Privacy Policy

At Eco Heroes, we prioritize both environmental education and your privacy. This comprehensive policy explains:

  • How we collect and use your data
  • Your privacy rights and choices
  • Our security measures and commitments
  • Special protections for young users

1. Data Collection & Processing

1.1 Account Information

What We Collect:

  • Essential Information:
    • Username and password (encrypted)
    • Email address (verified)
    • Age range (for appropriate content)
    • Country/region (for localization)
  • Optional Information:
    • Profile picture
    • Display name
    • Bio/interests
    • Educational preferences

1.2 Game & Learning Data

Automatically Collected:

  • Learning Progress:
    • Course completion rates
    • Quiz scores and answers
    • Time spent on activities
    • Learning style preferences
  • Game Metrics:
    • Achievement records
    • Challenge completions
    • Interaction patterns
    • Skill progression

1.3 Environmental Impact Data

User-Provided & Calculated:

  • Sustainability Actions:
    • Logged eco-friendly activities
    • Resource conservation efforts
    • Carbon footprint calculations
    • Community contributions
  • Impact Metrics:
    • Energy savings
    • Waste reduction
    • Water conservation
    • Emission reductions

1.4 Technical & Usage Data

System-Generated:

  • Device Information:
    • IP address (anonymized)
    • Device type and OS
    • Browser type and version
    • Screen resolution
  • Performance Data:
    • Load times
    • Error logs
    • Navigation patterns
    • Feature usage

2. Legal Bases for Processing

  • 2.1 Consent: Account creation, newsletter subscription, cookie preferences, marketing communications
  • 2.2 Contract Performance: Account management, game functionality, progress tracking, reward distribution
  • 2.3 Legitimate Interests: Platform improvement, security measures, analytics, research
  • 2.4 Legal Obligations: Tax compliance, law enforcement requests, regulatory requirements, safety measures

3. Data Usage & Purposes

  • 3.1 Core Platform Operations: Account management, game functionality, progress tracking, customer support
  • 3.2 Educational Enhancement: Content personalization, learning path optimization, skill assessment, progress reporting
  • 3.3 Environmental Impact: Impact calculation, progress tracking, community benchmarking, achievement verification
  • 3.4 Platform Improvement: Feature optimization, bug fixing, performance monitoring, user experience enhancement

4. Data Sharing & Recipients

  • 4.1 Internal Usage: Customer support team, development team, content creators, research team
  • 4.2 Third-Party Service Providers: Cloud hosting (AWS/Azure), analytics (Google Analytics), payment processors (Stripe), email service (SendGrid)
  • 4.3 Educational Partners: Content providers, research institutions, environmental organizations, educational institutions
  • 4.4 Legal Requirements: Court orders, government requests, regulatory compliance, legal proceedings

5. International Data Transfers

5.1 Data Storage Locations

  • Primary: European Union
  • Backup: European Union
  • Processing: Barcelona, Spain

5.2 Transfer Safeguards

  • Standard Contractual Clauses
  • Adequacy decisions
  • Privacy Shield compliance
  • Data Processing Agreements

6. Data Security

6.1 Technical Measures

  • End-to-end encryption
  • Secure socket layers (SSL)
  • Firewalls and intrusion detection
  • Regular security audits

6.2 Organizational Measures

  • Staff training
  • Access controls
  • Security policies
  • Incident response plan

7. Data Subject Rights

7.1 Your Rights

  • Access your data
  • Correct inaccuracies
  • Request deletion
  • Port your data
  • Restrict processing
  • Object to processing
  • Withdraw consent

7.2 Exercise Your Rights

8. Children's Privacy

8.1 Special Protections

  • Parental consent required
  • Limited data collection
  • No behavioral advertising
  • Enhanced security measures

8.2 Parental Controls

  • Content filtering
  • Activity monitoring
  • Communication controls
  • Time limitations

9. Data Retention

9.1 Retention Periods

  • Active accounts: Duration of account
  • Inactive accounts: 2 years
  • Technical logs: 90 days
  • Backup data: 1 year

9.2 Deletion Procedures

  • Secure erasure
  • Backup removal
  • Third-party notification
  • Verification process

10. Updates & Communications

10.1 Policy Updates

  • Regular reviews
  • Email notifications
  • Platform announcements
  • 30-day notice

10.2 Contact Information

11. Regulatory Oversight

11.1 Supervisory Authority

  • EU data protection authorities
  • Contact details
  • Complaint procedures
  • Resolution process

11.2 Compliance Framework

  • GDPR compliance
  • COPPA compliance
  • Local regulations
  • Industry standards

Last Updated: November 27, 2024

Version: 3.0