Privacy Policy

This privacy policy applies to the René's Hideout app (hereby referred to as "Application") for mobile devices and to the public website at reneshideout.com, both created by Frigus Solutions (hereby referred to as "Service Provider") as a Free service. This service is intended for use "AS IS".

Information collection and use

The Application collects the following information when you download and use it:

• Your email address (used as the unique identifier of your account)
• A username / alias you choose at sign-up
• An optional profile picture (avatar) you upload
• Your device's Internet Protocol address (e.g. IP address)
• Play Store / App Store subscription data & metrics
• Your device's precise location, including in the background, but only during an active session of a location-sensitive hunt — see "Location data" below
• Played-session history — which hunts you joined, started, completed or abandoned, and the timestamps associated
• Hunt-design content you author as a Hunter — hunt and clue text, descriptions, geographic coordinates, and any photos or files you upload as part of designing a hunt or clue

Note: the Application does not currently allow players to upload content. Only Hunters (users designing a hunt) can upload media, and that media is part of the hunt or clue design they publish.

The Service Provider may use the email address you provided to contact you from time to time to provide you with important information, required notices and marketing promotions.

Location data

Many hunts in René's Hideout rely on your real-world position to evaluate clue triggers (for example, to unlock a clue when you reach a specific spot). For these hunts only, the Application collects your device's precise location as follows:

• When it is collected. Location is sampled only during an active session of a location-sensitive hunt. Outside of an active session — and during sessions of hunts that do not depend on location — the Application does not collect location data.
• Foreground and background. While such a session is active, location is collected both while the Application is in the foreground and in the background — for example when your phone is in your pocket, when the screen is off, or when another app is in the foreground. Background collection is necessary so that clues can unlock without you having to keep the app on screen the whole time.
• What is sent to our servers. During an active location-sensitive session, your most recent location is transmitted to the Service Provider's backend so that the gameplay engine can evaluate clue triggers and compute relative distances between you and your team-mates, and between competing teams in multi-team hunts. Only the most recent point is retained server-side; no history of your location is stored.
• Sharing with other players. Your location is not shared with other players today. The Service Provider reserves the right to share team or player positions with other participants in a future version of the multi-team feature; if that change is made, this policy will be updated and you will be informed before the change takes effect for you.
• When it stops. Location collection stops automatically when the session ends, when you complete or abandon the session, or when you revoke the location permission via your device settings.

Location data is used exclusively to operate gameplay (clue triggering and team / opponent distance calculations). It is never used for advertising, never linked with third-party data sets, and never sold or shared with data brokers.

Third party access

The Application uses the following third-party services. Each is used only for the specific purpose listed below:

• Firebase Authentication (Google) — handles sign-in. Receives your email address and authentication identifiers when you sign in (with email/password, Google, Apple, or X). Used solely to authenticate you to the Application.
• Firebase Hosting (Google) — hosts the public website (reneshideout.com) and the web version of the Application. Receives standard web request information (IP, user agent) when you visit those pages.
• Supabase — provides our PostgreSQL database. Stores your account record, your created hunts and clues, your played-session history, your most-recent location while an active location-sensitive session is running, and your social relationships (followers, clan members). Supabase is used as a database only; no other Supabase product is used.
• Google Cloud Storage — stores media files (photos, attachments) that Hunters upload as part of designing their hunts and clues.
• Sign in with Apple, Google Sign-In, X (Twitter) — optional third-party identity providers. Only invoked when you choose to sign in with one of them.

Privacy policies of the services we use:

• Google (Firebase Authentication, Firebase Hosting, Cloud Storage, Sign-In, Play Services)
• Supabase
• Apple (Sign in with Apple, App Store)
• X.com

The Service Provider may disclose information:

• as required by law, such as to comply with a subpoena or similar legal process;
• when they believe in good faith that disclosure is necessary to protect their rights, protect your safety or the safety of others, investigate fraud, or respond to a government request;
• with the trusted services providers listed above, who process the information on our behalf and have no independent right to use it.

Data generated by using the Application is NOT sold or otherwise provided to any other external party for direct gains of the Service Provider.

Data retention

How long the Service Provider keeps each kind of data:

• Account data (email, alias, avatar, login identifiers) — kept for as long as your account exists. Deleted when you delete your account.
• Location data (during active location-sensitive sessions) — only the most recent location point is retained on the server while the session is active. No location history is kept. The point is overwritten on each new sample, and is no longer used once the session ends.
• Played-session history (the hunts you joined, started, completed or abandoned and their timestamps) — kept while your account exists. Deleted when you delete your account.
• Hunts and clues you have created as a Hunter — these are not automatically deleted when you delete your account, because other players may currently be playing them. If you wish to remove a hunt before deleting your account, you must archive it manually from the Application. Archived hunts (and the media files attached to them) are then permanently deleted within one month after your account is deleted. Hunts you do not archive remain published.
• Media files attached to hunts (photos, attachments uploaded by Hunters) — stored in Google Cloud Storage. Deleted together with their parent hunt when the hunt is permanently removed.

You can delete your account at any time from the Application: open your profile and use the account-deletion option in Settings. Account deletion is permanent.

Opt-out rights

You can stop the Application from collecting information about you at any time by:

• Revoking the location permission in your device settings — stops all location collection immediately. Hunts that depend on location will no longer be playable until permission is granted again.
• Signing out of the Application — pauses any active session and stops account-bound data collection.
• Deleting your account from your profile in the Application — see the "Data retention" section above for what is and isn't deleted.
• Uninstalling the Application via the standard uninstall process on your device or the application marketplace.

Your rights

Depending on where you live, you have the following rights with respect to your personal data:

• Access — obtain a copy of the personal data the Service Provider holds about you.
• Rectification — correct inaccurate personal data. Most fields (alias, avatar) can be edited directly in the Application.
• Erasure ("right to be forgotten") — ask for your personal data to be deleted. The in-app account-deletion flow described under "Data retention" satisfies this right; for any data not removed automatically (e.g. hunts you authored that other players are still using), contact us at info@frigus.be.
• Portability — receive your personal data in a structured, commonly used, machine-readable format.
• Objection / restriction of processing — object to, or ask for the restriction of, our processing of your personal data.
• Withdraw consent — for processing that is based on consent (in particular location collection during sessions), you may withdraw consent at any time by revoking the location permission via your device settings or by deleting your account.
• Lodge a complaint — EEA / UK residents have the right to lodge a complaint with their local data-protection authority.

Lawful bases for processing (EEA / UK). The Service Provider relies on:

• Performance of a contract — to provide the Application (account management, played-session storage, hunt and clue persistence).
• Consent — for location collection during active sessions. Consent is captured via the operating-system permission prompt and confirmed by an in-app disclosure dialog before any location request.
• Legitimate interest — to keep the Application secure and to investigate fraud or abuse.

Data Controller. Frigus Solutions, contactable at info@frigus.be.

International transfers. Personal data may be processed outside your country of residence, in particular in data centres operated by Google (Firebase, Cloud Storage) and Supabase. Where such transfers leave the EEA, they take place under standard contractual clauses or another lawful safeguard.

Children

The Application is not directed at children. The Service Provider does not knowingly collect personal information from children below the digital-consent age that applies under the user's local law — for example 13 in the United States under COPPA, and between 13 and 16 in the European Union depending on the member state (16 by default under the GDPR).

If the Service Provider discovers that personal information of a child below the applicable age has been collected without parental consent, that information will be deleted from our servers without delay. If you are a parent or guardian and you believe a child has provided personal information to the Application, please contact the Service Provider at radiospot@frigus.be.

Security

The Service Provider is concerned about safeguarding the confidentiality of your information and provides physical, electronic and procedural safeguards to protect information that is processed and maintained.

Changes

This Privacy Policy may be updated from time to time for any reason. The Service Provider will notify you of any changes by updating this page with the new Privacy Policy and updating the effective date below. You are advised to consult this Privacy Policy regularly for any changes; continued use of the Application after changes are posted is deemed approval of those changes.

This privacy policy is effective as of 2026-05-06.

Your consent

By using the Application, you are consenting to the processing of your information as set forth in this Privacy Policy now and as amended by us.

Contact us

If you have any questions regarding privacy while using the Application, or have questions about our practices, please contact the Service Provider via email at info@frigus.be.