Privacy Policy.

The controller responsible for processing personal data on this website is:

Christine Möllers (freelance artist)
Briesestraße 2
12053 Berlin
Email: info@localnauts.com

We only collect data you actively provide to us (e.g. via the contact form or sign-up list: name, email address) as well as technical data that is automatically generated when you use our website (e.g. IP address, browser type/version, operating system, referrer URL, hostname of the accessing computer, time of server request). This technical data is not linked to your person and is used solely to ensure the functionality and security of our website.

Your data is used exclusively to process your enquiries. Contact enquiries are processed on the basis of Art. 6(1)(b) GDPR (performance of a contract / pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interest in responding to enquiries). Data is not passed on to third parties.

Sign-up list ("Newsletter")

Email addresses for the sign-up list are only stored with your explicit consent (Art. 6(1)(a) GDPR) and can be unsubscribed at any time by emailing info@localnauts.com. Consent is given by ticking the checkbox on the sign-up form.

• Art. 6(1)(b) GDPR (performance of a contract / pre-contractual measures) for purchases and enquiries
• Art. 6(1)(a) GDPR (consent) for the sign-up list
• Art. 6(1)(f) GDPR (legitimate interest) for technical data and social media profiles

• Contact data will be deleted after your enquiry has been fully processed, at the latest after 90 days.
• Purchase data will be stored for 10 years in accordance with statutory retention obligations.
• Email addresses on the sign-up list will be stored until consent is withdrawn.

We use Vercel Inc. to host this website. IP addresses and technical data may be transferred to servers in Washington, D.C., USA. Vercel guarantees an adequate level of data protection through EU standard contractual clauses. Vercel Privacy Policy

For payment processing we use Stripe, Inc. as a data processor pursuant to Art. 28 GDPR. Stripe Privacy Policy

For managing our newsletter sign-up list we use Brevo (Brevo SAS). Brevo Privacy Policy

Locally hosted web fonts (GDPR compliant)

This website uses the fonts "DM Sans", "Anton", "Space Mono" and "Bowlby One SC", which are stored on our own server and loaded via next/font. No user data is transmitted to external providers like Google Fonts.

You have the right to access, rectification, erasure, restriction of processing, data portability and the right to object to the processing of your data. Please contact us at: info@localnauts.com. You also have the right to lodge a complaint with the competent data protection supervisory authority.

This website uses only technically necessary cookies that are required for the operation of the website. No tracking or advertising cookies are set. Consent is therefore not required.

By ticking the checkbox on the contact form or when signing up to the sign-up list, you agree that your data will be processed in accordance with this privacy policy.

We maintain profiles on social networks to share information about localnauts.com and connect with interested visitors. Specifically:

• Instagram (Meta Platforms Ireland Ltd.) — Instagram Privacy Policy
• LinkedIn (LinkedIn Ireland Unlimited Company) — LinkedIn Privacy Policy
• YouTube (Google Ireland Ltd.) — Google/YouTube Privacy Policy

When you visit our social media profiles, the respective platforms collect and process data. We have no influence over this data processing. The legal basis for operating our profiles is Art. 6(1)(f) GDPR (legitimate interest in public communication and reach).

The Localnauts Player App is a browser-based web app accessed after purchase via a personal access code. It works entirely without registration, without a user account, and without any server-side data storage.

• Location data (GPS): The app uses the browser's Geolocation API to check whether the group is near a station. The location calculation is performed exclusively locally in the browser using the Haversine formula. Location data is neither stored on our servers nor transmitted to third parties. GPS use requires active permission from the user and can be revoked at any time in the browser. Legal basis: Art. 6(1)(a) GDPR (consent).
• Photos and images: Photos taken using the app's camera function are stored exclusively as a temporary object URL in the device's working memory. No upload to our servers takes place. The collage feature generates the image entirely client-side in the browser (Canvas API) and saves it directly to the user's device. After the game session ends or when the browser is closed, all photos are automatically deleted.
• No user account, no personal data storage: The app does not collect any names, email addresses or other personal data. Game progress, team names and answers are held exclusively in the browser's volatile session memory (JavaScript variables) and are irretrievably deleted when the browser tab is closed.
• Access code: The access code is verified client-side against a fixed value. No server request takes place. The access code itself is not personal data within the meaning of the GDPR.