Privacy Policy

The data controller responsible for the processing of your personal data in connection with Mercy is: Daniel Sogl Email: me@danielsogl.de As we are a small-scale operation (Freiberufler), we are not required to appoint a Data Protection Officer. However, you can contact us directly at the email address above for any data protection inquiries.

We collect and process the following categories of data: Locally Stored Data (on your device): - BattleTag (your Overwatch username, if entered) - Searched and followed players - Cached hero and map information - Cached player statistics - App settings (theme, language preferences) Technical Data: - Device platform (iOS) - App version - Network connectivity status Analytics & Crash Data: - App usage events (screen views, feature interactions) - Crash reports and error logs - Performance metrics (app startup time, network latency) - Device information (iOS version, device model) Advertising Data (with your consent): - Advertising identifier (IDFA) if you grant tracking permission via iOS App Tracking Transparency - Ad interaction data (impressions, clicks) - Device information for ad delivery We do NOT collect: - Email addresses or passwords (no account registration required) - Location data - Contact lists - Health data - Browsing history outside the App

We process your data based on the following legal grounds under GDPR Article 6 and German TTDSG: Contract Performance (Art. 6(1)(b) GDPR): - Providing app functionality (player tracking, statistics display) - Local data storage for app functionality Consent (Art. 6(1)(a) GDPR, § 25 TTDSG): - Advertising identifier access (IDFA via App Tracking Transparency) - Personalized advertising Legitimate Interests (Art. 6(1)(f) GDPR): - Improving our services - Technical security measures - Displaying non-personalized advertisements Note on TTDSG § 25: Under German law, accessing or storing information on your device (such as advertising identifiers) requires your prior consent, unless strictly necessary for providing the service you requested. We obtain this consent through Apple's App Tracking Transparency framework before accessing your advertising identifier.

We use your data for the following purposes: Service Provision: - Displaying Overwatch 2 player statistics - Tracking your favorite players - Providing hero and map information - Storing your app preferences Service Improvement: - Understanding how users interact with the app - Identifying and fixing technical issues Advertising: - Displaying advertisements to support the free app

All your data is stored locally on your device and follows these retention periods: App Data: - Retained while the app is installed - Deleted immediately upon app uninstallation Cached Data: - Automatically refreshed based on API cache policies - Can be manually cleared via "Clear Cache" in Settings We do NOT transfer or store any of your personal data on our servers.

We use the following third-party service providers who may process your data: OverFast API (Game Data) - Provider: OverFast API (https://overfast-api.tekrop.fr/) - Purpose: Providing Overwatch 2 player statistics, hero information, and game data - Data processed: BattleTags you search for in the app - Note: BattleTags are publicly available player identifiers - Rate limits: 30 requests per second per IP Firebase (Analytics, Performance, Crashlytics) - Provider: Google Ireland Limited (for EEA users) - Purpose: App analytics, performance monitoring, crash reporting - Data processed: Usage events, crash logs, performance traces, device info - Note: Analytics data is collected by default; can be disabled in iOS Settings - Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) for service improvement - Privacy Policy: https://firebase.google.com/support/privacy - DPA: https://firebase.google.com/terms/data-processing-terms Google AdMob (Advertising) - Provider: Google Ireland Limited (for EEA users) - Purpose: Display advertisements - Data processed: Advertising ID (IDFA, only with your consent), device information, ad interaction data - Legal basis: Consent for personalized ads (TTDSG § 25, GDPR Art. 6(1)(a)); Legitimate interest for non-personalized ads - Note: You can control ad personalization via iOS Settings > Privacy & Security > Tracking - Privacy Policy: https://policies.google.com/privacy - How Google uses data: https://policies.google.com/technologies/partner-sites

Some of our service providers are located outside the European Economic Area (EEA): Google AdMob: - Data transfers to the US are made under the EU-US Data Privacy Framework - Google Ireland Limited acts as data processor for EEA users OverFast API: - API requests may reach servers outside the EEA - Only publicly available player data (BattleTags) is transmitted

Under the General Data Protection Regulation (GDPR), you have the following rights: Right of Access (Art. 15): Since all data is stored locally on your device, you have direct access to your data through the app. Right to Rectification (Art. 16): You can edit your BattleTag and followed players directly in the app. Right to Erasure (Art. 17): You can delete all your data by: - Using "Clear Cache" in Settings - Uninstalling the app Right to Restriction (Art. 18): You can restrict data processing by not using specific features. Right to Data Portability (Art. 20): Your locally stored data is on your device and can be transferred via iOS backup features. Right to Object (Art. 21): You can object to processing by uninstalling the app or not using specific features. Right to Withdraw Consent (Art. 7): You can withdraw tracking consent at any time via iOS Settings > Privacy & Security > Tracking. For questions, contact us at: me@danielsogl.de

If you believe that the processing of your personal data violates data protection law, you have the right to lodge a complaint with a supervisory authority. For Germany, the relevant authority depends on your state (Bundesland). The lead authority is: Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI) Graurheindorfer Str. 153 53117 Bonn Germany Email: poststelle@bfdi.bund.de Website: https://www.bfdi.bund.de You also have the right to lodge a complaint with the supervisory authority in your EU member state of residence.

We implement appropriate technical measures to protect your data: Technical Measures: - All data is stored locally on your device - API requests are made over encrypted HTTPS connections - No server-side storage of personal data - App data is protected by iOS security features Third-Party Security: - Google AdMob follows Google's comprehensive security standards - OverFast API uses HTTPS for all communications

We display advertisements in the app. This section explains how advertising works in our app. Types of Advertisements: - Banner advertisements displayed on certain screens - Served through Google AdMob Personalized vs. Non-Personalized Ads: - If you grant tracking permission via iOS App Tracking Transparency, you may receive personalized ads based on your interests - If you decline tracking, you will receive non-personalized (contextual) ads - Non-personalized ads are based on general factors like app content, not your personal data Your Advertising Choices: - You can change your tracking preference at any time in iOS Settings > Privacy & Security > Tracking Data Shared with Advertisers: With tracking consent: - Advertising identifier (IDFA) - Device information (model, OS version) - Ad interaction data (impressions, clicks) Without tracking consent: - General device information only - No advertising identifier is shared For more information about how Google uses your data, visit: https://policies.google.com/technologies/partner-sites

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. How we notify you: - Significant changes will be announced via app update - The "Last Updated" date will be revised - Continued use after changes constitutes acceptance We recommend reviewing this policy periodically.

For any questions about this Privacy Policy or our data practices, please contact us: Daniel Sogl Email: me@danielsogl.de We aim to respond to all inquiries within 5 business days. For GDPR-related requests, we will respond within the legally required timeframe of one month. This Privacy Policy is governed by German law and the General Data Protection Regulation (GDPR).