Privacy Policy
SlovenščinaLast updated: 1 March 2026
1. Data Controller
The data controller for CityMove is Zdravstveni dom Ljubljana (Community Health Centre Ljubljana).
- Address: Metelkova ulica 9, 1000 Ljubljana, Slovenia
- Email: citymove.eu@proton.me
2. About CityMove
CityMove is a gamified walking and exploration app developed as part of the EU-funded CityMove project, supported by Zdravstveni dom Ljubljana. The app encourages young people (aged 16 and above) to explore their city on foot by completing location-based challenges, earning virtual rewards, and tracking physical activity.
3. What Data We Collect
CityMove is designed with privacy in mind — we do not collect your real name, email address, phone number, or any government-issued identifiers. All data is pseudonymous, meaning it is linked to your randomly generated player ID and chosen nickname, not to your real-world identity.
3.1 Account Data
- Nickname (chosen by you, not your real name)
- Password (hashed with bcrypt — we never store or see your actual password)
- Recovery code (hashed with SHA-256 — we never store the plain-text code)
- Account creation date
3.2 Location & GPS Data
- Real-time GPS coordinates — used to display your position on the map and calculate distance during activity sessions. GPS coordinates are processed on your device and are not stored on our servers.
- Distance travelled (in kilometres) — calculated from GPS data during activity sessions and stored server-side per session.
- Location visits — when you scan a QR code at a physical location, we record which location you visited and the timestamp.
- Background location tracking is active only during an activity session, with updates every 5 seconds or 10 metres. This stops automatically when the session ends.
3.3 Health & Fitness Data
- Step count — read from your device's built-in pedometer (Apple Health / Google Fit) during activity sessions. We store the total step count per session and daily step totals.
- Step data is classified as health data under the GDPR (Article 9). We process it only with your explicit consent.
3.4 Activity & Game Data
- Activity sessions (start time, end time, duration, distance, steps)
- Challenge progress and completion status
- Quiz attempts and scores
- Virtual currency (coins) balance and transaction history
- Experience points (XP) and level
- Visit streaks (consecutive days visiting locations)
- Leaderboard participation preference
3.5 Avatar & Cosmetics
- Avatar configuration (equipped items: hat, hair, top, shoes, accessory)
- Owned cosmetic items and purchase history
3.6 Camera
- The camera is used solely to scan QR codes at physical locations to complete a check-in. No photos or videos are captured, stored, or transmitted.
3.7 Device & Technical Data
- We may collect basic device information (operating system, app version) for crash reporting and compatibility purposes. This is processed by our hosting and build infrastructure (Expo, Vercel).
3.8 Push Notifications
- If you enable push notifications, your device push token is stored to deliver notifications. You can disable this at any time in your device settings.
3.9 Research Questionnaire Data
- IPAQ-SF (International Physical Activity Questionnaire) — a standardised research questionnaire presented once after account creation to assess your baseline physical activity level. It collects self-reported data on the number of days and duration of vigorous, moderate, and walking activities in the past 7 days. From your answers we compute MET-minutes per week and a physical activity category (low, moderate, or high). Because this questionnaire concerns physical activity behaviour, the data is classified as health-related data under GDPR Article 9 and is processed only with your explicit consent.
- uMARS (user version of the Mobile Application Rating Scale) — a standardised app quality questionnaire that may be presented after specific events. It collects Likert-scale ratings (1–5) across engagement, functionality, aesthetics, information quality, and subjective quality categories, plus an optional free-text comment. From your answers we compute section averages and an overall quality score. This data does not contain health information and is processed under our legitimate interest in improving the App (Article 6(1)(f) GDPR).
- Both questionnaires are pseudonymous — your responses are linked to your player ID, not your real identity. Questionnaire data is used solely for scientific research within the EU-funded CityMove project and for improving the App. It is never sold or shared for commercial purposes.
- IPAQ-SF and uMARS are voluntary. You can use the App without completing IPAQ-SF. Research participation requires explicit in-app consent that is recorded with timestamp and consent version.
4. Legal Basis for Processing (Article 6 & 9 GDPR)
| Data | Legal Basis | GDPR Article |
|---|---|---|
| Account, game data, avatar, challenges | Performance of contract (the app service) | Art. 6(1)(b) |
| Location / GPS | Consent (granted via OS permission prompt) | Art. 6(1)(a) |
| Health / fitness data (steps) | Explicit consent (special category data) | Art. 9(2)(a) |
| IPAQ-SF questionnaire (physical activity) | Explicit consent (health-related research data) | Art. 9(2)(a) |
| uMARS questionnaire (app quality) | Legitimate interest (service improvement) | Art. 6(1)(f) |
| Device & technical data | Legitimate interest (security, stability) | Art. 6(1)(f) |
5. How We Use Your Data
- Display your position on the map and calculate distances during activities
- Track and record your walking activity sessions (steps, distance, duration)
- Award virtual rewards (coins, XP) for completing visits, quizzes, and challenges
- Power the leaderboard, challenge system, and visit streaks
- Operate the avatar customisation shop
- Conduct scientific research on physical activity behaviour (IPAQ-SF) and app usability (uMARS) as part of the EU-funded CityMove project
- Improve app performance and fix bugs
We do not sell, rent, or share your data for advertising purposes.
6. Third-Party Processors
We use the following third-party services to operate CityMove. Each processes data only as necessary to provide their service to us.
| Service | Purpose | Data Shared | Location |
|---|---|---|---|
| Supabase | Database, authentication | All account & game data | EU (Frankfurt) |
| Mapbox | Map tiles & rendering | Map viewport coordinates, device info | US |
| Google Maps | Location search & geocoding | Search queries, coordinates | US |
| Railway | Backend hosting | API requests, server logs | US |
| Vercel | Web app hosting, API routes | API requests, server logs | Global (edge) |
| Expo (EAS) | App builds, OTA updates | Device info, app version | US |
7. International Data Transfers
Your primary data is stored in the European Union (Supabase, Frankfurt region). Some third-party processors listed above are based in the United States. Data transfers to the US are protected under the EU-US Data Privacy Framework (DPF) and/or Standard Contractual Clauses (SCCs) as required by Chapter V of the GDPR.
8. Data Retention
We retain your data for as long as your account is active. If you request account deletion, all personal data associated with your account will be permanently deleted from our systems. Server logs and anonymised, aggregated statistics may be retained for operational purposes.
9. Age Requirement
CityMove is intended for users aged 16 and above, in accordance with Slovenian GDPR implementation (Article 8, Slovenian ZVOP-2). We do not knowingly collect data from individuals under 16 years of age. If we become aware that a user is under 16, their account and data will be deleted.
10. Your Rights (Articles 15–22 GDPR)
You have the following rights regarding your personal data:
- Right of access (Art. 15) — request a copy of the data we hold about you
- Right to rectification (Art. 16) — correct inaccurate data (e.g. change your nickname via the app)
- Right to erasure (Art. 17) — request deletion of your account and all associated data
- Right to restriction (Art. 18) — request that we limit processing of your data
- Right to data portability (Art. 20) — receive your data in a structured, machine-readable format
- Right to object (Art. 21) — object to processing based on legitimate interest
- Right to withdraw consent — you may withdraw consent for location and health data processing at any time by revoking permissions in your device settings. This does not affect the lawfulness of processing before withdrawal.
To exercise any of these rights, contact us at citymove.eu@proton.me. We will respond within 30 days.
Right to lodge a complaint: If you believe your rights have been violated, you have the right to lodge a complaint with the Slovenian supervisory authority:
- Informacijski pooblaščenec (Information Commissioner)
- Dunajska cesta 22, 1000 Ljubljana, Slovenia
- Phone: +386 1 230 97 30
- Email: gp.ip@ip-rs.si
- Website: www.ip-rs.si
11. Automated Decision-Making
CityMove does not use automated decision-making or profiling as defined by Article 22 of the GDPR. Game mechanics (XP, coins, challenges) are rule-based systems, not profiling.
12. Data Security
- Passwords are hashed using bcrypt (never stored in plain text)
- Recovery codes are hashed using SHA-256
- All data in transit is encrypted via TLS (HTTPS)
- Database access is protected by Row Level Security (RLS) policies
- No real names, email addresses, or phone numbers are collected
- GPS coordinates are processed on-device and not persisted server-side
13. Data Breach Notification
In the event of a personal data breach, we will notify the Slovenian supervisory authority (Informacijski pooblaščenec) within 72 hours of becoming aware of the breach, as required by Article 33 of the GDPR. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify affected users without undue delay (Article 34).
14. Changes to This Policy
We may update this privacy policy as the app evolves. Material changes will be announced via an in-app notification. The “last updated” date at the top of this page will always reflect the most recent revision.
15. Contact
For any privacy-related questions or to exercise your rights, contact us at:
- Email: citymove.eu@proton.me
- Data Controller: Zdravstveni dom Ljubljana
- Address: Metelkova ulica 9, 1000 Ljubljana, Slovenia