CEREBRO MODE

PRIVACY

⚠ TODO: LEGAL REVIEW

This page is placeholder scaffolding that describes what the code actually does with data. It is not a lawyer-reviewed policy and makes no claim of GDPR (or any) compliance. Before a wide launch this needs a counsel-reviewed policy, processor DPAs (Vercel, Neon, OpenRouter, OpenAI, Vercel Blob), and possibly a consent-management vendor.

What we collect

  • Coarse location of scans/clicks — country, region and city from edge headers, plus latitude/longitude rounded to roughly city level (~11 km).
  • A daily-salted, hashed dedupe token so we can tell a repeat scan from a new one — this is not your IP address and cannot be reversed back into one.
  • Timestamps and a coarse device family (e.g. “ios”, “android”).
  • The prompt you submit, the generated image, and an optional handle.
  • Your cookie-consent choice.

What we never store

  • Your raw IP address. It is used in-memory only to compute the daily hash, then discarded — it is never written to the database.
  • Names, emails, or accounts (there are none).
  • Third-party advertising or analytics trackers (there are none).

Why we collect it

Solely to run the game: the world map of scans and the territory leaderboard. All analytics live in our own database — nothing is sold or shared.

Your controls

If you created a cerebro from this browser, its page shows a Delete control. Deleting it purges all of its scan rows and removes it from the leaderboard. (Deletion is authorized by a private token stored in your browser, so only the creating device can do it.)

Processors

We rely on Vercel (hosting + edge geo), Neon (database), Vercel Blob (image storage), OpenRouter (image generation) and OpenAI (prompt moderation). Production DPAs with these processors are part of the pending legal review.