Privacy Policy

As of 24 May 2026. Applies to the ThroneSeeker website and the mobile app. This English version is provided for convenience; the German version is legally authoritative.

In short

ThroneSeeker operates no servers that process personal data. Location, searches, and visited thrones stay on your device. To make the product work (map, geocoding, toilet data) the app forwards individual requests to third-party APIs strictly as needed to fulfil each request.

Controller

1. Location data

The app requests your location only while it is open ("when in use"). Background location is explicitly not requested (Android: isAndroidBackgroundLocationEnabled = false). On Android, the technical permissions requested are ACCESS_FINE_LOCATION (for the precise compass needle) and ACCESS_COARSE_LOCATION (fallback for an approximate position); on iOS, NSLocationWhenInUseUsageDescription is used.

Your location leaves the device solely to query third-party APIs (see section 3) for maps and toilets in your vicinity. We neither store the location on our own servers (we have none) nor link it to your identity.

Legal basis: Art. 6(1)(b) GDPR (performance of the user contract; the compass and map cannot function without your location). You can revoke the underlying OS-level permission ("Location: while using the app") at any time in your device settings; the app handles the revocation and displays a corresponding notice.

2. Data stored on the device

Stored locally in a SQLite database on your device:

• cache of the most recently loaded toilet data (coordinates + OSM tags)
• cache of addresses resolved for thrones you have inspected (reverse-geocoding results)
• favorites you have marked
• thrones you have visited (for the heir’s rank)
• settings (language, search radius, selected skin, diagnostics opt-out)

This data does not leave your device and is deleted when the app is uninstalled. Within the app you can erase it at any time via Settings → Clear cache or Reset all data.

Legal basis: Art. 6(1)(b) GDPR (contract performance). For storage on your end device additionally § 25(2) no. 2 TDDDG (strictly necessary to provide the service you explicitly requested).

3. Third-party APIs

OpenStreetMap / Overpass API

We query toilet data directly from overpass-api.de (project maintainer: Roland Olbricht). If the primary endpoint is unavailable, an alternative Overpass mirror may be queried (typically Kumi Systems e.U., Austria, or the Swiss instance at overpass.osm.ch). In the process, your approximate coordinates (search radius) and a user agent are transmitted. Privacy information: OSMF Privacy Policy.

Legal basis: Art. 6(1)(b) GDPR (contract performance; without toilet data the app has no function).

Geoapify (map tiles + reverse geocoding)

The map background and the reverse geocoding (turning coordinates into an address) run via the Geoapify service, operated by KEPTAGO LTD (N. Nikolaidi & T. Kolokotroni, ONISIFOROU CENTER, 2nd Floor, 8011 Paphos, Cyprus, EU; reg. no. CY60033286B). Coordinates and an API key are transmitted. Privacy information: Geoapify Privacy Policy.

Data processing agreement: A contract under Art. 28 GDPR is in place via the Geoapify Data Processing Agreement, which is an integral part of the terms of service. According to Geoapify, processing takes place exclusively within the EU/EEA.

Legal basis: Art. 6(1)(b) GDPR. No third-country transfer (provider established in the EU/Cyprus).

Map navigation

The Navigate button opens your installed maps app (Google Maps, Apple Maps, OsmAnd or similar) with the destination coordinates in the URL. What happens there is governed by the respective provider. We do not transmit data ourselves but hand the call to your operating system.

4. Crash diagnostics (Sentry)

If the app crashes, an anonymized crash report may be transmitted to Sentry’s EU region (telemetry data hosted in Frankfurt, Germany). The provider and processor is Functional Software, Inc. d/b/a Sentry, 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA; represented in the EU by Sentry Software Netherlands B.V., Schiphol Boulevard 359, 1118 BJ Amsterdam Schiphol, Netherlands, as EU representative under Art. 27 GDPR (contact: compliance (at) sentry.io). A data-processing agreement (Sentry Data Processing Addendum) including the EU Standard Contractual Clauses (SCC, 2021/914) as a transfer safeguard under Art. 46 GDPR is in place.

We configure Sentry with active PII scrubbing (sendDefaultPii: false) and an additional beforeSend filter that strips geo contexts. Transmitted are only: stack traces, app version, device model, OS version, language setting. Not transmitted are: location data, IP address as a personal identifier, advertising IDs, your favorites or visited thrones.

Third-country transfer (USA): Although telemetry data is stored in the EU region (Frankfurt), administrative access from the USA or processing of cross-organizational account metadata in the USA cannot be excluded. The transfer basis is the SCCs mentioned above.

Opt-out: You can disable this transmission at any time in the app under Settings → Privacy → "Share anonymous diagnostics". The change takes effect on the next app start.

Retention: 90 days (Sentry default), after which events are deleted automatically.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in app stability and bug fixing).

5. In-app purchases

Purchases within the app (ThroneSeeker Pro) are processed exclusively by the respective store (at launch: Google Play; a later iOS release via the Apple App Store is possible). From Google/Apple we receive no payment data, only the information that a purchase has been made or refunded for a store-internal, pseudonymous user ID.

To technically manage the entitlement (status cache, restore purchase, cross-platform entitlements) we use RevenueCat, Inc., 1032 E Brandon Blvd #3003, Brandon, FL 33511, USA. RevenueCat receives an anonymous installation ID, your store country, and the purchase/refund status. No identity, no location data, no payment information. Data is hosted on Amazon Web Services (AWS) in the USA.

Third-country transfer (USA): The transfer is based on the RevenueCat Data Processing Addendum (DPA) including the EU Standard Contractual Clauses, Module 2 (Controller to Processor) under Commission Implementing Decision (EU) 2021/914 as a transfer safeguard under Art. 46(2)(c) GDPR. Privacy information: RevenueCat Privacy Policy.

Legal basis: Art. 6(1)(b) GDPR (performance of the purchase contract for the Pro unlock).

6. This website

This website is delivered statically via a Caddy web server at the Falkenstein (Vogtland, Saxony) data center of Hetzner Online GmbH, Germany. A data processing agreement under Art. 28 GDPR is in place with Hetzner. We use no cookies, no tracking, no analytics, no external fonts (Inter is self-hosted) and no CDN.

Local browser storage (localStorage): We remember only your deliberately chosen language preference (ts-lang) and the fact that you dismissed the language hint banner (ts-lang-banner-dismiss). This storage is exempt from consent under § 25(2) no. 2 TDDDG, because it is strictly necessary for the function you explicitly requested: "land in the right language on your next visit". You can clear these values via your browser settings at any time.

Server logs (anonymized): The web server writes access logs in a privacy-friendly format:

• IP addresses are anonymized before being written to disk: IPv4 to the /24 subnet (last octet removed), IPv6 to the /48 prefix.
• The headers Cookie, Authorization, Accept-Language, X-Forwarded-For and X-Real-IP are likewise stripped before writing.
• What is stored is therefore only: anonymized IP prefix, user agent, requested URL, HTTP status, timestamp.
• Retention: maximum 14 days (rotating log files, automatic deletion).
• Analysis happens exclusively locally via a self-hosted statistics pipeline (GoAccess) counting hits per path. There is no transmission to third parties and no profiling.

Browser APIs blocked at the server level: Via the Permissions-Policy response header we proactively disable, on this website, geolocation, camera, microphone, payment API, USB, Bluetooth, motion/gyro/magnetometer sensors, and Google’s "FLoC"/Topics API (interest-cohort=()). Accidental tracking through these APIs is therefore technically excluded.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in operational security, abuse prevention, and basic reach statistics with minimal personal reference).

7. What we deliberately do not do

• No advertising IDs (Google Advertising ID, Apple IDFA)
• No device fingerprinting
• No marketing, attribution, or analytics SDKs (no Firebase Analytics, no Facebook SDK, no TikTok Pixel)
• No push notifications
• No newsletter, no mailing list, no tracking pixels in emails
• No user accounts, no sign-up, no profile
• No sale or sharing of data for marketing purposes

8. Contacting us

If you contact us by email (throneseeker (at) byteside.io), we process your message and email address solely to respond to your request. Legal basis: Art. 6(1)(b) GDPR (pre-contractual / contractual) or (f) (legitimate interest in answering inquiries). We delete inquiries once they are no longer needed, subject to any statutory retention obligations.

Email provider: Our business email runs on Microsoft 365 / Exchange Online provided by Microsoft Ireland Operations Limited (One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland) with EU Data Boundary enabled; i.e. customer data at rest (mailbox contents) is stored and processed exclusively within the EU/EEA. The legal basis is the Microsoft Products and Services Data Protection Addendum (DPA) including the EU Standard Contractual Clauses (SCC, 2021/914). Occasional administrative access by Microsoft Corporation (USA) for support, engineering or security purposes cannot be entirely excluded despite the EU Data Boundary; to that extent there is a third-country transfer based on the SCCs mentioned above under Art. 46(2)(c) GDPR.

If you use the WhatsApp contact listed in the legal notice, you transmit your phone number and message content to WhatsApp Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) as the controller for the WhatsApp services in the EEA. For cross-product account processing with other Meta services, Meta Platforms Ireland Limited is additionally a joint controller. Processing on servers outside the EU (in particular the USA) cannot be excluded; we have no influence on this. If you would like to avoid this, please use the email route.

9. Your rights

You have the right at any time to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), and objection (Art. 21) under GDPR. Where processing is based on consent, you may withdraw it with effect for the future (Art. 7(3)).

To exercise these, contact throneseeker (at) byteside.io. Since we store no personal data on our own servers, a request for access will typically amount to a confirmation that we hold no data about you, plus any existing email correspondence and (if you have made a Pro purchase) the pseudonymous entitlement data held at RevenueCat.

10. Right to lodge a complaint

You have the right to lodge a complaint with a data-protection supervisory authority. The authority competent for us is: