Privacy Policy

Privacy Policy

Last updated: July 9, 2026

Vireo (“we”, “us”, “our”) operates the TimeLine daily history puzzle game (the “Service”). We are based in Falköping, Sweden. This Privacy Policy explains what personal data we collect, how we use it, where it is stored, and the rights you have under the General Data Protection Regulation (GDPR).

1. Data We Collect

  • Email address: Used for account creation, authentication, and transactional emails (password resets, receipt confirmations).
  • Usage analytics: We use PostHog to collect anonymized and pseudonymized analytics such as feature usage, session duration, and funnel events. PostHog processes data in the EU.
  • Crash reports: We use Sentry to receive automated crash and error reports, which may include device information and stack traces. No personal data is intentionally included in crash reports.
  • Purchase history: Records of subscription payments processed by Stripe (web) and Google Play Billing (Android), including transaction IDs and plan type.
  • Game data: Puzzle results, scores, streak counts, badges earned, and multiplayer game history.

2. Data Storage

Your data is stored with the following processors, all located in the EU or with adequate safeguards:

  • Appwrite — Primary database and authentication. Self-hosted in our infrastructure.
  • Cloudflare — Web hosting and edge content delivery. Data is processed at edge locations per GDPR-compliant terms.
  • PostHog — Product analytics. PostHog offers EU data residency.
  • Sentry — Error monitoring and crash reporting.
  • Stripe / Google Play — Payment processors. Payment card details are handled entirely by these providers and never touch our servers.

3. Legal Basis

We process personal data under the following legal bases under GDPR Article 6:

  • Performance of a contract (Art. 6(1)(b)): Creating and managing your account, recording game results, and processing payments.
  • Legitimate interests (Art. 6(1)(f)): Analytics and crash reporting to improve the Service, prevent abuse, and ensure security.
  • Consent (Art. 6(1)(a)):Where you have explicitly opted in, such as push notifications. You may withdraw consent at any time.

4. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right of access (Art. 15):You can request a copy of all personal data we hold about you.
  • Right to erasure (Art. 17):You can request deletion of your account and all associated data. This can be done through the app's account settings or by contacting us.
  • Right to data portability (Art. 20): You can request an export of your data in a structured, machine-readable format (JSON).
  • Right to rectification (Art. 16): You can correct inaccurate personal data.
  • Right to object (Art. 21):You can object to processing based on legitimate interests.
  • Right to restrict processing (Art. 18): You can request that we limit processing of your data in certain circumstances.

To exercise any of these rights, email us at support@vireo.app. We will respond within 30 days, as required by GDPR.

5. Cookies

We use the absolute minimum number of cookies necessary for the Service to function:

  • Authentication cookies: Set by Appwrite Auth to keep you logged in. These are strictly necessary and cannot be disabled.
  • PostHog analytics: PostHog uses first-party cookies/local storage to identify sessions. We do not use third-party tracking cookies, advertising cookies, or marketing pixels.

We do not sell your data to third parties. We do not use advertising cookies or tracking pixels from advertising networks.

6. Data Retention

We retain your personal data only as long as necessary to provide the Service and comply with legal obligations:

  • Account and game data: retained until you delete your account.
  • Analytics data: retained for up to 12 months.
  • Crash reports: retained for up to 90 days.
  • Transaction records: retained for up to 7 years as required by tax law.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit (TLS) and at rest, access controls, and regular security reviews. All database tables are protected by Row Level Security (RLS) policies ensuring users can only access their own data.

8. International Transfers

Your data is stored and processed primarily within the EU (Appwrite Frankfurt region). Where data is processed by providers outside the EU (e.g., Sentry, Cloudflare), appropriate safeguards such as Standard Contractual Clauses (SCCs) are in place to ensure GDPR-level protection.

9. Children's Privacy

The Service is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe we have collected data from a child under 13, please contact us and we will delete it immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice in the app or by email. The “Last updated” date at the top of this page indicates when the policy was last revised.

11. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

Vireo
Falköping, Sweden
Email: support@vireo.app

You also have the right to lodge a complaint with the Swedish supervisory authority, Integritetsskyddsmyndigheten (IMY), if you believe we have not handled your data in accordance with the GDPR.