Privacy Policy

Effective Date: January 20, 2026

1. Introduction

This Privacy Policy governs the collection, use, disclosure, retention, and safeguarding of information processed in connection with the Service. It is intended to provide a comprehensive, legally robust explanation of our data‑handling practices, drafted in accordance with prevailing privacy, consumer‑protection, and data‑security standards.

The Company administers the Service as part of a broader digital ecosystem and may process information in multiple jurisdictions. We maintain internal governance frameworks, data‑handling protocols, and compliance controls designed to ensure that personal information is processed lawfully, fairly, transparently, and in a manner proportionate to the operational needs of the Service.

Your continued access to or use of the Service constitutes acknowledgment that you have reviewed this Policy and consent to the practices described herein to the extent permitted by applicable law.

2. Information We Collect

2.1 Information You Provide Directly

We may collect information that you voluntarily submit, including but not limited to:

• Account Credentials: Usernames, email addresses, authentication tokens, and other identifiers necessary to establish and maintain an account.
• Transactional Information: Limited payment‑related details required to facilitate purchases. Full payment card numbers and sensitive financial data are processed exclusively by our authorized payment processors and are not stored on our systems.
• User Communications: Information contained in support requests, dispute submissions, bug reports, feedback forms, or other correspondence.
• Voluntary Disclosures: Any additional information you choose to provide in connection with gameplay, surveys, promotional events, or community interactions.

Such information is collected to facilitate account creation, enable transactions, provide customer support, and maintain the operational integrity of the Service.

2.2 Information Collected Automatically

The Service employs automated data‑collection mechanisms to gather information essential to functionality, diagnostics, and security, including:

• Technical Identifiers: Device type, operating system version, hardware attributes, browser configuration, and unique device identifiers.
• Network and Session Data: IP address, connection timestamps, session duration, and routing information used for fraud detection, load balancing, and service optimization.
• Usage and Interaction Metrics: In‑app navigation patterns, gameplay actions, feature utilization, error logs, and performance telemetry.
• Local Storage and Cookies: Authentication tokens, session persistence data, and other essential technical artifacts required for secure and uninterrupted operation.

This information is collected continuously to ensure the Service remains stable, secure, and responsive.

2.3 Geolocation Information

The Service incorporates location‑based functionality that requires access to approximate or precise geolocation data. Such data may be used to:

• enable gameplay features tied to geographic positioning,
• validate user authenticity and prevent location‑based fraud,
• support map rendering, route calculations, and in‑game interactions,
• comply with regional restrictions or legal obligations.

Location data is processed only while the Service is active and is not used for advertising or sold to third parties.

3. How We Use Information

We process information for legitimate business purposes, including:

• Provision and Enhancement of the Service: Operating core features, improving gameplay mechanics, optimizing performance, and ensuring continuity across devices.
• Identity Verification and Account Security: Authenticating users, preventing unauthorized access, and enforcing security protocols.
• Transaction Processing: Facilitating purchases, validating payment status, maintaining transaction histories, and supporting audit requirements.
• Fraud Detection and Risk Management: Identifying anomalous behavior, mitigating abuse, and enforcing compliance with our Terms of Service.
• Analytics and Product Development: Conducting statistical analyses, evaluating user engagement, and developing new features or improvements.
• Regulatory and Legal Compliance: Satisfying statutory obligations, responding to lawful requests, and maintaining records required for tax, accounting, or compliance purposes.
• Operational Communications: Providing notices regarding updates, policy changes, account issues, or other service‑related matters.

We do not use personal information for behavioral advertising, cross‑context profiling, or unrelated commercial purposes.

4. Disclosure of Information

4.1 Service Providers

We may engage third‑party vendors to perform operational functions on our behalf, including hosting, analytics, payment processing, customer support, and security services. These providers are bound by contractual obligations requiring them to:

• process information solely in accordance with our instructions,
• maintain appropriate confidentiality and security measures,
• refrain from using information for independent commercial purposes.

4.2 Legal and Regulatory Disclosures

We may disclose information when required to do so by law or when we believe such disclosure is reasonably necessary to:

• comply with subpoenas, court orders, or governmental inquiries,
• protect the rights, property, or safety of the Company, users, or the public,
• investigate potential violations of law or our Terms of Service.

4.3 Corporate Transactions

In the event of a merger, acquisition, divestiture, restructuring, or other corporate transaction, information may be transferred to the acquiring or successor entity. Any such entity will be required to honor commitments consistent with this Policy.

4.4 Enforcement and Risk Mitigation

We may disclose information to third parties for the purpose of investigating fraud, addressing security incidents, enforcing contractual obligations, or mitigating operational risks.

We do not sell personal information under any definition of "sale" recognized by applicable privacy laws.

5. Cookies and Tracking Technologies

The Service uses cookies, local storage, and similar technologies to provide and enhance your experience. We categorize these technologies into two types:

5.1 Essential Cookies (Required)

These cookies are strictly necessary for the Service to function and cannot be disabled. They enable core functionality including:

• Authentication and session continuity,
• Maintaining gameplay state and user preferences,
• Securing user accounts and preventing unauthorized access,
• Detecting fraud and ensuring platform integrity,
• Enabling core platform features like scavanger hunts and user profiles,
• Storing cookie consent preferences.

Legal Basis: These cookies are processed based on our legitimate interest in providing a secure, functional service.

5.2 Analytics Cookies (Optional)

These cookies help us understand how users interact with our platform to improve the experience. They collect:

• Usage patterns and feature popularity,
• Performance metrics and error tracking,
• User navigation and engagement data,
• Anonymous statistics about gameplay and platform usage.

Legal Basis: These cookies require your explicit consent and can be declined without affecting core functionality.

5.3 Your Cookie Choices

When you first visit our Service, you will be presented with a cookie consent banner offering these options:

• "Accept All Cookies" - Enables both essential and analytics cookies,
• "Essential Only" - Uses only required cookies for core functionality.

Your preferences are stored locally in your browser and persist across sessions. You can manage cookie settings through your browser's privacy controls at any time.

5.4 Data Retention and Third Parties

Essential cookies typically expire when you log out or after 30 days of inactivity. Analytics cookies, where consented to, are retained for up to 24 months. We do not share cookie data with third parties except as necessary for essential platform functionality or as disclosed in this Privacy Policy.

Where non‑essential technologies are introduced beyond those described above, we will provide appropriate disclosures and obtain user consent where required by applicable law.

6. Data Security

We maintain a comprehensive information‑security program incorporating administrative, technical, and physical safeguards designed to protect information against unauthorized access, alteration, disclosure, or destruction. These safeguards may include:

• encryption in transit and at rest,
• access‑control mechanisms and credential‑management policies,
• intrusion detection and monitoring systems,
• vulnerability assessments and penetration testing,
• incident‑response protocols aligned with industry standards.

While no system can guarantee absolute security, we implement controls commensurate with the sensitivity of the information processed and the risks inherent in digital services.

7. Data Retention

We retain information only for the duration necessary to fulfill the purposes described in this Policy, including:

• maintaining active accounts,
• completing transactions and providing support,
• complying with legal, regulatory, and audit requirements,
• resolving disputes and enforcing agreements.

Upon expiration of the applicable retention period, information is securely deleted, anonymized, or otherwise rendered non‑identifiable in accordance with our internal data‑retention schedules.

8. Children's Privacy

The Service is not directed to individuals under the age of 13 (or the minimum age of digital consent in their jurisdiction). We do not knowingly collect personal information from children. If we become aware that such information has been collected, we will take prompt steps to delete it and, where appropriate, disable the associated account.

9. International Data Transfers

Information may be transferred to and processed in jurisdictions that may not provide the same level of data protection as your home country. Where required, we implement legally recognized safeguards, including:

• standard contractual clauses,
• data‑processing agreements,
• jurisdiction‑specific compliance measures.

Such transfers are conducted only when necessary for the operation of the Service or to fulfill contractual obligations.

10. Third‑Party Links

The Service may contain links to external websites or services not operated or controlled by the Company. We are not responsible for the privacy practices, content, or security of such third parties. Users are encouraged to review the privacy policies of external services before providing information.

11. Your Rights and Choices

Depending on your jurisdiction, you may have rights relating to your personal information, including:

• the right to request access to information we hold about you,
• the right to request correction or deletion,
• the right to restrict or object to certain processing activities,
• the right to request data portability,
• the right to withdraw consent where processing is based on consent,
• the right to lodge a complaint with a supervisory authority.

We may require verification of identity before responding to such requests and may decline requests where permitted by law.

12. Changes to This Privacy Policy

We may revise this Policy periodically to reflect changes in our practices, legal requirements, or operational needs. Material changes will be communicated through the Service or other reasonable means. Your continued use of the Service following the effective date of an updated Policy constitutes acceptance of the revised terms.