Privacy Policy

Last updated: May 23, 2026

City Seekers is a location-based scavenger-hunt web app. This page explains what we collect, why, and how you can get your data out or deleted. City Seekers is currently available only to people living in the United States. We aim for the smallest footprint that keeps the game working.

What we collect

• Account — your email address, display name, a one-way hashed password (we never see the plaintext), and eligibility timestamps showing that the account cleared the 13+ and U.S.-residency signup screens.
• Hunt progress — which stops you've unlocked and when, which hints you revealed, your total time and score.
• Arrival coordinates — when you reach a stop and check in, your device sends the single GPS reading at that moment so the server can confirm you're inside the stop's geofence and detect spoofed locations. We store that one reading with the visit, keep it for up to 90 days, and then automatically purge it. The fact that you found the stop is retained; the coordinates are not.
• Photos — only those you explicitly upload for a stop's photo challenge. They are tied to your hunt play and shown on the public live board.
• Server logs — IP address, user agent, timestamps, and the path you requested. Used for debugging and abuse prevention; rotated on a short window.

What we do not collect

• A continuous location track. Your GPS is read by your browser only while a hunt is actively open, and the distance-to-next-stop check runs on your device. We never record where you are between stops or while the app is in the background — the only coordinates that reach our server are the single reading you send when you check in at a stop (see Arrival coordinates above).
• Advertising identifiers or cross-site tracking. There are no ad networks embedded in this site.
• Contacts, microphone, calendar, or anything else outside the hunt flow.

Third parties

We do not share your data with advertisers, brokers, or analytics vendors. Hunt locations are geocoded at author-time against OpenStreetMap Nominatim before the hunt is published — that happens on the author's machine, not from your device, and does not send us your position. Our hosting provider (Railway) processes server logs on our behalf under their standard data-processing terms. When the app hits an unexpected error, we send a diagnostic report — the error, the page it happened on, and technical context, but never your password or card details — to our error-monitoring provider, Sentry, so we can fix it.

Cookies

We use two first-party cookies: a signed session cookie to keep you logged in, and a CSRF token cookie to prevent cross-site form submissions. Both are required for the site to function. No advertising, marketing, or third-party cookies are set on cityseekers.app.

Payments & Stripe

When you buy a hunt or city bundle we hand you off to Stripe's hosted checkout page (checkout.stripe.com). Stripe handles your card details directly; City Seekers never sees them. Stripe sets its own cookies on its own domain — see stripe.com/privacy for details. We store the Stripe session ID, the SKU you bought, the amount, and a link to your receipt — that's it.

How long we keep your data

Account data and hunt progress are kept until you ask us to delete them. Arrival coordinates (see above) are automatically purged after 90 days, even if you keep playing. Server logs are rotated on a short window (days to weeks, not months). Photos you uploaded stay with your account and are removed if you delete the account.

Your rights

You can request an export of your account data, correction of inaccurate information, or deletion of your account at any time. To make a request, email strangelove@treasureamongus.com from the address on the account. We'll confirm and complete deletion within a few business days.

Colorado and California residents

If you live in Colorado (covered by the Colorado Privacy Act, CPA) or California (covered by the California Consumer Privacy Act, CCPA / CPRA), you have specific rights with respect to the information City Seekers holds about you:

• Right to know. You can ask what categories of personal information we collect, why, and who we share it with (the relevant categories are listed under What we collect and Third parties above).
• Right to access / portability. You can request a copy of your account data in a portable format.
• Right to correct. You can ask us to fix inaccurate information on your account.
• Right to delete. You can ask us to delete your account and the data tied to it. The Delete account button under "Danger zone" on your profile does this immediately; you can also email us.
• Right to opt out of sale, sharing, and targeted advertising. City Seekers does not sell or share personal information for monetary or other valuable consideration, and does not engage in targeted advertising or profiling. There is nothing to opt out of today. If that ever changes, this section will document the opt-out mechanism.
• Right to non-discrimination. Exercising any of the rights above will not change the price you pay or the features available to your account.

Sensitive data we collect: the only sensitive category covered by the CPA or CCPA that the game touches is precise geolocation, and only at the moments you check in at a stop. At each check-in your device sends one GPS reading so the server can verify you're inside the stop's geofence and detect spoofed locations; that reading is stored with the visit and automatically purged after 90 days. We do not track your location continuously or between stops. See What we collect and What we do not collect above for the full picture.

To exercise any of these rights, email strangelove@treasureamongus.com from the email address on the account. We don't charge a fee and we'll respond within the statutory window (45 days under the CPA; 45 days under the CCPA, extendable to 90 in good faith).

An authorized agent acting on your behalf may submit a request by emailing us a signed statement of authorization and proof of your identity. Authorized-agent requests are also free.

Security

Passwords are hashed with bcrypt before they're stored. Sessions are signed with a server-side secret and use secure, same-site cookies. We do not claim to be bulletproof — if you suspect your account has been compromised, email us and change your password.

Children

City Seekers is a 13+ game. You must be at least 13 and live in the United States to hold an account; when you register we ask for your date of birth and U.S.-residency attestation, and block account creation if you're under 13 or do not live in the U.S. No one under 13 plays on their own — a child under 13 only takes part as a companion in parent-led play, under a parent's or guardian's account. We do not store your date of birth or address; we keep only notes that the account cleared the age and U.S.-residency checks.

Because hunts are played in the real world, the parent or guardian whose account a child plays under is present and responsible for supervising that play. We do not knowingly collect personal information directly from children under 13. If you believe a child created their own account, email us and we'll remove it.

Changes to this policy

We may update this policy as the game evolves. Material changes will be noted by updating the "Last updated" date at the top of the page. Continued use of the site after a change means you accept the updated policy.

Contact

This service is operated by City Seekers. Questions or requests about this policy: strangelove@treasureamongus.com. See the contact page for other inquiries.