← Back to Maps

Privacy Policy

Last updated: February 6, 2026

1. Introduction

This Privacy Policy explains how Digital Partner Group GmbH ("we", "us", or "our") collects, uses, and protects your personal information when you use our SkyBlock map selection service (the "Service"). Our Service helps you choose the right SkyBlock map and redirects you to the appropriate app store to download the SkyBlock application.

We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR), the German Telemediengesetz (TMG), and the California Consumer Privacy Act (CCPA).

2. Data Controller

The data controller responsible for your personal information is:

Digital Partner Group GmbH
Ferdinand-Koch-Straße 31
26133 Oldenburg
Germany

Data Protection Contact:
Email: joshua@studioappx.com
Phone: +49 176 56923721

For all privacy-related inquiries, please contact us at the above email address. We will respond to your request within 7 business days.

3. Data We Collect

We collect the following types of personal information when you use our Service:

3.1 Technical Data

  • IP Address: Your IP address is collected, immediately hashed using SHA-256, and encrypted using AES-256 encryption. We never store your plain-text IP address.
  • Device Type: Whether you are using iOS, Android, or Desktop
  • User Agent: Browser and operating system information

3.2 Usage Data

  • Selected Map: Which SkyBlock map type you selected
  • UTM Parameters: Marketing attribution information including utm_source, utm_medium, utm_campaign, utm_content, and utm_term (if present in the URL)

3.3 Optional Data

  • Device ID: Unique device identifier (only if provided by the app after installation)
  • App Version: Version of the SkyBlock app installed
  • Platform Identifier: iOS or Android platform details

3.4 Advertising Identifiers

  • GCLID: Google Click ID for Google Ads attribution (if present in the URL)

Important: This website does NOT use cookies or browser local storage. All tracking is performed server-side, which provides enhanced privacy protection.

4. How We Collect Data

Data is collected automatically through the following mechanisms:

  • Server-Side Tracking: When you select a map, our server automatically captures technical information from your HTTP request
  • App Store Redirection: During the redirection process to the Apple App Store or Google Play Store
  • Post-Installation API: After you install the SkyBlock app, it may send conversion data back to our server via an authenticated API

No client-side tracking scripts, cookies, or pixels are used. All data collection occurs on our secure servers.

5. Purpose of Data Processing

We process your personal information for the following purposes:

5.1 Primary Purposes

  • Marketing Attribution: To attribute app installations to specific marketing campaigns and measure advertising effectiveness
  • App Store Redirection: To redirect you to the correct app store based on your device type
  • Service Provision: To provide and maintain the map selection functionality

5.2 Secondary Purposes

  • Fraud Prevention: To detect and prevent fraudulent installations, duplicate conversions, and abuse of the Service
  • Service Improvement: To analyze usage patterns and improve the Service
  • Security: To protect our systems from unauthorized access and attacks

No Profiling: We do NOT engage in automated decision-making or profiling that produces legal effects concerning you. Your data is used solely for aggregate conversion attribution and fraud prevention.

6. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds under GDPR Article 6:

6.1 Legitimate Interest (Art. 6(1)(f) GDPR)

We process data for marketing attribution, fraud prevention, and analytics based on our legitimate interest in:

  • Measuring the effectiveness of our marketing campaigns
  • Preventing fraud and abuse of our Service
  • Improving our Service and user experience

Balancing Test: We have carefully balanced our legitimate business interests against your fundamental rights and freedoms. We have determined that:

  • Data collection is minimal and necessary for business operations
  • IP addresses are immediately hashed and encrypted (never stored in plain text)
  • No cookies or invasive tracking technologies are used
  • Data retention periods are short (maximum 90 days)
  • Users reasonably expect attribution when accessing ad-driven content

6.2 Contract Performance (Art. 6(1)(b) GDPR)

Processing is necessary to provide you with the Service (map selection and app store redirection).

6.3 No Consent Required

Since we do not use cookies and all processing is based on legitimate interest or contract performance, we do not require your consent for data processing.

7. Data Sharing and Third Parties

We share your personal information with the following third-party service providers who act as data processors on our behalf:

7.1 Meta Platforms, Inc. (Facebook/Instagram Ads)

Service: Meta Conversion API

Purpose: To track ad conversions and optimize Facebook and Instagram advertising campaigns

Data Shared:

  • Hashed IP address
  • User agent (browser information)
  • Event type (Install or Purchase)
  • Product details, value, and currency (for purchases)
  • Event timestamp

Location: United States

Safeguards: Standard Contractual Clauses (SCCs) approved by the EU Commission

More Information:Meta Business Tools Terms

7.2 Google LLC (Google Ads)

Service: Google Ads Conversion API

Purpose: To track ad conversions and optimize Google Ads campaigns

Data Shared:

  • Google Click ID (GCLID)
  • Conversion event type (install or purchase)
  • Conversion value and currency
  • Event timestamp

Location: United States

Safeguards: Standard Contractual Clauses (SCCs) approved by the EU Commission

More Information:Google Ads Data Processing Terms

7.3 TikTok Pte. Ltd. (TikTok Ads) - Future Implementation

Service: TikTok Events API

Status: Not currently implemented. We plan to add TikTok conversion tracking in the future.

Purpose: To track ad conversions and optimize TikTok advertising campaigns

Data to be Shared:

  • Hashed IP address
  • Event type and conversion values
  • Event timestamp

Location: Singapore / United States

Safeguards: Standard Contractual Clauses (SCCs) will be implemented before activation

7.4 Upstash, Inc. (Data Storage)

Service: Redis database hosting

Purpose: To store encrypted tracking data and conversion events

Data Stored: All personal data collected (encrypted and hashed)

Location: United States data centers

Security: Encryption at rest and in transit, TLS 1.3+

7.5 Apple Inc. & Google LLC (App Stores)

Service: App Store and Google Play Store redirection

Purpose: To redirect you to download the SkyBlock app

Data Shared: Standard HTTP referrer information only (no additional data from us)

Privacy Policies: Your use of the app stores is subject to Apple's and Google's respective privacy policies

8. International Data Transfers

Your personal information is processed primarily in the European Union (Germany). However, some of our service providers are located in the United States, which means your data may be transferred outside the EU/EEA.

8.1 Safeguards for International Transfers

We ensure that all international data transfers comply with GDPR requirements by implementing the following safeguards:

  • Standard Contractual Clauses (SCCs): We rely on EU Commission-approved Standard Contractual Clauses for transfers to the United States
  • Transfer Impact Assessments: We have conducted assessments to ensure that transferred data is protected with appropriate security measures
  • Data Minimization: We only transfer the minimum necessary data, with IP addresses hashed and encrypted
  • Encryption: All data transfers occur over encrypted connections (TLS 1.3+)

8.2 Your Rights Regarding International Transfers

You have the right to obtain information about the safeguards we have in place for international data transfers. You may also object to such transfers. Please contact us at joshua@studioappx.com for more information or to exercise your rights.

9. Data Retention Periods

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy. All data is automatically deleted according to the following schedule:

Data TypeRetention PeriodRationale
Funnel tracking events30 daysAttribution window for conversions
Conversion events90 daysExtended attribution and reporting
API logs7 daysTechnical troubleshooting
Transaction IDs90 daysDuplicate prevention

After these retention periods, all personal information is permanently and automatically deleted from our systems. We do not archive or backup personal data beyond these periods.

10. Data Security Measures

We implement comprehensive technical and organizational measures to protect your personal information:

10.1 Technical Measures

  • IP Address Encryption: AES-256 encryption before storage (never stored in plain text)
  • IP Address Hashing: SHA-256 cryptographic hashing for matching
  • Transport Encryption: TLS 1.3+ for all data in transit
  • Storage Encryption: Encryption at rest for all stored data
  • Rate Limiting: Protection against brute-force attacks and abuse
  • API Authentication: Secure API key authentication for all endpoints
  • Transaction Deduplication: Prevents double-counting and replay attacks

10.2 Organizational Measures

  • Access Controls: Strict access controls and authentication requirements
  • Logging and Monitoring: Comprehensive logging of all data access
  • Security Audits: Regular security reviews and vulnerability assessments
  • Data Minimization: We only collect data that is strictly necessary
  • Privacy by Design: Privacy considerations are built into our technical architecture

Despite our security measures, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

11. Your Rights Under GDPR

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

Right to Access (Art. 15 GDPR)

You have the right to obtain confirmation as to whether your personal data is being processed, and to request a copy of that data.

Right to Rectification (Art. 16 GDPR)

You have the right to have inaccurate personal data corrected or completed if it is incomplete.

Right to Erasure / "Right to be Forgotten" (Art. 17 GDPR)

You have the right to request deletion of your personal data under certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.

Right to Restriction of Processing (Art. 18 GDPR)

You have the right to request that we restrict the processing of your personal data under certain circumstances, such as when you contest the accuracy of the data.

Right to Data Portability (Art. 20 GDPR)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

Right to Object (Art. 21 GDPR)

You have the right to object to the processing of your personal data that is based on legitimate interests. If you object, we will no longer process your data unless we can demonstrate compelling legitimate grounds that override your interests.

Right to Lodge a Complaint (Art. 77 GDPR)

You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates data protection laws.

How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Email: joshua@studioappx.com
Subject Line: "GDPR Data Subject Request"

We will respond to your request within 30 days as required by GDPR. We may need to verify your identity before processing your request. Please note that due to our use of IP hashing and encryption, we may have limited ability to retrieve specific data associated with you.

Supervisory Authority

If you are located in Germany, you may lodge a complaint with:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit (LfDI)
Niedersachsen
Prinzenstraße 5
30159 Hannover
Germany
https://lfd.niedersachsen.de/

12. Cookies and Tracking Technologies

This Website Does NOT Use Cookies

Unlike most websites, we do NOT use cookies, local storage, or any browser-based tracking technologies. All tracking is performed server-side, which means:

  • No cookie consent banner is required
  • No data is stored in your browser
  • No third-party tracking scripts are loaded on your device
  • Enhanced privacy protection compared to cookie-based tracking

This approach complies with the ePrivacy Directive without requiring your consent for cookies.

13. Children's Privacy

Our Service is not directed to persons under 16 years of age. We do not knowingly collect personal information from children under 16.

Under GDPR, the age of consent for data processing is 16 years. Under the U.S. Children's Online Privacy Protection Act (COPPA), the age is 13 years. We comply with both regulations by setting our age limit at 16.

If you are a parent or guardian and you believe that your child under the age of 16 has provided us with personal information, please contact us at joshua@studioappx.com. We will take steps to remove such information from our systems within 30 days.

14. Automated Decision-Making and Profiling

We do NOT engage in automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you.

Your data is used solely for:

  • Aggregate conversion attribution (measuring overall campaign performance)
  • Fraud detection (identifying duplicate or fraudulent installations)
  • Service provision (redirecting you to the correct app store)

We do not create individual user profiles, target you with personalized advertising, or make decisions that affect your access to services based on automated processing.

15. Your California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), as amended in 2026.

15.1 Categories of Personal Information We Collect

  • Identifiers: IP address (hashed), device ID
  • Internet Activity: Selected map, user agent, UTM parameters
  • Commercial Information: Conversion events, purchase values

15.2 Business Purposes for Collection

  • Advertising attribution and campaign measurement
  • Fraud prevention and security
  • Service provision and improvement

15.3 Categories of Third Parties

We share personal information with the following categories of third parties:

  • Advertising platforms (Meta, Google, TikTok)
  • Cloud service providers (Upstash)
  • App distribution platforms (Apple, Google)

15.4 Your CCPA/CPRA Rights

Right to Know

Request disclosure of personal information collected, used, disclosed, or sold

Right to Delete

Request deletion of your personal information

Right to Opt-Out of Sale

We do NOT sell your personal information

Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights

To exercise your CCPA rights, contact us at joshua@studioappx.com with "California Privacy Request" in the subject line.

16. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy at any time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make changes:

  • The "Last updated" date at the top of this page will be revised
  • Material changes will be prominently announced on our website or via email
  • Your continued use of the Service after changes constitutes acceptance of the updated policy

We encourage you to review this Privacy Policy periodically for any updates.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Digital Partner Group GmbH
Ferdinand-Koch-Straße 31
26133 Oldenburg
Germany

Data Protection Contact:
Email: joshua@studioappx.com
Phone: +49 176 56923721

We will respond to all inquiries within 7 business days. For GDPR-related requests, we will respond within 30 days as required by law.

18. Legal Framework and Compliance

This Privacy Policy is designed to comply with the following legal frameworks:

  • GDPR: Regulation (EU) 2016/679 (General Data Protection Regulation)
  • ePrivacy Directive: Directive 2002/58/EC (as amended)
  • TMG: German Telemediengesetz (Telemedia Act)
  • BDSG: German Bundesdatenschutzgesetz (Federal Data Protection Act)
  • CCPA/CPRA: California Consumer Privacy Act (as amended 2026)
  • COPPA: Children's Online Privacy Protection Act (USA)

This Privacy Policy was last reviewed and updated on February 6, 2026, to ensure compliance with the latest amendments and interpretations of applicable data protection laws.

Related legal documents:

Terms of ServiceImpressum