Privacy Policy

Last updated: 2 May 2026

This Privacy Policy explains how GamifEYE ("we", "us", "our") collects, uses, shares, and protects information about you when you use the GamifEYE website, games, and related services (the "Service"). By using the Service you agree to the practices described here.

1. Who we are

GamifEYE is a hyperlocal gamification platform operated by the GamifEYE team. If you have any privacy questions, you can contact us at privacy@gamifeye.com.

2. Information we collect

2.1 Information you provide directly

• Account information: email address, password (stored as a one-way hash, never in plaintext), and any display name or avatar you choose.
• Locations you import: business names, addresses, descriptions, contact details, social-media URLs, and images you publish about places you operate or claim. Anything you mark as public is visible to other users.
• Tours and content you create: titles, stop ordering, descriptions, and images for tours and quests you publish.
• Messages: any messages you send to us via support channels.

2.2 Information we collect automatically

• Gameplay data: games started and completed, scores, claimed territories, monsters collected, achievements, in-game currency (Aura, Lenses, Honeycomb).
• Device and connection data: IP address, browser type, operating system, screen resolution, language preference, and approximate region derived from your IP.
• Cookies and similar technologies: see Section 6.
• Approximate or precise location: only when you explicitly enable a location-based feature (e.g. "spin near me", checking in to a tour stop). We do not silently track your position.

2.3 Information from third parties

• Payment data: if you subscribe or buy something, our payment provider Stripe processes your card details on our behalf. We receive a token and basic billing metadata (country, postal code, last 4 digits, brand) — we never see your full card number.
• Sign-in providers: if you sign in with a third-party identity provider, we receive the basic profile fields they share (typically email and a stable user ID).
• Public place data: for locations you import or interact with, we may enrich the record with publicly available information from OpenStreetMap, Wikipedia, and Wikidata.

3. How we use your information

• To create and operate your account and let you sign in.
• To run the games, persist your progress, and award rewards.
• To process payments and manage subscriptions (via Stripe).
• To display your public locations, tours, and territories to other users.
• To send you essential service emails (e.g. password reset, billing receipts, expiry reminders).
• To analyse usage so we can improve the Service.
• To detect, prevent, and respond to fraud, abuse, and security incidents.
• To comply with our legal obligations.

4. Legal bases (UK / EU users)

If you are in the UK or EEA, we rely on the following legal bases under the UK GDPR / EU GDPR:

• Contract: to provide the Service you signed up for.
• Legitimate interests: to keep the Service secure, prevent abuse, and improve our product.
• Consent: for non-essential cookies, analytics, and personalised advertising. You can withdraw consent at any time via the cookie banner or your browser settings.
• Legal obligation: to comply with tax, accounting, and other applicable laws.

5. Sharing your information

We do not sell your personal information. We share it only with:

• Service providers who run our infrastructure on our behalf, including:
  • Amazon Web Services (hosting and storage)
  • Stripe (payment processing)
  • Google (Analytics, AdSense, Maps, reCAPTCHA, Sign-In)
  • Email delivery providers (transactional email)
  • OpenStreetMap and OpenFreeMap (map tiles for the in-app map)
• Other users — anything you mark as public (your locations, tours, leaderboard scores, claimed territories) is visible to others.
• Authorities if we are required to disclose information by law, regulation, court order, or to protect rights, property, or safety.
• An acquirer if GamifEYE is involved in a merger, acquisition, or asset sale; we will notify you before your data is transferred and becomes subject to a different privacy policy.

6. Cookies and tracking

We use a small number of cookies and similar technologies. They fall into three groups:

• Strictly necessary — needed to run the site (session, CSRF protection, login state). These are always on.
• Analytics — Google Analytics, used to understand which features are used and how the site performs. Loaded only after you accept the cookie banner.
• Advertising — Google AdSense, used to show ads that help fund the free tier. Loaded only after you accept the cookie banner. If you decline, you may still see ads but they will be non-personalised.

You can change your choice at any time by clearing your cookies for this site, which will trigger the banner to reappear. You can also block or delete cookies in your browser settings.

7. Data retention

We keep account data for as long as your account is active. If you delete your account (see Section 9), we delete or anonymise your personal data within 30 days, except where we are required to keep it longer (for example, billing records for tax purposes — typically 7 years). Public content you published may remain visible if other users have already shared or built on it; you can request its removal at any time.

8. Children

GamifEYE is not directed at children under 13 (or under 16 in the EEA, where local law sets a higher age). We do not knowingly collect personal information from children below those ages. If you believe we have, please contact us and we will delete it.

9. Your rights

Depending on where you live, you have some or all of the following rights:

• Access — request a copy of the data we hold about you.
• Correction — ask us to fix incorrect information.
• Deletion — ask us to delete your account and associated personal data. You can self-serve via the delete-account page, or email us.
• Portability — request a machine-readable export of your data.
• Objection / Restriction — object to or restrict certain processing (e.g. analytics).
• Withdraw consent — at any time, where processing is based on consent.
• Lodge a complaint — with your local data-protection authority (e.g. the UK ICO or your EEA national supervisor).

To exercise any of these rights, email privacy@gamifeye.com. We may need to verify your identity before acting on a request.

10. Security

We use industry-standard measures to protect your data — encrypted connections (HTTPS), one-way password hashing, restricted internal access, regular dependency updates, and managed cloud infrastructure. No system is perfectly secure, so we cannot guarantee absolute security; we do commit to notifying affected users without undue delay if we become aware of a breach that is likely to result in a high risk to their rights.

11. International transfers

Our infrastructure runs on Amazon Web Services in multiple regions, and our service providers (Stripe, Google) operate globally. This means your data may be processed in countries outside your own, including the United States. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses or the relevant adequacy frameworks.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. For material changes that affect how we use your data, we will give you reasonable advance notice (e.g. an in-app banner or an email).

13. Contact us

If you have any questions or concerns about this Privacy Policy or our handling of your data, contact us at:

privacy@gamifeye.com