Privacy Policy
Effective date: 7 July 2026
This Privacy Policy explains how your personal data is collected, used, and protected when you use the Beefriend mobile application (the “App”) and related services (together, the “Service”). Please read it carefully. If you do not agree with it, do not use the Service.
1. Who is responsible for your data
The data controller responsible for your personal data is:
Seweryn Kras al. Jerozolimskie 85/21 02-001 Warsaw, Poland Email: [email protected]
You can contact us at the address above for any question about this policy or about how your data is handled.
2. What this policy covers
Beefriend is a party game in which you join a shared game with friends using a game code and answer prompts creatively — with text, drawings, photos, GIFs, or voice recordings — which the other players in your game can see and vote on. This policy covers the personal data we process to make that work.
3. What personal data we collect
We collect only what the Service needs to function:
- Username — the name you choose when you open the App.
- Account identifier — when you first play, we create a pseudonymous account for you, identified by a randomly generated ID and kept signed in on your device by an authentication cookie. We do not ask for your email, phone number, or real identity to create it.
- In-game content you create — the answers, in-game chat messages, drawings, photos, GIFs, and voice recordings you submit during a game.
- Gameplay data — information about the games you play needed to run the game.
- Technical and diagnostic information — limited technical data such as app version, device/operating-system type, timestamps, and error information, used to keep the App working and to fix problems.
- Usage analytics — anonymous, aggregate information about how the App is used (see Section 6).
Device permissions. Some features need access to your device’s camera, microphone, and photo library — for example, taking a picture, recording a voice clip, or uploading an image. These are accessed only when you choose to use the feature, and you can grant or revoke them at any time in your device settings.
We do not ask you for special-category data (such as health, religion, or biometric identification data). Because in-game content is free-form, please do not submit sensitive information about yourself or others in your answers, drawings, photos, or recordings.
4. How we use your data and our legal bases
We process your personal data only for the following purposes, on the following legal bases under the GDPR:
- To provide the game and maintain your account — including showing your submissions to the other players in your game, running gameplay, and keeping you signed in. Legal basis: performance of a contract (Article 6(1)(b)).
- To let you search for and insert GIFs — when you use the GIF feature, your search is sent to our GIF provider to return results (see Section 6). Legal basis: performance of a contract / our legitimate interests in providing the feature you requested (Article 6(1)(b) / 6(1)(f)).
- To keep game content briefly after a game so we can investigate technical problems or abuse reports — see retention below. Legal basis: our legitimate interests in keeping the Service reliable and safe (Article 6(1)(f)).
- To diagnose errors and measure usage — using our own self-hosted error-tracking and analytics tools, in a privacy-preserving way. Legal basis: our legitimate interests in keeping the Service reliable and improving it (Article 6(1)(f)).
- To produce anonymous usage statistics (for example, how many games were played on a given day, by game mode). These statistics contain no username, account ID, or other identifier and cannot be linked back to you; once produced they are anonymous data and no longer personal data. Legal basis: our legitimate interests in understanding and improving the Service (Article 6(1)(f)).
We do not sell your data, we do not use it for advertising, and we do not share it with advertising or marketing companies.
5. Content shown to other players
The core of the Service is social: the content you submit during a game (answers, chat, drawings, photos, GIFs, and voice recordings) is shown to the other players in that game. You choose who you play with by sharing or entering a game code; there is no public feed, no matchmaking with strangers, and no way to browse other people’s games. Only submit content you are comfortable sharing with the people in your game.
6. Who we share data with
We do not sell or rent your personal data. We use the following providers:
- Hetzner Online GmbH (Germany) — provides our servers, database, and object storage, all located within the European Economic Area (Germany and Finland). Hetzner processes data strictly on our instructions under a data processing agreement in accordance with Article 28 of the GDPR.
- Giphy (Giphy, LLC, United States) — when you use the GIF search feature, your search term and IP address are sent to Giphy so it can return matching GIFs. Giphy only receives what is needed to serve your search; it does not receive your username, account, or game content. See Section 7 for how this transfer is protected.
We may also disclose data if we are legally required to do so (for example, to comply with a lawful request from a competent authority), or to establish, exercise, or defend legal claims.
7. Where your data is processed (international transfers)
Almost all processing of your personal data takes place within the European Economic Area, including our error tracking and analytics.
The one exception is the GIF search feature: when you search for a GIF, your search term and IP address are sent to Giphy in the United States. This is a transfer of personal data outside the EEA. We rely on the safeguards required by GDPR Chapter V for this transfer — namely Standard Contractual Clauses and/or Giphy’s certification under the EU-U.S. Data Privacy Framework. You can obtain more information about these safeguards by contacting us. If you do not use the GIF search feature, no data is transferred to Giphy.
8. How long we keep your data
We keep personal data only as long as we need it:
- In-game content (answers, chat, drawings, photos, GIFs, voice recordings) is deleted automatically within 24 hours of the game. During that short window it may be retained so we can investigate a technical issue or abuse report; after it, it is permanently deleted.
- Anonymous statistics (aggregate counts that contain no identifier) are kept indefinitely, because they are no longer personal data.
- Account data (your chosen username and random account identifier) is kept until you delete your account, or until 24 months of inactivity, whichever comes first — after which it is deleted.
- Technical, diagnostic, and error data is kept only as long as necessary to operate the App and resolve problems, and is not retained longer than needed for that purpose.
9. Your rights
Under the GDPR you have the right to: access your personal data; have inaccurate data corrected; have your data erased; restrict or object to certain processing; and receive your data in a portable format. These rights are subject to the conditions and exceptions in the law.
How to exercise them. You can delete your account and its associated data directly in the App.. If you have lost access to your account (for example, you cleared the App’s storage or reinstalled), contact us at [email protected] and we will help where we can — but note that, because accounts are pseudonymous and hold no email or identity, we may be unable to identify which account was yours in order to action a request (Article 11 GDPR).
Complaints. If you believe we have handled your data unlawfully, you have the right to lodge a complaint with the Polish supervisory authority:
Urząd Ochrony Danych Osobowych (UODO) Website: uodo.gov.pl
10. Children
The App is intended for users aged 13 and over and is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe a child under 13 has provided us with personal data, contact us at [email protected] and we will delete it.
11. How we protect your data
We use measures appropriate to the nature of the Service, including encryption of data in transit (HTTPS/TLS), access controls on our systems, hosting within the EEA under our provider’s technical and organisational security measures, collecting only the data we need, and deleting in-game content quickly. No system can be guaranteed to be completely secure, but we work to protect your data against unauthorised access, loss, or misuse.
12. Automated decision-making
We do not use your personal data for automated decision-making that produces legal or similarly significant effects, and we do not carry out profiling.
13. Changes to this policy
We may update this policy from time to time. If we make material changes, we will update the “Effective date” above and, where appropriate, notify you within the App. We encourage you to review this policy periodically.
14. Contact
For any question about this policy or your personal data, contact:
Seweryn Kras — [email protected]