STORYHUNT // LEGAL

Privacy Policy

Last updated: 2026-05-18

Who we are

StoryHunt is operated from New York City and reachable at hello@storyhunt.city. This page explains what data we collect about people who use storyhunt.city and how we handle it.

What we collect

Email address — when you sign up for a lead magnet, complete a purchase, or contact support.
Payment data — handled by Stripe; we never see your full card number. We receive your purchase confirmation, amount, and last four digits via Stripe.
Experience data — your in-game session state (current step, completion status, whether you're in NYC), so you can resume your hunt.
Device + cookies — IP, user agent, and analytics cookies set by PostHog, Meta Pixel, and Google Analytics. EU visitors are presented with a consent banner before non-essential cookies fire.
Optional feedback — your rating and any comment you leave after completing an experience.

How we use it

To deliver the experience you purchased and your access link.
To send transactional emails (access link, review request, refund confirmation) and — only if you signed up via a lead magnet — short marketing follow-ups. Every email has a one-click unsubscribe.
To measure ad performance via aggregated, hashed conversion events sent to Meta and Google. We do not sell your data.
To improve the product (anonymized funnel analytics).

Who we share it with

We use the following processors strictly to deliver the service:

Stripe (payments)
Firebase / Google Cloud (database, auth)
Resend (transactional + marketing email)
Vercel (hosting)
Meta (ad attribution via Pixel + Conversions API)
Google Analytics + PostHog (product analytics)
OpenAI (LLM that drives the in-experience narrator)

Your rights

You can email hello@storyhunt.city at any time to:

Request a copy of the data we hold about you.
Ask us to delete your account and all associated data.
Unsubscribe from any marketing email (you can also use the one-click unsubscribe in any email footer or visit /unsubscribe).
Correct any inaccurate information.

We respond within 7 days.

Cookies

Essential cookies (session, auth) are always on. Non-essential cookies (analytics, advertising) only fire after you accept the consent banner — or, if your browser sends a Do Not Track signal, they don't fire at all.

Data retention

We keep your account data for as long as your access tokens are valid (one year ceiling, 30 days from first use) plus 24 months of post-experience analytics. After that we delete or anonymize. Refund requests require us to keep a record for 7 years (tax law).

Changes to this policy

If we materially change this policy, we'll email everyone with an active account at least 14 days in advance.