Privacy

Account and login

• Email login uses a short code sent to the email address you enter. The app stores account information needed to recognize you, such as email, display name, user id, login timestamps, and session state.
• The signed-in session uses a cookie named crossword_session. It is HttpOnly, SameSite=Lax, and can last up to 30 days unless you sign out earlier.
• Login may use bot protection if configured. Email delivery and bot protection providers may process the data needed to deliver or verify the login challenge.
• What you can do now: sign out to end the current browser session, use Profile to export account data, delete the account, and switch public profile and leaderboard privacy settings on or off.

Strictly necessary cookies

The signed-in session cookie is used to keep you logged in and to protect account routes. It is not an analytics cookie. Signing out ends the current browser session.

• crossword_session: stores session state for signed-in accounts. It can last up to 30 days unless you sign out earlier.
• Bot protection may use additional storage if it is enabled for login. This page will be updated before bot protection is used in a broader launch.

Puzzle progress and profile

Signed-in progress can include puzzle id, revision, filled letters, solved entries, timing, completion status, hint/reveal assistance, and leaderboard summary data. Your profile can show display name, email, recent progress, metrics, level, achievements, and custom puzzle lists.

Without an account, progress is saved in your browser where possible. The browser currently stores local progress using local storage keys beginning with crossword-progress:, local solve telemetry using matching :telemetry: keys, and can clear legacy visible progress cookies beginning with crossword_progress_ when they are present. Current code should not use the progress cookie fallback as the normal unsigned progress path for broad public launch.

What you can do now: use Clear Browser Puzzle Data in app Settings to clear the Crossword Study browser-local progress, solve telemetry, appearance preference, source-tracking fallback preference, legacy visible progress cookies, and visible source-tracking choice cookies that JavaScript can clear in this browser. It does not delete account-level server data, revoke sessions, or clear HttpOnly server cookies.

• crossword-progress:<puzzle>:r<rev>: local filled letters and puzzle state.
• crossword-progress:<puzzle>:telemetry:r<rev>: local solve timing and assist telemetry used for progress and leaderboard sync.
• crossword_progress_<puzzle>_r<rev>: legacy visible progress cookie from older builds; current code clears it when present.
• crossword-nyan-enabled:v1: local appearance preference.
• crossword-source-tracking-enabled:v1: local fallback source-tracking preference used when the server setting cannot be reached.
• crossword_source_consent: visible Source Tracking consent signal for this browser.
• crossword-admin-metrics-token:v1: session-only admin metrics authentication convenience storage used on internal admin pages.
• crossword_source_opt_out: visible source-tracking opt-out signal for this browser.

Public and shared information

• Leaderboards can show display names, score, time, rank, completion status, and whether a solve was clean or assisted.
• Public creator profiles can show display name, public custom puzzle count, public puzzle metadata, level, and a small set of public-safe badges.
• Custom puzzles may include titles, descriptions, clues, answers, board layout, draft/checkpoint information, revisions, visibility state, and audit history. Published public puzzles can be shared by link.
• Account deletion distinguishes private account data from public/shared content. The current app flow deletes private account records where possible and anonymises retained public puzzle, creator, first-finder, and leaderboard attribution.
• Profile includes leaderboard privacy controls. You can hide your entries from public leaderboards, or keep competition entries while replacing your public display name with an anonymous player label.

Analytics and source cookies

Crossword Study records simple internal events so the operator can understand visits, puzzle starts, puzzle finishes, custom puzzle creation, and feature health. Source tracking uses privacy-minimal buckets such as direct, search, social, shared-puzzle, daily-news, release-notes, and unknown.

Source Tracking is off unless you turn it on in Settings. When it is on, a cookie named crossword_source can remember the first source bucket for up to 90 days. It is set by the server with SameSite=Lax and HttpOnly. The app is designed to keep source details compact and avoid storing raw campaign text, raw referrer URLs, puzzle answers, clues, email addresses, tokens, secrets, or full request bodies in analytics metadata.

Turning Source Tracking on sets crossword_source_consent for up to 365 days. Turning it off sets crossword_source_opt_out for up to 365 days, clears the consent cookie, clears the server-set source cookie, and stops future source-cookie setting and adoption-source event writes in this browser.

Source Tracking is the current in-app privacy setting for acquisition-source storage. Clear Browser Puzzle Data is also available now for the current browser's Crossword Study local storage and visible cookies listed on this page. These browser controls do not delete account-level server data, saved signed-in progress, server-side acquisition records already linked to an account, or HttpOnly session cookies.

See the cookie and storage notes for the browser storage inventory in one place.

• crossword_source: first source bucket for up to 90 days, used for internal acquisition reporting when Source Tracking is on.
• crossword_source_consent: records that Source Tracking is on for this browser for up to 365 days.
• crossword_source_opt_out: records that Source Tracking is off for this browser for up to 365 days.
• crossword-source-tracking-enabled:v1: local fallback preference used only when the server Source Tracking setting cannot be reached from a static preview or unavailable backend.

Export coverage includes acquisition source records and user-linked app events after redaction. Deletion coverage includes deletion or anonymisation of user-linked analytics records, depending on the final retention policy.

Export, deletion, and anonymisation status

The public contact address is not configured on this page yet. In the app, use Player, then open your Profile to export account data, delete the account, or hide/show your public creator profile. The current draft terms notes describe public custom puzzle and leaderboard expectations.

• Export includes: account details, profile fields, saved progress, solve attempts, leaderboard entries, streaks, achievements, custom puzzles, custom puzzle audit history, builder data, daily/news submissions and scores, acquisition source records, and redacted user-linked app events.
• Deletion/anonymisation includes: private account data deletion, session revocation, saved-progress deletion, analytics deletion or anonymisation, public leaderboard/profile anonymisation, and public puzzle removal or deleted-user attribution where retained.
• Public profile visibility: Profile includes a Public Profile control. Turning it off hides the public creator profile route, but public puzzle links and retained leaderboard attribution may still use safe display/anonymised metadata according to each feature's rules.
• Leaderboard privacy: Profile includes controls for public leaderboard participation and public name display. The app can hide leaderboard entries from public boards or keep entries while using an anonymous player label instead of your display name.
• Local data controls: you can clear Crossword Study browser-local progress, telemetry, local preferences, legacy visible progress cookies, and visible choice cookies from app Settings in the current browser. This does not erase server-side account data.
• Not included in exports: service tokens, login-code internals, session cookie values, bot-protection tokens, unrelated users' private data, and provider secrets.