Privacy Policy
Last updated: June 28, 2026
This Privacy Policy explains how MiniReliX ("MiniReliX", "we", "us", or "our") collects, uses, and protects your personal data when you use the MiniReliX app, website, and related services (the "Service").
MiniReliX is a digital collectibles game: you scan QR codes placed at real world locations to collect "relics", keep them on themed shelves, build a profile, and follow other collectors. Please read this policy carefully.
Who we are
Service: MiniReliX
Operated by: Vincent Brandsma
Address: De Klencke 95B, 1083 HH Amsterdam, Netherlands
Email: contact@minirelix.com
Changes to this policy
We may amend this Privacy Policy from time to time. The amended policy will be published on this page with the date it takes effect, so please review it regularly. If a change significantly affects you, we will make reasonable efforts to inform you directly.
Personal data we collect
Information you provide directly
- Account details: your email address, username, and display name. Passwords are handled by our authentication provider and stored only in hashed form, we never see them in plain text.
- Profile information: your profile photo and whether your profile is set to public or private.
- Your content: photos you choose to attach to relics you collect, and any text you add to your profile.
- Social activity: the collectors you follow and your interactions within the Service.
- Support communications: messages you send us for help.
Information we collect automatically
- Location data: when you scan to collect a relic, we use your device's location to verify that you are actually at the relic's real world spot. We use precise location only at the moment you scan.
- Device and usage data: IP address, device and operating system type, app version, and basic interaction and diagnostic data needed to run and debug the Service.
- Sign in codes: when you sign in with a one time email code, that code is stored briefly on our servers to verify it, then expires.
How we use your data
We use your personal data for the following purposes and on the following legal bases under the GDPR:
- Providing the Service (accounts, collecting relics, shelves, profiles, following). Legal basis: performance of a contract (Art. 6(1)(b)).
- Location verification for on location scanning and related anti cheat checks. Legal basis: performance of a contract (Art. 6(1)(b)).
- Authentication and account security (one time codes, sign in). Legal basis: performance of a contract and legitimate interests (Art. 6(1)(b) and (f)).
- Social features (showing your public profile, username, and photo to others, as set by you). Legal basis: performance of a contract (Art. 6(1)(b)).
- Security and fraud prevention (detecting location spoofing, cheating, and abuse). Legal basis: legitimate interests (Art. 6(1)(f)).
- Maintaining and improving the Service (diagnostics, fixing bugs). Legal basis: legitimate interests (Art. 6(1)(f)).
- Service related emails (sign in codes, and important account or security notices). Legal basis: performance of a contract (Art. 6(1)(b)). We do not send marketing email without your consent.
We do not carry out automated decision making that produces legal or similarly significant effects within the meaning of Article 22 GDPR.
Location data
MiniReliX is a location based game. To award a relic, we compare your device's location with the relic's registered coordinates at the time you scan. We use this precise location only for that verification and related anti cheat checks. We do not continuously track your location in the background, and we never use it for advertising. You can disable location access in your device settings at any time, but on location scanning will not work without it.
Cookies and similar technologies
MiniReliX uses only functional storage needed to run the Service, for example to keep you signed in (authentication tokens) and to operate our hosting and security provider (Cloudflare). We do not use advertising cookies, and we do not run third party analytics or marketing trackers. Because we only use strictly necessary functional storage, no cookie consent banner is required. You can clear this storage at any time through your browser or device settings.
Sharing of personal data
We never sell your personal data. We share it only with service providers that help us run MiniReliX, and only as needed to provide the Service:
| Purpose | Recipient |
|---|---|
| Hosting, database, storage, authentication | Google Firebase |
| Email delivery (sign in codes, account notices) | Resend |
| Domain, content delivery, security | Cloudflare |
Other collectors: if your profile is public, your username, display name, profile photo, and collections are visible to other users, and followers can see your activity according to your settings. You control this through your public or private profile setting.
Legal and safety: we may disclose data where required by law, or to protect the rights, safety, or security of MiniReliX or our users.
Children's privacy
MiniReliX is not directed to children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, please contact us and we will delete it.
Data retention
We keep your personal data for as long as your account is active. If you delete your account, we delete or anonymize your personal data within a reasonable period, except where we must keep certain data to comply with legal obligations or to resolve disputes. Sign in codes are short lived and expire automatically. Residual copies may remain in routine backups for a limited time.
Security
- Encryption in transit: all traffic uses HTTPS/TLS.
- Encryption at rest: our database and file storage encrypt data at rest, stored in an EU region.
- Access control: token based authentication with expiry protects access to your data.
- Logging and monitoring: access attempts and security events are logged.
Your privacy rights
Under the GDPR you have the right to: access your data, rectify inaccurate data, erase your data, restrict processing, data portability, object to processing, and withdraw consent where processing is based on consent.
To exercise your rights, email contact@minirelix.com. We may ask for information to verify your identity, but only what is necessary. If you have a complaint about how we handle your data, you can contact us, and you may also lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens), PO Box 93374, 2509 AJ The Hague, website autoriteitpersoonsgegevens.nl.
International transfers
We prioritize storing your data in the European Economic Area (EEA). Some of our service providers (such as Google Firebase, Cloudflare, and Resend) may process data outside the EEA, including in the United States. Where they do, transfers are protected by an EU adequacy decision and/or EU approved Standard Contractual Clauses. You may request a copy of these safeguards by contacting us.
Third party links
The Service may link to third party sites or services that we do not control. We are not responsible for their privacy practices, so please review their policies separately.
Questions
If you have any questions or concerns about this Privacy Policy, contact us at contact@minirelix.com or at the address above.