Data Privacy

For our mobile application "Gooodie".
Last updated: 16.02.2026

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

Wildcard GmbH
Strozzigasse 4/22
1080 Wien
Österreich
Email: sindelar@wildcard.at

We take the protection of your personal data very seriously and process your data exclusively in accordance with:

  • the GDPR
  • the Austrian Data Protection Act (DSG)
  • the Telecommunications Act (TKG) where applicable

This Privacy Policy explains what data we collect, why we process it, and what rights you have.

3. Categories of Data We Process

3.1 Account Data (registered users)

When you create an account:

  • email address
  • username / display name
  • profile photo (only if provided)

3.2 Social Login

When using a social login provider, we receive the data required for authentication (e.g. email address, name, profile photo) from the respective provider.

The respective social login provider processes your data under its own responsibility. Further information can be found in the privacy policy of the respective provider.

3.3 Anonymous Quest Progress

You may use Gooodie to play quests without creating an account.
In this case we store:

  • a technical identifier
  • quest progress and submissions

The processing is based on Art. 6(1)(b) GDPR, as it is necessary to provide the quest functionality.

3.4 User Generated Content

When participating in quests:

  • photos
  • videos
  • text submissions

Additionally screenshots of all submissions are taken to be able to visualize the quest progress (Art. 6(1)(b) GDPR).

These are stored and shared with:

  • the quest owner
  • other players of the same quest

3.5 Technical Data

For security and stability:

  • device and app information
  • log data
  • error reports via Sentry

4. Purpose and Legal Basis of Processing

We process your data for the following purposes:

Purpose / Legal Basis (Art. 6 GDPR)

Account creation & login / Contract performance

Quest participation & submissions / Contract performance

Storage of quest progress (screenshots)/ Contract performance

App security & stability / Legitimate interest

Abuse prevention / Legitimate interest

Compliance with legal obligations / Legal obligation

5. Hosting & Data Location

Our backend (PocketBase) is self-hosted on servers located in the European Union (Hetzner).

Your data is therefore processed within the EU.

6. Processors

We use the following processor:

Sentry
Purpose: error tracking and technical stability
Data processed: technical and device-related information

The data storage is in the EU and a data processing agreement in accordance with Art. 28 GDPR is in place.

7. Data Retention

We store personal data only as long as necessary for:

  • providing the service
  • fulfilling contractual obligations
  • complying with legal requirements

User-generated content remains stored until:

  • you delete it
  • the quest is deleted
  • your account is deleted
  • you ask for removal
  • we remove it due to policy violations

After the occuence of one of these events, the content is deleted within a reasonable period as part of our regular deletion processes.

Files such as images and videos that are no longer associated with an account or an active quest are completely deleted on a regular basis.

8. Data Security

We implement appropriate technical and organisational security measures to protect your data.

However, please note:

Content uploaded within quests may become accessible to other players if they obtain access to a quest code or attempt to analyse technical interfaces. While we take all reasonable steps to prevent this, absolute security cannot be guaranteed.

9. Your Rights under GDPR

You have the right to:

  • access your data
  • rectification
  • erasure (“right to be forgotten”)
  • restriction of processing
  • data portability
  • objection to processing
  • lodge a complaint with a supervisory authority

Requests can be sent to: hello@wildcard.at

10. Reporting Illegal or Inappropriate Content

If you encounter content that is:

  • explicit
  • pornographic
  • violent
  • otherwise unlawful

please contact us immediately at:

hello@wildcard.at

We will review and remove such content where required.

11. Children

Gooodie is not intended for persons under the age of 14 (or the applicable national minimum age).
We do not knowingly collect data from children.

12. Changes to this Policy

We may update this Privacy Policy from time to time.
The current version is always available in the app.