Privacy Policy

Last updated: December 2025

1. Data Controller

The data controller for this website is:

Daniel Maksymilian Syrnicki
Email: daniel@lenswalker.online

2. Data We Collect

2.1 Account Data

When you register, we collect:

  • Username (your choice)
  • Password (stored encrypted using bcrypt)

2.2 Game Data

During gameplay, we store:

  • Game progress (level, experience points)
  • Collected elements and essence
  • Daily activity (streak system)

2.3 Photos and Discoveries

When you capture photos:

  • The photo is stored on our server
  • AI analysis of image content (subject, rarity, element)
  • Optional GPS coordinates (only if you allow this)

2.4 Technical Data

For security and functionality:

  • IP address (temporary, for rate limiting)
  • Browser information (User-Agent)

3. How We Use Your Data

We use your data exclusively for:

  • Providing and operating the game
  • Saving your game progress
  • Displaying on the leaderboard (username and level only)
  • Protection against abuse (rate limiting)

4. AI Image Analysis

Your photos are analyzed by an AI (Qwen3-VL) that runs on our own server. Images are not sent to external services and are not used for AI training.

5. Data Storage

All data is stored on servers in Germany. There is no transfer to third parties or outside the EU.

6. Cookies and Tracking

This website uses no cookies and no tracking services like Google Analytics.

We store authentication data in your browser's localStorage to keep you logged in. This data never leaves your browser.

7. Your Rights (GDPR)

You have the following rights regarding your data:

  • Access: You can request what data we store about you
  • Rectification: You can have incorrect data corrected
  • Erasure: You can request deletion of your data
  • Data Portability: You can request your data in a portable format
  • Objection: You can object to data processing

For all requests, contact us at: daniel@lenswalker.online

8. Data Security

We protect your data through:

  • Encrypted transmission (HTTPS/SSL)
  • Secure password storage (bcrypt hash)
  • JWT tokens for authentication
  • Rate limiting against attacks

9. Children

This service is not directed at persons under 13 years of age. We do not knowingly collect data from children.

10. Changes

We reserve the right to update this privacy policy. Significant changes will be published on this page.