Privacy Policy
Last updated: 12 June 2026
This privacy policy explains how personal data is processed when you use the
SeizeIO mobile application and its associated backend services.
1. Controller
Andre Henkel
E-mail: ajohe.ajohe@gmail.com
For the full postal address, see the Imprint.
2. Data processed
The following categories of personal data are processed when you use SeizeIO:
- Account data: name, e-mail address, password hash.
Collected at registration and stored in a Keycloak identity provider.
- Location data: precise GPS coordinates including
altitude, speed and timestamp. Collected only while you take part in an
active round. On both Android and iOS, collection can continue in the
background (with the screen off) for as long as a round is running.
- Game data: captured territories, distance covered,
scores, Battle Royale and Domination results, movement mode (running,
cycling, driving).
- Technical data: IP address, request timestamps,
user-agent. Stored temporarily in server logs.
3. Purposes and legal bases
- Performance of a contract (Art. 6(1)(b) GDPR):
providing game features, authentication, synchronisation with other
players, leaderboard calculation.
- Legitimate interest (Art. 6(1)(f) GDPR):
operating and securing the server infrastructure, abuse prevention,
error analysis.
- Consent (Art. 6(1)(a) GDPR):
collection of precise location in the foreground and background. Consent
can be withdrawn at any time by revoking the system permission or
uninstalling the app.
4. Location data in detail
SeizeIO is a location-based game. Without location access, the core
functionality does not work. Specifically:
- Location data is only collected while you are taking part in a round.
- To keep tracking running with the screen locked, the app uses background
location. On Android this is a foreground service, indicated by a
persistent system notification for the duration of the round. On iOS the
system background-location mode is used, and iOS shows a location indicator
in the status bar while tracking is active. In both cases location is only
collected while a round is running.
- If there is no internet connection, points are buffered locally and
uploaded later.
- Other players in the same round see your current display name and route
in real time. This data is shared only inside the game context and is
never sold to third parties.
5. Recipients and processors
The following processors are used to operate the services:
- Railway Corp. (USA) – hosting of the backend and
the Keycloak instance. Data transfer is based on Standard Contractual
Clauses.
- OpenStreetMap Foundation – provision of map
tiles. Your IP address is transmitted to their servers when tiles are
fetched.
- Google LLC / Google Play – distribution of the
app on Android, crash and installation statistics in accordance with
Google Play policies.
- Apple Inc. – distribution of the app on iOS via
the App Store, crash and installation statistics in accordance with App
Store policies.
Personal data is not sold to third parties.
6. Retention
- Account data: until you delete your account.
- Location and game data: as long as your account is active; deletable on
request (see section 8).
- Server logs: up to 30 days.
7. Security
All communication between the app and the backend is encrypted via HTTPS or
WSS. Passwords are stored only as a hash (bcrypt, managed by Keycloak).
Authentication is handled via OpenID Connect. For details, see
Data Security.
8. Your rights
You have the right to:
- access the personal data we hold about you (Art. 15 GDPR),
- rectification of inaccurate data (Art. 16 GDPR),
- erasure (Art. 17 GDPR),
- restriction of processing (Art. 18 GDPR),
- data portability (Art. 20 GDPR),
- object to processing (Art. 21 GDPR),
- withdraw a given consent (Art. 7(3) GDPR),
- lodge a complaint with a supervisory authority (Art. 77 GDPR).
Please send requests to
ajohe.ajohe@gmail.com.
You can delete your account and all associated data yourself at any time.
A step-by-step guide and a breakdown of what is deleted or retained is on the
Delete account and data page.
9. Children
SeizeIO is not directed at children under 13. We do not knowingly collect
data from children under 13 without parental consent.
10. Changes to this policy
This privacy policy may be updated to reflect legal changes or changes to
the app. The current version is always available at this URL.