Privacy Policy

Last updated: April 20, 2026

What we collect

When you play CruiseQuest we collect the minimum necessary to run the game:

• Nickname — the display name you choose when joining. It appears on leaderboards.
• Photos you submit — uploaded to verify scavenger hunt finds. Accepted photos may appear in the public in-game gallery (opt-in per submission).
• Device cookie (cq_device_code) — a browser cookie that stores your recovery code so you stay signed in. We don't use cross-site tracking cookies.
• Flask session cookie (session) — strictly-necessary cookie used only to keep your signed-in session on the site. It holds a CSRF token and an opaque session ID — no personal data. This cookie is exempt from consent under the PECR/ePrivacy "strictly necessary" exception because the game cannot function without session state.
• Sailing ID — the ship + departure date you joined under, used to place you on the correct leaderboard.
• Find history and token totals — recorded to power leaderboards and your voyage recap.
• Timestamps — when you made each find, used for speedrun scoring and recap stats.

How it's used

• Running per-sailing and global leaderboards.
• AI photo verification — your submitted photos are sent to Anthropic's Claude API to confirm you found the target. They are not used to train AI models.
• Gallery display — only if you tap the gallery opt-in checkbox when submitting.
• Post-cruise voyage recap cards — a shareable summary of your hunt.
• We do not sell or share your data for advertising purposes.

Third-party processors

• Cloudflare — traffic passes through Cloudflare's network for DDoS protection and TLS termination. Cloudflare may log request metadata per their privacy policy.
• Anthropic — your submitted photos are sent to Anthropic's Claude API for vision-based verification. Anthropic's privacy policy governs that data.
• ElevenLabs — nickname text may be sent to ElevenLabs to generate a voiceover narration on the voyage recap page. Audio is streamed to your browser and not persisted long-term by us; ElevenLabs' privacy policy applies to their handling.

Legal basis (GDPR / UK GDPR)

We process your data under these legal bases:

• Legitimate interests — running the game, preventing abuse, and operating the leaderboards.
• Consent — the gallery opt-in checkbox on each photo submission is express consent under Article 6(1)(a). You can withdraw consent at any time by asking us to remove your photos.
• Contract performance — session + device cookies are necessary to deliver the service you requested.

Data retention

We keep your data only as long as the game serves you:

• Active accounts — player record, finds, photos, and recovery code retained while you keep playing.
• Inactive accounts — flagged for review after 24 months of no sign-ins. Photos are deleted; aggregate leaderboard entries may be anonymized and retained.
• On request — email us and we delete everything within 30 days.
• Photos — deleted when the associated find is deleted, the player is deleted, or the player revokes gallery consent.

Your rights (GDPR / UK GDPR — Articles 15–22)

If you are in the EU, UK, or any jurisdiction with comparable law, you have the right to:

• Access — request a copy of all personal data we hold about you.
• Rectification — ask us to correct inaccurate data.
• Erasure ("right to be forgotten") — ask us to delete your data.
• Restriction — ask us to pause processing while a dispute is resolved.
• Portability — request your data in a machine-readable format.
• Object — object to processing based on legitimate interests.
• Withdraw consent — for anything we do on a consent basis (e.g. gallery display).

Email [email protected] with your recovery code to exercise any of these rights. We reply within 30 days. You also have the right to complain to a supervisory authority (e.g. the UK Information Commissioner's Office or your national data-protection authority).

California privacy rights (CCPA / CPRA)

If you are a California resident you have the right to know what personal information we collect, request deletion, and opt out of "sale" or "sharing" of that information.

CruiseQuest does not sell or share your personal information as those terms are defined by CCPA/CPRA. Cloudflare, Anthropic, and ElevenLabs are service providers bound by data-processing agreements — not data purchasers. There is no "Do Not Sell or Share My Personal Information" link because there is nothing to opt out of. You can still request access or deletion by emailing [email protected].

Children (COPPA)

CruiseQuest is intended for cruisers age 13 and older. We do not knowingly collect data from children under 13. The join form asks you to confirm you are 13 or older. If you are a parent or guardian and believe your child under 13 has submitted data, contact us and we will delete it.

Security

All traffic is HTTPS/TLS 1.3 via Cloudflare. The Flask session cookie is marked Secure, HttpOnly, and SameSite=Lax. Forms are CSRF-protected. We do not store passwords — sign-in is a one-time code.

Contact / data controller

The data controller is the CruiseQuest developer. Questions, requests, or complaints: [email protected].