← Back to World Clue

Policy

Privacy Policy

This page explains what personal data World Clue collects, why it is collected, how it is stored, and what rights you have.

Effective date: 28 June 2026

Data controller

World Clue is operated as an independent project. If you have questions about your data, contact us at privacy@worldclue.com.

Purposes and legal bases

Account signup means agreement to the Terms of Use and acknowledgement of this policy; it is not blanket consent to every processing activity. We use the following legal bases for the stated purposes:

  • Performance of a contract (Art. 6(1)(b) GDPR) for login, account, saved results, profile, leaderboard, and season features requested under the Terms.
  • Legitimate interests (Art. 6(1)(f)) for service security, abuse prevention, maintaining fair competitive results, first-party service analytics, investigating suspected cheating, and handling appeals. These interests are balanced against limited collection, access controls, retention limits, and human review.
  • Consent (Art. 6(1)(a)) only where a separately optional activity expressly asks for it, such as an optional request to contact you about feedback. Refusing or withdrawing that consent does not require account deletion.
  • Legal obligation (Art. 6(1)(c)) when necessary to answer or document a legally required data-protection request.

Account data

When you create a World Clue account we store the following personal data:

  • Display name — shown publicly on leaderboards, public profiles, and related game features. If you sign in with Google and do not change your display name, it will be abbreviated (e.g. "FirstName L.") on public surfaces to limit exposure of your full name.
  • Email address — used for login; not displayed publicly.
  • Password hash — your password is hashed with PBKDF2 and never stored in plain text.
  • Avatar URL — imported from Google if you sign in with Google; otherwise none.

Google sign-in

If you choose "Continue with Google", World Clue requests limited profile information from Google (name, email, profile picture) via OAuth 2.0. This data is used solely to create or link your World Clue account. We do not access your Google contacts, calendar, or any other Google services.

Google's own privacy policy governs how Google processes your data: policies.google.com/privacy.

Gameplay results

World Clue stores submitted gameplay results for features such as score distributions, game history, public profiles, leaderboards, seasons, and progress restoration. Submitted data includes the game date, score and ranking data, completion status, and related result details. If you are logged in, results are linked to your account.

For anonymous players, separate result-integrity controls may derive non-public hashed identifiers from request metadata. Hash-based identifiers are pseudonymous personal data, not anonymous or inherently unidentifiable data.

Daily-game fair-play telemetry

Fair-play telemetry applies only to the current daily game, not archive or practice games. Every current-daily start receives a random attempt identifier. For guests, we record the start and completion and a date-scoped HMAC of the exact IP address supplied by Cloudflare. The raw IP address is used in memory to calculate the HMAC and is not stored or intentionally logged by World Clue.

For an account that has accepted the current Terms and acknowledged this policy, we additionally process a random browser-device cookie, its date-scoped HMAC, per-round guess and bonus response times, and page lifecycle events. Lifecycle events show when the page became hidden or visible and when it was exited, shown, or resumed. They cannot establish whether you changed tab, minimized the browser, locked a device, received a call, or left for another reason. Missing or blocked telemetry is treated as unknown and is not independent evidence of cheating.

Guess and bonus durations both begin when the round starts. A guess duration ends only when a valid accepted guess is submitted; the bonus duration ends when its answer is accepted. We store client monotonic durations, limited client event times, and server receipt times. We do not use continuous heartbeats.

Date-scoped IP and device HMACs let authorised reviewers compare attempts made on the same game date. They do not contain the original value and cannot be decrypted, but they remain pseudonymous personal data because matching and singling out may still be possible. Raw telemetry is restricted to authorised operational access. A person reviews the full evidence before any fair-play sanction; there are no solely automated cheating decisions or automatic bans.

A confirmed human review may be converted to a coarse feature signature containing only duplicate-count buckets, timing histograms, hidden-duration buckets, and exit/resume buckets. A confirmed-cheating cohort is retained only when at least ten cases share a signature; a general-population baseline requires at least fifty. Cohorts contain only signature, schema version, and count—never account or attempt identifiers, hashes, exact dates or times, answers, names, notes, or free text. Undersized cases are discarded at expiry. Indefinite cohort retention is permitted only after a documented re-identification-risk review confirms that the aggregate is no longer personal data.

Public profile and leaderboard data

If you use account features, parts of your profile and score history may be visible to other users. Public surfaces can include your display name, avatar, joined date, leaderboard position, scores, season rewards, and game history summaries. Your email address is not displayed publicly.

Analytics events

World Clue records first-party analytics events (e.g. page views, game starts, and feature interactions) to understand how the site is used and to improve it. These events use locally generated random session and user IDs, page and referrer information, and campaign parameters when present. No third-party analytics services, advertising trackers, or cross-site tracking technologies are used. The legal basis for this processing is legitimate interest.

Feedback submissions

If you use the feedback form, World Clue stores the message you submit, the category you choose, the page or game mode where you opened the form, locally generated session identifiers, and any optional email address you provide for follow-up. If you are logged in, the submission may also be linked to your account. This information is used to investigate bugs, correct inaccurate data, prioritise feature requests, and reply when you explicitly ask to be contacted.

Country data

The country profiles and related facts shown in World Clue are assembled from public and license-compatible sources. The site is intended for informational and educational use.

Cookies and local storage

World Clue uses the following browser storage mechanisms:

  • wc_session — a secure, HttpOnly cookie that maintains your login session. It expires after 30 days of inactivity. This cookie is strictly necessary for the account feature to work and does not require separate cookie consent under the ePrivacy Directive.
  • __Host-wc_device — a secure, HttpOnly, SameSite=Lax random identifier used only for accepted account daily games. It has a sliding 180-day lifetime and is ignored for guest attempts. It is enabled only where its storage is legally permitted as necessary for the requested competitive account service; if separate terminal-access consent is legally required, it will not be enabled without an appropriate consent mechanism.
  • Local storage — stores gameplay progress, played-status markers, saved summaries, theme preference, tutorial/update notices, attribution values, and related in-browser settings so the app can function smoothly between visits.
  • Session storage — stores a temporary session identifier for first-party analytics during a browser session.

World Clue does not use third-party advertising or analytics cookies.

Third-party services

The site is hosted on Cloudflare Pages and uses Cloudflare Workers and D1. Cloudflare processes requests, including IP addresses and headers, to deliver the service and provides the trusted IP header used for fair-play HMAC generation. Cloudflare may also process request metadata for security and performance under its privacy policy: cloudflare.com/privacypolicy.

Data retention

Account data is retained while the account exists, subject to legal and operational requirements. Raw anti-cheat attempts, event telemetry, review records, and personal feature staging are deleted 180 days after the relevant season ends. A game date outside a season expires 180 days after that date. Account-linked telemetry and reviews are deleted when the account is deleted. Game results are unlinked from the deleted account, and account-linked season rewards are deleted.

A confirmed case contributes to an anonymous cohort on deletion only if its signature already meets the applicable aggregation threshold; otherwise it is discarded. Thresholded, risk-reviewed anonymous cohort counts may be retained indefinitely because no source mapping is kept. Other data categories are retained only for the periods necessary for the purposes described or applicable legal requirements.

International transfers

Your data is processed on Cloudflare's global edge network. Cloudflare has committed to Standard Contractual Clauses (SCCs) and other safeguards for any transfers of personal data outside the European Economic Area. See Cloudflare's GDPR centre for details.

Your rights

Under the GDPR and similar data protection laws you have the right to:

  • Access — view the personal data we hold about you.
  • Portability — export your data in a machine-readable format.
  • Rectification — correct inaccurate personal data.
  • Erasure — delete your account and personal data.
  • Restriction — request restriction of processing in certain cases.
  • Objection — object to the processing of your data.
  • Withdraw consent — where processing is based on consent, withdraw it without deleting your account; this does not affect earlier lawful processing.

The account export includes linked daily attempts, events, legal acknowledgements, and review outcomes. You can exercise access/export and account deletion from Account settings. To object to legitimate-interest processing, request restriction, appeal a fair-play decision, or make another request, contact privacy@worldclue.com.

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority, in particular in the EU/EEA member state of your habitual residence, place of work, or place of the alleged infringement.

Minimum age

World Clue is not directed at children under 16. If you are under 16, please do not create an account without parental consent.

Changes

This policy may be updated as the project evolves. The "Effective date" at the top of this page will reflect the latest revision. Account holders will be asked to acknowledge a material new version before their next account-linked daily game.