Radar Vectors

Privacy Policy (Datenschutzerklärung)

This policy explains how we process personal data in connection with the Radar Vectors website and game ("Radar Vectors") available on radarvectorsgame.com and its subdomains (for example game-test.radarvectorsgame.com).

1. Controller

APPcalyptus UG (haftungsbeschränkt)
Appt. 20.08
Grosse Gallusstrasse 16
60312 Frankfurt am Main
Germany

Contact: info@radarvectorsgame.com

2. Data protection officer

Vincent Lambercy

3. Overview of processing activities

Below is an overview of the main categories of data processing.

3.1 Account & authentication (Supabase)

• Data: email address, username, authentication identifiers; passwords are stored hashed by the authentication provider; authentication logs (e.g., timestamps, IP/device data depending on provider settings).
• Purpose: account creation, login, account security, and providing logged-in features.
• Legal basis: Art. 6(1)(b) GDPR (performance of contract).
• Retention: for the duration of the account, unless deletion is requested or legal obligations require longer retention.

3.2 Gameplay, sessions, and leaderboards

• Data: gameplay session state (including resumable session records), scores/points, timestamps, scenario/airport identifiers, and technical session identifiers.
• Purpose: run the simulator, allow resuming sessions, store and display leaderboards, and prevent abuse.
• Legal basis: Art. 6(1)(b) GDPR (performance of contract); in parts Art. 6(1)(f) GDPR (legitimate interests) for integrity, security, and abuse prevention.
• Retention: resumable sessions until ended or deleted; leaderboard entries until deleted or periodically cleaned up.

3.3 Public display of usernames (leaderboards)

• Data: username and score/rank information.
• Purpose: show leaderboards and best scores to users.
• Legal basis: Art. 6(1)(b) GDPR (performance of contract) and/or Art. 6(1)(f) GDPR (legitimate interest in operating competitive rankings).
• Note: choose a username that does not reveal sensitive personal information.

3.4 Billing and subscriptions (Stripe)

• Data: checkout/session identifiers, subscription status, customer identifiers, and payment-related metadata.
• Purpose: process payments and manage subscriptions (Pro access).
• Legal basis: Art. 6(1)(b) GDPR (performance of contract) and Art. 6(1)(c) GDPR (legal obligations for billing where applicable).
• Retention: according to Stripe’s retention and legal requirements.

3.5 Transactional emails and feedback emails (Resend)

• Data: email address, email content (e.g., password reset / confirmation), and any feedback message you submit; feedback emails also include your account email address.
• Purpose: deliver account emails and forward user feedback to our support address.
• Legal basis: Art. 6(1)(b) GDPR (contract) and/or Art. 6(1)(f) GDPR (legitimate interest in communication).
• Retention: as long as needed to handle the request and comply with legal obligations.

3.6 Newsletter (optional)

• Data: email address and newsletter consent flag, plus timestamp/technical proof where applicable.
• Purpose: send updates and news about Radar Vectors.
• Legal basis: Art. 6(1)(a) GDPR (consent).
• Withdrawal: you can withdraw consent at any time (e.g., via profile settings and/or an unsubscribe link in each email).

3.7 Server, network, and security logs

• Data: IP address, access timestamps, requested resources, referrer (if provided), device/browser information (user agent), and error logs.
• Purpose: security, abuse prevention, troubleshooting, and system stability.
• Legal basis: Art. 6(1)(f) GDPR (legitimate interests).
• Retention: typically a limited period (e.g., days to weeks) depending on operational needs.

4. Third-party services / processors

We use the following categories of service providers (processors) to operate Radar Vectors:

• Supabase (authentication and database hosting)
• DigitalOcean (application hosting / infrastructure)
• Cloudflare (CDN / caching / security / DDoS protection, depending on configuration)
• Resend (email delivery)
• Stripe (payments and subscriptions)

Where required, we enter into appropriate data processing agreements (DPAs) with providers.

5. Cookies & local storage

Radar Vectors uses essential cookies/session tokens for authentication when you log in. We do not use marketing or profiling cookies. The game may also use browser local storage for preferences (e.g., UI settings) and guest identifiers.

6. International data transfers

Depending on provider locations (for example, where Supabase/Stripe/Resend/Cloudflare process data), personal data may be transferred to countries outside the EU/EEA. Where required, we use appropriate safeguards such as Standard Contractual Clauses (SCC).

7. Retention periods

We retain personal data only as long as necessary for the purposes described above and according to legal obligations. You can request deletion of your account and associated data, subject to legal retention requirements.

8. Your rights

You have rights under the GDPR, including: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), objection (Art. 21), and the right to withdraw consent at any time. You may also lodge a complaint with a supervisory authority.

To exercise your rights, contact us at info@radarvectorsgame.com.

9. Security measures

We use appropriate technical and organisational measures to protect data, including encrypted transport (HTTPS/TLS), access controls, and separation of privileged server credentials. Passwords are handled by the authentication provider and stored hashed.

10. Automated decision-making / profiling

We do not use automated decision-making with legal or similarly significant effects (Art. 22 GDPR), and we do not profile users for advertising.

11. Changes to this policy

We may update this policy to reflect changes in the service or legal requirements. Effective date: 2026-02-15.