CountryRush
EN

Privacy Policy

1. Controller

Mathys IT, owner: Tizian Mathys, c/o Adressgeber #2105, An der Alten Ziegelei 38, 48157 Münster, Germany. Email: kontakt@mathys-it.de

2. Hosting (website)

This website is hosted by IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany. When you access the pages, IONOS processes technically necessary data (IP address, date and time, page requested, user agent) in server log files. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in secure and stable operation). IONOS deletes these log files automatically after eight weeks at the latest. A data processing agreement under Art. 28 GDPR is in place with IONOS.

3. Cookies and tracking

This website sets no cookies and uses no analytics or tracking services.

4. Fonts (self-hosted)

This website uses the Baloo 2 typeface, hosted locally on our server. Loading the font establishes no connection to Google or other third parties, and no data is transmitted to third parties in the process.

5. Data processing in the app

This section covers the CountryRush mobile app. It describes which data the app processes, to whom it is transmitted and on what legal basis.

5.1 Locally on your device

Game progress, statistics, collected countries, tickets and settings are first stored locally on your device. Without signing in and without using the online features, this data does not leave your device.

5.2 Account and online features (Supabase)

For leaderboards, duels, the friends list and cross-device backup, the app signs you in automatically and anonymously (an anonymous user ID, without you entering any data). Through our backend provider Supabase we process: the anonymous user ID, your chosen display name, game results (score, mode, correct and wrong answers, longest streak, timestamp), collected countries, duels and their results, friendships and blocks, and redeemed promo codes. If you additionally sign in with Google or Apple, the email address confirmed there is added so that your account can be restored on a new device. The legal basis is Art. 6(1)(b) GDPR (providing the features you use). Your display name and results are visible to other users in leaderboards, duels and the friends list. Reports and blocks of other users are processed for moderation and safety (Art. 6(1)(f) GDPR).

5.3 Push notifications (Firebase Cloud Messaging)

If you enable notifications (e.g. for duels, friend requests or the Daily Trip reminder), we process a device-specific push token together with platform and language through Firebase Cloud Messaging (Google). You can switch push notifications off again at any time in the app settings or in your device's system settings. The legal basis is Art. 6(1)(a) GDPR (consent by enabling the feature).

5.4 Advertising (Google AdMob)

In the free version the app shows advertising via Google AdMob. Device information, the IP address and an advertising ID may be processed in the process. Before the first ad is served, the app obtains your consent in the EEA and the UK through Google's certified consent tool (UMP); without consent only non-personalized ads are requested. You can change your choice at any time in the app under "Options" > "Privacy settings". The legal basis is Art. 6(1)(a) GDPR (consent) or Art. 6(1)(f) GDPR for non-personalized ads. Access to information on your device (including the advertising ID) takes place only with your consent under Section 25(1) TDDDG, which we obtain via the consent tool (UMP). How Google processes data in its advertising network is explained at policies.google.com/technologies/partner-sites. If you would rather not see ads, you can buy the ad-free mode as an in-app purchase.

5.5 In-app purchases (RevenueCat, app stores)

Purchases (ad-free, ticket packs) are handled by the respective app store (Google Play or Apple App Store); we receive no payment data. To attribute and restore your purchases we use the service RevenueCat, to which the purchase receipt and your anonymous user ID are transmitted. The legal basis is Art. 6(1)(b) GDPR (processing the purchase).

5.6 Processors and transfers to third countries

For the app we use the following processors: Supabase (backend, authentication, database), Google (AdMob advertising, Firebase Cloud Messaging, Google Play) and RevenueCat (purchase attribution). In doing so, data may be transferred to third countries outside the EU/EEA, in particular to the USA. Such transfers are based on the EU Standard Contractual Clauses (Art. 46 GDPR) or, where available, an adequacy decision. We do not use any analytics or crash-reporting software in the app.

5.7 Deleting your account and data

You can delete your account together with all data stored on the server at any time directly in the app: "Options" > "Delete account". This irreversibly removes your account and all associated data (profile, game results, collected countries, duels, friendships, blocks, push tokens) from the server. Alternatively you can request deletion by email to kontakt@mathys-it.de; we will then delete your account promptly.

5.8 Retention

Local data stays on your device until you reset it in the app or uninstall the app. Server-side account and game data is stored for as long as your account exists and is deleted when you delete your account (see 5.7). Push tokens are removed as soon as you disable notifications or delete your account. Server log files of our backend provider are kept briefly for abuse and error analysis and deleted regularly.

5.9 Minimum age

The app is not directed at children under 16. Users under 16 need the consent of a parent or guardian to use the online features.

6. Contacting us

If you contact us by email or via the contact form, we process the information you provide (name, email address, subject and content of the message) solely to handle your enquiry. The legal basis is Art. 6(1)(b) GDPR where your enquiry relates to a contract, and otherwise Art. 6(1)(f) GDPR (legitimate interest in responding to enquiries). When you submit the form, your details are processed via our host's servers and delivered to us by email; the transmission is encrypted (TLS). Providing your data is voluntary, but without it we cannot answer your enquiry. The data is deleted once it is no longer needed to handle your request and no statutory retention obligations apply.

7. Third-country transfers and profiling

No transfer of your data to countries outside the EU/EEA takes place via this website. For data processing in the app, section 5.6 applies (transfer to processors, including in the USA, on the basis of the EU Standard Contractual Clauses). No automated decision-making, including profiling, takes place.

8. Your rights

You have the right to access (Art. 15 GDPR), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20) and to object to processing based on legitimate interests (Art. 21 GDPR). Where processing is based on your consent (e.g. push notifications, personalized advertising), you can withdraw it at any time with effect for the future (Art. 7(3) GDPR), without affecting the lawfulness of processing carried out until then. You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR).

9. Status

July 2026. This policy is updated when the app or website changes. This English translation is provided for convenience; in case of doubt the German version applies.