Privacy Policy
Last updated: December 6, 2025
Welcome to MapAssault. We take the protection of your personal data very seriously. This privacy policy explains what information we collect, how we use it, and what rights you have regarding your data.
1. Data Controller
The data controller for personal data is:
- Name: MapAssault
- Contact: contact@MapAssault.app
2. Data We Collect
2.1. Account Data
When you register, we collect:
- Email address
- Username (nickname)
- Password (stored encrypted)
2.2. Geolocation Data
For the game to function, we collect:
- GPS Position: Your real-time geographic location when the app is active
- Purpose: Enable territory conquest mechanics and verify your physical presence in game zones
- Storage: We do not store your location history. Only your last known location is temporarily retained to enable local activity management (territory conquest, battles). This data is deleted as soon as your gaming session ends.
- Retention: Location data is not stored beyond the current gaming session
2.3. Health and Physical Activity Data
With your explicit consent, we access:
- Step Count: Via Apple HealthKit (iOS) or Google Health Connect (Android)
- Purpose: Convert your physical activity into "Kinetic Energy" usable in the game to power the energy gauge
- Processing: The only health data used is step data to power the energy gauge. Only the total step count is transmitted to our servers, no other health data is collected or stored. We do not retain a detailed history of your steps, only the total necessary for calculating kinetic energy.
2.4. Gameplay Data
We collect data related to your progress:
- Kinetic Energy accumulated and spent
- Territories conquered and lost
- Faction membership
- Faction chat messages
- Game statistics (rankings, scores)
2.5. Technical Data
- Unique device identifier
- Device type and operating system
- Connection and error logs
3. Legal Basis for Processing
We process your data based on the following legal grounds:
- Contract Performance: Data necessary for game operation (account, gameplay)
- Consent: Health data (step count) and geolocation
- Legitimate Interest: Security, cheat prevention, service improvement
4. Use of Data
Your data is used to:
- Enable game mechanics to function
- Authenticate your account and secure access
- Display leaderboards and statistics
- Detect and prevent cheating (GPS spoofing, step simulation)
- Improve user experience and fix bugs
- Contact you regarding your account (if necessary)
5. Data Sharing
Your personal data is never sold to third parties.
It may be shared with:
- Other Players: Your username, faction, and game statistics visible in leaderboards
- Technical Providers: Hosting (secure servers), only for service operation
- Authorities: Only when legally required
6. Data Retention
- Account Data: Retained while your account is active. Upon your deletion request, all your data will be deleted as soon as possible, subject to legal retention obligations (maximum 3 years for certain accounting/tax data if applicable).
- Gameplay Data: Retained while your account is active. Deleted upon account deletion.
- Geolocation Data: Not stored. Only the last known location is temporarily retained during the active session and deleted immediately after.
- Health Data (steps): Only the total step count necessary for energy calculation is retained. No detailed history is stored. Deleted upon account deletion.
- Chat Messages: Retained for 90 days, then automatically deleted
- Technical Logs: Retained for 12 months maximum, then automatically deleted
7. Data Security
We implement appropriate technical and organizational measures:
- Password encryption (bcrypt)
- Secure communications (HTTPS/TLS)
- JWT token authentication
- Restricted employee access to data
- Hosting on secure servers
8. Your Rights (GDPR)
In accordance with the General Data Protection Regulation (GDPR), you have the following rights:
- Right of Access: Obtain a copy of all your personal data we hold
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure (Right to be Forgotten): You can request the complete deletion of all your personal data at any time. We will proceed with deletion as soon as possible, subject to legal retention obligations.
- Right to Restriction of Processing: Request restriction of processing of your data in certain cases
- Right to Portability: Receive your data in a structured, commonly used and machine-readable format
- Right to Object: Object to certain processing of your personal data
- Right to Withdraw Consent: At any time for health and geolocation data, without affecting the lawfulness of processing based on consent before its withdrawal
- Right to Set Guidelines: Regarding the fate of your data after your death
To exercise any of these rights, including requesting deletion of your data, contact us at privacy@MapAssault.app. We commit to responding to your request within a maximum of one month. If your request is complex or if we have received a large number of requests, this period may be extended by two additional months. We will inform you in such cases.
You can also delete your account directly from the application, which will result in the deletion of all associated personal data, in accordance with our retention policy.
9. Children's Data
MapAssault is intended for users aged 13 and older. We do not knowingly collect personal data from children under 13. If you are a parent and discover that your child has provided us with personal data, please contact us.
10. International Transfers
Your data is primarily processed and stored within the European Union. In case of transfer outside the EU, we ensure appropriate safeguards are in place (standard contractual clauses, etc.).
11. Cookies and Similar Technologies
The MapAssault mobile app does not use cookies. For the website, we only use technical cookies necessary for operation (no advertising or tracking cookies).
12. Policy Changes
We may update this privacy policy. In case of substantial changes, you will be notified via the app or by email. We encourage you to regularly check this page.
13. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act:
- Right to Know: What personal information we collect and how it's used
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: Of the sale of personal information (we do not sell your data)
- Right to Non-Discrimination: For exercising your privacy rights
14. App Store Requirements
Apple App Store
In compliance with Apple's requirements:
- We access HealthKit data only with your explicit permission
- HealthKit data is used solely to calculate in-game Kinetic Energy
- We never use HealthKit data for advertising or share it with third parties
- You can revoke HealthKit access at any time in iOS Settings
Google Play Store
In compliance with Google's requirements:
- We access Health Connect data only with your explicit permission
- Location permission is required for core gameplay functionality
- You can manage permissions at any time in Android Settings
📧 Contact Us
For any questions about this privacy policy or your personal data:
- Email: privacy@MapAssault.app
- General Email: contact@MapAssault.app
If you are in the European Union, you also have the right to lodge a complaint with your local data protection authority if you believe our processing of your data is not compliant with regulations.