Privacy Policy

Last updated: 30 June 2026

This Privacy Policy explains how Eskil Jarlskog (“we”, “us”) collects and uses your personal data when you use the CipherWalk mobile app (the “Service”). We are based in Switzerland and act as the data controller for the personal data described below.

1. Data we collect

When you use the CipherWalk app, we collect:

  • An account identifier, a UUID generated on first launch. When you open the app for the first time we create an anonymous account for you automatically, with a random display name and no email. This identifier is also attached to any crash reports we receive so we can correlate a crash with the affected account.
  • Your email address, only if you choose to sign in. Signing in is optional and upgrades your anonymous account so you can restore your progress on another device. We support magic-link sign-in (you enter your email and we send a one-time link), Sign in with Apple, and Sign in with Google. Your email is stored on your account so we can recognise you when you sign in again and contact you about your account if needed. If you use Sign in with Apple and choose to share your name, we store that as your display name. If you never sign in, we never collect an email.
  • A display name, only if you choose to set one. This is visible to other players in lobbies and on leaderboards.
  • Your location, only while you have a quest open. Location is used to determine when you arrive at a quest stop. We do not track your location in the background and we do not store a continuous trail of your movements.
  • Gameplay content, including puzzle state, answers you submit, hints you use, stops and quests you have completed, cities you have played in, and your team's progress in multiplayer sessions. This is needed to run the game and to show leaderboards.
  • Purchase records, including which quests you have unlocked, how each unlock was granted (in-app purchase, promo code, or gift), the store transaction identifier, and the time of the purchase. This is stored on your account so we can give you access to the quests you have paid for.
  • Support messages, if you email us for help. Messages sent to our support address are retained in our support inbox so we can respond and follow up.
  • Basic technical data sent automatically by your device to our backend (such as IP address) for security and abuse prevention.
  • Crash and diagnostic data. When the app hits an unexpected error we send a crash report that includes the stack trace, device model, operating system version, app version, device locale, recent console logs, and a breadcrumb trail of the screens you visited and the API calls the app made in the moments leading up to the error. We use this only to identify and fix bugs.

2. How we use your data

  • Provide and operate the Service (gameplay, multiplayer, leaderboards, unlocking purchased quests on your account).
  • Respond to support requests.
  • Detect and prevent abuse (e.g., cheating).
  • Comply with legal obligations.

We do not sell your personal data, and we do not use it for advertising.

3. Purchases

Quests are unlocked via in-app purchase through the Apple App Store or Google Play. Payment is handled by Apple or Google. We do not see or store your card details. Apple or Google confirm the purchase to us so we can unlock the quest on your CipherWalk account.

4. Sub-processors

We use the following service providers to operate the Service. They process personal data on our behalf:

  • Supabase — authentication, database, and realtime multiplayer. Data stored in the European Union.
  • Sentry — crash and error reporting. When an error occurs, Sentry receives your account identifier, the stack trace, device model, operating system version, app version, device locale, recent console logs, and a breadcrumb trail of recent screens and API calls. Data may be processed in the EU or the US under appropriate transfer safeguards.

5. How long we keep your data

  • Game account data (account identifier, email, display name, gameplay content) is kept until you delete your account. You can delete your account at any time inside the app, in the Profile screen.
  • Purchase records are kept for 10 years as required by Swiss commercial law.

6. Your rights

Under the Swiss Federal Act on Data Protection (FADP) and, where applicable, the EU GDPR, you have the right to:

  • Access the personal data we hold about you.
  • Have inaccurate data corrected.
  • Have your data deleted. You can do this directly inside the app via Profile → Delete account.
  • Object to or restrict certain processing.
  • Lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or your local supervisory authority.

To exercise any of these rights, email privacy@cipherwalk.com.

7. Children

The Service is intended only for adults and is not directed to anyone under 18. We do not knowingly collect personal data from anyone under 18. If you believe someone under 18 has used the Service, contact us and we will delete the data.

8. Changes

We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the most recent change. Material changes will be communicated through the app before they take effect.

9. Contact

Eskil Jarlskog
privacy@cipherwalk.com