Quest Hero LogoQUEST - HERO

Privacy Policy

Who we are

Quest-Hero (Dominik Cichon, c/o IP-Management #4463, Ludwig-Erhard-Str. 18, 20459 Hamburg, Germany)

Email: [email protected]

This notice applies to quest-hero.com, quest-hero.de, and the associated games, checkout, and support services for users in Germany, the EU/EEA, and the United States.

Personal data we collect

  • Contact and account data: name, email address, order IDs, access codes, and messages you send us.
  • Purchase and payment data: items purchased, prices, tax amounts, Stripe payment status, and refund history. Card data is processed by Stripe; we do not store full card numbers.
  • Device and log data: IP address, browser type, operating system, timestamps, and basic event logs to operate and secure the service.
  • Usage data: page views, clicks, and interactions within the games and refund flow, collected to fix issues and improve the product.
  • Cookies and similar tech: necessary cookies for session/checkout; optional analytics cookies only with consent where required.

We collect data directly from you (order, support, newsletter sign-up), from your device/browser, and from service providers that help us process payments, analytics, and hosting.

Why we use your data

  • Provide the website, digital games, checkout, and access codes.
  • Process payments and refunds with Stripe.
  • Customer support and safety (fraud prevention, misuse monitoring).
  • Product improvement and analytics (privacy-focused event tracking).
  • Marketing emails if you consent or as otherwise permitted.
  • Legal obligations (bookkeeping, tax records) and to establish or defend claims.

Legal bases under GDPR

  • Contract performance (Art. 6(1)(b) GDPR): to deliver purchases, provide access codes, and handle support.
  • Consent (Art. 6(1)(a) GDPR): optional analytics or marketing emails where required.
  • Legitimate interests (Art. 6(1)(f) GDPR): security, fraud prevention, service analytics with minimal data, and improving the experience—balanced against your interests.
  • Legal obligations (Art. 6(1)(c) GDPR): accounting, tax, and compliance duties.

Sharing and international transfers

We share data only with service providers acting on our instructions:

  • Hosting and infrastructure (e.g., Cloudflare) to run the site and edge functions.
  • Payments (Stripe) to process cards, refunds, and receipts.
  • Analytics (privacy-focused event tracking) to understand feature usage.
  • Communication and support tools (email services) to reply to you.

We do not sell personal data and do not share data for cross-context behavioral advertising. Transfers outside the EU/EEA use safeguards such as Standard Contractual Clauses where required.

Cookies and tracking

Essential cookies keep sessions and checkout functioning. Optional analytics uses privacy-focused measurement and runs only with consent where required. You can manage cookies via your browser settings; blocking required cookies may break checkout.

Retention

We keep data only as long as needed for the purposes above. Order and tax records are retained for statutory periods. Support and analytics data are kept for troubleshooting and then minimized or deleted. Marketing data is kept until you unsubscribe or ask us to erase it.

Your rights (EU/EEA/UK and U.S. state rights)

  • Access, correction, deletion, restriction, and data portability (where applicable).
  • Withdraw consent at any time (does not affect prior processing).
  • Object to processing based on legitimate interests, including direct marketing.
  • For U.S. state laws (e.g., California, Colorado, Virginia): you may request access/portability, correction, deletion, and opt out of sale or targeted advertising (we do not sell or share data for targeted ads). You may appeal a denied request.

To exercise rights, email [email protected] or mail the address above. We may verify your identity and respond within the timelines required by law (usually 30–45 days). Authorized agents may submit requests where permitted.

You can unsubscribe from marketing emails via the link in each email or by contacting us.

You have the right to lodge a complaint with a supervisory authority (e.g., your local data protection authority in the EU/EEA).

Children's data

Our services are not directed to children under 13 and are intended for parents or guardians purchasing games. If you believe a child has provided us personal data, contact us so we can delete it.

Changes to this policy

We will update this notice when practices change. We will indicate the latest revision date and, if changes are material, provide additional notice.