Peparo

Privacy Policy

Last updated: January 8, 2026

This Privacy Policy describes how Peparo ("we", "our", or "us") collects, uses, and protects your personal information when you use our service. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Data Controller

Daniel Hartung
Einzelunternehmen
Krelingen 59
29664 Walsrode
Germany

Email: daniel_hartung97@web.de

2. Information We Collect

2.1 Information You Provide

  • Account Information: When you create an account, we collect your email address, display name, and profile information.
  • Adventure Content: All content you create, including adventures, characters, locations, items, and other game-related content.
  • Payment Information: If you make purchases, we collect payment information through our payment processor (Stripe). We do not store full payment card details on our servers.

2.2 Automatically Collected Information

  • Usage Data: Information about how you use our service, including pages visited, features used, and time spent.
  • Device Information: Browser type, device type, operating system, and IP address.
  • Cookies and Tracking: We use cookies and similar technologies to maintain your session and improve our service.

3. How We Use Your Information

  • To provide, maintain, and improve our service
  • To process transactions and manage your account
  • To communicate with you about your account and our service
  • To analyze usage patterns and improve user experience
  • To detect, prevent, and address technical issues
  • To comply with legal obligations

4. Data Storage and Processing

Your data is stored and processed using Firebase (Google Cloud Platform), which provides secure cloud infrastructure. Data is stored in data centers that comply with GDPR requirements.

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

5. Third-Party Services

We use the following third-party services that may process your data:

  • Firebase (Google): Authentication, database, and hosting services. Google's Privacy Policy applies: https://policies.google.com/privacy
  • Stripe: Payment processing. Stripe's Privacy Policy applies: https://stripe.com/privacy
  • Analytics Services: We may use analytics services to understand how our service is used. These services may use cookies and similar technologies.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

  • Maintain your login session
  • Remember your preferences
  • Analyze service usage
  • Improve service functionality

You can control cookies through your browser settings. However, disabling cookies may limit your ability to use certain features of our service.

7. Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right of Access: You can request information about the personal data we hold about you.
  • Right to Rectification: You can request correction of inaccurate or incomplete data.
  • Right to Erasure: You can request deletion of your personal data under certain circumstances.
  • Right to Restrict Processing: You can request limitation of processing your personal data.
  • Right to Data Portability: You can request transfer of your data to another service.
  • Right to Object: You can object to processing of your personal data.
  • Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time.

To exercise these rights, please contact us at daniel_hartung97@web.de

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

When you delete your account, we will delete or anonymize your personal data, except where we are required to retain it for legal or legitimate business purposes.

9. Children's Privacy

Our service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

10. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure that such transfers comply with GDPR requirements through appropriate safeguards, such as Standard Contractual Clauses or adequacy decisions.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

Email: daniel_hartung97@web.de

Address:
Daniel Hartung
Krelingen 59
29664 Walsrode
Germany

13. Supervisory Authority

If you believe that our processing of your personal data violates data protection laws, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged violation.

The competent supervisory authority in Germany is:

Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
Graurheindorfer Str. 153
53117 Bonn
Germany
https://www.bfdi.bund.de