Privacy Policy

Last updated: March 24, 2026

1. Data Controller

2. Scope

This privacy policy applies to the app "Uppilo" (iOS) and the website uppilo.de.

3. Website Hosting

Our website is hosted on a dedicated server by Hetzner Online GmbH (Industriestr. 25, 91710 Gunzenhausen, Germany). All processing takes place exclusively in Germany (Nuremberg data center).

When accessing the website, technically necessary data (including IP address, time of access, amount of data transferred, referrer URL) is recorded in server log files.

Processing is based on Art. 6(1)(f) GDPR (legitimate interest in the secure and efficient provision of the website). As all data processing takes place exclusively within Germany, no transfer of data to third countries is required.

Fonts are served locally from our server. No connection to Google Fonts or other external font providers takes place.

4. Locally Stored Data (App)

We store game and app data locally on your device to provide the app:

• High scores, statistics and game progress
• Achievements and unlocked content
• Settings and preferences
• Purchase status (e.g. remove ads, VIP subscription)

Sensitive data such as purchase status and account balances are stored encrypted in the iOS Keychain. Other data is stored in the local app settings (UserDefaults). A device-internal identifier (IDFV) is used for app functionality and is not shared with third parties.

You can optionally enable anonymous usage data in the app settings. This data (e.g. game starts, game results) is logged exclusively on your device and is not transmitted to external servers.

5. Third-Party Services (App)

Apple Game Center

When you sign in to Game Center, Apple processes profile and game information. We submit high scores, achievements and display names to Apple's leaderboard and achievement systems.

In multiplayer mode, game data (scores, combos, placements) is exchanged in real time with your opponent via Apple's peer-to-peer connection.

Apple App Store / StoreKit

In-app purchases are handled by Apple. We only receive the purchase status (transaction ID, product ID, timestamp) for local activation of purchased content. Payment data is processed exclusively by Apple.

Google AdMob (Advertising)

We use Google AdMob to display advertising (rewarded ads and interstitials). AdMob may process the following data to serve ads, measure reach, and prevent fraud:

• Device IDs — advertising ID (IDFA, only with ATT consent) and vendor identifier (IDFV)
• Approximate location — derived from IP address (no GPS); used for regional ad targeting
• Product interaction — which ads were displayed, viewed, or tapped
• Advertising data — information on ad delivery and measurement
• Diagnostics and performance data — ad load times, crash reports, and technical error logs from the ad SDK

For anonymized measurement of ad conversions, Apple's SKAdNetwork is used. No personal data is transmitted — attribution is handled exclusively by Apple.

Google UMP (Consent Management)

To obtain and manage your advertising consent in accordance with GDPR, we use Google's User Messaging Platform (UMP). Your consent preferences are processed and stored locally.

You can withdraw or change your advertising consent at any time via "Manage Ad Consent" in the app settings (Art. 7(3) GDPR). Withdrawal is as easy as giving consent. After withdrawal, no further ads will be loaded.

Apple Push Notification Service (APNs)

When you enable notifications, a device token is registered with Apple. We exclusively use local notifications (e.g. reminders for daily challenges). No push messages are sent from an external server.

Some of the mentioned providers (Apple, Google) may process data in the USA. Apple and Google are certified under the EU-US Data Privacy Framework. Additionally, Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR apply.

6. Tracking & Advertising (ATT)

Personalized advertising only occurs with your explicit consent via Apple's App Tracking Transparency (ATT). If you decline tracking, the advertising ID (IDFA) will not be transmitted to advertising partners and you will only receive non-personalized advertising.

7. Legal Basis

• Art. 6(1)(b) GDPR — Contract performance (game operation, in-app purchases)
• Art. 6(1)(a) GDPR — Consent (ad tracking, notifications)
• Art. 6(1)(f) GDPR — Legitimate interests (website hosting, fraud prevention)

8. Data Retention & Deletion

Local app data remains stored until you delete it in the app settings under "Delete All Data" or uninstall the app. Data stored in the Keychain (purchase status) may persist after uninstallation and will be restored upon reinstallation.

Data managed by Apple (Game Center scores, purchase history) is subject to Apple's own retention policies.

Server log files of the website are automatically deleted, typically within 14 days.

9. Your Rights

You have the right at any time to:

• Access your stored data (Art. 15 GDPR)
• Rectification of inaccurate data (Art. 16 GDPR)
• Erasure of your data (Art. 17 GDPR)
• Restriction of processing (Art. 18 GDPR)
• Data portability (Art. 20 GDPR)
• Object to processing (Art. 21 GDPR)

You can remove local app data via "Delete All Data" in the app settings.

10. Right to Complain

You have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The supervisory authority responsible for us is:

11. Contact

For privacy-related questions, reach us at info@uppilo.de.