This Privacy Policy governs the manner in which CrypticQuests.com (herein referred to as "we," "us," and "our") collect, use, maintain, and disclose information collected from users ("you") of the CrypticQuests.com website ("site").
Information we collect
When you create an account, we collect your name, email address, and a password. Passwords are stored encrypted and are never visible to us. If you change the email address on file, we temporarily store the new (pending) address while a verification link is outstanding. You may also voluntarily supply optional profile information.
You may visit the public portions of the site without creating an account. Some features — quest generation, gameplay, gift code redemption — require an account.
We may also collect non-personally identifiable technical information when you interact with the site, including browser name, device type, operating system, and similar connection metadata.
Location and GPS data
Active quest play depends on your device's location. With your permission, your browser streams continuous GPS readings to the site so we can detect when you have reached a clue location and render your position on the in-quest map. These readings are processed in your active session and are not stored as a tracked path; the only location data we persist for an unlocked clue is the clue's coordinates, not yours.
When you generate a new quest, you may optionally share a one-time location reading on the generation page so the system can build a quest centered near you. You can decline; in that case you'll need to enter or pin a location manually.
Payment processing
All card data for credit purchases and quest registrations is collected directly by our payment processor (Stripe) inside their secure payment elements. We never see, store, or transmit your card number, CVV, or expiration date. What we record on our side is an order entry containing the amount, payment method tag, the processor's payment identifier, and the IP address from which the order was placed — used for fraud prevention and customer support.
Quest generation and third-party services
To produce an AI-generated quest we send your selected theme, preferences, requested location, and nearby points-of-interest data to third-party AI text and image generation services. We do not include your name, email address, account identifier, or any other personally identifying information in those requests. Points-of-interest data may be retrieved from third-party mapping providers using the requested location.
Custom or bespoke quests created outside the public AI offering may be governed by a separate agreement with the requesting client.
Cookies and similar technologies
We use a small number of cookies and browser-stored values to operate the site:
- An authentication cookie that keeps you signed in.
- Anti-forgery tokens that protect form submissions.
- Limited use of session storage.
You may configure your browser to refuse cookies, but doing so will prevent you from signing in or using most of the site.
Email communications
We send transactional email tied to actions you take on your account — for example: account verification, password reset, account-lockout notice, security notifications when account or email information changes, purchase receipts, reminders that a generation credit is approaching its expiration, gift code redemption confirmations, and review requests after you complete a quest. Transactional email cannot be unsubscribed from while you have an active account, because it is part of operating that account.
Promotional or newsletter email, if you opt into it, can be unsubscribed from at any time using the unsubscribe link included in those messages.
Background processing and data retention
We run scheduled background tasks that perform routine housekeeping. Short-lived nonce tokens are purged after a few days. Internal error logs are retained for diagnostic purposes for a limited period and then purged.
Spam and abuse protection
To protect signup forms and sensitive endpoints from abuse, we apply rate limiting and screen newsletter subscription IP addresses against a public spam-IP database. Repeated abuse may result in temporary or permanent blocks.
How we use the information we collect
We use the information we collect to operate your account, deliver and run the quests you register for or generate, fulfill payments and gift code redemptions, send the transactional email described above, respond to support inquiries, prevent abuse, and improve the service.
How we protect your information
We adopt appropriate data collection, storage, and processing practices and security measures to protect against unauthorized access, alteration, disclosure, or destruction of personal information stored on our site. Among other measures: traffic between you and the site is served over HTTPS with HSTS enforced; account passwords are stored only as salted hashes; and repeated failed sign-in attempts trigger a temporary account lockout.
Card data is handled by Stripe under their PCI-compliant infrastructure; No card data touches our servers.
Third-party websites
You may find advertising or other content on our site that links to the sites and services of our partners, suppliers, advertisers, sponsors, licensors, and other third parties. We do not control the content or links that appear on these sites and are not responsible for the practices employed by websites linked to or from our site. These sites and services may have their own privacy policies and customer service policies. Browsing and interaction on any other website is subject to that website's own terms and policies.
Compliance with Children's Online Privacy Protection Act (COPPA)
Protecting the privacy of the very young is especially important. For that reason, we never knowingly collect or maintain information from those under 13, and no part of our site is structured to attract anyone under 13.
Your access and choices
You can update your name and other profile information at any time from your account settings. You can change the email address on your account — the change will require confirmation from the new address before it takes effect, and the previous address will receive a security notification. You can reset your password from the sign-in page.
If you wish to close your account, please contact us and we will assist.
Changes to this privacy policy
CrypticQuests.com has the discretion to update this privacy policy at any time. When we do, the revision date at the top of this page will be updated. We encourage you to check this page periodically. Your continued use of the site following the posting of changes constitutes your acceptance of those changes.
Your acceptance of these terms
By using this site, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our site.
Contacting us
If you have any questions about this Privacy Policy please contact us.