

• Movement Pattern Analysis: Analyzes your movement patterns, travel speed, acceleration, and location history to identify impossible or suspicious travel patterns (e.g., teleporting between distant locations, traveling at impossible speeds).
• Device Sensor Data: Uses device motion sensors (accelerometer, gyroscope, magnetometer) to verify that location changes correspond to actual device movement, helping detect location spoofing apps.
• Trust Score System: Maintains a trust score based on validation results from location checks. Multiple failed validations or suspicious patterns lower your trust score.
• Automated Bans: May automatically apply temporary bans (typically 24 hours) when the system detects violations such as location spoofing, impossible travel speeds, or repeated suspicious behavior patterns.
• Decision Logic: Automated ban decisions are based on objective criteria including:
  • Travel speed exceeding reasonable limits (e.g., >200 km/h over short distances)
  • Impossible location changes (e.g., appearing in distant locations without travel time)
  • Repeated validation failures in trust score checks
  • Device integrity violations (jailbroken devices used for spoofing)
• Transparency: When a ban is applied, you will see the reason for the ban, supporting information about what triggered it, and the duration of the restriction.

6.2 Your Right to Appeal Automated Decisions (GDPR Article 22)

Under GDPR Article 22, you have the right not to be subject to a decision based solely on automated processing, including automated bans. You have the right to request human review of any automated decision that affects you.

If you believe you were incorrectly banned:

How to Submit an Appeal

1. In-App Appeal: Use the built-in ban appeal flow in the app. When you see a ban notification, tap "Appeal Ban" to submit your appeal directly within the app.

What Happens After You Submit an Appeal

• Review Process: Our support team manually reviews your appeal by examining your account's trust score validation logs, trophy visit history, and the circumstances that led to the ban.
• Response Time: We commit to reviewing and responding to all ban appeals within 48 hours of receipt.
• Possible Outcomes:
  • Ban Overturned: If the ban was incorrect, your account will be immediately restored and you can continue playing.
  • Ban Upheld: If the ban was correct, we will explain the reason and provide information about when the ban will expire.
  • Additional Review: In complex cases, we may request additional information or extend the review period (we will notify you if this happens).
• Notification: You will receive an email response with the decision and any relevant details. Where supported, you may also see the current appeal status in-app.

Your Rights

In addition to the appeal process, you have the right to:

• Request Human Review: You can request that any automated decision be reviewed by a human (GDPR Article 22(3))
• Express Your Point of View: You can provide additional context or explanations in your appeal
• Challenge the Decision: If you disagree with the appeal outcome, you can contact us again or lodge a complaint with your local data protection authority

Note: Automated bans are typically temporary (24 hours) and are designed to prevent cheating and maintain fair gameplay. Most bans are automatically lifted after the specified duration, but you can appeal at any time if you believe the ban was incorrect.

7. Children's Privacy

Stryked is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we discover that we have collected data from a child under 13, we will delete it immediately.

8. Changes to This Policy

We may update this privacy policy from time to time. When we do:

• The "Last Updated" date at the top will be changed
• Significant changes will be announced in the app
• Continued use of the app constitutes acceptance of the updated policy

9. Third-Party Services

Our app uses the following third-party services:

9.1 Firebase (Google LLC)

• Purpose: Authentication, database, hosting, analytics, crash reporting, security verification
• Services Used:
  • Firebase Authentication (user sign-in)
  • Cloud Firestore (database)
  • Firebase Storage (photo storage)
  • Firebase Analytics (usage analytics)
  • Firebase Crashlytics (crash reporting)
  • Firebase App Check (security verification)
• Data Collected: User data, location data, usage data, crash reports, device information
• Data Location: All data stored in EU region (europe-west1, Belgium)
• Privacy Policy: firebase.google.com/support/privacy
• Data Processing Agreement: Automatically incorporated via Google Cloud Terms of Service (GDPR compliant)

9.2 Apple Sign-In

• Purpose: User authentication
• Data Collected: Email, name (if you choose to share)
• Privacy Policy: apple.com/legal/privacy

9.3 Google Sign-In

• Purpose: User authentication (alternative to Apple Sign-In)
• Data Collected: Email address, name, profile picture (if you choose to share)
• Privacy Policy: policies.google.com/privacy

11. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal bases under GDPR:

• Consent (Article 6(1)(a) and Article 9(2)(a)):
  • Location tracking and precise location data
  • Device motion sensor data (accelerometer, gyroscope, magnetometer)
  • Behavioral analytics and usage pattern analysis
  • Automated decision-making for anti-spoofing (Article 22)

  You provide explicit consent for these activities through the GDPR consent screen when you first use the app. You can withdraw this consent at any time in Settings > Account Management > Privacy & Consent.

• Contract Performance (Article 6(1)(b)):
  • Trophy validation and visit detection
  • Core game features and functionality
  • User account management and authentication
  • Snapventure photo storage and sharing
  • Leaderboard and statistics display

  This processing is necessary to provide the services you have requested when using the app.

• Legitimate Interest (Article 6(1)(f)):
  • Anti-spoofing and fraud prevention to maintain fair gameplay
  • Security measures and device integrity verification
  • Crash reporting and error diagnostics to improve app stability
  • Preventing abuse and protecting user data

  These activities are necessary to protect the integrity of the game and the interests of all users.

• Legal Obligation (Article 6(1)(c)):
  • Retaining purchase records as required by tax and accounting laws (typically 7 years)
  • Compliance with data protection regulations
  • Responding to legal requests or court orders

Special Category Data: Location data may be considered special category data under GDPR Article 9. We process this data based on your explicit consent (Article 9(2)(a)) which you provide through the GDPR consent screen.

© 2025 Stryked. All rights reserved.
This privacy policy is effective as of December 8, 2025.