Policy

dork.fyi

Privacy notice

Your play data, in plain language

Effective July 15, 2026. You can play without an account. A random device ID is stored in your browser; the server receives only a salted hash of that ID when saving scores and basic activity.

Data we collect

Play and device data: salted device hashes, puzzle submissions, scores, dates, streak and repair state, progress saved in your browser, ghost challenges you create, and technical request information such as IP address and user agent used for security and delivery.

Optional account data: your email address, reminder preference, verification timestamps, and the device IDs you explicitly link by completing passwordless verification. Requesting a link does not sign you in or link the requesting device until the link is verified.

Product analytics: page views, game starts and completions, shares, feedback, referral tags, and sponsor impressions or clicks tied to a salted device hash. We do not sell personal information.

How it is used

We use this data to run the daily games, keep scores and streaks consistent across verified devices, send requested sign-in or reminder email, prevent abuse, diagnose failures, understand feature use, and report aggregate sponsor performance.

Ghost challenge pages are intentionally public to anyone with the link until they expire. They use a non-email player label. Do not put personal information into share text.

Service providers

Our hosting and email infrastructure process data to deliver the service. Google Maps may receive ordinary browser and location-map request data when Geo Guesser maps are enabled. OpenAI or Google Gemini may be used to generate puzzle content; player email addresses and linked account records are not sent in those generation prompts.

Sponsors receive aggregate placement counts. They do not receive your email or device identifier from dork.fyi.

Retention and security

Passwordless links normally expire within 20 minutes and deletion links within 30 minutes. Only SHA-256 hashes of bearer tokens are stored. Daily submission history is normally kept for up to 120 stored board buckets, ghost challenges for up to 90 days, and bounded analytics for product reporting. Verified account records remain until deleted or no longer needed to provide the service.

Short in-memory cooldowns keyed by hashed IP and email values limit repeated sign-in and deletion requests. No internet service can promise perfect security, but bearer links are single-use and are not placed in server-request URLs.

Your choices

You can play device-only, decline reminders, clear browser storage, or permanently delete a verified account. Deletion removes the email, linked device submissions, player state, linked analytics events, authentication tokens, reminder setting, and owned or email-exposing ghost challenges. Aggregate puzzle counts are recomputed and may remain without your device record.

Contact

For privacy questions or access requests, email privacy@dork.fyi. dork.fyi is not directed to children under 13.