RiskQuest

"Risk everything. Lose nothing." — including your privacy.

Last Updated: April 2026 (V10)

This Privacy Policy explains how RiskQuest ("we", "us", or "our") collects, uses, stores, and protects information when you use our platform at riskquest.games.

RiskQuest is a web-based gaming platform built around the promise "Risk everything. Lose nothing." — we strip the real-world consequences out of risky activities. The platform offers singleplayer and multiplayer casino-style games (Mines, Plinko, Wheel, Blackjack, Roulette, Poker, Darts, Coin Flip, Crash, The Runway, World Quest), a Sportsbook on real sporting events, a Predictions Market, simulated Horse Racing, a Stock Market Simulator with live crypto and stock data, Mystery Cases, a Casino Chips customizer, an in-game Phone with multiple apps, and a peer-to-peer Marketplace — all using virtual currency. We are committed to being transparent about the data we handle and protecting your privacy.

By accessing or using RiskQuest, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of the platform.

We collect the following categories of information to operate and improve the platform:

a. Account Information

• Username (3-20 characters, alphanumeric and underscores) and a lowercase version for case-insensitive search
• Email address (optional) — if not provided, a placeholder is generated in the format {username}@riskquest.local
• Password — hashed by Firebase Authentication and never stored in plaintext
• Firebase UID — a unique identifier assigned by Firebase Authentication
• Account metadata: creation date, last login timestamp, username changes used (maximum of 2), and account status (including banned status and ban reason, if applicable)

b. Gameplay Data

• Game statistics: games played, wins, losses, total wagered, total won, and biggest win across all game modes (Mines, Plinko, Wheel, Blackjack, Roulette, Poker, Darts, Coin Flip, Crash, The Runway, World Quest, Mystery Cases, Multiplayer Mines)
• Virtual currency (Riskcoin) balance and transaction history
• Betting history for casino-style games and Multiplayer Mines
• Quest progress, claimed quests, and daily reward claim timestamps
• Singleplayer game records and multiplayer match history
• Inventory data: owned skins, casino chips, abilities, equipped items, and Mystery Case openings
• Cosmetic preferences (equipped skins, chip designs, themes)

b1. Sportsbook Activity

• Virtual wagers placed on real-world sporting events, including selected market, stake amount, virtual odds at time of placement, and settlement outcome
• Player props selections and parlay tickets
• We do not use Sportsbook activity to facilitate any real-money betting

b2. Stock Market Simulator Activity

• Simulated trades, positions, leverage settings, entry and exit prices, and virtual profit/loss
• Watchlists and chart preferences
• Live market price data is fetched from third-party providers and is not user data

b3. Predictions Market & Horse Racing

• Predictions placed, including market/event identifier, position size, and resolution outcome
• Horse Racing wagers, race history, and earnings (all virtual)

b4. In-Game Phone & RiskBot AI

• In-Phone app state: messages, call logs, news feed reads, daily reward claims, quest views, banking-app activity (which is a UI representation of your Riskcoin balance)
• RiskBot AI conversation history (the in-platform chat assistant). Conversations may be used to improve RiskBot's responses. Do not share sensitive personal information with RiskBot
• Phone notification preferences and read receipts

c. Payment Information

• All payment card and billing data is handled exclusively by Stripe, our third-party payment processor
• RiskQuest does NOT collect or store credit card numbers, CVV codes, or billing addresses — Stripe handles all payment card data directly
• What RiskQuest stores in our database for purchase records: your user ID (UID), the package purchased (packageId), the amount of coins credited, the Stripe session ID, customer email, and the fulfillment timestamp

d. Social & Communication Data

• Friend relationships: friend lists stored as user pairs with creation timestamps
• Friend requests: sender, recipient, status, and creation timestamp
• Chat messages: sender, recipient, text content (500 character maximum), optional image data (1MB maximum), creation timestamp, and read receipts
• Chat summaries: participants, last message preview, and last message timestamp
• Presence status: online, in lobby, in game, or offline (stored in memory only, not persisted to the database)
• Lobby participation and game invitations

e. Marketplace Data

• Trade listings: item offered, price, description, and seller information
• Negotiation threads: offers and counteroffers between users
• Completed trade records

f. Device & Technical Data

• Browser type and device information (collected via analytics)
• Session identifiers for multi-tab detection
• Page views and user interaction data

RiskQuest uses your browser's localStorage to store certain data on your device for performance and functionality purposes. This includes:

• balance and balanceUpdatedAt — your virtual currency balance and when it was last synced
• abilities — your owned gameplay abilities
• ownedSkins and equippedSkin — your cosmetic inventory and currently equipped skin
• questProgress and claimedQuests — your quest completion status
• rq-pwa — whether the PWA (Progressive Web App) has been installed
• riskquest_active_session_{uid} — a session identifier used for multi-tab detection

This data persists locally on your device unless you manually clear your browser's local storage. It is not transmitted to our servers except when syncing with your account.

We use the information we collect for the following purposes:

• Operate the platform: authenticate users, maintain account profiles, track game states, and manage virtual currency balances
• Process transactions: fulfill virtual currency purchases through Stripe and maintain purchase records
• Enable multiplayer and social features: facilitate friend connections, chat messaging, game lobbies, multiplayer matches, and the marketplace
• Detect fraud and cheating: monitor for suspicious activity, enforce rate limits, and maintain platform fairness
• Improve the platform: analyze usage patterns, identify bugs, and develop new features
• Enforce our terms: moderate content, manage bans, and protect the community
• Admin analytics: track game mode popularity, user retention metrics, and revenue analytics for internal use

RiskQuest uses Google Analytics 4 (GA4) with the tracking ID G-EWD2RY8GSX to understand how users interact with our platform.

Google Analytics collects aggregated, non-personally identifiable data, including:

• Page views and navigation patterns
• User interactions and engagement metrics
• Browser type and device information
• Session duration and frequency of visits

This data helps us understand usage trends and improve the platform experience. Google Analytics is subject to Google's Privacy Policy.

RiskQuest relies on the following third-party services to operate. Each service is subject to its own privacy policy:

• Firebase Authentication (Google) — provides user authentication only. Profile data, gameplay data, and chat messages are stored on RiskQuest's own MongoDB backend (not Firebase)
• MongoDB — primary database for accounts, balances, gameplay history, marketplace listings, and chat
• Express & Socket.IO — backend API and real-time multiplayer/chat/presence layer hosted on RiskQuest infrastructure
• Stripe Embedded Checkout — processes all payment transactions. Stripe is PCI-DSS compliant and handles all payment card data directly. RiskQuest never receives or stores your card details
• Google Analytics 4 — provides usage analytics and engagement tracking as described in Section 5
• Google AdSense — serves advertising on certain pages. AdSense uses cookies and may collect device data for ad personalization
• Live market data providers — supply real-time crypto and equity prices to the Stock Market Simulator. We send no user data to these providers; we only fetch price feeds
• Live sports data providers — supply real-time odds, scores, and player statistics to the Sportsbook. We send no user data to these providers; we only fetch sports data
• Google Fonts — serves typography assets from googleapis.com and gstatic.com. Font requests may transmit your IP address to Google

We encourage you to review the privacy policies of these services to understand how they handle your data.

RiskQuest does NOT sell your data.

We may share information only in the following limited circumstances:

• Service providers: We share data with Firebase (Google), Stripe, and Google Analytics as necessary to operate the platform and provide its features
• Legal requirements: We may disclose information if required by law, legal process, or government request
• Platform integrity and safety: We may share information to protect against fraud, abuse, or threats to user safety, or to enforce our Terms of Service

We implement reasonable security measures to protect your information:

• Password security: Firebase Authentication handles all password hashing. Passwords are never stored in plaintext
• Payment security: Stripe is PCI-DSS compliant and processes all payment card data in their secure environment
• Rate limiting: API endpoints are rate-limited to prevent abuse (friend search: 20/min, friend requests: 10/min, chat messages: 30/min, game invites: 15/min, lobby joins: 5/min)
• Fraud detection: Automated systems monitor for suspicious activity
• Session management: Multi-tab detection prevents concurrent session conflicts

However, no system is 100% secure, and we cannot guarantee absolute security. We encourage you to use a strong, unique password for your account.

• Account data is retained for as long as your account remains active
• Chat messages are retained for moderation and safety purposes
• Payment records are retained as required for legal and financial compliance
• Game data may be aggregated and anonymized for analytics purposes
• Virtual currency, items, and other virtual data may be reset, modified, or cleared at any time at our discretion

If you delete your account, we will remove your personal data, though certain records may be retained where required by law or for legitimate business purposes.

RiskQuest is designed for users aged 13 and older and complies with the Children's Online Privacy Protection Act (COPPA).

We do not knowingly collect personal information from children under the age of 13. If we discover that a child under 13 has provided us with personal information, we will delete that information promptly.

Users under the age of 18 should obtain parental or guardian consent before using the platform. If you are a parent or guardian and believe your child has provided personal information to RiskQuest, please contact us at the email address listed below.

You have the following options regarding your data:

• Clear local storage: You can clear your browser's localStorage at any time through your browser settings to remove locally stored data
• Request account deletion: You may request deletion of your account and associated data by contacting us at contact@riskquest.games
• Disable analytics: You can disable Google Analytics tracking through your browser settings, browser extensions, or by using Google's opt-out tools
• Stop using the platform: You may discontinue use of RiskQuest at any time

Continued use of the platform after changes to this policy indicates your acceptance of those changes.

RiskQuest is available as a Progressive Web App (PWA) that uses a service worker to cache certain assets for offline and faster access. The PWA can be installed to your device, pinned to the Microsoft Edge sidebar, or added as a system widget on platforms that support it (such as the Windows 11 Widgets Board).

What is cached:

• Core application scripts (firebase-client.js, auth-nav.js, game-common.js, page-loader.js)
• Game assets, the app manifest, screenshots, and icons
• Widget templates served from /widgets/

What is NOT cached:

• API routes (/api/ endpoints)
• Firebase SDKs and analytics scripts
• Live market data and live sports data feeds
• External origins and third-party resources

The service worker uses a stale-while-revalidate caching strategy, meaning cached content is served immediately while updated content is fetched in the background. User profile data and API responses are not cached offline.

Widgets & Sidebar: If you add the RiskQuest widget to your operating system or pin RiskQuest to the Edge sidebar, the widget surface displays a static or refreshed snapshot of public, non-sensitive account information (such as your Riskcoin balance or daily reward availability). Widget data is fetched from the same APIs as the main app and is governed by this Privacy Policy.

RiskQuest is operated from and data is processed in the United States via Google Cloud (Firebase) and Stripe infrastructure.

If you access RiskQuest from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using the platform, you consent to such transfers.

We may update this Privacy Policy periodically to reflect changes in our practices, technologies, or legal requirements. Changes will be posted on this page with an updated "Last Updated" date.

For material changes that significantly affect how we handle your data, we will provide notice through the platform. We encourage you to review this policy regularly.

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

Email: contact@riskquest.games
Phone: 585-310-1841