Privacy Policy

Last updated: 24 May 2026

Who we are

RiddleCrypt is an AI logic puzzle game operated as an independent project. Throughout this policy, "we", "us", and "the service" refer to the operator of riddlecrypt.com and gameapi.riddlecrypt.com.

What we collect

If you play anonymously (default)

• Anonymous ID — a random UUID stored in your browser's localStorage. Lets you continue your run across sessions. We can't link this to you personally.
• IP address — collected automatically for rate limiting and abuse prevention. Stored alongside your anonymous ID. Not shared with third parties.
• Game data — which puzzles you saw, your answers (correct/incorrect), hints used, deepest room reached, strikes.
• An auto-generated guest name like Guest_a4f2b8. Used on the leaderboard. Doesn't identify you.

If you pay for premium features

• Payment data is handled entirely by our payment processors — Stripe for card payments and subscriptions, NOWPayments for cryptocurrency. We receive a confirmation of payment and a transaction ID. We never see or store your full card number, CVV, or wallet keys.
• What we store on your account: a Stripe customer ID (a token Stripe gives us), your subscription status, your premium expiry date, and a transaction record (amount, currency, provider, status, timestamps).
• Subscription management: if you have an active subscription, you can update your card, cancel, or download invoices via a self-service portal hosted by Stripe — accessible from our pricing page.

What we do NOT do

• We don't use Google Analytics, Facebook Pixel, or social-media tracking scripts.
• We don't sell or rent personally identifying information.
• We don't fingerprint your device or track you across non-advertising contexts.
• Exception: we serve display advertising via Google AdSense, which uses cookies as described in the "Advertising" section below.

Cookies and localStorage

We use two kinds of browser storage:

• localStorage (first-party, strictly necessary). Stores your anonymous ID and current game state. Without it, the site cannot tell who you are between page loads. You can clear it at any time via your browser settings; this will end your current run.
• Third-party advertising cookies. Google and its advertising partners set cookies on your device to serve and measure ads. See the "Advertising" section below for details and how to opt out.

For visitors in the EU/UK and other regions with consent requirements, a cookie consent banner is displayed before any advertising cookies are set.

Advertising

We use Google AdSense to serve display ads on the site. The following disclosures are required by Google:

• Third-party vendors, including Google, use cookies to serve ads based on a user's prior visits to RiddleCrypt or other websites.
• Google's use of advertising cookies enables it and its partners to serve ads to our users based on their visit to our site and/or other sites on the Internet.
• Users may opt out of personalized advertising by visiting Google's Ads Settings.

Alternatively, users can opt out of a third-party vendor's use of cookies for personalized advertising by visiting www.aboutads.info.

Google AdSense may also use the DoubleClick DART cookie to serve ads based on visits to this and other sites on the Internet. See Google's ad technology policies for details.

Third parties we use

• Cloudflare — provides our DDoS protection and SSL. Cloudflare sees all traffic to the site. See Cloudflare's privacy policy.
• Google AdSense — serves display advertising. May set cookies and process your data for ad targeting and measurement. See Google's privacy policy and the "Advertising" section above.
• Anthropic (Claude API) — when we generate a custom hint for you, the puzzle text and your game state are sent to Anthropic's API. Anthropic does not train on this data by default. See Anthropic's privacy policy.
• Stripe — handles credit/debit card payments and subscription billing. When you check out, your card details go directly to Stripe (never our servers). Stripe is a PCI-DSS Level 1 certified processor. See Stripe's privacy policy.
• NOWPayments — handles cryptocurrency payments (for the annual crypto pass). We receive a transaction ID and confirmation; we never see your wallet keys. See NOWPayments' privacy policy.

How long we keep data

• Anonymous game data — kept indefinitely so the leaderboard stays meaningful.
• IP addresses — kept for up to 90 days for abuse prevention, then deleted.
• Payment records — kept for at least 7 years to comply with US tax and accounting law.

Your rights

Regardless of where you live, you can:

• Access your data — email us your anonymous ID (visible in browser DevTools → Application → localStorage) and we'll send you what we have.
• Delete your data — same process. We'll delete your player record and games within 30 days.
• Object to any processing.

If you're in the EU/UK (GDPR) or California (CCPA), you have additional rights: portability of your data, the right not to be discriminated against for exercising your rights, and the right to lodge a complaint with your local data protection authority.

Children

RiddleCrypt is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided personal information, contact us and we will delete it.

Security

Traffic between your browser and our servers is encrypted with TLS 1.2/1.3 via Cloudflare. We don't store credit card or wallet data on our servers. That said, no method is 100% secure — be reasonable with what you share.

Changes to this policy

If we change this policy materially, we'll update the "Last updated" date at the top. For substantive changes, we'll display a notice on the homepage for at least 14 days.

Contact

For any privacy question or data request, email us at playsupport123@pm.me.