Information for procurement
This page is updated alongside new development. If any information is missing for your procurement process, email upphandling@geoquestr.com
Data handling overview
GeoQuestr is a cloud-based web solution. Creators sign in to build experiences; participants join via a link or QR code in the browser on a phone or tablet using fully anonymous accounts — no email address or other personal information is required. Content you author (text, images, and video) is stored so the experience can be presented to participants. The participant's gameplay data (scores, progress, submitted answers, and quest proofs) is stored to run the activity and for reports and analytics. The participant's location data is never stored and never sent over the network — it is processed only locally on the device. AI-assisted features (where enabled) send only the inputs needed for that feature to the configured AI provider. Maps rely on third-party map APIs. Exact categories of personal data are described in our privacy policy.
Accessibility
Our platform is designed to meet WCAG 2.1 Level AA for core marketing pages and creator flows where feasible. Participants use maps where a 3D avatar moves on the map as the participant moves. How the creator designs their quest is important for achieving high accessibility. All text is designed to be easy to read and accessible, and quests can also be read aloud in the user's chosen language. For public-sector requirements: describe your needs when contacting us so we can discuss any necessary adjustments.
GDPR & Data Processing Agreement (DPA)
For organizations that need a DPA under the GDPR: email upphandling@geoquestr.com with your organization number and a short description of your needs. We will respond with next steps. Consumer-facing details are covered in the privacy policy.
Security contact
To report a security issue or suspected vulnerability: email security@geoquestr.com with the subject “Suspected Vulnerability”. For general data requests: email the same address and describe your needs and your relationship to the account or activity.
Invoicing & custom terms
Self-serve plans are billed via Stripe. For purchase orders, custom participant limits, or municipal procurement processes, use the Enterprise / Custom contact paths on the pricing page or the solution contact forms—we will work with you case by case.
Subprocessors & key services
GeoQuestr uses the following subprocessors for its services.
| Service / vendor | Typical purpose |
|---|---|
| Google Firebase (Auth, Firestore, Realtime Database, Storage, Functions, Hosting-related infrastructure) | Authentication, application data, file storage and server-side logic. |
| Linode (Akamai) | Web server and application hosting |
| Mapbox | Interactive maps, geocoding, terrain and map visuals in the client |
| Stripe | Payments and subscriptions for creators |
| Resend | Transactional email (e.g. contact form, account messages) |
| OpenAI | AI features such as activity generation, text, images and image evaluation. Can be fully disabled if needed. |
Where personal data is stored
We strive to store all data on European servers and use European services where possible. The table below shows where personal data is actually stored. The other vendors listed above only receive the inputs the relevant feature requires. Stripe stores payment and customer data as required by financial regulations, and Resend stores email addresses and message content for delivery. Mapbox and OpenAI receive request data without us using them for persistent storage of personal data.
| System | What is stored | Region |
|---|---|---|
| Firebase Authentication | Creator login credentials and anonymous participant accounts | 🇪🇺 EU (Belgium) |
| Cloud Firestore | Accounts, experiences, quests, and report data | 🇪🇺 EU (Belgium) |
| Realtime Database | Live gameplay state during an active activity | 🇪🇺 EU (Belgium) |
| Cloud Storage | Uploaded files (images, video, quest proofs) | 🇪🇺 EU (Belgium) |