Privacy Policy

Version 1.0 – Effective as of 22 November 2025
(Governing Law: Scotland)

Clause 1 – Introduction

1.1 This Privacy Policy (“Policy”) explains how INTEGRIA LP, operating under the brand XploreMe!, collects, uses, and protects your personal information when you use the XploreMe! App and our official website www.xplore-me.com (“Website”).

1.2 INTEGRIA LP is a limited partnership registered in Scotland under Company No. SL037740, with its registered office at 5 South Charlotte Street, Edinburgh, EH2 4AN, Scotland, United Kingdom.

1.3 INTEGRIA LP acts as the Data Controller for all personal data processed in connection with the XploreMe! App and Website.

1.4 We are committed to complying with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and other applicable data protection laws.

Clause 2 – Scope of Application

2.1 This Policy applies to all personal data collected:
(a) when you visit our Website;
(b) when you register or use the XploreMe! App;
(c) when you make purchases through our Website;
(d) when you communicate with us by email or contact form.

2.2 By accessing or using our Services, you acknowledge that you have read and understood this Policy.

Clause 3 – Data We Collect

3.1 We collect and process the following categories of data:

(a) Account Data – your email address and password used for registration and login;
(b) Payment Data – transaction details processed through Stripe or PayPal;
(c) Gameplay Data – progress, achievements, and participation in Hunts or Xplorations;
(d) Location Data – temporary GPS coordinates required to trigger in-app events;
(e) Technical Data – device type, operating system, IP address, and performance logs automatically collected by Firebase;
(f) Communication Data – information provided when contacting us by email or form.

Clause 4 – Purpose and Legal Basis for Processing

4.1 We process personal data only where a valid legal basis applies under the UK GDPR or EU GDPR.

4.2 The purposes and corresponding legal bases are as follows:

• To operate and provide access to the XploreMe! App
  Legal basis: Article 6(1)(b) GDPR – performance of a contract.

• To process payments and deliver purchased access codes
  Legal basis: Article 6(1)(b) GDPR.

• To send transactional emails and order confirmations
  Legal basis: Article 6(1)(b) GDPR.

• To maintain technical security and prevent misuse
  Legal basis: Article 6(1)(f) GDPR – our legitimate interest in ensuring platform security.

• To comply with accounting and tax obligations
  Legal basis: Article 6(1)(c) GDPR – compliance with legal obligations.
  

Clause 5 – Data Storage and Retention

5.1 We retain personal data only for as long as necessary to fulfil the purposes described in this Policy.

5.2 Specifically:
(a) User accounts remain active until deleted by the user;
(b) Payment data is stored for statutory retention periods (typically six to seven years);
(c) Technical logs are automatically deleted after a short period by Firebase;
(d) Gameplay data is deleted once the user deletes their account.

5.3 Users may delete their account directly within the XploreMe! App at any time. Once deleted, all personal data linked to that account will be permanently removed except where legal retention requirements apply.

Clause 6 – Data Processing through Firebase

6.1 The XploreMe! App uses Google Firebase, provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, for hosting, authentication, and app functionality.

6.2 Firebase automatically collects limited technical information (such as device details, IP address, and crash data) for operational and security purposes.

6.3 Data is currently stored in the United States (region: us-central1). Migration to EU-based servers is planned.
Data transfers to the USA are based on Standard Contractual Clauses (SCCs) in accordance with Article 46 GDPR.

6.4 Further details on Firebase privacy practices:
https://firebase.google.com/support/privacy

Clause 7 – Hosting and Infrastructure

7.1 The Website is hosted by Hostinger International Ltd., which processes data on our behalf under a Data Processing Agreement (DPA).

7.2 Hostinger automatically collects standard server log files (including IP address, browser type, and time of access) for system security and performance.
Such logs are retained temporarily and deleted automatically.

7.3 Hostinger’s built-in analytics tool analyses website performance and transactions without storing personal identifiers.

Clause 8 – Payment Processing

8.1 Payments made through our Website are processed securely via Stripe and PayPal.
We do not store credit card or banking information on our servers.

8.2 Both providers act as independent controllers and comply with GDPR requirements:

• Stripe: https://stripe.com/gb/legal/dpa

• PayPal: https://www.paypal.com/us/legalhub/data-processing-agreement
  
  

Clause 9 – Email Communication

9.1 We use Brevo (formerly Sendinblue) to send transactional emails, such as order confirmations and delivery of access codes.

9.2 Brevo acts as a data processor under a GDPR-compliant DPA.
It does not send marketing or promotional emails on our behalf.

9.3 More information: https://www.brevo.com/legal/termsofuse/

Clause 10 – Location Data

10.1 The XploreMe! App accesses the device’s GPS solely for gameplay purposes — to trigger specific events when the player reaches certain locations.

10.2 Location data is processed temporarily only, not stored or tracked permanently, and cannot be used to reconstruct a user’s movements.

Clause 11 – Data Security

11.1 We implement technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction.

11.2 All communications between the App, Website, and Firebase are encrypted using industry-standard HTTPS/TLS protocols.

Clause 12 – Data Transfers Outside the UK/EEA

12.1 Where personal data is transferred outside the United Kingdom or the European Economic Area (e.g., via Firebase’s US servers), such transfers are safeguarded through Standard Contractual Clauses (SCCs) approved by the European Commission or other legally recognised mechanisms.

Clause 13 – Your Rights

Under applicable data protection laws, you have the right to:

(a) Request access to your personal data;
(b) Request correction of inaccurate data;
(c) Request deletion (“right to be forgotten”);
(d) Object to or restrict processing;
(e) Request data portability;
(f) Lodge a complaint with the competent supervisory authority.

For all privacy-related inquiries, please contact:
📩 info@xplore-me.com

Supervisory authority (UK): Information Commissioner’s Office (ICO)
www.ico.org.uk

Clause 14 – Updates to this Policy

14.1 XploreMe! reserves the right to amend this Policy at any time to reflect technical, legal, or operational changes.
14.2 The latest version will always be available at: www.xplore-me.com/privacy

Clause 15 – Governing Law and Jurisdiction

15.1 This Policy is governed by and construed in accordance with the laws of Scotland.
15.2 Any dispute arising under or in connection with this Policy shall be subject to the exclusive jurisdiction of the courts of Edinburgh, Scotland.

Clause 16 – Contact Information

INTEGRIA LP
Operating under the brand XploreMe!
5 South Charlotte Street
Edinburgh, EH2 4AN
Scotland, United Kingdom

📩 info@xplore-me.com
🌐 www.xplore-me.com