Last updated: 6 May 2026
The following notes provide a simple overview of what happens to your personal data when you use KatchIt!. Personal data is any data that can be used to personally identify you.
KatchIt! is a multiplayer photo game available as a web app, iOS app, and Android app. The app deliberately collects as little data as possible. Optional user accounts can be created via Google, Apple, or email to synchronise game state across devices. The iOS and Android versions display advertising from Google AdMob (see Section 5b). Ads are only loaded after explicit consent. The web version contains no ads.
Controller within the meaning of the GDPR:
Pascal Grimm
Wiederholdstraße 2
70714 Stuttgart, Germany
Email: support@katchit.app
You may optionally create a user account to synchronise game state and settings across devices. Sign-in is via Google, Apple, or email (magic link). The following data is processed:
The app is fully usable without a user account. An account can be deleted at any time in Settings — all associated data is then removed server-side.
Legal basis: Art. 6(1)(a) GDPR (consent through voluntary registration).
When playing, you enter a freely chosen player name and may optionally take an avatar photo. Both are temporarily stored on our servers for the duration of the game and shown to other players. After the game ends, this data is deleted.
Legal basis: Art. 6(1)(b) GDPR (performance of contract — provision of the game service).
During the game, you take photos that are assigned to the respective game categories. These photos are:
Legal basis: Art. 6(1)(b) GDPR (performance of contract).
On every cold launch, until the user has resolved it, KatchIt! shows a non-dismissible AI-consent screen with two granular toggles. The user must explicitly tap "Confirm" before reaching the home screen — no AI service is contacted before that point.
Either toggle can be left off and the app remains usable — the corresponding features are then locked behind a clear in-app dialog that links back to the consent toggles in Settings. Both consents can be revoked at any time in Settings → Privacy & AI; revocation takes effect immediately and disables the corresponding features without sign-out. On sign-out both consents are reset, so the next user signing in on the same device must give their own consent.
Legal basis: Art. 6(1)(a) GDPR (explicit consent) — required before any photo is sent to any third-party AI processor.
The app offers two optional modes with automatic AI photo rating: Solo mode and the Multiplayer "AI Judge" mode. Both modes only become available if the user enabled "AI Photo Rating" at the hard-gate screen (see d). In both modes, photos are transmitted to an AI processor for rating, with the following routing:
@cf/meta/llama-4-scout-17b-16e-instruct.In both cases the following applies:
Legal basis: Art. 6(1)(a) GDPR (explicit consent at the first-launch hard gate, revocable in Settings).
If — and only if — the user enabled "Photo Safety Check" at the hard-gate screen (see d), every photo captured for a multiplayer game and every profile avatar passes through an automated content-safety check via Cloudflare Workers AI before it is stored. This is required to prevent unsafe content (sexual content, graphic violence, hate symbols, etc.) from being shared with other players or stored on our servers, in line with App Store guideline 1.2. If the user does not grant this consent, avatar upload and multiplayer photo capture are locked.
| Provider | Cloudflare Inc., 101 Townsend St, San Francisco, CA 94107, USA |
|---|---|
| Model | @cf/meta/llama-4-scout-17b-16e-instruct |
| When called | Once before every multiplayer game-photo upload and every avatar upload (NOT for solo-mode photos, NOT for the Multiplayer "AI Judge" rating which is covered by (e)) |
| Data sent | Image bytes only. No name, email, user ID, or location. |
| Retention | None — image is processed in-memory for the safety verdict and discarded immediately |
| Legal basis | Art. 6(1)(a) GDPR (explicit consent at the first-launch hard gate, revocable in Settings). Cloudflare acts solely as a data processor under its Workers AI commercial terms and does not use submitted images to train its AI models. |
In solo mode, your game result (player name, score, category count, time bonus) is transmitted to our server and displayed in a public leaderboard. The player name is visible to all users.
Legal basis: Art. 6(1)(b) GDPR (performance of contract).
Game-related data such as chosen categories, ratings (star awards), and game state are stored for the duration of the game and deleted after the game ends.
Legal basis: Art. 6(1)(b) GDPR (performance of contract).
When taking a game photo — provided you have granted the location permission — your current GPS location (latitude and longitude) is captured and stored on our servers together with the photo. This data is used to display the capture location in the photo gallery and game timeline.
Legal basis: Art. 6(1)(a) GDPR (consent through granting the location permission).
The app requires access to your device's camera in order to take game photos. This access is requested via the operating system's permission dialogs and can be revoked at any time in device settings. Without camera access, the core function of the app cannot be used.
The app uses your device's local storage (Local Storage / app-internal storage) to temporarily cache game photos, avatars, and game statistics. This data remains on your device and is not transmitted to third parties.
KatchIt! deliberately does not collect:
Note on advertising: In the iOS and Android versions, Google AdMob may collect device- and interest-related data (advertising ID, device fingerprint) for ad serving. You will be asked for your consent before ads are shown for the first time. See Section 5b for details. The web version contains no ads.
| Provider | Supabase Inc., 970 Toa Payoh North #07-04, Singapore 318992 |
|---|---|
| Purpose | Database (PostgreSQL), real-time communication (WebSocket), file storage (photos), authentication |
| Data Processed | Player names, avatar photos, game photos, game state, ratings, game metadata, solo leaderboard, optional: email address and profile data on account creation |
| Server Location | EU (Frankfurt, Germany) |
| Retention | Game data: only for the duration of the game, automatically deleted after game end. Account data: until account deletion. Solo leaderboard: permanent. |
| Privacy Policy | supabase.com/privacy |
Legal basis: Art. 6(1)(b) GDPR (performance of contract) and Art. 28 GDPR (processor agreement).
| Provider | Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland |
|---|---|
| Purpose | Display of ads (rewarded ads, interstitial ads) in the iOS and Android versions |
| Data Processed | Advertising ID (GAID/IDFA), IP address, device information (type, OS), app usage data, possibly coarse location (if granted), interaction data with ads |
| Server Location | USA and EU (Google data centres worldwide) |
| Retention | According to Google's Privacy Policy (max. 18 months for personalised advertising data) |
| Consent | Only after explicit consent in the in-app consent dialog at app start (GDPR-compliant via Google UMP) |
| Privacy Policy | policies.google.com/privacy |
| Opt-Out | Consent can be revoked at any time in app settings under "Ad Settings" |
Legal basis: Art. 6(1)(a) GDPR (consent). Without consent, only non-personalised ads are shown, or no ads are loaded at all.
Third-country transfer: Google LLC is based in the USA. Data transfer to the USA takes place on the basis of the EU-U.S. Data Privacy Framework (DPF) and additionally on the basis of Standard Contractual Clauses (Art. 46(2)(c) GDPR).
| Provider | Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA |
|---|---|
| Purpose | Primary AI processor for BOTH the Solo mode AI rating AND the Multiplayer "AI Judge" rating. Uses model gemini-2.5-flash. Cloudflare Workers AI (see Section 5d) is the automatic fallback if Gemini is temporarily unavailable. |
| Data Processed | Game photos (as image data), category name (as text). No personal data (no name, no email, no user ID). |
| Server Location | USA and worldwide (Google Cloud data centres) |
| Retention | No retention — photos are transmitted only for real-time processing and discarded immediately |
| Consent | Explicit in-app consent at the first-launch hard-gate screen (Toggle 2 — "AI Photo Rating"). Until granted, Solo and AI Judge modes are inaccessible. Revocable at any time in Settings → Privacy & AI; revocation locks the modes immediately. |
| Processor Status | Google LLC acts solely as a data processor under Google's commercial Gemini API terms and does not use submitted photos to train Google's AI models. |
| Privacy Policy | policies.google.com/privacy |
Legal basis: Art. 6(1)(a) GDPR (consent).
Third-country transfer: Google LLC is based in the USA. Data transfer to the USA takes place on the basis of the EU-U.S. Data Privacy Framework (DPF) under Art. 45 GDPR. Standard Contractual Clauses (Art. 46(2)(c) GDPR) are used as additional safeguards. This transfer only takes place if the user has explicitly enabled "AI Photo Rating" at the hard-gate.
We use Cloudflare Workers AI for two separate purposes. Both uses transmit only image bytes (and, for AI rating, a category name) — no personal data. Both uses require explicit user consent at the first-launch hard-gate screen and are tied to two separate toggles, so the user can decline either independently.
| Provider | Cloudflare Inc., 101 Townsend St, San Francisco, CA 94107, USA |
|---|---|
| Use 1 — AI rating fallback | If the primary Gemini call (Section 5c) fails (e.g. temporary outage or rate limit), the same image + category name is sent to Cloudflare Workers AI (model @cf/meta/llama-4-scout-17b-16e-instruct) instead. Covered by the same hard-gate consent toggle as Gemini ("AI Photo Rating"). |
| Use 2 — Image safety moderation | Every multiplayer game photo and every profile avatar is run through Cloudflare Workers AI (same model) for content-safety screening BEFORE it is stored on our servers. This catches unsafe content (sexual content, violence, hate symbols, etc.) per App Store guideline 1.2. Gated by a separate hard-gate consent toggle ("Photo Safety Check"). If declined, avatar upload and multiplayer photo capture are locked. Solo-mode photos are NOT moderated separately because they go straight to the AI rater (which performs its own safety check). |
| Server Location | Worldwide (Cloudflare Edge Network), processed on the nearest data centre |
| Retention | No retention — images are processed in-memory for the verdict and discarded immediately |
| Processor Status | Cloudflare Inc. acts solely as a data processor under Cloudflare's Workers AI commercial terms and does not use submitted images to train its AI models. |
| Privacy Policy | cloudflare.com/privacypolicy |
Legal basis: Art. 6(1)(a) GDPR (explicit consent at the first-launch hard gate) for both uses. Either toggle can be revoked at any time in Settings → Privacy & AI; revocation takes effect immediately and disables the corresponding feature.
Third-country transfer: Cloudflare is based in the USA and is certified under the EU-U.S. Data Privacy Framework (DPF). Standard Contractual Clauses (Art. 46(2)(c) GDPR) are used as additional safeguards.
| Provider | Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland |
|---|---|
| Purpose | Automatic collection of app crashes and error reports to improve app stability |
| Data Processed | Crash logs (stack traces), device type, OS version, app version, crash timestamp. No personal data (no name, no email). |
| Server Location | USA and EU (Google data centres) |
| Retention | 90 days (per Firebase policy) |
| Privacy Policy | firebase.google.com/support/privacy |
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in app stability and bug fixing).
Third-country transfer: Google LLC is based in the USA. Data transfer takes place on the basis of the EU-U.S. Data Privacy Framework (DPF) and additionally on the basis of Standard Contractual Clauses (Art. 46(2)(c) GDPR).
| Provider | Vercel Inc., 440 N Barranca Ave #4133, Covina, CA 91723, USA |
|---|---|
| Purpose | Hosting and delivery of the web version of KatchIt! at katchit.app |
| Data Processed | IP address, access timestamp, browser type, operating system, referrer URL (server log data) |
| Server Location | Worldwide (Edge Network), primarily USA and EU |
| Retention | Server logs are deleted after a maximum of 30 days per Vercel policy |
| Privacy Policy | vercel.com/legal/privacy-policy |
Note: Web hosting via Vercel only concerns the web version of the app. The iOS and Android versions communicate directly with Supabase.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in reliable provision of the web app).
Vercel Inc. is based in the USA. Data transfer to the USA takes place on the basis of the EU-U.S. Data Privacy Framework (DPF) under Art. 45 GDPR, where Vercel is certified under the DPF. Standard Contractual Clauses (Art. 46(2)(c) GDPR) are used as additional safeguards.
Supabase stores KatchIt!'s data on servers in the EU (Frankfurt). Transfer to third countries by Supabase does not generally take place for this project.
Google LLC (AdMob, iOS/Android only) is based in the USA. Data transfer to the USA takes place on the basis of the EU-U.S. Data Privacy Framework (DPF) and on the basis of Standard Contractual Clauses (Art. 46(2)(c) GDPR). This transfer only takes place if you have consented in the consent dialog.
Cloudflare Inc. is based in the USA and is certified under the EU-U.S. Data Privacy Framework (DPF). Photos are transmitted only for real-time processing and are not stored.
For security reasons, this app uses SSL/TLS encryption for all data transmissions. All communication between the app and our servers takes place over HTTPS.
| Data Type | Retention Period |
|---|---|
| User account (optional) | Until account is deleted by the user |
| Player name | Until game ends, then deleted |
| Avatar photo | Until game ends, then deleted |
| Game photos | Until game ends, then deleted |
| Location data (GPS) | Until game ends, then deleted (together with photos) |
| Ratings / game state | Until game ends, then deleted |
| Solo leaderboard | Permanent (player name and score) |
| AI photo rating | No retention (real-time processing) |
| Server log data (web) | Max. 30 days (Vercel) |
| Advertising data (AdMob, iOS/Android) | Per Google's Privacy Policy (max. 18 months); only after consent |
| Local device storage | Until manual deletion or app uninstall |
You have the following rights under the GDPR:
If you have created a user account, you can delete it at any time in the app settings. All associated data will then be completely removed. Without a user account, all game data is automatically deleted after the game ends, so subsequent attribution to individual persons is not possible.
If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). You may, in particular, address the supervisory authority of your habitual residence, your place of work, or the place of the alleged infringement.
We reserve the right to adapt this Privacy Policy to changes in the legal situation or to changes in the service. The current version is always available at katchit.app/privacy.html.
For questions about data protection, please contact us at:
support@katchit.app
This English version is provided as a translation of the legally binding German original at katchit.app/datenschutz.html. In case of discrepancies, the German version prevails.