Privacy Policy
Last updated: June 27, 2026
The Daily Quest ("we," "us") publishes a free daily game-development newsletter and runs an optional RPG layer — quests, XP, streaks, leaderboards, and the Hall of Quests gallery — at thedaily.quest. This policy describes what we collect, how we use it, and the choices you have. It reflects how our product is built today in code and infrastructure.
Information we collect
Newsletter subscription. When you subscribe, we store your email address, optional name, and delivery schedule (daily or selected UTC weekdays) in Listmonk and our database. Subscriptions are submitted through our API, which registers you on a single newsletter list.
Quest and player progress. When you sign in and complete a daily quest on your profile, we associate progress with your subscriber email. We store pathway, XP, streaks, and per-issue completion status in our database (Cloudflare D1).
Profile (optional). If you sign in, you may set a username, display name, and avatar URL. Usernames are public when used on the leaderboard or Hall of Quests.
Quest submissions. When you submit a completed quest, we may store a reflection, optional GitHub or build URLs, and an optional screenshot (up to 5 MB; JPEG, PNG, WebP, or GIF). Submissions are tied to your player account and the issue you completed.
Advertising inquiries. If you book an ad package, we collect the advertiser email you provide and payment metadata from Stripe (session and booking records in our database).
Local browser data. After magic-link sign-in, we store a session identifier in
sessionStorage (tdq_session) used to authenticate API requests.
How we use information
- Send the daily newsletter and magic-link sign-in emails (Listmonk transactional via Amazon SES SMTP).
- Track quest completion, award XP, maintain streaks, and show leaderboard standings.
- Operate optional public profiles and the Hall of Quests when you opt in and pass moderation.
- Measure newsletter opens and ad engagement (see Tracking below).
- Compose newsletter content with automated research and editing tools (see Third parties).
- Respond to support, privacy, and advertising requests.
Public and shared content
The Hall of Quests and player profile pages show submissions only when you check "Share publicly," set a username, and moderation approves the entry. Approved screenshots are served from our public assets CDN; pending review screenshots stay in a quarantine storage prefix and are not linked publicly until approved. Rejected screenshots are deleted from storage.
Leaderboard entries display username (or display name), pathway, XP, and streak — not your email.
Moderation and automated review
Public gallery submissions run through deterministic safeguards (length limits, allowed build hosts, file type/size checks) and may be reviewed by an LLM judge (Chutes API). Outcomes are approved, review (human admin queue), or rejected. Automated moderation may receive reflection text, URLs, screenshot metadata, and optionally a base64-encoded image or public asset URL for vision review when configured.
Tracking
- Newsletter analytics. Opens and link clicks for sent issues are tracked by Listmonk (our newsletter platform), not by per-recipient pixels on our API.
- Ad clicks. Sponsored images link through our redirect endpoint (
/r/…), which logs the click (creative and issue) before sending you to the advertiser's URL.
We do not sell your personal information.
Authentication
Profile sign-in uses email magic links. We email a one-time token (valid one hour), then
create a server-side session in Cloudflare KV (seven-day TTL). Sessions are sent to our API
via the
x-session header from the web app. Signing out clears browser session storage; you
can request a new magic link anytime.
Where data is stored
- Cloudflare D1 — players, quest progress, issues, submissions, send logs, ad bookings, achievements.
- Cloudflare R2 — quest screenshots (quarantine and public prefixes).
- Cloudflare KV — authenticated web sessions.
- Listmonk — subscriber list membership and preferences.
- Stripe — payment processing for ad packages (when enabled).
Third-party services
- Listmonk — newsletter list management and subscription forms.
- Amazon SES — transactional and newsletter email delivery.
- Stripe — advertiser checkout (optional).
- Cloudflare — hosting, database, object storage, and sessions.
- Chutes — LLM used for editorial drafting and submission moderation when API keys are configured.
- Exa — web research for newsletter composition when configured.
Each provider processes data under their own terms and privacy policies.
Retention and deletion
Newsletter data is retained while you remain subscribed. Quest and profile data persist to maintain your progress unless you ask us to delete it. Session tokens expire automatically. Auth magic-link tokens are cleared after use or expiry.
To export or delete your data, unsubscribe, or ask questions, use our . We will verify ownership via the email address on your account or subscription.
Children
The Daily Quest is aimed at game developers and is not directed at children under 13. We do not knowingly collect personal information from children.
Changes
We may update this policy as the product changes. Material updates will be reflected on this page with a revised "Last updated" date.