STRATFORGE
Effective Date: April 14, 2026
Bosphor Studio I/S
CVR: 46346335
Copenhagen, Denmark
Last updated: April 14, 2026
This Privacy Policy explains how Bosphor Studio I/S (CVR: 46346335), Istedgade 42B, 3., 1650 København V, Denmark ("we," "us," "our") collects, uses, stores, and protects your personal data when you use the StratForge mobile application ("App" or "Service").
We are committed to protecting your privacy and handling your data transparently and in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and other applicable data protection laws.
By using StratForge, you acknowledge that you have read and understood this Privacy Policy. If you have questions, contact us at support-stratforge@bosphorstudio.com.
The data controller responsible for your personal data is:
Bosphor Studio I/S
CVR: 46346335
Istedgade 42B, 3.
1650 København V, Denmark
Email: support-stratforge@bosphorstudio.com
We have not appointed a Data Protection Officer (DPO) as our processing activities do not require one under Article 37 of the GDPR. All privacy inquiries should be directed to the email address above.
We collect and process different categories of data depending on how you interact with the Service.
When you create an account, we collect:
You may optionally provide:
When you use team features, we process:
This data is stored on our servers and is accessible to other members of your team based on their role permissions.
We use the privacy-friendly analytics service TelemetryDeck (TelemetryDeck GmbH, Von-der-Tann-Str. 54, 86159 Augsburg, Germany) to understand how the App is used. TelemetryDeck does not collect any personally identifiable information. All user identifiers are cryptographically anonymized before they leave your device, using a one-way hash that cannot be reversed or traced back to you. The data collected includes only anonymous usage signals (e.g., "app opened," "screen viewed") and contains no personal data as defined by the GDPR.
For more information, see TelemetryDeck's privacy policy at https://telemetrydeck.com/privacy.
We use a crash reporting service to collect anonymous diagnostic data when the App encounters errors. Crash reports do not contain any user identifiers, email addresses, or personally identifiable information. They include only technical data such as device type, operating system version, and stack traces to help us identify and fix bugs.
StratForge does not collect:
Under the GDPR, we must have a valid legal basis for each processing activity. The table below summarizes our purposes and their legal grounds.
| Purpose | Data Used | Legal Basis (GDPR) |
|---|---|---|
| Account creation and authentication | Email, password hash, display name, third-party ID | Contract performance — Art. 6(1)(b) |
| Email verification and password resets | Email address | Contract performance — Art. 6(1)(b) |
| Providing the Service (teams, strategies, maps, schedules) | Team data, content data, profile data | Contract performance — Art. 6(1)(b) |
| Subscription and entitlement management | Subscription status, entitlement records | Contract performance — Art. 6(1)(b) |
| Push notification delivery | Encrypted device token | Contract performance — Art. 6(1)(b) |
| Rate limiting and security | IP address (temporary) | Legitimate interest — Art. 6(1)(f) |
| Anonymous product analytics | Anonymized usage signals (TelemetryDeck) | Legitimate interest — Art. 6(1)(f). Note: this data is not personal data under GDPR. |
| Crash reporting and bug fixes | Anonymous crash data | Legitimate interest — Art. 6(1)(f). Note: this data is not personal data under GDPR. |
| Compliance with legal obligations | Account data, subscription records | Legal obligation — Art. 6(1)(c) |
Regarding legitimate interest: Where we rely on legitimate interest, we have conducted a balancing assessment to ensure our interests do not override your fundamental rights and freedoms. Our analytics are fully anonymized (TelemetryDeck) or contain no personal data (crash reports), minimizing any impact on your privacy. Rate limiting uses IP addresses only temporarily and never stores them linked to your identity.
We share personal data with the following categories of third-party service providers, each of which processes data on our behalf under a Data Processing Agreement (DPA):
| Provider / Category | Purpose | Data Shared | Location |
|---|---|---|---|
| Identity provider (e.g., Google) | User authentication via OAuth | Authentication token (verified server-side only) | United States / EU |
| Subscription management service | Subscription state and entitlement verification | User identifier, subscription status | EU / United States |
| Push notification service (Firebase Cloud Messaging) | Delivering push notifications | Encrypted device token, notification content | United States (Google) |
| Crash reporting service (Firebase Crashlytics) | Anonymous crash diagnostics | Anonymous crash data (no PII) | United States (Google) |
| Analytics service (TelemetryDeck GmbH) | Anonymous product analytics | Anonymized, non-personal usage signals | Germany (EU) |
| Content delivery network | Hosting profile images, team images, and video content | Uploaded images, video streams | EU / Global edge network |
| Transactional email service | Sending verification codes and password resets | Email address, email content | EU / United States |
| App Stores (Apple / Google) | App distribution, billing, and refunds | As per App Store terms (we do not control this data) | United States / Global |
We do not sell, rent, or trade your personal data to any third party. We only share data with processors as described above, and each processor is contractually bound to use it solely for the purposes specified.
Our primary servers are located in the European Union (EU). However, some of our third-party processors operate in the United States or other countries outside the European Economic Area (EEA).
Where personal data is transferred outside the EEA, we ensure appropriate safeguards are in place, including:
You may request information about the specific safeguards applied to any transfer by contacting us.
We retain personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy.
While your account is active, we retain all account data, profile data, and content data necessary to provide the Service.
When you delete your account through the App:
If you have an active subscription at the time of account deletion, we may retain limited subscription-servicing and compliance records for a defined period. These records are kept solely to verify entitlement, handle refunds or chargebacks, or assist you in re-linking a subscription to a new account. They are stored separately, access-restricted, and deleted when no longer necessary.
Anonymized analytics data (TelemetryDeck) and anonymous crash reports cannot be traced back to you and may be retained indefinitely for product improvement purposes. This data is not personal data under the GDPR.
We may retain certain data beyond the periods stated above where required by law (e.g., tax, accounting, or legal compliance obligations).
We implement appropriate technical and organizational measures to protect your personal data, including:
While we take reasonable precautions, no system is completely secure. We cannot guarantee absolute security of your data, but we are committed to promptly addressing any security incidents.
Under the GDPR and applicable data protection laws, you have the following rights regarding your personal data:
You have the right to request a copy of the personal data we hold about you and information about how it is processed.
You may update your display name, profile image, and other profile information directly in the App at any time. For corrections to other data, contact us.
You can delete your account at any time through the App. This will anonymize or delete your personal data as described in Section 7. You may also contact us to request erasure.
You may request that we restrict the processing of your personal data in certain circumstances, such as while we verify the accuracy of your data or assess an objection you have raised.
You have the right to receive the personal data you provided to us in a structured, commonly used, and machine-readable format, and to transmit that data to another controller where technically feasible.
You have the right to object to processing based on legitimate interest. If you object, we will cease processing unless we demonstrate compelling legitimate grounds that override your interests.
If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. Our lead supervisory authority is the Danish Data Protection Agency (Datatilsynet):
Datatilsynet
Carl Jacobsens Vej 35
2500 Valby, Denmark
https://www.datatilsynet.dk
If you reside in another EU/EEA member state, you may also lodge a complaint with your local supervisory authority.
To exercise any of the above rights, contact us at support-stratforge@bosphorstudio.com. We will respond to your request within 30 days. We may ask you to verify your identity before processing your request.
StratForge is not intended for children under the age of 13. We do not knowingly collect personal data from children under 13. If we become aware that we have inadvertently collected personal data from a child under 13, we will take steps to delete that data as soon as possible.
If you are a parent or guardian and believe your child has provided us with personal data, please contact us at support-stratforge@bosphorstudio.com.
If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with additional rights regarding your personal information.
We do not sell or share your personal information as defined by the CCPA/CPRA. We do not use your personal information for cross-context behavioral advertising.
As a California resident, you have the right to:
To exercise these rights, contact us at support-stratforge@bosphorstudio.com.
If you opt in to push notifications, we store an encrypted device token on our servers to deliver notifications. This token cannot identify you personally without access to your account data.
You may disable push notifications at any time through your device's system settings. When you disable notifications or delete your account, your device token is removed from our servers.
We periodically remove invalid or expired tokens from our systems to maintain data hygiene.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons.
When we make material changes, we will:
We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes are published constitutes acceptance of the updated policy.
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
Bosphor Studio I/S
CVR: 46346335
Istedgade 42B, 3.
1650 København V, Denmark
Email: support-stratforge@bosphorstudio.com
Website: www.bosphorstudio.com