Privacy Policy

IconicQuest is the current public-facing project on this site, operated under the IconicBound name. This policy explains what we collect, how we use it, the legal bases we rely on, and your rights in relation to the website, waitlist, community flows, and related account-access features.

1. Information We Collect

1.1 Personal Information

We may collect the following types of personal information:

• Contact information you submit to us, such as name, display name, or email address
• Account and access information when you create an IconicQuest-related account or request access
• Messages or information you provide through our official community and support channels
• Limited supporter information shared with us through Patreon or Ko-fi when relevant to supporter perks or access
• User-generated content you provide through related IconicQuest account or community features

1.2 Support Platforms (Patreon / Ko-fi)

If you choose to support IconicQuest through Patreon or Ko-fi, we may receive limited information from those platforms such as your display name, membership tier or support status, and any message or contact details you choose to share there. Payment details are processed by Patreon or Ko-fi and are not collected or stored by this website.

1.3 Waitlist, Community, and Access Flows

We may store email address, source, timestamps, and related preference or access information when you join the waitlist, request alpha access, sign in, or interact with official community channels connected to the project.

1.4 Automatically Collected Information

When you visit our website or use related access flows, we automatically collect certain information about your device and usage, including:

• IP address and geographic location
• Browser and device information
• Website usage data (pages visited, time spent, referral sources)
• Usage data tied to site features, waitlist flows, account access, or other related services

2. How We Use Your Information

Legal Bases (GDPR)

We process data under:

• Contract – to provide services or access you request (accounts, supporter perks, waitlist or alpha-related access).
• Legitimate Interests – to secure our services, prevent abuse, operate the website, and improve features (balanced against your rights).
• Consent – for marketing emails, waitlist updates, or other optional communications where consent is required.
• Legal Obligation – to comply with tax, accounting, and regulatory duties.

We use your personal information for the following purposes:

• Create and manage your IconicQuest-related account or access status
• Run the waitlist and related alpha-access flows
• Verify Founder or supporter-related access when applicable
• Respond to messages sent through our official channels
• Send waitlist, account, or project updates when you have asked to receive them
• Improve our website, access flows, and community experience
• Track and analyze website usage and performance
• Detect and prevent fraudulent activities
• Prevent fraud and abuse (rate limiting, anomaly detection, anti-cheat for IconicQuest)

3. How We Share Your Information

We may share your personal information with:

• Service providers who help us operate the website and related access flows (hosting, authentication, database, email, and infrastructure providers)
• Professional advisors (lawyers, accountants, insurers)
• Government authorities when required by law
• Third-party platforms you choose to use with the project, such as Patreon, Ko-fi, Discord, or YouTube

Service Providers (Processors)

We use trusted vendors to operate the website and access flows, and we may also interact with third-party support platforms you choose to use, including:

• Supabase (database, authentication, hosting, Edge Functions)
• Resend (transactional email notifications)
• Patreon and Ko-fi (external support platforms, if you choose to use them)
• Hosting/CDN and analytics providers as needed

We only share what's necessary to run the service, and vendors are contractually bound to protect your data.

We do not sell your personal information to third parties.

4. Data Security

We protect data with encryption in transit (HTTPS/TLS) and at rest (provider default), strict access controls (least-privilege), and Row Level Security (RLS) on our databases where applicable. Sensitive operations (e.g., waitlist notifications) use signed requests and secret headers. While no system is perfectly secure, we continuously review access, rotate keys, and log critical events. If we become aware of a data breach affecting you, we'll notify you and the relevant authority when required by law.

5. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

• Access the personal information we hold about you
• Correct inaccurate or incomplete information
• Request deletion of your personal information
• Object to or restrict certain processing activities
• Data portability (receiving your data in a structured, machine-readable format)
• Withdraw consent at any time (where processing is based on consent)

To exercise your rights, use the contact form and include the email address you used with us if relevant. We aim to respond within one month where GDPR applies.

You can unsubscribe from marketing or waitlist emails at any time via the link in the message. Service emails related to access, policy updates, or account actions are not marketing and may still be sent when necessary.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect information about your browsing activities and to remember your preferences. You can manage your cookie preferences through your browser settings. For more information, please see our Cookie Policy.

If we introduce non-essential cookies or trackers that require consent, we will provide an appropriate consent flow or settings control. You can also manage cookie behavior through your browser settings.

7. Children's Privacy

IconicBound services are not directed to children under 16 in the EU/UK (or the age of digital consent in your country). If you believe a child provided data to us, use the contact form and we will review and delete it where appropriate.

8. International Data Transfers

We may transfer data outside your country (e.g., to the U.S. or EEA). Where we do, we rely on appropriate safeguards, such as the EU Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms. Copies of relevant safeguards are available on request where legally permissible.

9. Data Retention

• Waitlist: retained until launch, unsubscribe, deletion request, or until no longer needed for the current access campaign; we periodically prune bounced or invalid entries.
• Support or community messages: retained only as long as needed to respond, moderate, or maintain a record of the interaction.
• Account or access data: retained while the account or access relationship remains active, or longer if required for security, abuse prevention, or legal reasons.
• Supporter linkage data: retained only as long as reasonably needed to verify perks, access, or related supporter status.

10. Automated Decisions / Profiling

We do not make decisions with legal or similarly significant effects based solely on automated processing. We may use basic profiling (e.g., anti-cheat risk scores, gameplay segmentation) to protect the service and improve features.

11. Changes to This Privacy Policy

We may update this policy periodically. If changes are material, we'll notify you via email or a prominent notice on the site before they take effect. The "Last Updated" date will reflect the latest version.

12. Contact Us

If you have questions about this privacy policy or our privacy practices, use the contact form.

Appendix — Data Sources & Vendors

• Supabase (database, auth, hosting, Edge Functions)
• Resend (email delivery)
• Patreon (support platform)
• Ko-fi (support platform)
• Analytics/CDN providers as listed on our site or in product docs