1. Introduction

This Privacy Policy describes how Nau-Hau GmbH (“we”, “our”, “us”) collects, uses, stores, shares, and protects information (“User Data”) when you use Soul Drive, a VR experience distributed on the Meta Quest / Horizon platform.
We process User Data responsibly, transparently, and in accordance with Meta’s Developer Data Use Policy, the GDPR, and other applicable laws.

By using Soul Drive, you acknowledge that this Policy applies to all interactions within the app and any connected platform features such as In-App Purchases (IAP).

2. Data We Collect

We collect and process only the minimum data necessary to operate and improve the app. This includes:

  1. Platform and Purchase Data

    • Meta account ID (for purchase entitlement validation)

    • Product identifier, transaction status, purchase timestamp

    • License and access tokens provided through the Meta platform

  2. Technical and Device Information

    • Device type, OS version, region, language, app version

    • Performance logs and crash reports (anonymized)

  3. Voluntary User Communication

    • Information you share when contacting us for support (e.g. email address, description of issue)

We do not collect or store facial, body-tracking, eye-tracking, biometric, voice, or location data.
We do not collect any data from Meta’s Advertising ID or use third-party analytics, tracking, or advertising SDKs.

3. How We Use Data

We use the data listed above exclusively for the following purposes:

  • Provide core functionality: enable and validate in-app purchases and access to owned content.

  • Maintain security and performance: ensure app stability and fix technical issues.

  • Comply with legal requirements: maintain minimal purchase records as required by law.

  • Support requests: respond to user inquiries you submit voluntarily.

We do not use or combine User Data for profiling, targeted advertising, or any secondary purposes.

4. Legal Basis for Processing

Processing of User Data is based on:

  • Contractual necessity (Art. 6 (1)(b) GDPR) to deliver the purchased or downloaded content;

  • Legitimate interest (Art. 6 (1)(f) GDPR) in maintaining app stability and preventing abuse;

  • Consent (Art. 6 (1)(a) GDPR) for any optional user-initiated communication.

5. Data Storage and Security

We implement industry-standard administrative, physical, and technical safeguards to protect data against unauthorized access, alteration, or loss.

  • All purchase-related processing takes place within Meta’s secure platform.

  • Soul Drive does not maintain external servers that store user profiles or financial data.

  • Support correspondence is stored securely and deleted after the request is resolved.

  • We and any service providers operate under confidentiality and data-processing agreements consistent with Meta’s Policy § 6.1.

6. Data Sharing

We do not sell, rent, or license User Data.
User Data is shared only in the following cases:

  1. With Meta Platforms, Inc. and its affiliates to enable platform services such as purchase validation.

  2. With authorized Service Providers, solely to perform technical or customer-support functions on our behalf, under written contracts that:

    • restrict data use to our specified purposes,

    • require deletion upon termination, and

    • ensure security and confidentiality.

  3. When required by law or valid legal request.

We retain full responsibility for the compliance of any such Service Providers.

7. User Rights and Data Deletion

Users have the right to:

  • Access and receive information about stored data;

  • Request correction or deletion of personal information;

  • Withdraw consent to voluntary communications.

To request deletion of data under our control (e.g. support emails), contact us at mail@nau-hau.com.
For data managed by Meta Platforms, including account, device, and purchase data, you can manage or delete your data via the Meta Privacy Center:
https://www.meta.com/legal/privacy-center/

We comply with Meta Policy § 6.2–6.3 by promptly deleting data when:

  • a user requests deletion,

  • data is no longer necessary,

  • the app or platform relationship ends, or

  • deletion is required by law or by Meta.

8. Children’s Privacy

Soul Drive is not directed toward children under 13 (or under the minimum age in your jurisdiction). We do not knowingly collect data from minors. Parents or guardians may contact us to delete such data if obtained inadvertently.

9. Incident Notification and Vulnerability Reporting

If we become aware of unauthorized access, loss, or disclosure of data, we will notify Meta and affected users without undue delay as required under Meta Policy § 6.4.
Security vulnerabilities or privacy concerns can be reported directly to: mail@nau-hau.com. We will promptly address verified issues.

10. International Transfers

All processing occurs within the Meta infrastructure.
Where data is transferred outside the EEA or UK, such transfers rely on the EU Standard Contractual Clauses and the UK Addendum consistent with Meta’s Developer Data Use Policy §§ 10 and 10A.

11. Policy Changes

We may update this Privacy Policy as necessary to reflect changes in our app, platform integrations, or legal requirements. The latest version will always be available on our website and within the app. Continued use of Soul Drive after publication of updates constitutes acceptance of the revised terms.

12. Contact

Nau-Hau GmbH
VR & AR Software Development and Consulting
Karlstraße 3, 72072 Tübingen, Germany
Email: mail@nau-hau.com
Phone: +49 7071 1436998 Mobile: +49 1622 377258

Amtsgericht Stuttgart – HRB 777116 USt-IdNr. DE339941067

13. Effective Jurisdiction and Version

This Policy shall be governed by and interpreted in accordance with the laws of Germany.
If this Policy is provided in multiple languages, the English version prevails for Meta Store compliance purposes.