← Back to World Clue

Policy

Privacy Policy

This page explains what personal data World Clue collects, why it is collected, how it is stored, and what rights you have.

Effective date: 1 July 2026

Data controller

World Clue is operated as an independent project. If you have questions about your data, contact us at [email protected].

Purposes and legal bases

Account signup means agreement to the Terms of Use and acknowledgement of this policy; it is not blanket consent to every processing activity. We use the following legal bases for the stated purposes:

  • Performance of a contract (Art. 6(1)(b) GDPR) for login, account, saved results, profile, leaderboard, and season features requested under the Terms.
  • Legitimate interests (Art. 6(1)(f)) for service security, abuse prevention, maintaining fair competitive results, first-party service analytics, investigating suspected cheating, and handling appeals. These interests are balanced against limited collection, access controls, retention limits, and human review.
  • Consent (Art. 6(1)(a)) where a separately optional activity expressly asks for it, including Google Ads conversion measurement or an optional request to contact you about feedback. Google Ads personalisation is disabled. Refusing or withdrawing consent does not require account deletion.
  • Legal obligation (Art. 6(1)(c)) when necessary to answer or document a legally required data-protection request.

Account data

When you create a World Clue account we store the following personal data:

  • Display name — shown publicly on leaderboards, public profiles, and related game features. If you sign in with Google and do not change your display name, it will be abbreviated (e.g. "FirstName L.") on public surfaces to limit exposure of your full name.
  • Email address — used for login; not displayed publicly.
  • Password hash — your password is hashed with PBKDF2 and never stored in plain text.
  • Avatar URL — imported from Google if you sign in with Google; otherwise none.

Google sign-in

If you choose "Continue with Google", World Clue requests limited profile information from Google (name, email, profile picture) via OAuth 2.0. This data is used solely to create or link your World Clue account. We do not access your Google contacts, calendar, or any other Google services.

Google's own privacy policy governs how Google processes your data: policies.google.com/privacy.

Gameplay results

World Clue stores submitted gameplay results for features such as score distributions, game history, public profiles, leaderboards, seasons, and progress restoration. Submitted data includes the game date, score and ranking data, completion status, and related result details. If you are logged in, results are linked to your account.

For anonymous players, separate result-integrity controls may derive non-public hashed identifiers from request metadata. Hash-based identifiers are pseudonymous personal data, not anonymous or inherently unidentifiable data.

Daily-game fair-play telemetry

Fair-play telemetry applies only to the current daily game, not archive or practice games. Every current-daily start receives a random attempt identifier. For guests, we record the start and completion and a date-scoped HMAC of the exact IP address supplied by Cloudflare. The raw IP address is used in memory to calculate the HMAC and is not stored or intentionally logged by World Clue.

For an account that has accepted the current Terms and acknowledged this policy, we additionally process a random browser-device cookie, its date-scoped HMAC, per-round guess and bonus response times, and page lifecycle events. Lifecycle events show when the page became hidden or visible and when it was exited, shown, or resumed. They cannot establish whether you changed tab, minimized the browser, locked a device, received a call, or left for another reason. Missing or blocked telemetry is treated as unknown and is not independent evidence of cheating.

Guess and bonus durations both begin when the round starts. A guess duration ends only when a valid accepted guess is submitted; the bonus duration ends when its answer is accepted. We store client monotonic durations, limited client event times, and server receipt times. We do not use continuous heartbeats.

Date-scoped IP and device HMACs let authorised reviewers compare attempts made on the same game date. They do not contain the original value and cannot be decrypted, but they remain pseudonymous personal data because matching and singling out may still be possible. Raw telemetry is restricted to authorised operational access. A person reviews the full evidence before any fair-play sanction; there are no solely automated cheating decisions or automatic bans.

A confirmed human review may be converted to a coarse feature signature containing only duplicate-count buckets, timing histograms, hidden-duration buckets, and exit/resume buckets. A confirmed-cheating cohort is retained only when at least ten cases share a signature; a general-population baseline requires at least fifty. Cohorts contain only signature, schema version, and count—never account or attempt identifiers, hashes, exact dates or times, answers, names, notes, or free text. Undersized cases are discarded at expiry. Indefinite cohort retention is permitted only after a documented re-identification-risk review confirms that the aggregate is no longer personal data.

Public profile and leaderboard data

If you use account features, parts of your profile and score history may be visible to other users. Public surfaces can include your display name, avatar, joined date, leaderboard position, scores, season rewards, and game history summaries. Your email address is not displayed publicly.

Analytics events

World Clue records limited first-party product events (e.g. page views, game starts, and feature interactions) to understand how the site is used and to improve it. These events can include transient random request identifiers, page and referrer information, and campaign parameters present on the current page. Product-analytics identifiers and campaign attribution are kept only in page memory and are not persisted in cookies, local storage, or session storage. The legal basis for this server-side first-party processing is legitimate interest.

World Clue also offers optional Google Ads conversion measurement. It uses Basic Consent Mode v2: advertising storage and advertising user data are denied by default, and the external Google tag is not requested or executed unless you actively accept measurement. Google Ads personalisation, remarketing signals, and analytics storage remain disabled even after measurement is accepted.

If you accept, Google may receive the page URL, referrer, browser and device information, IP-derived location information, advertising click identifiers, and measured events such as a page visit or daily-game start. World Clue does not send Google account email addresses, display names, answers, scores, or detailed game telemetry through the Google tag. The legal basis for Google Ads measurement is consent. Rejecting has no effect on gameplay or account features. You can change or withdraw this choice at any time using the Privacy choices button.

To document your choice, World Clue stores a random consent receipt identifier, decision, notice version, privacy-policy version, decision time, and expiry time. The local preference expires after 180 days, when the site asks again. A matching consent audit event is retained in World Clue's database for up to 24 months. The audit record is not used for analytics or advertising and does not contain your name, email address, advertising click identifiers, or stored IP address.

Feedback submissions

If you use the feedback form, World Clue stores the message you submit, the category you choose, the page or game mode where you opened the form, locally generated session identifiers, and any optional email address you provide for follow-up. If you are logged in, the submission may also be linked to your account. This information is used to investigate bugs, correct inaccurate data, prioritise feature requests, and reply when you explicitly ask to be contacted.

Country data

The country profiles and related facts shown in World Clue are assembled from public and license-compatible sources. The site is intended for informational and educational use.

Cookies and local storage

World Clue uses the following browser storage mechanisms:

  • wc_session — a secure, HttpOnly cookie that maintains your login session. It expires after 30 days of inactivity. This cookie is strictly necessary for the account feature to work and does not require separate cookie consent under the ePrivacy Directive.
  • __Host-wc_device — a secure, HttpOnly, SameSite=Lax random identifier used only for accepted account daily games. It has a sliding 180-day lifetime and is ignored for guest attempts. It is enabled only where its storage is legally permitted as necessary for the requested competitive account service; if separate terminal-access consent is legally required, it will not be enabled without an appropriate consent mechanism.
  • Local storage — stores gameplay progress, played-status markers, saved summaries, theme preference, tutorial/update notices, and related in-browser settings so requested game features work between visits. Product-analytics identifiers and campaign attribution are not persisted there.
  • worldClueGoogleConsentV1 — a strictly necessary preference and audit-receipt record that stores your Google Ads measurement choice, random receipt identifier, decision time, notice version, and expiry. It expires after 180 days.
  • Google advertising storage — only if you accept measurement, Google may set first-party _gcl_* cookies and related conversion-linker storage to associate an advertising click with a game start. Google states that _gcl_* cookies last for 90 days. With no choice or a rejected choice, the Google tag is not loaded and existing accessible _gcl_* storage is removed.

You can reopen the consent control and withdraw optional Google Ads measurement consent at any time. Withdrawal disables further Google measurement and removes accessible Google conversion storage. Strictly necessary World Clue storage remains available because it supports requested site, account, security, consent-record, and gameplay functions.

Third-party services

The site is hosted on Cloudflare Pages and uses Cloudflare Workers and D1. Cloudflare processes requests, including IP addresses and headers, to deliver the service and provides the trusted IP header used for fair-play HMAC generation. Cloudflare may also process request metadata for security and performance under its privacy policy: cloudflare.com/privacypolicy.

Google Ireland Limited provides the optional Google Ads conversion-measurement service. Google Ads personalisation and remarketing remain disabled by World Clue. Read how Google uses information from sites that use its services, Google's Privacy Policy, and the Ads Data Processing Terms.

Data retention

Account data is retained while the account exists, subject to legal and operational requirements. Raw anti-cheat attempts, event telemetry, review records, and personal feature staging are deleted 180 days after the relevant season ends. A game date outside a season expires 180 days after that date. Account-linked telemetry and reviews are deleted when the account is deleted. Game results are unlinked from the deleted account, and account-linked season rewards are deleted.

A confirmed case contributes to an anonymous cohort on deletion only if its signature already meets the applicable aggregation threshold; otherwise it is discarded. Thresholded, risk-reviewed anonymous cohort counts may be retained indefinitely because no source mapping is kept. Other data categories are retained only for the periods necessary for the purposes described or applicable legal requirements.

International transfers

Your data is processed on Cloudflare's global edge network. Cloudflare has committed to Standard Contractual Clauses (SCCs) and other safeguards for any transfers of personal data outside the European Economic Area. See Cloudflare's GDPR centre for details.

Your rights

Under the GDPR and similar data protection laws you have the right to:

  • Access — view the personal data we hold about you.
  • Portability — export your data in a machine-readable format.
  • Rectification — correct inaccurate personal data.
  • Erasure — delete your account and personal data.
  • Restriction — request restriction of processing in certain cases.
  • Objection — object to the processing of your data.
  • Withdraw consent — where processing is based on consent, withdraw it without deleting your account; this does not affect earlier lawful processing.

The account export includes linked daily attempts, events, legal acknowledgements, and review outcomes. You can exercise access/export and account deletion from Account settings. To object to legitimate-interest processing, request restriction, appeal a fair-play decision, or make another request, contact [email protected].

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority, in particular in the EU/EEA member state of your habitual residence, place of work, or place of the alleged infringement.

Minimum age

World Clue is not directed at children under 16. If you are under 16, please do not create an account without parental consent.

Changes

This policy may be updated as the project evolves. The "Effective date" at the top of this page will reflect the latest revision. Account holders will be asked to acknowledge a material new version before their next account-linked daily game.