Privacy Policy

Effective: April 7, 2026

1. Introduction

This Privacy Policy explains how Analardo Games ("we", "us", "our") collects, uses, and protects your personal data when you use Clueshot at clueshot.com ("the Service"). We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

The data controller for the Service is Analardo Games. For any questions regarding your personal data, you can contact us at info@clueshot.com.

3. Data We Collect

We collect the following categories of data:

• Account data: Email address and hashed password (stored securely by our authentication provider, Supabase). If you sign in with Google, we receive your email address from Google.
• Profile data: Account creation date, number of games created, and number of games played.
• Game data: Game titles, step passwords, step instructions, and photo URLs that you create as part of your games.
• Photos: Images you upload as part of game creation, stored in cloud storage.
• Game progress: Which games you have played, your current step, and completion status.
• Payment data: If you subscribe to Clueshot Pro, Stripe processes your payment information (card details, billing address). We do not store your full card number or payment details. We store your Stripe customer identifier and subscription status in our database to manage your subscription.
• Technical data: Our hosting provider (Netlify) and database provider (Supabase) automatically collect server access logs, which may include IP addresses, browser type, and access timestamps. We do not use analytics or tracking tools beyond these standard server logs.

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under Article 6 of the GDPR:

• Contract performance (Art. 6(1)(b)): Processing necessary to provide the Service — account management, game creation, game progress tracking.
• Legitimate interest (Art. 6(1)(f)): Service operation, security monitoring, and infrastructure maintenance.
• Consent (Art. 6(1)(a)): When you register an account and agree to these terms. You may withdraw consent at any time by deleting your account.

5. How We Use Your Data

We use your data to:

• Provide and operate the scavenger hunt service.
• Store and display games you create.
• Track your game progress so you can resume games.
• Manage your account and authenticate your identity.
• Send transactional emails (account confirmation, password reset).

We do not use your data for advertising, profiling, or automated decision-making.

6. Data Sharing and Third Parties

We share your data with the following service providers, solely for the purpose of operating the Service:

• Supabase (database, authentication, file storage) — processes account data, game data, photos, and progress. Based in the US.
• Netlify (web hosting) — serves the application and processes server access logs. Based in the US.
• Google (OAuth sign-in) — only if you choose to sign in with Google. Subject to Google's Privacy Policy.
• Stripe (payment processing) — processes payment information for Clueshot Pro subscriptions. We share your email address with Stripe when you subscribe. Subject to Stripe's Privacy Policy. Based in the US.
• Resend (email delivery) — processes your email address for transactional emails (confirmation, password reset). Based in the US.

We do not sell, rent, or share your personal data with any other third parties. We do not use advertising networks or tracking cookies.

7. Data Retention

We retain your data as follows:

• Account data and profile: Retained until you delete your account.
• Game progress: Retained until you delete your account.
• Games you created: Upon account deletion, your games become anonymous (the link between your account and the games is removed). The games and their associated photos remain accessible to preserve the experience for other players who may have shared links.
• Payment data: Stripe retains payment records according to their retention policy and legal requirements. We retain your Stripe customer identifier and subscription status until account deletion.
• Server logs: Retained according to our hosting providers' standard retention policies.

8. Your Rights Under GDPR

Under the GDPR (Articles 15-22), you have the following rights regarding your personal data:

• Right of access (Art. 15): You can request a copy of the personal data we hold about you.
• Right to rectification (Art. 16): You can request correction of inaccurate personal data.
• Right to erasure (Art. 17): You can delete your account at any time through the user menu in the application. This permanently removes your profile and progress data.
• Right to restriction of processing (Art. 18): You can request that we limit how we process your data.
• Right to data portability (Art. 20): You can request your data in a structured, machine-readable format.
• Right to object (Art. 21): You can object to processing based on legitimate interest.
• Right to withdraw consent: You may withdraw your consent at any time by deleting your account.
• Right to lodge a complaint: You have the right to file a complaint with a data protection supervisory authority.

To exercise any of these rights, please contact us at info@clueshot.com.

9. Cookies and Local Storage

We do not use tracking cookies. The Service uses browser local storage for the following operational purposes:

• Authentication tokens: Supabase stores session tokens in local storage to keep you signed in.
• Game session: Current game progress is cached locally for seamless gameplay.
• Draft data: Unsaved game creation drafts are temporarily stored locally (automatically expires after 1 hour).

10. Children's Privacy

The Service is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe a child under 16 has provided us with personal data, please contact us at info@clueshot.com and we will delete it promptly.

11. International Data Transfers

Your data is processed by service providers based in the United States (Supabase, Netlify, Resend, Stripe). These transfers are protected by Standard Contractual Clauses (SCCs) as approved by the European Commission, ensuring an adequate level of data protection.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Effective" date at the top of this page. We encourage you to review this policy periodically.

13. Contact

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at info@clueshot.com.