Privacy Policy
Version 1.1 — Updated March 10, 2026
1. Introduction and Data Controller Identity
This Privacy Policy describes how Visse Jimmy, publisher of the LudoGuide application (hereinafter "the Application"), collects, uses, stores and protects the personal data of its users (hereinafter "the User"), in compliance with the EU General Data Protection Regulation (GDPR) 2016/679 and applicable data protection laws.
Data Controller:
| Name | Visse Jimmy |
| Legal status | Sole trader (Auto-entrepreneur) |
| SIRET | 100 050 749 00017 |
| Address | 3 rue du Jeu d'Arc, 60150 Mélicocq, France |
| contact@ludoguide.fr | |
| Website | https://www.ludoguide.fr |
By using the Application, the User acknowledges having read this Privacy Policy and accepts its terms.
2. Data Collected
2.1 Data collected and stored on our servers
The following data is collected and stored within the Application's systems (Firebase Firestore):
| Data | When collected | Required |
|---|---|---|
| Email address | At account creation | Yes |
| Authentication provider (Google, Apple or email/password) | At first login | Yes |
| Account creation date and time | Automatically at registration | Yes |
| Game library (list of owned games) | When the User adds games | No |
| Wishlist (desired games) | When the User adds games | No |
| Lending information (borrower's name, loan status) | When tracking a loan | No |
| Subscription status and subscribed product identifier | Synced from RevenueCat upon login | No |
| Anonymous Firebase identifier | Automatically before any login | Yes |
2.2 Data processed by our technical service providers
| Data | Service provider | Purpose |
|---|---|---|
| IP address, session data, error traces | Sentry (Functional Software, Inc.) | Error detection and technical monitoring |
| Purchase history and subscription status | RevenueCat, Inc. | In-app subscription management |
| Game name search queries | Algolia SAS | Game search engine |
| OAuth authentication data | Google LLC / Apple Inc. | Sign-in via Google or Apple account |
| Usage events (features activated, screens visited), app version, OS, pseudonymous analytics identifier | PostHog, Inc. | Measuring feature usage and improving the Application |
2.3 Data stored only on the User's device
The following data is stored exclusively locally on the User's device, within the Application's local memory, and is never transmitted to the Publisher or any third party:
- Display preferences (light/dark theme);
- Chosen language (French/English);
- Previously used search criteria;
- Daily search counter.
2.4 Data not collected
The Application does not collect the following data:
- Geographic location data (GPS or network-based);
- Advertising identifiers (IDFA on iOS, GAID on Android);
- Photos or images of the User (the camera is used solely for barcode scanning; images are neither saved nor transmitted);
- Biometric data;
- Communication content (the Application has no messaging features between users).
3. Purposes and Legal Bases for Processing
| Purpose | Data concerned | Legal basis (GDPR) |
|---|---|---|
| User account creation and management | Email, authentication provider, creation date | Art. 6(1)(b) — Performance of contract |
| Providing Application features (library, wishlist, lending) | Library, wishlist, lending data | Art. 6(1)(b) — Performance of contract |
| Subscription and premium access management | Subscription status, RevenueCat product ID | Art. 6(1)(b) — Performance of contract |
| Technical error monitoring and Application stability | IP address, session data (Sentry) | Art. 6(1)(f) — Legitimate interest |
| Game search by name | Search queries (Algolia) | Art. 6(1)(b) — Performance of contract |
| Sign-in via Google or Apple | OAuth data (email, third-party ID) | Art. 6(1)(b) — Performance of contract |
| Security and abuse prevention | Anonymous Firebase identifier | Art. 6(1)(f) — Legitimate interest |
| Measuring feature usage and improving the Application | Usage events, app version, OS, pseudonymous analytics identifier (PostHog) | Art. 6(1)(f) — Legitimate interest |
4. Data Recipients
Personal data is shared only with the following categories of recipients, strictly to the extent necessary for the performance of their services:
| Recipient | Processing location | Role | Privacy policy |
|---|---|---|---|
| Google LLC (Firebase Auth, Firestore) | United States / EU | Data processor | https://policies.google.com/privacy |
| Google LLC (Google Sign-In) | United States | Data processor | https://policies.google.com/privacy |
| Apple Inc. (Apple Sign-In) | United States | Data processor | https://www.apple.com/legal/privacy |
| RevenueCat, Inc. | United States | Data processor | https://www.revenuecat.com/privacy |
| Algolia SAS | France / International | Data processor | https://www.algolia.com/policies/privacy |
| Functional Software, Inc. (Sentry) | United States | Data processor | https://sentry.io/privacy |
| PostHog, Inc. | United States | Data processor | https://posthog.com/privacy |
No personal data is sold to third parties. No data is shared for advertising purposes.
5. International Data Transfers
Several service providers listed in Section 4 are based outside the European Union, particularly in the United States. These transfers are governed by appropriate safeguards in accordance with Chapter V of the GDPR, including:
- Standard Contractual Clauses (SCCs) adopted by the European Commission;
- The EU-US Data Privacy Framework (DPF), where the provider is certified.
Users may obtain information on the specific safeguards applicable by contacting the Publisher at contact@ludoguide.fr.
6. Data Retention
| Data category | Retention period |
|---|---|
| Account data (email, library, wishlist, lending) | Duration of account activity. Immediate and permanent deletion upon account deletion request. |
| Monitoring data — Sentry (IP address, error sessions) | 90 days (Sentry's default retention policy) |
| Subscription data — RevenueCat | Per RevenueCat's retention policy |
| OAuth authentication data | Duration of account activity |
| Search queries — Algolia | Per Algolia's retention policy |
| Analytics data — PostHog (usage events, pseudonymous identifier) | 1 year (PostHog's default retention policy) |
Upon account deletion, the Publisher immediately deletes all data stored in Firebase. Data held by third-party providers (Sentry, RevenueCat, Algolia, PostHog) is subject to their own respective retention policies.
7. User Rights
Under the GDPR, Users have the following rights regarding their personal data:
| Right | Description | How to exercise |
|---|---|---|
| Right of access (Art. 15) | Obtain confirmation of processing and a copy of personal data | Email to contact@ludoguide.fr |
| Right to rectification (Art. 16) | Have inaccurate or incomplete data corrected | Email to contact@ludoguide.fr or from the Application settings |
| Right to erasure (Art. 17) | Obtain deletion of personal data | From the Application or email to contact@ludoguide.fr |
| Right to restriction (Art. 18) | Obtain restriction of processing in certain cases | Email to contact@ludoguide.fr |
| Right to data portability (Art. 20) | Receive data in a structured, machine-readable format | Email to contact@ludoguide.fr |
| Right to object (Art. 21) | Object to processing based on legitimate interest | Email to contact@ludoguide.fr |
| Right to withdraw consent | Withdraw consent where processing is consent-based | Email to contact@ludoguide.fr |
Response time: The Publisher commits to responding to any request within one (1) month of receipt. This period may be extended by two additional months for complex requests, with the User being informed accordingly.
EU Users — Right to lodge a complaint: Users residing in the European Union may lodge a complaint with their local data protection authority. For France: CNIL — https://www.cnil.fr/fr/plaintes
UK Users: May contact the Information Commissioner's Office (ICO) at https://ico.org.uk.
California Users (CCPA): California residents may have additional rights under the California Consumer Privacy Act (CCPA), including the right to know, the right to delete, and the right to opt out of the sale of personal information. As the Publisher does not sell personal data, the right to opt-out does not apply. For CCPA-related requests, contact contact@ludoguide.fr.
8. Data Security
The Publisher implements appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction or disclosure, including:
- Encryption of communications between the Application and servers (HTTPS/TLS);
- Secure authentication for access to Firebase services;
- Local storage of non-transmitted sensitive data using encrypted mechanisms (MMKV);
- Error and anomaly monitoring via Sentry.
However, no security system is infallible. In the event of a personal data breach likely to result in a high risk to Users' rights and freedoms, affected Users will be notified without undue delay, in accordance with Article 34 of the GDPR.
9. Push Notifications
The Application does not currently collect or process push notification tokens. A notification feature is planned for a future version. Should this feature be implemented, this Privacy Policy will be updated accordingly, and Users will be asked for their explicit consent before notifications are activated.
10. Cookies, Trackers and Analytics
The LudoGuide mobile Application does not place any cookies on the User's device.
The website https://www.ludoguide.fr does not place any tracking or analytics cookies. Only technically necessary mechanisms for the website's operation may be used.
The Application integrates the PostHog SDK (PostHog, Inc.) for product analytics purposes. This SDK collects usage events (screens visited, features activated), the Application version, the operating system, and a pseudonymous analytics identifier. These data points are not cookies and do not directly identify the User. They are transmitted to PostHog's servers over a secure HTTPS connection and retained for 1 year.
Users may object to this collection by exercising their right to object (Art. 21 GDPR) by emailing contact@ludoguide.fr.
11. Children's Privacy
The Application is not directed to children under the age of thirteen (13). The Publisher does not knowingly collect personal data from children under 13 without verifiable parental or guardian consent, in compliance with applicable legislation (including COPPA in the United States and the GDPR in the European Union).
If the Publisher becomes aware that personal data has been collected from a child under 13 without appropriate parental consent, such data will be deleted immediately.
Parents or legal guardians wishing to exercise rights relating to their child's data may contact the Publisher at contact@ludoguide.fr.
12. BoardGameGeek Data
Board game data displayed within the Application (titles, descriptions, artwork, game statistics) is sourced from the BoardGameGeek (BGG) database, used in accordance with the agreements concluded with that organisation. This data does not constitute personal data within the meaning of the GDPR.
13. Changes to this Privacy Policy
The Publisher reserves the right to amend this Privacy Policy at any time, in particular to comply with legislative, regulatory or technical developments.
The current version is that published at https://www.ludoguide.fr/privacy and accessible from the Application settings. The date of the last update appears at the top of this document.
In the event of a material change affecting Users' rights, notice will be provided through the Application.
14. Contact
For any questions, requests or complaints regarding this Privacy Policy or the processing of your personal data:
- Email: contact@ludoguide.fr
- Postal address: Visse Jimmy, 3 rue du Jeu d'Arc, 60150 Mélicocq, France
- Website: https://www.ludoguide.fr
Last updated: March 10, 2026