Xyhop Privacy Policy

Last Updated: 2026-01-16

Welcome to the Xyhop privacy policy. This policy describes how we collect, use, protect, and handle your personal data while you play our browser-based tactical espionage simulation involving geolocation.

1. Data Controller

The Data Controller is:

• Name: Valentino de Rogatis
• Address: Nippongasse 8, 1220 Wien - Austria
• Email: info@xyhop.com

2. Types of Data Collected

To enable the game mechanics ("Tactical Espionage"), we collect the following types of data:

A. Voluntarily Provided Data

• Credentials: Username, Email, and Password (encrypted hash).
• Preferences: Game language and local settings.

B. Technical Data

• Navigation: IP Address, User-Agent, Device Fingerprint (security).
• Logs: Access times and login attempts.

C. Sensitive Data & Permissions

1. GPS: Latitude/Longitude for the tactical map and Anti-Cheating (speed analysis).
2. Camera: For AR missions (QR, OCR, Colors). Processed locally, no video sent to server.
3. Sensors: Accelerometer for step counting and compass.

3. Purpose of Processing

• Service: Gameplay, progress saving, leaderboards.
• Security: Anti-hijacking and fraud prevention.
• Communication: Transactional emails (verification, security, deletion).

4. Base Giuridica / Legal Basis

Processing is based on: Consent (registration, browser permissions) and Legitimate Interest (infrastructure security).

5. Destinatari / Recipients

We use third-party services for: Maps (OpenStreetMap, CartoDB) and Hosting/Email (Aruba, SMTP).

6. Luogo / Location

Data is processed in Europe (EU). Security: HTTPS, Bcrypt, CSRF tokens.

7. User Rights (GDPR)

• Access: View data via profile.
• Portability: "Export Data" function (JSON).
• Erasure: "Decommission Profile" function (Burn Notice). Irreversible deletion.

8. Cookie & Storage

• Cookies: Session ID (PHPSESSID).
• Local Storage: Game Settings (gameSettings).

9. Age Limit

Xyhop is not intended for users under 13/16 years old.