Privacy Policy
This Privacy Policy explains how ThinkerLoop collects, uses, stores, and protects your information when you visit or interact with our website. By using ThinkerLoop, you agree to the practices described below.
1. Who we are
ThinkerLoop is a puzzle and brain-training web application published at thinkerloop.app. When we say “we” or “ThinkerLoop”, we mean the operator of that site. If you have any questions about this policy, write to care@thinkerloop.app.
2. Information we collect
2.1 Information you give us
- Google account details — if you choose to sign in with Google, we receive your name, email address, profile photo URL, and Google account ID. Sign-in is entirely optional; you can use ThinkerLoop anonymously.
- Correspondence — if you email us at care@thinkerloop.app, we keep the message and your reply address to answer you.
2.2 Information we collect automatically
- Game state stored in your browser (LocalStorage) — puzzles you have solved, star count, streak, hint usage, and audio preference. This lives in your browser only. Clearing site data deletes it.
- Log data — our hosting provider (Vercel) automatically records IP address, browser user-agent, timestamp, and referring page for each request. This is used for security, abuse prevention, and basic analytics.
- Cookies and similar technologies — see Section 4.
2.3 Information from third parties
When you sign in with Google, Google shares the account details listed in 2.1 with us via OAuth. When ads are served on the site, our advertising partners (see Section 5) may collect their own signals directly in your browser.
3. How we use your information
- Save your progress across sessions and devices (only when you are signed in).
- Show you on our public leaderboard using your Google display name and avatar. You can remain anonymous by not signing in.
- Serve advertisements via Google AdSense to keep ThinkerLoop free.
- Understand which puzzles are popular and where the app can be improved.
- Detect abuse (bots, brute-force sign-ins, leaderboard cheating).
- Respond to your support enquiries.
- Comply with legal obligations.
4. Cookies and local storage
ThinkerLoop uses three categories of storage in your browser:
- Essential — LocalStorage entries under the
thinkerloop-*key hold your game state. These are required for the app to work. - Authentication — when you sign in with Google, our authentication provider (Supabase) sets a session cookie or LocalStorage token so you don’t need to sign in again on every visit.
- Advertising — Google, as a third-party vendor, uses cookies (including the DoubleClick DART cookie) to serve ads based on your prior visits to this site and other sites on the internet. You may opt out of the DART cookie by visiting Google’s Ads Settings.
On your first visit we show a cookie consent banner. You can withdraw or change consent at any time from the same banner or by clearing your browser data.
5. Third-party services and advertising
We integrate with the following services. Each has its own privacy policy — we recommend reading them.
- Google AdSense — serves the advertisements you see on ThinkerLoop. Google Privacy Policy.
- Google OAuth — powers the optional “Sign in with Google” flow.
- Supabase — hosts our authentication and leaderboard database. Supabase Privacy Policy.
- Vercel — hosts the static ThinkerLoop website. Vercel Privacy Policy.
- Cloudflare / CDNs — deliver our fonts and static assets.
Third-party advertisers we work with may use cookies and web beacons to measure ad performance. This information typically includes your IP address, ISP, browser type, and pages visited on this site. It does not include your name, email, or any other directly identifying information.
6. Legal bases (for EEA / UK users)
Under GDPR we rely on the following legal bases:
- Consent — for advertising cookies and optional analytics.
- Contract — for authentication and leaderboard features you have opted into.
- Legitimate interests — for security, abuse prevention, and product improvement.
- Legal obligation — for responding to lawful requests from authorities.
7. Your rights
Depending on where you live, you may have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Delete your data (“right to be forgotten”).
- Restrict or object to certain processing.
- Port your data to another service.
- Withdraw consent at any time.
- Lodge a complaint with your local data protection authority.
To exercise any of these rights, email care@thinkerloop.app from the email you used to sign in. We will respond within 30 days.
8. Data retention
Anonymous game state in LocalStorage stays until you clear it. Sign-in profiles and leaderboard rows are retained until you request deletion. Server access logs are retained for up to 90 days for security purposes.
9. Children’s privacy
ThinkerLoop is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact care@thinkerloop.app and we will delete it.
10. International transfers
Our servers and sub-processors may be located outside your country of residence — for example in the United States and the European Union. Where required by law, we rely on Standard Contractual Clauses or equivalent safeguards for these transfers.
11. Security
We use industry-standard practices to protect your data: HTTPS everywhere, encrypted data at rest at our sub-processors, and row-level security on our leaderboard database. No system is perfectly secure — if you notice a vulnerability, please report it responsibly to care@thinkerloop.app.
12. Changes to this policy
We may update this policy from time to time. Material changes will be announced on the site with at least 14 days’ notice before taking effect. The “Effective date” at the top of this page shows the current version.
13. Contact
Questions, corrections, deletion requests, or complaints:
📧 care@thinkerloop.app