Back to home

Privacy policy

Last updated: June 2026

1. Controller

Controller within the meaning of the GDPR is Stephan Dörner, Bornholmer Str. 89, 10439 Berlin, Germany. Contact: stephan.doerner@posteo.de.

This policy explains what personal data is processed when you visit and use WhisperQuest (whisperquest.app and the optional desktop application).

2. Hosting and delivery

The site is delivered through the Lovable platform (Lovable Tech AB, Sweden) over the Cloudflare, Inc. (USA) CDN. On every request, technically necessary data is processed: IP address, date/time, user agent, requested URL, and referrer. Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in stable, secure delivery).

We have data processing agreements with both providers under Art. 28 GDPR. Transfers to the US rely on the EU-US Data Privacy Framework or the EU Standard Contractual Clauses.

3. Account, authentication and game content

When you register, we process your email address, a hashed password or the OAuth identifier of your Google account, and content you create (e.g. worlds, characters, adventure logs). Backend services are provided by Supabase via Lovable Cloud.

Purposes: providing your game account, storing your worlds and adventures, sign-in. Legal basis: Art. 6 (1) (b) GDPR (contract).

4. AI game master

Player inputs, selected world information, and game state are sent to the Lovable AI Gateway, which forwards the request to one or more AI model providers (e.g. Google, OpenAI, Anthropic). Only the data needed for the current scene is sent; no plain-text identifiers are attached.

Legal basis: Art. 6 (1) (b) GDPR (provision of the service). Please do not enter sensitive personal data about third parties into the game.

5. Payments and credit packs

Credit-pack purchases are processed by Stripe Payments Europe, Ltd. (Ireland). We receive only the confirmations needed for the contract from Stripe (e.g. payment ID, status, amount, country). We never see or store payment data such as card numbers.

Legal basis: Art. 6 (1) (b) GDPR (contract) and Art. 6 (1) (c) GDPR (tax and commercial retention obligations).

6. Email and transactional messages

For confirmation, security, and service emails we use an email delivery service (Resend, Inc., USA). We process the recipient address, send timestamp, and delivery status. Legal basis: Art. 6 (1) (b) or (f) GDPR.

You can object to transactional messages at any time via the unsubscribe link or by emailing us, except where the message is required by contract.

7. Cookies and local storage

We only use strictly necessary cookies and localStorage entries, e.g. to keep you signed in and to remember your language and distribution choice. Under § 25 (2) TDDDG these do not require consent. We do not use tracking, advertising, or analytics cookies.

8. Recipients and international transfers

The following processors receive data only under instructions:

  • Lovable Tech AB (Sweden) – platform and cloud backend
  • Cloudflare, Inc. (USA) – CDN and DDoS protection
  • Supabase, Inc. (USA/EU) – database, auth and storage (hosted in the EU)
  • Stripe Payments Europe, Ltd. (Ireland) – payment processing
  • Resend, Inc. (USA) – transactional email delivery
  • Google LLC / OpenAI Ireland Ltd. / Anthropic PBC – AI model inference via the Lovable AI Gateway

9. Retention

Account data and game content are stored until you delete your account. Payment records are retained for up to ten years under § 147 AO. Log data is anonymised or deleted after 30 days at the latest.

10. Your rights

You have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), and to object (Art. 21). You can also lodge a complaint with a supervisory authority, e.g. the Berlin Commissioner for Data Protection and Freedom of Information.

Send requests to stephan.doerner@posteo.de. You can also delete your account from the account menu.

11. Changes to this policy

We update this policy when features or processors change. The current version is always available at this URL.

Alpha Version

The game and World Builder are still in active development. There is no guarantee that created worlds, adventures, or characters will be preserved permanently.