Privacy Policy

1.1 Account Data. When you create an account, we collect your email address and display name. All users must be at least 13 years of age to register.

1.2 Location Data. During active gameplay sessions, we collect GPS coordinates to enable location-based puzzles and navigation. Location data is only collected while you are actively playing and is never collected in the background.

1.3 Device Sensor Data. Certain puzzle types use camera, microphone, accelerometer, gyroscope, and compass data. All sensor data is processed on your device in real time and is not transmitted to or stored on our servers, with the exception of photos explicitly submitted as puzzle evidence.

1.4 Photos. When you submit a photo to solve a puzzle, the image is analyzed by our AI system for verification and then stored in a private cloud storage bucket accessible only to you and your team members.

1.5 Biometric Data. Some puzzle types use face mesh detection and hand tracking via MediaPipe. This biometric data is processed entirely on your device. No biometric templates, face maps, or hand landmarks are ever transmitted to or stored on our servers.

GPS coordinates are collected only during active gameplay sessions and are used for puzzle placement, navigation bearing, and proximity verification. We store GPS accuracy metadata (not raw coordinates) in gameplay attempt records. This telemetry is automatically anonymized (set to null) after 90 days.

Puzzle step locations (the coordinates of venues, landmarks, and points of interest used in puzzles) are static reference data describing where a puzzle takes place. These are not user personal data and are retained as part of the mystery content.

We do not sell, share, or provide location data to third parties. Location data is not used for advertising, profiling, or any purpose beyond the current gameplay session and anti-cheat verification.

3.1 AI Generation Logs. Records of AI content generation (token counts, costs, model identifiers) are retained for 90 days for quality and cost monitoring, then permanently deleted.

3.2 Gameplay Sessions. Active sessions with no activity for 24 hours are marked as abandoned. Paused sessions expire after 7 days. GPS telemetry within step attempts is anonymized after 90 days.

3.3 Account Deletion. When you request account deletion, your account enters a 30-day grace period during which you may cancel the request. After 30 days, all your data is permanently and irreversibly deleted from all database tables, including gameplay history, team memberships, chat messages, achievements, photos, subscriptions, and any other associated records. A daily automated process executes these deletions.

Under the General Data Protection Regulation (GDPR) and similar data protection laws, you have the following rights:

Right to Access. You may request a copy of all personal data we hold about you. Data export is available in your account settings.

Right to Erasure. You may request deletion of your account and all associated data. Deletion is executed after a 30-day grace period, permanently removing data from 18+ database tables.

Right to Rectification. You may update your account information at any time through your profile settings.

Right to Data Portability. You may export your gameplay data, story history, and account information in a machine-readable format.

Akea.ai requires all users to verify their age at registration. Users under 13 years of age are not permitted to create accounts or use the platform. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided personal information, we will promptly delete the account and all associated data.

Certain puzzle types use computer vision features including face mesh detection and hand gesture recognition, powered by MediaPipe running on your device. This processing occurs entirely on-device — biometric data (face geometry, hand landmarks, expression classifications) is never transmitted to our servers, stored in any database, or shared with any third party.

Before any computer vision feature activates, you will see a consent modal explaining what data is processed and confirming that processing is on-device only. You may decline consent, and the puzzle will be skipped or an alternative will be offered. You may revoke consent at any time in your device settings by denying camera permissions.

Google Cloud Platform. Infrastructure hosting, database, and file storage. Subject to Google Cloud's data processing terms.

Anthropic (Claude AI). AI-powered content generation for stories, puzzles, and dialogue. No personally identifiable information is included in generation requests. Only story context (genre, location descriptions, puzzle types) is sent.

ElevenLabs. AI voice synthesis for character narration. No personally identifiable information is included in synthesis requests. Only narrative text and voice configuration is sent.

We do not use any third-party analytics, advertising, or tracking services. We do not sell or share your personal data with data brokers or advertisers.