PRIVACY POLICY FOR INFINITRA SERVICE

Last Revised: 2025-07-15

This Privacy Policy ("Policy") explains how Richard Michael Bogad, MSc, an Austrian sole proprietorship ("Richard Bogad Solutions", "we", "us", "our"), collects, uses, discloses, and protects information about you when you use our website www.infinitra.xyz (the "Website"), our software INFINITRA (the "Software"), register for an optional user account, subscribe to our paid services, or otherwise interact with us (collectively, the "Services").

We are committed to protecting your privacy in compliance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR).

We may update this Policy occasionally. If we make significant changes, we will notify you by revising the "Last Revised" date and potentially through other means (like an in-Software notification or website notice). Please review this Policy periodically.

1. Information We Collect

1.1. Information You Provide Directly

We collect information you voluntarily provide when using our Services:

Account Information: If you choose to register an account within the Software, we collect your email address. You may also select a username and/or avatar associated with your account. Providing this information is optional for basic Software use but required for account-specific features.
Subscription Information: If you purchase a paid Subscription, our third-party reseller and Merchant of Record, Polar (Polar Software Inc.) ("Merchant of Record"), collects and processes your payment details (e.g., credit card number, billing address). The Merchant of Record is responsible for all payment processing. We do not directly store your full payment card information. We only receive confirmation of your payment and subscription status necessary to manage your Subscription. Please review the Merchant of Record's privacy policy for their practices.
Communications: When you contact us via email (office@infinitra.xyz) for support, feedback, or other inquiries, we collect the information contained in your communications (e.g., your email address, name if provided, content of your message).

1.2. Information We Collect Automatically

When you use our Services, we automatically collect certain technical and usage information:

Log and Usage Data: We collect information about your interaction with the Services. For the Software, this includes your IP address, operating system type and version, hardware specifications (like CPU, GPU, RAM), actions taken within the Software (e.g., features used, session start/end times, crashes encountered), and interactions with content (such as game progress, character location, and item interactions). This data is collected for purposes such as performance optimization, troubleshooting, improving game balance, preventing fraudulent activity, and ensuring the security and integrity of the Services. For the Website, this includes browser type, pages viewed, access times, IP address, and referring URL.
Device Information: Information about the device you use to access the Software, such as hardware model and operating system version.
Connectivity and Update Checks: Even when not logged into an account, the Software may periodically contact our servers to check for connectivity and the availability of essential updates. This process involves the transmission of your IP address, which is technically necessary for network communication. This data is processed based on our legitimate interest in ensuring the basic functionality, security, and integrity of the Software.
Internal Analytics: We may collect anonymized or aggregated data about how users interact with the Software (e.g., feature popularity, session duration) using internal tools. This data helps us understand usage patterns and improve the Services and does not personally identify you.
Diagnostic Data (Conditional): As stated in the EULA, the Software may generate error reports or logs if it encounters issues. We will ask for your explicit consent before sending any such diagnostic files that contain potentially identifiable or detailed usage information.
Cookies and Local Storage: We do not use cookies or similar tracking technologies (like web beacons or pixels) on our Website or within the Software for behavioral advertising, cross-site tracking, or non-essential analytics. The Service relies on strictly necessary local data storage on your device for core functionality. This includes, for example, storing session tokens to keep you logged in or saving essential user settings (like control preferences). This type of storage is essential for the operation of the Service and does not require consent under the ePrivacy Directive and GDPR. Disabling this storage via browser or system settings will likely break key features of the Service.

1.3. Information From Third Parties

Account Authentication: We use Firebase Authentication / Google Cloud Identity Platform to manage user account creation and login. If you register an account, these services handle the authentication process. We receive confirmation of successful authentication and your registered email address/unique user ID from them.

2. How We Use Your Information

We use the collected information for the following purposes:

To provide, operate, maintain, and improve the Services (Software functionality, Website access, account features, Subscriptions).
To manage your Subscription, which includes initiating the payment process with our Merchant of Record, and updating your account based on your subscription status.
To create and manage your optional user account using Firebase/Google Cloud.
To communicate with you, including sending technical notices, security alerts, updates, support responses, and administrative messages.
To respond to your comments, questions, feedback, and requests for customer service.
To monitor and analyze trends, usage patterns, and activities to understand how the Services are used and to improve them.
To detect, investigate, and prevent fraudulent transactions, security incidents, violations of our terms (EULA, Terms of Service), and other illegal or harmful activities.
To personalize certain aspects of the Service experience (e.g., showing relevant content based on progress).
To comply with applicable legal obligations (e.g., financial record-keeping for subscriptions, data retention requirements).
To fulfill any other purpose disclosed to you at the time we collect the information or with your consent.

2.1. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

Performance of a Contract (Art. 6(1)(b) GDPR): When you create an account, purchase a Subscription, or use the core features of the Service, we process your information (e.g., email address, subscription status) as necessary to provide the Service to you and fulfill our obligations under our Terms of Service.
Legitimate Interests (Art. 6(1)(f) GDPR): We process data like log files, usage data, and device information for our legitimate interests in maintaining and improving the Service, ensuring security, preventing fraud, and analyzing usage trends. We have balanced our interests against your data protection rights.
Consent (Art. 6(1)(a) GDPR): Where we ask for your explicit consent to process data, such as before sending detailed diagnostic reports to us, we rely on that consent. You can withdraw your consent at any time.
Legal Obligation (Art. 6(1)(c) GDPR): We retain certain information, such as financial records related to your subscriptions, to comply with our legal obligations under Austrian tax and commercial law.

We do not sell your personal information. We may share information about you only in the following circumstances:

With Service Providers: We share information with third-party vendors and service providers who perform services on our behalf and need access to the information to do that work. These include:
- Google Cloud Platform / Firebase: For backend infrastructure hosting, database storage, user authentication, and potentially cloud functions.
- Merchant of Record: For processing subscription payments. (We do not share personal data with analytics providers like Google Analytics for tracking purposes).
For Legal Reasons: We may disclose your information if we believe disclosure is necessary to:
- Comply with applicable law, regulation, legal process, or governmental request (e.g., from law enforcement or tax authorities).
- Enforce our EULA, Terms of Service, and other agreements or policies.
- Protect the rights, property, or safety of Richard Bogad Solutions, our users, or the public.
In Connection with Business Transfers: If Richard Bogad Solutions is involved in a merger, acquisition, financing, dissolution, or sale of all or a portion of its assets, your information may be transferred as part of that transaction, subject to standard confidentiality arrangements.
With Your Consent: We may share your information for other purposes if you provide your explicit consent.
Aggregated or Anonymized Data: We may share aggregated or anonymized information that does not directly identify you and cannot reasonably be used to identify you (e.g., general usage statistics).

4. Data Storage, Transfer, and Security

Storage Location: Your information is processed and stored primarily on servers managed by our service providers (Google Cloud/Firebase, potentially the Merchant of Record for transaction data), which may be located in countries outside of Austria or the European Economic Area (EEA), including the United States.
International Transfers: When we transfer personal data from the EEA to countries that have not been deemed adequate by the European Commission, such as the United States, we rely on legally-provided mechanisms to lawfully transfer data across borders. Our service providers, including Google and the Merchant of Record, are certified under the EU-U.S. Data Privacy Framework, which you can verify on the Data Privacy Framework website. For providers where this is not applicable, we rely on Standard Contractual Clauses, to ensure your data is protected according to GDPR standards. By using the Services, you acknowledge that your information may be transferred to, stored, and processed in these locations.
Security: We implement reasonable technical and organizational measures designed to protect your information from loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction. However, no internet transmission or electronic storage is 100% secure. We cannot guarantee absolute security. You are responsible for keeping your account password confidential.

5. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which we collected it, including providing the Services, managing your account (if active), processing subscriptions, complying with legal obligations (e.g., Austrian tax and commercial law requires retention of financial records for 7 years or longer), resolving disputes, and enforcing our agreements.

If you delete your user account, we will initiate the deletion of your personal information directly associated with that account (like your email address) within a reasonable timeframe (typically 30-90 days), unless legal retention obligations require us to keep it longer. For example, server and security log files containing IP addresses are retained for a period of six months for security analysis and fraud prevention purposes before being automatically deleted or anonymized. Anonymized or aggregated data may be retained indefinitely for analytical purposes.

If you are located in the EEA or another jurisdiction with similar data protection laws, you have certain rights regarding your personal information, subject to legal limitations:

Right to Access: Request access to the personal information we hold about you.
Right to Rectification: Request correction of inaccurate personal information.
Right to Erasure ('Right to be Forgotten'): Request deletion of your personal information under certain conditions (e.g., it's no longer needed for the purposes collected, you withdraw consent where applicable). You can typically delete your account via the Software or by contacting us.
Right to Restrict Processing: Request restriction of how we process your personal information in specific situations.
Right to Data Portability: Request a copy of the personal information you provided to us in a structured, commonly used, machine-readable format, and potentially transmit it to another controller.
Right to Object: Object to the processing of your personal information based on our legitimate interests or for direct marketing.
Right to Withdraw Consent: If processing is based on consent (e.g., for sending diagnostic data), you can withdraw it at any time.
Right to Lodge a Complaint: Lodge a complaint with your local data protection supervisory authority. The competent authority in Austria is the Österreichische Datenschutzbehörde (Austrian Data Protection Authority): https://www.dsb.gv.at/.

To exercise these rights (except lodging a complaint), please contact us at office@infinitra.xyz. We may need to verify your identity before processing your request. Please note that even after a deletion request, we are required by law to retain certain data (such as transaction records for subscriptions) for a legally prescribed period (e.g., for tax and accounting purposes).

7. Your Choices

Account Information: You can review and update your account information (email) within the Software settings or by contacting us. You can delete your account via the Software or by emailing office@infinitra.xyz.
Diagnostic Data: You will be asked for consent before sending detailed diagnostic data.
Promotional Communications: If we send promotional emails in the future, they will include an opt-out mechanism (e.g., an unsubscribe link). Opting out won't stop essential service-related communications (e.g., about your account, subscription billing, or policy updates).

8. Children's Privacy

The Services are not directed to children under the age of 18 (or the relevant minimum age in your jurisdiction). We do not knowingly collect personal information from children under this age. We have implemented an age-gate within the Software to deter usage by children. If you believe we have inadvertently collected such information, please contact us at office@infinitra.xyz so we can delete it. You are not permitted to use the Service or create an account if you are under the age of 18.

9. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact our data protection responsible person:

Richard Bogad

Email: r.bogad@infinitra.xyz

The official registered address of Richard Bogad Solutions in Austria is available here: Legal Disclosure.