Your Privacy at a Glance
We never sell your data
Your personal information is never sold to third parties.
GDPR compliant
Full compliance with EU data protection regulations.
Delete anytime
You can delete your account and data at any time.
Encrypted & secure
Industry-standard encryption in transit and at rest.
Secure payments
Stripe handles payments — we never see your card details.
Made in SwedenTrusted by leading brands
GeoQuestr — Privacy Policy
Last updated: 27 March 2026
This Privacy Policy explains how Wintergarde Development AB ("GeoQuestr", "we", "us", "our") collects, uses, shares, and protects information about you when you use GeoQuestr’s websites, apps, and related services (the "Services").
Contact: hello@geoquestr.com
We are the data controller for personal data processed under this Policy.
1. Information We Collect
We collect information you provide, information from your device, and information generated through your use of the Services:
1.1 Account Information
- Name, display name, email, password
- Subscription plan and billing frequency (Free, Starter, Department, or Enterprise)
- Single‑experience purchase history and upgraded activity tiers
- Profile information (avatar selection)
1.2 Location & Activity Data
- GPS and device sensor data for creating, exploring, and verifying activities
- Routes, challenges, completions, play history
- Approximate location for analytics and service optimization
1.3 Payment & Subscription Data
- Billing details processed by our payment provider (Stripe)
- Subscription plan, billing period, and renewal status
- Single‑experience upgrade purchases and AI credit package purchases
- Payment confirmations, cancellations, and refunds
- Transaction and Stripe customer IDs
1.4 AI‑Generated Content Data
- Prompts, inputs, and parameters you provide when using AI‑powered activity creation
- AI credit balance and usage history
- Generated quest content (text, images) associated with your account
1.5 Device & Technical Data
- Device identifiers, operating system, app version
- Log data (IP address, timestamps, crash logs)
- Cookies, SDK data (see Cookie Policy)
1.6 Communications
- Emails, messages, and support requests
- Feedback, surveys, bug reports
1.7 Children
We do not knowingly collect data from children under 13 (or lower age as required by law). If you believe a child has provided data, contact us.
2. How We Use Your Information
We use personal data for:
- Providing and operating the Services (account, content, gameplay, real‑time multiplayer)
- Processing payments, subscriptions, single‑experience purchases, and AI credit transactions
- Delivering AI‑powered features, including sending your inputs to third‑party AI model providers to generate quest content
- Managing AI credit allowances, usage tracking, and monthly resets
- Reviewing and moderating activities (including AI‑generated content)
- Improving safety, detecting cheating (e.g., GPS spoofing), and enforcing rules
- Customer support and communications
- Security, fraud prevention, and legal compliance
- Analytics and product development
- Marketing (with consent where required)
3. Legal Bases (EEA/UK/Switzerland)
We rely on:
- Contract: to provide the Services, process payments, and manage your subscription or purchases
- Consent: for optional analytics, cookies, marketing
- Legal obligation: to comply with tax and accounting regulations
- Legitimate interests: to maintain safety, improve the platform, prevent abuse, and develop AI features
4. Sharing of Information
We share personal data only as needed:
- Payment processors (Stripe) to process subscriptions, single‑experience purchases, and credit packages
- AI service providers to generate quest content when you use AI‑powered creation features — we send only the inputs necessary for content generation
- Analytics & cloud services (hosting, crash reporting, product analytics)
- Map & geolocation providers (Mapbox, Google Maps) for map rendering and location services
- Law enforcement / regulators where required by law
- Corporate transactions (merger, acquisition, sale of assets)
We do not sell your personal data.
5. Data Retention
- Account data: kept until you delete your account or after inactivity (max 2 years)
- Content (including AI‑generated content): retained while published, or until you remove it
- Payment, subscription, and purchase data: kept for up to 7 years (legal accounting rules)
- AI credit usage logs: retained for up to 24 months
- Logs/analytics: anonymized or deleted within 24 months
6. International Transfers
Data may be transferred outside the EEA (e.g., to the US), including when we use third‑party AI model providers and cloud infrastructure. We use safeguards such as Standard Contractual Clauses and require partners to implement adequate protections.
7. Your Rights
If you are in the EEA/UK/Switzerland, you have rights to:
- Access your data
- Correct inaccurate data
- Erase data (where applicable)
- Restrict or object to processing
- Port your data to another provider
- Withdraw consent (for optional processing)
- Lodge a complaint with your supervisory authority — in Sweden, this is Integritetsskyddsmyndigheten (IMY)
- Delete your account
To exercise rights, contact hello@geoquestr.com.
8. Security
We implement industry-standard technical and organizational measures (encryption in transit and at rest, access controls, auditing). No system is 100% secure; you use the Services at your own risk.
9. Changes
We may update this Policy. For material changes (e.g., new categories of data collection), we will give reasonable advance notice (via email, in-app, or website) before they take effect.
10. Contact
Wintergarde Development AB Org. nr: 559347-4280 Gothenburg, Sweden Email: hello@geoquestr.com
Supervisory authority: Integritetsskyddsmyndigheten (IMY), Box 8114, 104 20 Stockholm, Sweden