Privacy Policy
How we protect your data and respect your privacy
Last Updated: December 7, 2025 | Effective Date: December 4, 2025
1. Introduction
Welcome to PokeParty ("we," "our," "us," or the "Company"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application PokeParty (the "App"), available on Apple App Store and Google Play Store, and our website pokeparty.app (the "Website"), collectively referred to as our "Services".
Please read this Privacy Policy carefully. By downloading, accessing, or using the App or by visiting and using the Website, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, do not use the App or Website.
Contact Information:
- Support Email: [email protected]
- Developer: PokeParty
2. Who We Are
PokeParty is a mobile application and website that helps Pokemon GO players coordinate raids, connect with other trainers, and build a community. The mobile app provides full account features, while the website offers a read-only friend codes directory and informational landing page. We act as the Data Controller for the personal information we collect through the App.
3. Information We Collect
We collect information in the following categories:
3.1 Platform Overview
Mobile Application:
- Requires user account (email-based authentication)
- Collects profile information, usage data, and device information
- Uses analytics and error tracking services
Website:
- NO user accounts or authentication
- NO data collection or storage
- Displays public information from the mobile app database
- Uses Google Fonts (third-party service)
3.2 Mobile App: Information You Provide Directly
| Data Type | Examples | Purpose | Required? |
|---|---|---|---|
| Account Credentials | Email address | Authentication, account recovery | Yes |
| Trainer Profile | Trainer name, level (1-50), team, friend code | Display to other users, matchmaking | Yes |
| Profile Photo | Image you upload | Personalization | No |
| Social Connections | Friend list, friend requests | Social features | No |
| User Content | Raid room names, comments | Core functionality | Varies |
3.3 Mobile App: Information Collected Automatically
| Data Type | Examples | Purpose | Legal Basis |
|---|---|---|---|
| Device Information | Device model, OS version, unique device ID | App functionality, debugging | Legitimate Interest |
| Usage Data | Screens viewed, buttons tapped, session duration | Analytics, improvements | Consent / Legitimate Interest |
| Crash Data | Error messages, stack traces | Bug fixing | Legitimate Interest |
| Push Token | Expo push notification token | Send notifications | Consent |
3.4 Website: Information We Collect
The website (pokeparty.app) does NOT collect, store, or process personal information. The website:
| Activity | Data Handled | Our Role | Storage |
|---|---|---|---|
| Display Friend Codes | Shows public trainer data | Read-only display from app database | No website storage |
| Google Fonts | Google may log IP addresses | Third-party service | Google servers only |
| Copy to Clipboard | Temporary clipboard access | User-initiated, browser feature | Clipboard only (temporary) |
| Page Visits | NO logging, NO analytics | None | None |
Important: The friend codes and trainer information displayed on the website are voluntarily shared by mobile app users who choose to make their friend codes public.
3.5 Information We Do NOT Collect
Mobile App:
- Precise Location: No GPS access
- Contacts: No phone contacts access
- Photos/Media: Only photos you upload
- Health Data: None
- Financial Data: No payment info
- Biometric Data: None
Website:
We do not collect ANY personal information, cookies, or tracking data.
4. Third-Party Services and SDKs
We use the following third-party services that may collect data:
4.1 Analytics
| Service | Data Collected | Purpose | Privacy Policy |
|---|---|---|---|
| Firebase Analytics (Google) | Device info, usage events, general location | Understand user behavior, improve app | Google Privacy Policy |
Firebase Analytics Configuration:
- IP anonymization is enabled
- No personally identifiable information (PII) is sent
- Data is aggregated and anonymized
- Retention: 14 months (default)
4.2 Error Tracking
| Service | Data Collected | Purpose | Privacy Policy |
|---|---|---|---|
| Sentry | Crash logs, device info, error context | Bug fixing, stability | Sentry Privacy Policy |
4.3 Push Notifications
| Service | Data Collected | Purpose | Privacy Policy |
|---|---|---|---|
| Expo Push Notifications | Push token, notification content | Deliver raid alerts | Expo Privacy Policy |
4.4 Infrastructure
| Service | Data Processed | Purpose | Privacy Policy |
|---|---|---|---|
| Fly.io | API requests, data in transit | Backend hosting | Fly.io Privacy Policy |
| Neon (PostgreSQL) | All user data (encrypted) | Database storage | Neon Privacy Policy |
| Upstash (Redis) | Session data, job queue | Real-time features | Upstash Privacy Policy |
4.5 Website Third-Party Services
| Service | Data Collected | Purpose | Privacy Policy |
|---|---|---|---|
| Google Fonts | IP address (logged by Google) | Load web fonts for typography | Google Privacy Policy |
Google Fonts Configuration:
- Fonts are loaded from Google's servers
- Google may log IP addresses and browser information
- No cookies are set by Google Fonts
5. How We Use Your Information
Mobile App:
We use your information for the purposes listed below.
Website:
We do not collect or use any information. The website only displays public information already collected through the mobile app.
Mobile App Data Usage:
| Purpose | Legal Basis (GDPR) | Examples |
|---|---|---|
| Provide Services | Contract | Create account, join raids, send notifications |
| Maintain Account | Contract | Authenticate you, manage profile |
| Social Features | Contract | Friend system, display profiles to others |
| Improve App | Legitimate Interest | Analyze usage, fix bugs, add features |
| Ensure Safety | Legitimate Interest | Prevent abuse, enforce terms |
| Send Notifications | Consent | Raid alerts, friend requests |
| Legal Compliance | Legal Obligation | Respond to legal requests |
6. How We Share Your Information
6.1 With Other Users
The following information is visible to other PokeParty users:
Note about Website Display: The following information may be visible on our public website (pokeparty.app/friend-codes) to anyone who visits, if you choose to make your friend code public in the mobile app.
- Trainer name
- Trainer level
- Team (Mystic/Valor/Instinct)
- Friend code (if you share it)
- Profile photo (if uploaded)
- Raid room participation
- Total raids completed
6.2 With Service Providers
We share data with the third-party services listed in Section 4, solely for the purposes described.
6.3 For Legal Reasons
We may disclose your information if required to:
- Comply with a legal obligation, court order, or government request
- Protect our rights, property, or safety
- Prevent fraud or illegal activity
- Protect the safety of users or the public
6.4 Business Transfers
If PokeParty is involved in a merger, acquisition, or asset sale, your information may be transferred. We will notify you before your data is transferred and subject to a different privacy policy.
6.5 We Do NOT Sell Your Data
We do not sell, rent, or trade your personal information to third parties for their marketing purposes.
7. Data Retention
We retain your data for as long as necessary to provide our services:
| Data Type | Retention Period | Reason |
|---|---|---|
| Account data | Until account deletion | Provide services |
| Trainer profile | Until account deletion | Provide services |
| Raid history | 90 days after completion | Historical reference |
| Analytics (Firebase) | 14 months | Aggregated insights |
| Error logs (Sentry) | 90 days | Debugging |
| Push tokens | Until logout/uninstall | Notifications |
After Account Deletion:
- Most data is deleted within 30 days
- Some data may be retained in anonymized form for analytics
- Backups are deleted within 90 days
- We may retain data as required by law
8. Data Security
We implement industry-standard security measures:
- Encryption in Transit: All data is transmitted over TLS/SSL (HTTPS)
- Encryption at Rest: Database is encrypted using AES-256
- Secure Authentication: Passwordless OTP system (no passwords stored)
- Access Controls: Strict role-based access to production systems
- Secure Hosting: Reputable cloud providers (Fly.io, Neon, Upstash)
- Regular Updates: Dependencies and systems kept up-to-date
Important: No system is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. You are responsible for keeping your email account secure.
9. Your Rights
9.1 Rights for All Users
For Website Visitors:
If you only visit our website without using the mobile app, we do not collect any personal information about you. Google Fonts (a third-party service) may collect your IP address - refer to Google's Privacy Policy for your rights regarding that data.
If your friend code appears on the website, you can remove it by opening the PokeParty mobile app and toggling off "Public Friend Code" in Settings > Privacy or by deleting your account.
For Mobile App Users:
Regardless of your location, you can:
| Right | How to Exercise |
|---|---|
| Access | View your data in the app or request a copy |
| Correction | Edit your profile in the app |
| Deletion | Delete your account in app settings or email us |
| Opt-out of Analytics | Disable in app settings |
| Manage Notifications | Control in app settings or device settings |
9.2 European Economic Area (EEA) - GDPR Rights
If you are in the EEA, UK, or Switzerland, you have additional rights under GDPR:
| Right | Description |
|---|---|
| Right of Access | Obtain a copy of your personal data |
| Right to Rectification | Correct inaccurate data |
| Right to Erasure | Request deletion ("right to be forgotten") |
| Right to Restrict Processing | Limit how we use your data |
| Right to Data Portability | Receive data in machine-readable format |
| Right to Object | Object to processing based on legitimate interest |
| Right to Withdraw Consent | Withdraw consent at any time |
| Right to Lodge a Complaint | Complain to your local Data Protection Authority |
9.3 California Residents - CCPA/CPRA Rights
If you are a California resident, you have rights under CCPA/CPRA:
| Right | Description |
|---|---|
| Right to Know | What data we collect, use, share |
| Right to Delete | Request deletion of your data |
| Right to Correct | Correct inaccurate data |
| Right to Opt-Out of Sale | We do NOT sell your data |
| Right to Limit Use of Sensitive Data | We collect minimal sensitive data |
| Right to Non-Discrimination | Equal service regardless of privacy choices |
To submit a verifiable consumer request, email [email protected] with subject "CCPA Request."
9.4 Brazil - LGPD Rights
If you are in Brazil, you have rights under LGPD including access, correction, deletion, portability, and information about sharing.
9.5 Other Jurisdictions
We aim to comply with privacy laws worldwide. Contact us at [email protected] with any requests.
10. Children's Privacy
PokeParty is not intended for children under 13 years of age (or 16 in some EU countries).
We do not knowingly collect personal information from children under 13. We require users to confirm they are 13 or older during registration.
If you are a parent or guardian and believe your child has provided us with personal information:
- Contact us immediately at [email protected]
- We will delete the information within 30 days
- No verification is required for deletion requests involving minors
COPPA Compliance (USA): We comply with the Children's Online Privacy Protection Act by not collecting data from children under 13.
Website: The website does not collect any information from visitors of any age.
11. International Data Transfers
Your data may be processed in countries outside your own, including:
- United States (primary processing)
- European Union (some infrastructure)
For EEA/UK Users:
We ensure appropriate safeguards for international transfers:
- Standard Contractual Clauses (SCCs)
- Adequacy decisions where applicable
- Third-party certifications
Website Data Processing:
- The website is hosted in the European Union (Fly.io, Frankfurt)
- Google Fonts may process data in the United States and other countries
- The website displays data stored in our mobile app infrastructure
12. Do Not Track Signals
Mobile App:
Our App does not respond to "Do Not Track" signals because there is no industry standard for mobile apps. However, you can opt-out of analytics in app settings.
Website:
Our website does not use any tracking or analytics services. The only third-party service (Google Fonts) may collect data - we do not control their response to Do Not Track signals.
13. Platform-Specific Privacy Disclosures
13.1 Apple App Store - Privacy Nutrition Labels
Data Used to Track You: None (we do not track users across other apps/websites)
Data Linked to You:
- Contact Info: Email address
- Identifiers: Device ID
- User Content: Trainer profile, photos
Data Not Linked to You:
- Usage Data (anonymized analytics)
- Diagnostics (crash logs)
13.2 Google Play - Data Safety
| Data Type | Collected | Shared | Purpose |
|---|---|---|---|
| Yes | No | Account management | |
| User IDs | Yes | No | Account management |
| Photos | Optional | Yes (to users) | Profile customization |
| App interactions | Yes | No | Analytics |
| Crash logs | Yes | No | App stability |
| Device info | Yes | No | App functionality |
Security Practices:
- Data encrypted in transit: Yes
- Data can be deleted: Yes (account deletion)
13.3 Website Privacy Disclosures
- Data Collection: None (the website does not collect data)
- Third-Party Services: Google Fonts (may collect IP addresses)
- Cookies: None
- Analytics: None
- User Accounts: None (read-only public directory)
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make changes:
- We will update the "Last Updated" date at the top
- For significant changes, we will:
- Post an in-app notification
- Send a push notification (if enabled)
- Require re-acceptance for material changes
Your continued use of the App after changes indicates acceptance. If you disagree with changes, stop using the App and delete your account.
15. Contact Us
For any questions, concerns, or requests regarding this Privacy Policy:
16. Quick Reference Summary
| Topic | Mobile App | Website |
|---|---|---|
| What we collect | Email, trainer profile, usage data, crash logs | Nothing (Google Fonts may collect IP) |
| What we DON'T collect | Precise location, contacts, photos (except uploads), payment info | Same |
| Why we collect it | Provide service, improve app, send notifications | N/A (no collection) |
| Who we share with | Other users (limited), service providers | Public display only |
| Do we sell data? | NO | NO |
| Do we track across apps? | NO | NO |
| Cookies/Tracking | NO (mobile analytics only) | NO |
| How to delete data | Delete account in app or email us | Not applicable (no data collected) |
| Minimum age | 13 years old | Any age (no data collected) |
| Data encryption | Yes (transit and at rest) | N/A (no personal data) |
17. Legal Disclosures
Disclaimer: PokeParty is not affiliated with, endorsed by, sponsored by, or in any way officially connected with Niantic, Inc., The Pokémon Company, Nintendo, or any of their subsidiaries or affiliates. Pokémon GO and related marks are trademarks of their respective owners.
Website Hosting: Our website is hosted by Fly.io in Frankfurt, Germany. The website does not collect or store user data.
Governing Law: This Privacy Policy is governed by applicable laws, without regard to conflict of law principles.
Last Updated: December 7, 2025
If you have any questions about this Privacy Policy, please contact us at [email protected]