Privacy policy
Privacy information for this website and the apps (CDA‑Basic / CDA‑Premium). Status: February 2026.
1. Controller
Erol Mutlu
Zollernweg 26, 73760 Ostfildern, Germany
Phone: 01520 8832971
E‑mail: poemutlu@arcor.de
Legal representative: not applicable (private individual).
Data protection officer: none appointed (not required unless a legal obligation applies).
2. What data is processed?
2.1 Website (POEM‑Shop)
- Access data / server logs: IP address, date/time, requested URL, referrer, user agent, technical status messages.
- Contact (e‑mail): message contents and any contact details you provide.
2.2 App: CDA‑Basic (offline)
CDA‑Basic does not send game or profile data to an own database. The app may store data locally on your device (iOS sandbox) so that game state, history and settings work.
- Profile data (entered by the user): first name, last name; optionally display name / avatar selection.
- Usage / game data: scores, history (e.g. daily best), level progress, belt/status progress, settings.
- Local storage: app storage such as UserDefaults and files within the app’s documents directory.
- In‑app purchase (level unlock): Apple StoreKit is used. Apple processes payment data; the app stores the purchase status locally.
2.3 App: CDA‑Premium (online mode with database & leaderboard)
CDA‑Premium provides online features (leaderboard/ranking, synchronization). For this purpose, data is transmitted to and processed on a server. CDA‑Premium also stores game data locally (history/offline support).
- Device/connection data: technically necessary data for server access (in particular IP address; server logs may be created).
- Profile/registration data: first/last name, city, country, optional display name and avatar data. If account features are used: e‑mail, username, password (transmitted for registration/login).
- Verification/security: e‑mail verification status, verification code (time‑limited), password reset flows.
- Game/ranking data: score, level/game‑ID, points, completion time, belt progress (percentage), ranking position (calculated server‑side), avatar display data.
- Offline queue: if offline, pending uploads may be stored locally and synced later (e.g. best result per player+level).
Note on server communication: For online features, data is transmitted to and processed on a server we manage. We do not publish concrete technical endpoints/addresses. Transmission happens over the internet; we apply appropriate safeguards and continuously improve transport and access security.
3. Purposes
- Providing website and app functionality.
- Local storage of game state/history/settings.
- Premium online features: leaderboard, ranking, synchronization, player rank retrieval.
- Account features (Premium): registration, login, e‑mail verification, password reset.
- In‑app purchases via Apple App Store (StoreKit).
- Security and operation (e.g. server logs, abuse prevention, troubleshooting).
- Customer support via e‑mail.
4. Legal bases (GDPR)
- Art. 6(1)(b) GDPR: performance of a contract / providing requested features.
- Art. 6(1)(f) GDPR: legitimate interests (secure operation, IT security, abuse prevention, troubleshooting).
- Art. 6(1)(a) GDPR: consent (only if tracking/analytics/marketing SDKs are added in the future).
5. Recipients / third parties
- Hosting / server: Strato (hosting provider) for the website and the Premium API.
- App store / payments: Apple App Store / StoreKit (payment processing by Apple; we do not receive full payment details).
- Other third‑party SDKs: currently none for analytics or advertising (as of Feb 2026).
International transfers: Apple services may involve processing in third countries. Apple’s privacy information applies.
6. Retention
- Website logs: according to hosting provider policies (typically days to weeks).
- Support e‑mails: as long as necessary; then deleted/archived (e.g. up to 6 months) unless statutory retention applies.
- App local data: until deleted in the app or app removal (iOS removes app data on uninstall).
- Premium server data: as long as needed for accounts/ranking (e.g. until account deletion).
7. Your rights
You may have rights of access, rectification, erasure, restriction, data portability, objection, and the right to lodge a complaint with a supervisory authority.
8. Minors
The game is intended for a general audience. If minors use the app, it should be with parental guidance as appropriate. Please do not provide unnecessary personal data.
9. Tracking & cookies
- Website: no own tracking cookies (static site).
- Apps: no third‑party tracking/advertising SDKs and no use of advertising identifiers (as of Feb 2026).
10. Security
We use technical and organizational measures (e.g. access controls, permission concepts, iOS sandbox for local app data). For online transmissions, we use appropriate safeguards where available and continuously improve security.
11. App store note
App stores require a publicly accessible privacy policy URL and consistent “app privacy” disclosures. Example URL: https://<your-domain>/legal/datenschutz.html
12. Updates
This policy will be updated when features/services change.