Privacy Policy

Last Updated: March 9, 2026 | Version 1.0

Introduction

QuestRealm ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our game service.

By using QuestRealm, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Account Information

When you sign in with Google OAuth, we collect:

• User ID: A unique identifier from Google (OAuth subject)
• Email Address: Your email address from your Google account
• Display Name: Your name from your Google account
• Profile Picture URL: Your profile picture URL from Google (optional)

1.2 Game Data

When you play QuestRealm, we collect and store:

• Character Information: Name, race, class, appearance, stats, level, experience
• Game State: Your position, inventory, equipment, gold, quests, achievements
• Player Actions: Your action history and conversations with NPCs
• Save Games: Complete game state snapshots (manual and auto-saves)
• Play Time: Total time you've spent playing the game

1.3 AI Interaction Data

QuestRealm uses artificial intelligence (Google Gemini) to power NPC dialogue and behavior. When you interact with AI-powered characters:

• Conversation Content: Text you type to NPCs and the AI-generated responses
• Prompts: Game context sent to AI services to generate NPC behavior
• Token Usage: Volume of AI processing used per session

Important: Your conversations with AI characters are processed by Google Gemini, a third-party AI service. On paid API tiers, Google does not use your prompts or outputs to train their models. Please be mindful that any personal information you share in conversations with NPCs will be sent to Google's servers for processing.

1.4 Usage Data

We automatically collect:

• Session Information: Login times, session duration
• Error Logs: Information about errors or issues you encounter
• Analytics Events: Login events, character creation, quest completion, etc.

1.5 Payment Information

When you make payments:

• Payment Amounts: How much you've paid
• Transaction Records: Payment intent IDs, success/failure status
• Account Balance: Your current account balance

Note: We do NOT store credit card information. All payment processing is handled by Stripe, a secure third-party payment processor.

2. How We Use Your Information

We use the information we collect to:

• Provide the Service: Enable game functionality, save/load games, process payments
• Power AI Interactions: Send game context to Google Gemini to generate NPC dialogue and behavior
• Improve the Service: Analyze usage patterns, fix bugs, enhance features
• Communicate with You: Send important service updates
• Ensure Security: Verify your identity, prevent fraud, protect user data
• Comply with Legal Obligations: Meet legal requirements, respond to legal requests

3. How We Share Your Information

3.1 Third-Party Services

We share information with the following third-party services:

Google OAuth - Purpose: User authentication. Data Shared: User ID, email, name, profile picture. Google Privacy Policy

Google Gemini API - Purpose: AI-powered NPC dialogue and behavior. Data Shared: Game context, player actions, conversation text. Google Privacy Policy

Stripe - Purpose: Payment processing. Data Shared: Payment amounts, user email. Stripe Privacy Policy

Meshy AI - Purpose: 3D character model generation. Data Shared: Character image data. Meshy Privacy Policy

3.2 We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

3.3 Legal Requirements

We may disclose your information if required by law or in response to valid legal requests.

4. Data Storage and Security

Your data is stored in:

• PostgreSQL Database: Persistent storage for accounts, saves, payments, analytics
• Redis: Temporary storage for sessions and debugging logs
• Third-Party Services: Stripe (payments), Google (authentication, AI services)

We implement security measures including encryption in transit (HTTPS/TLS), session-based authentication, and secure database access controls. However, no method of transmission over the internet is 100% secure.

5. Data Retention

• User Accounts: Retained until you delete your account
• Save Games: Retained until you delete them or delete your account
• AI Interaction Records: Retained for billing and analytics, or 7 days for debugging
• Payment Records: Retained indefinitely for financial record keeping

You can request deletion of your data at any time by deleting your account through the game interface or contacting us.

6. Your Rights and Choices

You have the right to:

• Access your personal information
• Request a copy of your data
• Correct inaccurate information
• Delete your account and all associated data
• Delete individual save games
• Stop using the service (which stops new data collection)

7. Children's Privacy (COPPA)

QuestRealm is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. Users must confirm they are 13 or older before creating an account.

If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us immediately to have that information removed.

8. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights:

• Right to Know: Request information about what personal information we collect, use, and disclose
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt-out of the sale of personal information (we do not sell personal information)
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

9. Cookies and Local Storage

9.1 Strictly Necessary Cookies

The following cookies are required for the service to function. No prior consent is required under GDPR and ePrivacy regulations:

• Authentication cookie (debug_session_id): Required for secure access, expires after 24 hours
• CSRF protection cookie (g_csrf_token): Required during Google sign-in for security

9.2 Analytics Cookies (Optional)

With your consent, we use Google Analytics 4 (GA4) to understand how visitors use our site. GA4 sets cookies (e.g., _ga, _ga_*) to distinguish users and track page visits. These cookies are only set if you click "Accept" on our cookie banner. You can change your preference at any time by clearing your browser's localStorage entry for questrealm_analytics_consent.

We configure GA4 with IP anonymization enabled. We do not use Google Analytics data for advertising or share it with third parties. Google's privacy policy applies to data processed by GA4: https://policies.google.com/privacy

9.3 Local Storage and IndexedDB

We use browser localStorage to store your authentication token, game settings, consent preferences, and analytics consent choice. These are strictly necessary for the service to function. We use IndexedDB to cache 3D game assets for performance.

10. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

10.1 Lawful Basis for Processing

We process your personal data under the following lawful bases:

• Contract Performance (Article 6(1)(b)): Account creation, game functionality, save games, payment processing — necessary to provide the service you signed up for
• Legitimate Interest (Article 6(1)(f)): Error logging, security monitoring, service improvement — necessary for operating a reliable service
• Consent (Article 6(1)(a)): AI-powered NPC interactions (data sent to Google Gemini) — you consent to this when accepting our terms; analytics cookies — you consent via the cookie banner
• Legal Obligation (Article 6(1)(c)): Financial records retention — required by law

10.2 Your Rights

• Right of Access: Request a copy of your personal data (use the data export feature in-game or contact us)
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Delete your account and all associated data through the game interface
• Right to Restrict Processing: Request restriction of data processing
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interest
• Right to Withdraw Consent: Withdraw consent at any time by stopping use of the service or contacting us

10.3 International Data Transfers

Your data may be transferred to and processed in the United States, where our servers and third-party service providers (Google, Stripe) are located. We rely on Standard Contractual Clauses and the EU-US Data Privacy Framework for lawful data transfers.

10.4 Data Protection Officer

For GDPR-related inquiries, contact us at privacy@questrealm.net.

11. AI-Generated Content Disclosure

QuestRealm uses artificial intelligence to generate:

• NPC dialogue and behavior (powered by Google Gemini)
• Character portrait images (powered by Google Gemini image generation)
• 3D character models (powered by Meshy AI)
• Dynamic quests and storylines

AI-generated content may occasionally produce unexpected, inaccurate, or inappropriate results. AI-generated content does not represent the views of QuestRealm or its developers. AI-generated content may not be eligible for copyright protection under current U.S. law.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of changes by posting the new policy on this page and updating the "Last Updated" date.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights:

• Email: privacy@questrealm.net