Privacy Policy

Last updated: January 2026

1. Data Controller

The data controller for this website is:

Daniel Maksymilian Syrnicki
Email: daniel@lenswalker.online

2. Data We Collect

2.1 Account Data

When you register, we collect:

  • Username (your choice)
  • Password (stored encrypted using bcrypt)
  • Email address (optional) - only if you want password recovery or email verification

2.2 Game Data

During gameplay, we store:

  • Game progress (level, experience points)
  • Collected elements and essence
  • Daily activity (streak system)

2.3 Photos and Discoveries

When you capture photos:

  • The photo is stored on our server
  • AI analysis of image content (subject, rarity, element)
  • Optional GPS coordinates (only if you allow this)

2.4 Technical Data

For security and functionality:

  • IP address (temporary, for rate limiting)
  • Browser information (User-Agent)

2.5 Social & Community Data

When you use social features:

  • Posts shared to community feed
  • Comments on other players' posts
  • Likes on posts
  • Follow relationships (who you follow, who follows you)
  • Profile bio (if you add one)
  • Notifications (new followers, likes, comments)

2.6 Safety Data

To maintain community safety:

  • Block list (accounts you've blocked - private, only visible to you)
  • Reports submitted about content or users

2.7 Waitlist Data

If you join the pre-alpha waitlist on our landing page:

  • Email address
  • Signup source (which landing page)
  • Signup date

Waitlist emails are separate from game accounts and used only to send invites.

3. How We Use Your Data

We use your data exclusively for:

  • Providing and operating the game
  • Saving your game progress
  • Displaying on the leaderboard (username and level only)
  • Protection against abuse (rate limiting)

3.1 Data Retention Periods

We retain your data for the following periods:

  • Account data: Until you delete your account
  • Game progress: Until you delete your account
  • Photos: Until you delete them or your account
  • Social data: Until you delete them or your account
  • Technical data (IP): Maximum 7 days (for security)
  • Waitlist emails: Until you receive an invite or request removal

3.2 Voluntary Data Provision

Providing your data is entirely voluntary. You can play the game with just a username and password. Email is optional and only needed if you want password recovery. If you choose not to provide certain data, you can still use the core game features.

4. AI Image Analysis (Automated Decision-Making)

Your photos are analyzed by an AI (Qwen3-VL) that runs on our own server. Images are not sent to external services and are not used for AI training.

4.1 How the AI Works

The AI automatically determines:

  • Rarity score (1-10) based on the subject photographed
  • Element type based on colors and context
  • Capture quality based on photo composition

4.2 Consequences of AI Decisions

These automated decisions affect your gameplay: higher rarity and quality scores result in more experience points (XP) earned. There is no human review of individual AI decisions.

4.3 Your Rights Regarding AI Decisions

You can retry a photo analysis if you're unsatisfied with the result. If you believe an AI decision was incorrect, you can contact us for review.

5. Data Storage

All data is stored on servers in Germany. There is no transfer to third parties or outside the EU.

5.1 Email Service

For transactional emails (password reset, email verification), we use Mailjet, a French company with EU data centers in Belgium. Mailjet is GDPR compliant. Your email is only used for account-related communications, never for marketing.

6. Cookies and Tracking

This website uses no cookies and no tracking services like Google Analytics.

We store authentication data in your browser's localStorage to keep you logged in. This data never leaves your browser.

7. Your Rights (GDPR)

You have the following rights regarding your data:

  • Access: You can request what data we store about you
  • Rectification: You can have incorrect data corrected
  • Erasure: You can request deletion of your data
  • Data Portability: You can request your data in a portable format
  • Objection: You can object to data processing
  • Withdraw consent: You can withdraw consent at any time

For all requests, contact us at: daniel@lenswalker.online

7.1 Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. For Germany, you can contact the Federal Commissioner for Data Protection:

BfDI (Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit)
Graurheindorfer Str. 153, 53117 Bonn
Website: www.bfdi.bund.de

8. Data Security

We protect your data through:

  • Encrypted transmission (HTTPS/SSL)
  • Secure password storage (bcrypt hash)
  • JWT tokens for authentication
  • Rate limiting against attacks

9. Children

This service is not directed at persons under 13 years of age. We do not knowingly collect data from children.

10. Changes

We reserve the right to update this privacy policy. Significant changes will be published on this page.