Legal
Privacy
As of 2026-05-19. This privacy notice explains which data is processed on piparo.party and in the piparo.party app. The app is local-first: gameplay works without an account.
1. Controller
The controller is piparo.tech GmbH, Frauentorgraben 61, 90443 Nuremberg, Germany. Contact: [email protected] or +49 173 4583185.
2. Website and server logs
When you visit the website, our hosting provider processes technically necessary access data such as IP address, date and time, requested URL, referrer, user agent, status codes and transferred data volume. The purpose is secure delivery, troubleshooting and abuse prevention. The legal basis is Art. 6(1)(f) GDPR. Log data is kept only as long as required for operation and security and then deleted or anonymised.
3. Cookies and device access
The website does not use marketing cookies, profiling or external ad networks. Technically necessary access to device information is permitted under § 25(2) TDDDG; for non-essential storage or access we ask for consent first.
4. App use without an account
The core app features do not require an account. Player names, crew setup, selected characters, settings, custom challenges, gameplay history and card answers are stored locally on your device, in particular via MMKV and the local content database. The legal basis is Art. 6(1)(b) GDPR; device access is required for the app feature you request (§ 25(2) TDDDG).
5. Analytics with PostHog
The app uses PostHog with EU hosting in two tiers. With “essentials only”, we send anonymous session-level baseline events without a persistent profile, session replay, feature flags or GeoIP so we can understand stability and basic usage. The legal basis is Art. 6(1)(f) GDPR; the required device access is necessary under § 25(2) TDDDG. With “all allowed”, product interactions, device/app version, coarse usage data, consent status and a pseudonymous profile may additionally be processed; session replay masks text and inputs. The legal basis for that is your consent under Art. 6(1)(a) GDPR and § 25(1) TDDDG. You can switch tiers at any time and withdraw “all allowed” by selecting “essentials only”.
6. Crash and error analysis with Sentry
We use Sentry for crash and error reports to keep the app stable. Technical diagnostic data may be processed, such as stack traces, app version, operating system, device model, timestamp and error context. We do not send directly identifying user data to Sentry by default. The legal basis is our legitimate interest in secure and stable app operation under Art. 6(1)(f) GDPR.
7. Purchases and Pro subscriptions
Pro subscriptions are processed through the Apple App Store or Google Play. Apple or Google process payment and contract management under their own terms. We receive or process in the app technical purchase and entitlement information such as product ID, purchase status and subscription period, but no full payment details such as credit card numbers. The legal basis is Art. 6(1)(b) GDPR.
8. Support and contact
If you contact us by email or phone, we process your contact details, message and voluntary information to handle the request. The legal basis is Art. 6(1)(b) GDPR for contract-related requests and Art. 6(1)(f) GDPR for other inquiries. We keep support communication only as long as required for handling, evidence and legal obligations.
9. Notifications
If you allow notifications, the operating system processes your permission. We currently do not create a separate push account and do not store a push token on our servers. You can disable notifications at any time in your device system settings.
10. Recipients and third-country transfers
We use technical service providers for hosting, error analysis, analytics, store processing and communication. They act either as processors or independent controllers such as Apple and Google. Where data is processed outside the EU/EEA, we rely on adequacy decisions, standard contractual clauses or other suitable safeguards under the GDPR. We do not sell personal data.
11. Minors
The app is intended for users aged 12 and above. Minors may only enter into paid subscriptions with consent from their parents or legal guardians. If you are under 16, please enable optional analytics only with consent from your parents or legal guardians.
12. Retention and deletion
We retain personal data only as long as required for the respective purpose or by law. Local app data can be removed by deleting the app or app data. Since the app does not require an account, there is no central user account to delete.
13. Your rights
Subject to the GDPR, you have rights of access, rectification, erasure, restriction of processing, portability and objection. You can withdraw consent at any time with effect for the future. You may also lodge a complaint with a data protection supervisory authority, for example the Bavarian Data Protection Supervisory Authority.