Privacy Policy
This policy explains what data Swivia processes when you play, why, and on what legal basis under the General Data Protection Regulation (GDPR).
Controller
Michael SammereierRadeberger Weg 8
85748 Garching
Germany
Email: contact@playswivia.com
Principles
Swivia is built to collect as little data as possible:
- No user accounts and no sign-up.
- No advertising and no third-party analytics.
- No tracking pixels and no fingerprinting.
- No cookies, no sessionStorage, no tracking identifiers.
- The only client-side storage is a single
localStorageentry holding your local gameplay stats — see Local stats.
Because no cookies or tracking identifiers are set and the local stats are not shared with us or anyone else, no consent banner is required.
Hosting (AWS, Frankfurt)
Swivia is hosted on Amazon Web Services in the EU (Frankfurt) region
(eu-central-1). The static site is delivered through Amazon
S3 and Amazon CloudFront; the game API runs on Amazon API Gateway and
AWS Lambda, with question data stored in Amazon DynamoDB. When you
access Swivia, AWS automatically processes standard request data such as
your IP address, user-agent string, requested URL, timestamp and
response status. This data is logged for security, abuse prevention and
operational diagnostics for at most 90 days, then deleted. Legal basis:
Art. 6 (1) (f) GDPR (legitimate interest in operating a secure and
reliable service).
Game data
When you start a round, the API generates a random game identifier
(gameId, a UUID) and returns trivia questions. Your
swipe answers are sent to the API together with this identifier and a
question identifier; the API responds with whether each answer was
correct. The gameId is held only in memory for the duration
of your session, is not linked to you personally and is not stored on
the server beyond ephemeral request logs. Swivia's server does not
store your scores, answer history or device identifiers.
Local stats (your browser only)
After you finish a round, Swivia saves a small summary of your
gameplay to your browser's localStorage under the key
swivia:stats:v1. This includes counts (games played,
questions seen, answered, correct, wrong, skipped), per-difficulty
totals, your personal records (high score, best streak, most correct,
best accuracy) and the score, correct/answered count and timestamp of
your last five games.
This data stays on your device. It is never sent to Swivia's server, never shared with third parties, contains no personal identifiers and is not used for tracking. You can erase it at any time using the Reset Stats button on the Stats screen, or by clearing site data for this domain in your browser. Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in offering the local stats feature you opted into by playing).
Data location
All processing takes place on AWS servers in Frankfurt, Germany. No personal data is transferred to a third country.
Recipients
Amazon Web Services EMEA SARL acts as a processor under Art. 28 GDPR for the purposes described above. No data is passed on to other recipients.
Your rights
You have the right to:
- Access your personal data (Art. 15 GDPR)
- Rectification of inaccurate data (Art. 16 GDPR)
- Erasure (Art. 17 GDPR)
- Restriction of processing (Art. 18 GDPR)
- Data portability (Art. 20 GDPR)
- Object to processing based on legitimate interest (Art. 21 GDPR)
To exercise any of these rights, contact contact@playswivia.com. Because Swivia stores no personal data beyond short-term server logs, the practical scope of these rights is limited.
Right to lodge a complaint
You have the right to lodge a complaint with a data-protection supervisory authority. The competent authority for the operator is the Bavarian State Office for Data Protection Supervision (Bayerisches Landesamt für Datenschutzaufsicht, BayLDA), Promenade 18, 91522 Ansbach, Germany.