Skip to content
Snapshots

Last updated: 2026-05-26

Privacy policy

1. Controller

Controller within the meaning of the GDPR is:
Berger & Rosenstock GbR · Dieselstraße 22e · 61231 Bad Nauheim · Germany
Email: hello@marcelrgberger.com

2. Scope

This policy covers (a) the marketing website at snapshots-quiz.app and (b) the Snapshots iOS app. Wherever the rules differ between the two, the section makes that explicit.

3. Website — Google Analytics 4 with Consent Mode v2

We use Google Analytics 4 (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland) to understand which content is useful. Analytics is loaded with Consent Mode v2 — all storage categories (ad_storage, ad_user_data, ad_personalization, analytics_storage) default to denied.

Before consent, only cookieless, aggregated consent pings are sent. They do not allow identification of individual visitors. Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in aggregated reach measurement).

After you click Accept in the cookie banner, analytics_storage is set to granted, cookies are written, and standard GA4 events fire. Legal basis: Art. 6 (1) (a) GDPR (consent) in conjunction with § 25 (1) TTDSG.

Retention: GA4 default 14 months. You can withdraw consent at any time via the link in the footer.

International transfers: Google may process data in the US under the EU-US Data Privacy Framework.

4. Website — fonts and hosting

Fonts (Geist) are self-hosted from this domain — no third-party font CDN. The website is built as a static bundle and served by GitHub Pages (GitHub, Inc.). Server log retention at GitHub is governed by their privacy policy. We do not access these logs.

5. App — what the iOS app sends to our backend

The Snapshots app communicates with our backend service to function. The following data is processed:

  • Player name: The name you choose on first launch. Globally unique so it can appear on the leaderboard.
  • Scores: Final score and number of puzzles solved per session. Required for the leaderboard.
  • Puzzle IDs: Which puzzles you have solved, so we don't serve you the same one twice.
  • Language code: The puzzle language you play in (e.g. en, de), so we serve the right translation.
  • Feedback (if you submit some): The text you wrote, an optional screenshot, and a device info string for context.

We do not collect: location, contacts, advertising identifiers, IDFA, microphone access, photos beyond the optional feedback screenshot, address book, calendar, health data. No third-party analytics SDK is embedded in the app. Legal basis: Art. 6 (1) (b) GDPR (contract performance — providing the game and leaderboard).

6. App — in-app purchases via RevenueCat / Apple

The lifetime unlock is purchased via Apple's App Store. Apple processes the payment and we never see your payment details. RevenueCat (RevenueCat, Inc., USA) sits between the app and Apple to verify entitlements; RevenueCat receives an anonymous purchase ID and a hashed App User ID — no name, no email. See RevenueCat's privacy policy for their processing details.

7. App — image and puzzle storage

Puzzle images are generated by OpenAI's DALL-E 3 during puzzle creation and then stored on Civo Object Storage (Civo Ltd., Reading, UK) under our control. The iOS app downloads images directly from our backend, which proxies the storage. Civo, as the storage provider, is bound by a data processing agreement.

8. Your rights under GDPR

  • Right of access (Art. 15)
  • Right to rectification (Art. 16)
  • Right to erasure (Art. 17) — in the app: tap "Logout" to remove your player record from the backend
  • Right to restriction of processing (Art. 18)
  • Right to data portability (Art. 20)
  • Right to object (Art. 21)
  • Right to lodge a complaint with a supervisory authority (Art. 77)

To exercise any of these rights, email hello@marcelrgberger.com with the player name you registered.

9. Retention

  • Player record: until you log out or request deletion.
  • Scores: kept on the leaderboard indefinitely (anonymised by player name only).
  • Feedback submissions: kept for up to 12 months for follow-up, then deleted.
  • GA4 data: 14 months default.

10. Changes to this policy

We will update this page whenever we change what we process or how we process it. The Last updated date at the top reflects the most recent change.