Integrated Advertising Disclosure: The Application incorporates programmatic advertising frameworks (including but not limited to Google SDKs/AdMob). By utilizing the Application, you explicitly acknowledge and consent to the execution of identifiers and analytics frameworks deployed for telemetry and marketing tracking.
1. Scope, Material Jurisdiction, and Amendments
The provisions of this Policy govern the Gnostis application ecosystem across iOS and Android platforms, the tracking components, and related backend infrastructures. Account registration and access setup constitute an irrefutable presumption of full acceptance of this Policy.
The Provider retains the absolute, unilateral right to amend this Policy at any time without prior individual notification to the User. It remains the exclusive responsibility of the User to check this page periodically for updates.
2. Identity of the Data Controller
Vasilis Savvas Papagrigoriou
Legal Status: Natural Person — Independent Developer
Jurisdiction: Hellenic Republic (Greece)
Email: vasilispapg@outlook.com
3. Categorization and Nature of Collected Personal Data
3.1. Technical Logs, Identifiers & Advertising Metrics
- Advertising Identifiers: ID for Advertisers (IDFA on iOS) and Google Advertising ID (GAID on Android) utilized for ad serving, delivery metrics, and analytics.
- Account Credentials: Email addresses, OTP states, Google/Apple authentication tokens, pseudonyms, and localized secure storage tokens (SecureStore/JWT).
- Technical Tracking: Device models, OS versions, IP addresses (processed transiently for anti-abuse and regional ad mapping), and standard server logs.
3.2. Telemetry and Dynamic Progress Data
- Gamification Variables: XP records, level, virtual currency ledger (Gem tracking), trophy parameters, unlocks, items purchased via virtual currency (including but not limited to powerups, cosmetic frames, and communication bubble packs).
- AI-Generated Metrics: Question reports, metadata of games played, and win/loss records. The content of the questions is entirely AI-generated and evaluated, and does not fall under personal data.
3.3. In-App Analytics (Opt-Out Available)
By default we collect aggregated product analytics — never a personal heatmap tied to your account. You may disable this under Settings → Data & privacy. When enabled, this may include:
- Screen names and time spent on each screen
- Button and UI element taps (semantic labels, not screenshots)
- Approximate tap zones and scroll-depth attention on a grid (heatmap cells; vertical content depth, not screenshots)
- Named UI region attention (e.g. category grid, arena card)
- Platform, app version, and device aspect bucket (tall/standard/wide)
Events are buffered briefly on-device, sent over your authenticated session, aggregated anonymously on our servers without storing your user ID in analytics tables, and deleted after ninety (90) days. You may opt out at any time via Settings.
4. Legal Bases for Processing (Art. 6 GDPR)
| Processing Purpose | Legal Basis |
|---|---|
| Account Management & Contractual Execution | Article 6(1)(b) — Performance of a contract |
| Programmatic Ad Targeting | Article 6(1)(a) — Consent or device advertising settings |
| Aggregated Product Analytics (opt-out via Settings → Data & privacy) | Article 6(1)(f) — Legitimate interest in improving the app; you may disable at any time |
| Security, Integrity, Abuse Mitigation | Article 6(1)(f) — Legitimate interest of the Provider |
5. Data Recipients, Subprocessors, and Advertising Networks
We share necessary data assets with service providers (Hetzner for server infrastructure, Resend for authentication mailings, Sentry for error analytics).
Furthermore, advertising tracking strings, telemetry markers, and device metadata are shared directly with Google LLC (AdMob) and associated programmatic ad exchanges to ensure proper asset monetization, tracking validation, and performance measurement.
6. Data Retention Limitations
Core account attributes and virtual item purchases remain stored for the lifetime of the profile until a direct erasure request is triggered via in-app configuration. Dynamic analytics records are systematically dropped after ninety (90) days.
7. Rights of Data Subjects
Users maintain the rights of Access (Art. 15), Rectification (Art. 16), Erasure (Art. 17), Restriction (Art. 18), Portability (Art. 20), and Objection (Art. 21) via written contact to vasilispapg@outlook.com.
8. Minor Users and Age Rating (3+)
The core game mechanics and interface elements are rated suitable for all users aged three (3+) and above by mobile platform deployment channels (App Store / Google Play). However, the creation of a persistent online data profile under the GDPR requires an age threshold of sixteen (16) years or older, or alternative explicit parental verification.
9. Governing Law and Jurisdiction
This Policy is governed strictly by the laws of Greece. The Courts of Athens retain absolute and exclusive jurisdiction over any contractual or actionable dispute arising under these terms.