← Back to Game
🛡️ Privacy Policy
Idle Quest RPG — game.mishkavids.me
TL;DR: We collect minimal data. No ads, no tracking, no selling your info. We store your game save and that's about it.
1. What We Collect
Game Data (stored locally & on our server)
- localStorage: Your game progress is saved in your browser's localStorage. This stays on your device.
- Server saves: When you sync, your game state (hero stats, inventory, progress) is stored on our server, identified by your player code.
- Player code & PIN: Your unique identifier and optional security PIN (hashed, not stored in plain text).
- Device fingerprint: A hashed fingerprint for device recognition (used only for save protection).
Payment Data
- Payments are handled entirely by Stripe. We never see or store your credit card number.
- We receive confirmation of purchases (product ID, transaction ID, date) which we associate with your player code.
- See Stripe's Privacy Policy for how they handle payment data.
Chat Messages
- Messages sent in the in-game chat are visible to all players and stored temporarily (last 100 messages).
- Chat messages include your character name, level, and class — not your player code or real identity.
- A profanity filter is applied automatically.
Technical Data
- Standard server logs (IP address, user agent) for security and anti-cheat purposes.
- Client error reports (JavaScript errors) for debugging — these contain no personal information.
2. What We Don't Collect
- ❌ No email addresses or real names
- ❌ No third-party analytics or tracking scripts
- ❌ No advertising or ad networks
- ❌ No social media trackers
- ❌ No selling or sharing data with third parties
3. Cookies
We use a minimal number of cookies:
- idle_session: A session token to authenticate your device with your save file. HttpOnly, same-site, no tracking.
- admin_token: Admin panel authentication (admin use only).
We do not use any third-party cookies, tracking cookies, or analytics cookies.
4. Data Storage & Security
- Game saves are stored on our server with HMAC signature verification to prevent tampering.
- PINs are hashed before storage.
- The server uses security headers (Helmet), rate limiting, and input sanitization.
- Save data is validated server-side to detect and prevent cheating.
5. Data Retention
- Game saves are kept indefinitely as long as the service runs.
- Chat messages are retained for the last 100 messages only.
- Security logs are kept for monitoring and may be rotated periodically.
6. Your Rights
You can:
- Delete your data: Contact us to request deletion of your server-side save.
- Clear local data: Clear your browser's localStorage at any time.
- Play anonymously: The game doesn't require any personal information to play.
7. Children's Privacy
The Game is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has provided us with data, please contact us.
8. Changes to This Policy
We may update this policy as the game evolves. Changes will be posted on this page with an updated date.
9. Contact
Questions about privacy? Reach out through mishkavids.me.
Last updated: March 4, 2026