Last updated: 13.06.2025
Welcome to PocoBit. We are committed to protecting and respecting your privacy. This Privacy Policy describes how PocoBit’s app and services collect, use, store, and protect your personal data when you use the PocoBit platform (“Platform”).
1. Introduction
PocoBit (“we,” “us,” “our”) provides a platform for creating and sharing training games. This Privacy Policy applies to all users (“you,” “your”) of our Platform.
2. Data We Collect
We collect the following types of data when you use our Platform:
- Personal Information: Name, email address, company name, and company registration number.
- Technical Data: IP address, browser type, usage logs.
- User-Generated Content Metadata: Basic metadata about uploaded content (e.g., file type, timestamp), but not the content itself.
- OAuth Profile Data: From Google or Microsoft logins (e.g., name, email address).
- Analytics Data: Pseudonymized usage data for improving the service.
Note: We do not store the files or materials that users upload for training game generation. These are processed transiently and discarded after generation.
3. How We Use Your Data
We use your data for the following purposes:
- Platform Operation: To facilitate the creation and sharing of training games.
- Account Management: To manage your account and provide customer support.
- Improvement of Services: To analyze usage patterns and enhance Platform functionality.
- Communication: To send service-related updates and notifications.
- Legal Compliance: To comply with legal obligations.
3.1 Legal Basis for Processing
| Purpose | Description | Legal Basis |
|---|---|---|
| Platform Operation | Enabling users to create and manage training games | Performance of a contract (Art. 6(1)(b)) |
| Account Management & Support | Managing user accounts and delivering support | Performance of a contract (Art. 6(1)(b)) |
| Communication | Service notifications, security alerts | Legitimate interest (Art. 6(1)(f)) |
| Analytics & Improvements | Improving the Platform and user experience | Legitimate interest (Art. 6(1)(f)) |
| Compliance | Fulfilling legal obligations | Legal obligation (Art. 6(1)(c)) |
3.2 Use of Google and Microsoft User Data
Our application may integrate with Google and Microsoft services. We collect and use OAuth data as follows:
- Access: We may access profile information (e.g., name, email) for login and account linking.
- Storage: OAuth profile data is stored securely and in compliance with provider policies.
- Use: Used only for login, personalization, or relevant Platform functionality.
- Sharing: Never shared with third parties without your consent unless required by law.
- Compliance: We adhere to the Google API Services User Data Policy and Microsoft’s applicable policies.
4. Data Sharing and Disclosure
We do not sell or rent your data. We only share your data under the following circumstances:
a. Service Providers
We work with trusted third-party providers who help deliver our services:
- Hosting: Supabase, Vercel.
- AI Services: Used to generate training game content.
- Google Services (if integrated): Used for authentication, user identification, or analytics. Any Google user data accessed or processed via OAuth (e.g., name, email) is used only to provide functionality within the PocoBit Platform and is not shared with any third parties. We do not access or use additional Google account data unless specifically required for a feature the user enables, and we always follow the Google API Services User Data Policy.
- Microsoft Services (if integrated): Used for authentication and user identification. Any Microsoft user data accessed or processed (e.g., name, email) is used solely to enable login and Platform functionality. We do not share Microsoft account data with any third parties, and all processing complies with Microsoft’s data usage policies.
- Analytics: Usage tracking and service improvement.
b. Legal Compliance
Data may be disclosed when required to:
- Comply with legal obligations or law enforcement
- Protect rights, property, or safety
c. With Your Consent
We will only share your data with third parties for optional features or integrations if you explicitly agree.
d. Aggregated or Anonymized Data
Used for insights, trends, and service improvement without identifying individual users.
5. Roles and Responsibilities
- PocoBit as Processor: When clients upload third-party data (e.g., employees), PocoBit acts as the data processor.
- Client as Controller: Clients are data controllers and must ensure they collect and process data lawfully and transparently.
Controller obligations include:
- Ensuring appropriate legal bases for processing;
- Providing privacy notices to their end-users;
- Handling data subject rights requests that relate to their own collected data.
6. GDPR Compliance
PocoBit adheres to the General Data Protection Regulation (GDPR):
- Processed lawfully, fairly, and transparently
- Collected for legitimate purposes
- Data minimization
- Accuracy and integrity
- Secure storage and handling
Your rights under GDPR:
- Access your data
- Correct inaccuracies
- Request deletion
- Restrict processing
- Data portability
- Withdraw consent
To exercise these rights, email support@pocobit.io or use our DSAR form.
7. Sub-processors
We use third-party providers (sub-processors) to assist in delivering the Platform. Each is bound by GDPR-compliant data processing agreements.
| Sub-Processor | Function | Location |
| Supabase | Database & Authentication | EU (Germany) |
| Vercel | Web Hosting | Local to the user |
| OpenAI, Anthropic or Similar | AI Processing | US |
| Stripe | Internet payments processing | Local to the user |
| Google/Microsoft OAuth | Authentication Services | Local to the user |
8. Data Transfers Outside the EU
If data is transferred outside the EU/EEA, we ensure:
- Standard Contractual Clauses (SCCs)
- Adequacy decisions
- Other legally approved safeguards
9. Automated Decision-Making & AI Use
PocoBit uses AI to assist with generating training content based on user input. This:
- Is not used to make legally significant decisions about you
- Is fully user-controlled and editable
10. Data Retention
We retain personal data only as long as necessary for its intended purpose or legal requirements.
| Data Type | Retention Period |
| Account/Profile Data | While active + 6 months after deletion |
| Training Content | While active, + 6 months after deletion |
| Technical Logs | Up to 12 months |
| OAuth Login Metadata | Until deleted by the user or upon account closure |
Note: We do not store or access your passwords. Authentication is handled securely using OAuth (Google, Microsoft, etc.), and we store only necessary profile data (e.g., name, email).
11. Data Subject Rights & DSAR Process
You may exercise your rights by:
- Emailing support@pocobit.io
- Using our Data Subject Access Request (DSAR) form
We respond within 30 days in accordance with GDPR.
12. Data Processing Agreements
If you are an organization using PocoBit for your users, a Data Processing Agreement (DPA) is available. Contact support@pocobit.io to request or sign a DPA.
13. Security Measures
We implement appropriate technical and organizational measures (TOMs) to ensure a level of security appropriate to the risk, including:
- Encryption of data in transit (TLS) and at rest (where applicable)
- Access controls and authentication mechanisms
- Regular backups and data integrity checks
- Monitoring and logging of system activity
- Secure development practices and vulnerability assessments
- Restricted access to personal data to authorized personnel only
These measures are reviewed regularly and updated as needed to maintain data protection.
14. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email to the address on file.
Changes affecting OAuth data (Google or Microsoft) will be explicitly highlighted.
15. Contact Information
- Data Protection Officer (DPO):
Paul Sokk
Email: paul.sokk@pocobit.io - Privacy Contact:
Email: support@pocobit.io
Website: https://pocobit.io