Legal
Privacy Notice
Pre-launch summary. The full Privacy Notice is in final legal review (see DPIA P0-13). The points below describe what we will collect and why; the launch-day version will be the binding document.
Who we are
Markhunt is operated from the United Kingdom. The data controller is the Markhunt operating entity; for any privacy query, write to privacy@markhunt.app.
What we collect
| Category | Why | Retention |
|---|---|---|
| Email + Google account ID (or anonymous guest ID) | Sign-in, prize delivery, account recovery | Until you delete your account |
| Location at the moment you check in to a landmark | To confirm the visit; we do not track you continuously | Visit record kept; raw coordinate truncated to 50 m |
| Booster purchases (via Stripe) | Receipts, refunds, VAT, chargebacks | 7 years (UK tax law) |
| Support tickets | To answer you | 2 years |
| Anonymised analytics (Plausible) | To improve the product | No personal identifiers, no cookies |
What we do not do
We do not track your location in the background. We do not sell your data. We do not use advertising trackers. We do not run third-party cookies on this site. We do not share your data with brokers.
Your rights
Under UK GDPR you can ask us for a copy of your data, ask us to correct it, or ask us to delete it. We will respond within 30 days. Email privacy@markhunt.app with the subject line "DSAR".
Who else sees your data
We use Google (sign-in), Stripe (payments), Neon (database, EU region), Fly.io (hosting, London region), MapTiler (maps), and Plausible (anonymous analytics). The full sub-processor list with locations and DPAs will be in the launch-day notice.
Complaints
If you think we have mishandled your data you can complain to the UK Information Commissioner's Office at ico.org.uk. We would rather hear from you first so we can fix it.