Privacy Policy

Last updated: May 2026

Introduction

BPOS GCV (“we”, “us”, or “our”) operates the Hoppli mobile application (“the App”). This Privacy Policy explains how we collect, use, and protect your information when you use the App. We comply with the EU General Data Protection Regulation (GDPR) and applicable child privacy laws including COPPA. This document is available in English only.

Information We Collect

Anonymous use: You can explore the App without creating an account. When you do, we generate a temporary anonymous identifier (Firebase Anonymous UID) so the App can function. No personal data is collected during anonymous use. If you later sign in, your anonymous progress can be linked to your account.

Account Information: When you choose to sign in via Google Sign-In or Apple Sign-In, we receive your email address and display name. Authentication is handled securely by Firebase Authentication; we never receive or store your password.

Adventure Data: We store the adventures you create, including names, missions, clues, QR codes, prizes, and settings.

Player Information: When children play an adventure, we store the player name they enter and their progress. Player names are temporary identifiers tied to the adventure, not to a persistent child profile.

Mascot & Skin Preference: Your selected mascot skin (e.g. Bunny, Cat, Cosmonaut, Dino, Foxy) is stored as a user preference.

Purchase Information: In-app purchases (subscriptions and lifetime) are processed by the Apple App Store or Google Play Store. We receive purchase confirmation and entitlement status through RevenueCat, our purchase management service. We never receive or store your payment details (credit card numbers, bank accounts, etc.).

Camera Access: The App uses your device camera to scan QR codes and to take pictures during photo missions. Photos taken inside the App stay on your device unless you choose to share them.

How We Use Your Information

• To provide and maintain the Hoppli service
• To let you create, save, and manage adventures
• To enable children to play adventures you create
• To process and verify in-app purchases and subscriptions
• To serve ads to free-tier users (see Advertising below)
• To diagnose crashes and improve stability
• To understand how features are used so we can improve the App

Advertising (Google AdMob)

The free tier of the App displays ads served by Google AdMob. Ads are part of how we keep a free version of Hoppli available. Premium subscribers, lifetime owners, and trial users see no ads.

• COPPA child-directed treatment is enabled on every ad request. We pass tagForChildDirectedTreatment = true, tagForUnderAgeOfConsent = true, and maxAdContentRating = G to AdMob.
• No personalised ads are served. There is no behavioural targeting and no interest-based profiling.
• Ads only appear on parent surfaces (such as the parent dashboard). There are no ads during a child’s gameplay.
• Our AdMob publisher ID is pub-5510314849058969, disclosed in our app-ads.txt file at hoppli.app/app-ads.txt.
• For more information, see Google’s Families Policy.

Analytics & Attribution

We use a small number of analytics and attribution services to understand how the App is used and to measure the effectiveness of our advertising campaigns.

Consent gate: When you first open the App, you are asked to accept these Terms of Service and Privacy Policy. Until you accept, all analytics and attribution SDKs are blocked from initialising. The single exception is Firebase Crashlytics (see below), which we run under the legitimate-interest legal basis to keep the App stable.

Firebase Analytics: Anonymous usage data (screen views, feature usage, in-app events). No personal data is sent to Firebase Analytics. Data is processed in the European Union.

Firebase Crashlytics: Collects crash stack traces and basic device information so we can fix bugs. Legal basis: legitimate interest (GDPR Art. 6(1)(f)). Crashlytics does not receive your name, email, or other directly identifying information.

TikTok Business SDK: Used for install attribution only — it measures whether a TikTok ad led to an app install. It sends app events (install, purchase) to TikTok. It does not track browsing activity. Consent-gated. See TikTok’s Privacy Policy.

Meta/Facebook SDK: Used for install attribution only — it measures whether a Meta or Instagram ad led to an app install. It sends app events (install, purchase) to Meta. It does not track browsing activity. Consent-gated. See Meta’s Privacy Policy.

Advertising Identifiers (IDFA / GAID)

On iOS, the App asks for your permission via Apple’s App Tracking Transparency framework before sharing any advertising identifier (IDFA). If you decline, no advertising identifier is shared. On Android, the Google Advertising ID (GAID) may be used for attribution measurement. You can reset or limit ad tracking at any time via your device settings. Children’s advertising identifiers are never used for personalised advertising.

Data Storage

Your data is stored using Google Firebase services (Authentication, Firestore Database, and Cloud Storage) hosted in the European Union, encrypted in transit and at rest. We apply appropriate technical and organisational security measures in line with GDPR requirements.

Children’s Privacy

Hoppli is listed in the Kids Category and is designed to be used by children under parental supervision. We take children’s privacy seriously:

• Children do not create accounts, provide email addresses, or submit any personal information.
• All accounts are created and managed by parents or guardians.
• Player names entered during gameplay are temporary identifiers and are not used to identify children outside the context of the adventure.
• AdMob is configured with COPPA child-directed treatment on every ad request — no personalised ads, no behavioural profiling.
• Ads only appear on parent-facing screens. There are no ads during a child’s gameplay.
• Analytics data from children’s play sessions is anonymous and cannot be linked to individual children.
• When location-based features are made available in a future update, children’s location data will be processed exclusively on the device. No location data from children will be transmitted to Hoppli’s servers or shared with third parties.
• A parental gate is required before any in-app purchase.

Your Rights (GDPR)

Under the General Data Protection Regulation, you have the right to:

• Access your personal data
• Correct inaccurate data
• Delete your account and all associated data (via Settings > Delete Profile, or via hoppli.app/delete-account)
• Restrict or object to processing of your data
• Data portability: request a copy of your data by contacting us

To exercise these rights, use the Settings menu in the App or contact us at the address below.

Data Retention

We retain your data while your account is active. When you delete your account, all associated data (including adventures, missions, player progress, and QR codes) is permanently and immediately deleted from our systems.

Third-Party Services

We use the following third-party services:

• Google Firebase (Authentication, Firestore, Cloud Storage, Analytics, Crashlytics): for account management, data storage, analytics, and crash reporting. See Google’s Privacy Policy.
• Google AdMob: for serving ads to free-tier users with COPPA child-directed treatment. See Google’s Privacy Policy.
• RevenueCat: for managing subscriptions and lifetime purchases. RevenueCat receives an anonymous user identifier and purchase status; no payment card data is stored on Hoppli’s servers. See RevenueCat’s Privacy Policy.
• Google Sign-In: for optional account authentication. See Google’s Privacy Policy.
• Apple Sign-In: for optional account authentication. See Apple’s Privacy Policy.
• TikTok Business SDK: for install attribution. See TikTok’s Privacy Policy.
• Meta/Facebook SDK: for install attribution. See Meta’s Privacy Policy.

Location Data (future feature)

This section describes our data practices for location-based features. These features are not yet available in the App. When location-based features (such as geo-coded missions) launch:

• Location data will be used only to verify proximity to a mission point.
• Location data will be processed on your device and will not be transmitted to or stored on Hoppli’s servers.
• You can revoke location access at any time via your device settings.
• Children’s location data will never be collected, stored, or shared.

Community Content (future feature)

If, in a future update, you choose to publish an adventure to a community library so that other families can play it, the following information will be visible to other users: your display name or alias, the adventure’s title and description, the mission content (clues, questions, instructions), and play statistics (such as the number of plays). Your email address and account details are never shared with other users.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, the App will ask you to review and accept the updated policy via the in-app consent screen (version-based re-consent).

Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

BPOS GCV
Tweelingenstraat 33
2018 Antwerp, Belgium