Privacy Policy

The controller responsible for the processing of personal data in connection with the Jaweb mobile application (the "App") and this website (jawebapp.org) is:

EB-Net
[Street and number]
[Postal code, City]
Germany
E-mail: noreply@jawebapp.org

We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

a) Using the App without an account. You can play single-player and Table Challenge modes without creating an account. In that case, game content (questions, categories) is downloaded to your device and your scores and settings are stored locally on your device only.

b) Account data. If you create an account (required for online features such as multiplayer rooms, achievements and purchases), we process your e-mail address, chosen username and a cryptographically hashed password. Legal basis: performance of a contract, Art. 6(1)(b) GDPR.

c) Gameplay data. For signed-in players we store your profile, scores, achievements, answer streaks, unlocked content packs and participation in multiplayer rooms, so that your progress is available across devices. Legal basis: Art. 6(1)(b) GDPR.

d) Purchases. In-app purchases are processed entirely by Apple (App Store) or Google (Google Play). We do not receive your payment details; we only receive a confirmation token that a purchase was made, which we store to unlock the purchased content on your account. Legal basis: Art. 6(1)(b) GDPR.

e) Crash and diagnostics data. To keep the App stable we use Sentry (see Section 4) to collect crash reports, which may include your device model, operating system version, app version and the technical state of the App at the time of the crash. Crash reports are not used for advertising. Legal basis: legitimate interest in providing a functioning, secure product, Art. 6(1)(f) GDPR.

f) This website. This website does not use advertising or analytics cookies. Only technically necessary data (such as the connection required to render the page) is processed. Server log files (IP address, time of access, requested resource) are kept briefly for security and troubleshooting. Legal basis: Art. 6(1)(f) GDPR.

Our servers (game services, account system and databases) are hosted in data centers in Germany (European Union). Account and gameplay data does not leave the EU except in the case described in Section 4.

We use the following service providers (processors under Art. 28 GDPR):

• IONOS SE (Germany) — server hosting and e-mail delivery.
• Functional Software, Inc. (Sentry) (USA) — crash reporting. Transfers to the USA are safeguarded by the EU Standard Contractual Clauses and Sentry's certification under the EU-U.S. Data Privacy Framework.
• Apple Inc. and Google Ireland Ltd. — app distribution and payment processing under their own privacy policies, where they act as independent controllers.

We do not sell personal data and we do not share it with advertisers.

Account and gameplay data is kept for as long as your account exists. If you delete your account, your personal data is deleted or irreversibly anonymized without undue delay, unless statutory retention obligations require otherwise. Crash reports are automatically deleted after 90 days. Server log files are deleted after no more than 14 days.

Under the GDPR you have the right to:

• access the personal data we hold about you (Art. 15),
• rectification of inaccurate data (Art. 16),
• erasure ("right to be forgotten", Art. 17),
• restriction of processing (Art. 18),
• data portability (Art. 20),
• object to processing based on legitimate interests (Art. 21), and
• withdraw any consent at any time with effect for the future (Art. 7(3)).

To exercise any of these rights, contact us at noreply@jawebapp.org. You also have the right to lodge a complaint with a data protection supervisory authority, in particular in the EU member state of your habitual residence (Art. 77 GDPR).

The App is suitable for general audiences but online account features are not directed at children under 16. Where a child is below the age of 16, account creation requires the consent of a parent or guardian (Art. 8 GDPR). We do not knowingly collect personal data from children without such consent; if you believe a child has provided us personal data, please contact us and we will delete it.

We protect your data with appropriate technical and organizational measures, including TLS encryption in transit, hashed passwords, role-based access control and network isolation of our databases.

We may update this Privacy Policy from time to time, for example when we introduce new features. The current version is always available at jawebapp.org/privacy. For material changes affecting signed-in users we will provide notice in the App.