Privacy Policy

Last updated: 2026-01-19

This Privacy Policy explains how we collect, use, store, and protect user data when you use the Hippa! mobile application (the "App").

By using the App, you agree to the collection and use of information in accordance with this policy.

1. Scope and Applicability

This App is a real-life, location-based multiplayer game available globally.
The App does not target children under the age of 13.

This Privacy Policy applies only to this App and does not cover third-party websites or services not operated by us.

2. Data We Collect

2.1 Information You Provide

  • Player name (chosen by the user)
  • Player photo, uploaded by the user
    • Photos are intended to represent a player visually (e.g., clothing or accessories)
    • Real-world identity is not required
  • In-game content, including photos taken during gameplay

2.2 Location Data

  • Last known location
    • Obtained via the device’s location services (e.g., GPS)
    • Location access is required to play the game
    • Location is shared with one other player during gameplay (for core game mechanics)
    • Location history is not stored

2.3 Device & Technical Information

  • Device-generated cryptographic keys
    • A public/private key pair is used to identify the device securely
    • Private keys are stored locally on the device using Android’s Keystore system
  • Device model
  • Operating system version

We do not collect:

  • Real names
  • Email addresses
  • Phone numbers
  • IP addresses
  • Account credentials

3. How We Use Data

We use collected data strictly for the following purposes:

  • Enabling core gameplay features
  • Displaying player locations and photos to other players during active games
  • Identifying devices securely and preventing abuse
  • Sending in-game push notifications related to gameplay events
  • Maintaining app functionality and security

We do not use data for advertising, profiling, or marketing purposes.

4. Push Notifications

The App uses push notifications to inform players of in-game events (e.g., game status updates).

  • Notifications are only sent during active games
  • Notifications are not used for marketing or promotional purposes
  • Notification permission is required to support gameplay features

5. Data Sharing

We do not sell, rent, or trade user data.

Data is shared only in the following limited cases:

  • Other players, as required for gameplay (e.g., player photo and location during an active game)
  • Infrastructure providers, solely to operate the App

Infrastructure Provider

Our backend services and object storage are hosted by Hetzner (Europe), a GDPR-compliant cloud provider.

6. Data Storage & Security

  • All data is transmitted using encrypted HTTPS connections
  • Photos and game data are stored in secure object storage
  • Device identification keys are stored locally using Android’s secure keystore
  • Access to backend systems is restricted and monitored

Despite reasonable safeguards, no system can guarantee absolute security.

7. Data Retention

We retain data only for as long as necessary to operate the App.

Retention Periods

  • Game data (including player location and in-game photos):
    Deleted 90 days after a game ends
  • User-related data (device keys, player name, player photo):
    Deleted 90 days after the user’s last activity

Data may be retained longer if required to comply with legal obligations or to resolve disputes.

8. User Control & Data Deletion

Users can:

  • Change or replace their player photo
  • Delete all their data directly from within the App

Once deleted, data is permanently removed from our systems according to the retention rules above.

9. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process personal data under the following legal bases:

  • Performance of a contract:
    Processing is necessary to provide the core functionality of the App (e.g., gameplay, location sharing, player interaction).
  • Legitimate interests:
    To ensure security, prevent abuse, and maintain the integrity of the App.
  • Consent:
    For access to device features such as location services and push notifications, which you can control through your device settings.

10. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

For EEA Users (GDPR)

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Restrict or object to certain processing
  • Data portability, where applicable

For California Residents (CCPA/CPRA)

You have the right to:

  • Know what personal data is collected and how it is used
  • Request deletion of your personal data

We do not sell or share personal data as defined under California law.

11. International Data Transfers

Because the App is available globally, data may be processed in countries other than the user’s country of residence.

All processing complies with applicable data protection laws, including GDPR where applicable.

12. Children’s Privacy

This App does not target children under 13.

We do not knowingly collect personal data from children.
If you believe a child has provided personal data, please contact us so we can delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time.

Changes will be posted at this location and reflected by the “Last updated” date.

14. Contact Information

If you have questions or requests regarding this Privacy Policy or your data, please contact:

Email: [email protected]