Privacy Policy

Last updated: April 2026

city-seekers is a location-based scavenger-hunt web app. This page explains what we collect, why, and how you can get your data out or deleted. We aim for the smallest footprint that keeps the game working.

What we collect

• Account — your email address, display name, and a one-way hashed password (we never see the plaintext).
• Hunt progress — which stops you've unlocked and when, which hints you revealed, your total time and score.
• Photos — only those you explicitly upload for a stop's photo challenge. They are tied to your hunt play and shown on the public live board.
• Server logs — IP address, user agent, timestamps, and the path you requested. Used for debugging and abuse prevention; rotated on a short window.

What we do not collect

• Continuous location. Your GPS is read by your browser only while a hunt is actively open, and is used on-device to check distance to the next stop. We do not upload your coordinates to our server unless you post a photo (in which case we store only the photo, not a track).
• Advertising identifiers or cross-site tracking. There are no ad networks embedded in this site.
• Contacts, microphone, calendar, or anything else outside the hunt flow.

Third parties

We do not share your data with advertisers, brokers, or analytics vendors. Hunt locations are geocoded at author-time against OpenStreetMap Nominatim before the hunt is published — that happens on the author's machine, not from your device, and does not send us your position. Our hosting provider (Railway) processes server logs on our behalf under their standard data-processing terms.

Cookies

We use two first-party cookies: a signed session cookie to keep you logged in, and a CSRF token cookie to prevent cross-site form submissions. Both are required for the site to function. No advertising, marketing, or third-party cookies are set on city-seekers.com.

Payments & Stripe

When you buy a hunt or city bundle we hand you off to Stripe's hosted checkout page (checkout.stripe.com). Stripe handles your card details directly; city-seekers never sees them. Stripe sets its own cookies on its own domain — see stripe.com/privacy for details. We store the Stripe session ID, the SKU you bought, the amount, and a link to your receipt — that's it.

How long we keep your data

Account data and hunt progress are kept until you ask us to delete them. Server logs are rotated on a short window (days to weeks, not months). Photos you uploaded stay with your account and are removed if you delete the account.

Your rights

You can request an export of your account data, correction of inaccurate information, or deletion of your account at any time. To make a request, email [email protected] from the address on the account. We'll confirm and complete deletion within a few business days.

Security

Passwords are hashed with bcrypt before they're stored. Sessions are signed with a server-side secret and use secure, same-site cookies. We do not claim to be bulletproof — if you suspect your account has been compromised, email us and change your password.

Children

city-seekers is not designed for or targeted at children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has created an account, email us and we will delete it.

Changes to this policy

We may update this policy as the game evolves. Material changes will be noted by updating the "Last updated" date at the top of the page. Continued use of the site after a change means you accept the updated policy.

Contact

Questions or requests about this policy: [email protected]. See the contact page for other inquiries.