Privacy Policy

For Meta Quest apps by Invirt GmbH, commissioned by the company or its clients

Last Updated: Mai 13, 2026

1. Data Controller

The entity responsible for processing personal data in connection with these apps is:

Invirt GmbH
Alsbacher Str. 34
64342 Seeheim-Jugenheim
Germany

Represented by the Managing Director: Rolf Kruse
Email: info@invirt.de

2. Subject of this Privacy Policy

This Privacy Policy provides information regarding the nature, scope, and purpose of the processing of personal data when using Meta Quest apps provided by Invirt GmbH.

It applies to the use of the app on devices and services from Meta Quest / Meta Horizon OS, as well as associated support, communication, and web functions where applicable.

3. Data We Process

Depending on the functional scope of the respective app, we process the following data:

a) Technical Usage Data

When using the app, technically necessary data may be processed, in particular:

  • Device and system information

  • App version

  • Language settings

  • Error messages / Crash data

  • Date and time of use

  • Log data to ensure technical operation

This processing is carried out to provide the app, ensure stability, and troubleshoot errors.

Legal Basis: Art. 6 (1) (b) GDPR, insofar as processing is necessary for the provision of the app, and Art. 6 (1) (f) GDPR based on our legitimate interest in security, stability, and error analysis.

b) Meta / Platform Data

To the extent provided by the platform and required for app functionality, we may receive certain account information or platform-related identifiers, such as:

  • User ID or app-specific platform ID

  • Display name / Username

  • Purchase or entitlement status

  • Where applicable, friend or multiplayer information, insofar as required for social or multiplayer functions

We process this data only to the extent necessary to provide the respective app functions.

Legal Basis: Art. 6 (1) (b) GDPR.

c) User-Provided Content

If the app allows user input, we may process content provided by you, such as:

  • Text inputs

  • Uploaded content

  • Support inquiries

  • Voluntarily shared information

Legal Basis: Art. 6 (1) (b) GDPR or Art. 6 (1) (f) GDPR for support and communication.

4. Permissions and Sensor-Related Data

Depending on its specific function, the app may access certain device features. Such access only occurs if technically necessary for the respective function or if you have given your consent.

Microphone

If the app offers voice communication, voice input, or audio interactions, it may access the device’s microphone. Audio data is only processed to the extent necessary for the respective function.

Legal Basis: Art. 6 (1) (b) GDPR or Art. 6 (1) (a) GDPR, if consent is required.

Camera / Passthrough for Image Analysis and Mixed Reality Applications

If the app provides Mixed Reality, Passthrough, or camera-based functions, visual environment data may be processed to the extent necessary to use these functions.

Storage or transmission of such data only occurs if expressly provided for in the app’s functionality and made transparent to you.

Legal Basis: Art. 6 (1) (b) GDPR or Art. 6 (1) (a) GDPR, if consent is required.

Motion, Position, and Interaction Data

To display and control the VR/MR application, position, motion, and interaction data may be processed, such as:

  • Headset position and orientation

  • Controller or hand-tracking data

  • Interactions with virtual objects

  • Session status and progress

This data is processed specifically to map user movements to avatars and to synchronize interactive or animated objects.

Legal Basis: Art. 6 (1) (b) GDPR.

5. Purposes of Data Processing

We process personal data for the following purposes:

  • Provision and operation of the app

  • Authentication and rights management

  • Error analysis and technical stability

  • Improvement of user experience and features

  • Processing support inquiries

  • Prevention of abuse and security threats

  • Compliance with legal obligations

6. Analytics and Audience Measurement

Insofar as analytics, statistics, or crash-reporting tools are used in individual apps, we process usage data such as:

  • Session duration

  • Technical errors

  • Crashes

  • Device information

  • Aggregated usage events

If such a service is not technically necessary, it is only used based on a corresponding legal basis, particularly your consent, where required.

Legal Basis: Art. 6 (1) (a) GDPR or Art. 6 (1) (f) GDPR, provided only strictly necessary technical analysis is performed.

7. Recipients and Data Processors

We only share personal data when necessary. Recipients may include:

  • Technical hosting or cloud service providers

  • Support or maintenance service providers

  • Analytics and error diagnosis providers

  • Meta Platforms or platform services, insofar as required for operation on Meta Quest

  • Other recipients if we are legally obligated to do so

If external service providers act on our behalf, this is done based on Data Processing Agreements (DPA) pursuant to Art. 28 GDPR, where legally required.

Photon

For multi-user and real-time functions (motion, position, and interaction data, audio transmission), we use services from Photon Engine. In this context, technical connection and session data, as well as interaction and synchronization data, may be processed as required for multiplayer functions. Photon is used as a technical service provider. Further information on Photon’s data protection and compliance can be found at: https://www.photonengine.com/compliance

Meta Horizon and Quest Platform Services

For the distribution, provision, and operation of our Meta Quest applications, we use—insofar as implemented in the respective app—platform services from Meta Horizon / Meta Quest. This may include entitlement checks for authorization and license control, platform-related account and ID data, download and provisioning functions, as well as multiplayer and social features such as invites, Group Presence, Rosters, Rejoin, or Leaderboards.

In this context, app- and platform-specific identifiers, usage or entitlement status, technical device information, and session, presence, interaction, or leaderboard data required for the respective function may be processed.

To the extent we receive data via these services or transmit it to Meta, this occurs exclusively to the extent necessary for the operation of the respective app and the activated platform functions.

Which Meta platform functions are actually used depends on the specific app and its configuration. Further information on the platform services provided by Meta for Quest and Horizon apps can be found in Meta’s developer documentation for Platform Services / Platform Solutions.

8. Data Transfer to Third Countries

If personal data is transferred to third countries, this occurs only in compliance with applicable data protection requirements, particularly on the basis of adequacy decisions or Standard Contractual Clauses.

9. Data Retention Period

We store personal data only as long as necessary for the respective purposes or as required by legal retention periods.

  • Technical log and error data are regularly deleted or anonymized once they are no longer required for operation, security, or troubleshooting.

  • Support data is stored only as long as necessary to process the request and comply with legal obligations.

  • Usage data is deleted or anonymized as soon as the purpose of processing no longer applies.

10. Your Rights

Under the GDPR, you have the following rights:

  • Right of Access (Art. 15 GDPR)

  • Right to Rectification (Art. 16 GDPR)

  • Right to Erasure (Art. 17 GDPR)

  • Right to Restriction of Processing (Art. 18 GDPR)

  • Right to Data Portability (Art. 20 GDPR)

  • Right to Object to processing based on Art. 6 (1) (f) GDPR (Art. 21 GDPR)

  • Right to withdraw consent at any time with effect for the future

To exercise your rights, you may contact us at any time at info@invirt.de.

Additionally, you have the right to lodge a complaint with a data protection supervisory authority.

11. Obligation to Provide Data

Certain data is technically necessary to use the app. Without this data, the app cannot be provided in whole or in part.

Where data is provided voluntarily, non-provision is generally possible, but may result in individual functions being unavailable.

12. Minors

These apps are not directed at children. In special cases, they may be directed at adolescent users within the legally permissible framework. If personal data of minors is processed, it is done only in accordance with applicable legal regulations.

13. External Links

If the app or associated websites contain links to external websites, we have no influence over their content or privacy practices. The respective operators are responsible for that content.

14. Changes to this Privacy Policy

We may update this Privacy Policy if required due to technical, legal, or business changes.

The current version can be accessed at the following URL:

https://www.invirt.de/privacy-policy-quest

15. Privacy Contact

For questions regarding data protection, you can contact us at:

Invirt GmbH
Alsbacher Str. 34
64342 Seeheim-Jugenheim
Germany
Email: info@invirt.de