1. What information we collect
Account information
- Email address and username when you create an account
- Password (stored as a salted hash — we never see your actual password)
- Preferred language
Gameplay data
- Every scenario decision you make and the option you chose
- Ethics dial values before and after each decision
- Your funds and energy resource levels during sessions
- Session start and end times, and session outcome
- Which personas you selected and which phases you played
AI interaction data
- Chat messages you send to the AI advisor and persona characters
- Which knowledge base sources were retrieved for your questions
- The AI model and version used to generate responses
Behavioral profile
- Your decision-making pattern across sessions (compliance rate, risk style)
- Which ethics dials you typically neglect or develop
- Cross-session engagement statistics
Technical data
- Anonymized IP address (first two octets only — e.g., 192.168)
- Browser and device type (for fixing technical issues)
- Pages visited and buttons clicked within the game
2. Why we collect it
- To run the game — save your progress, personalize your experience, and adapt difficulty
- To improve BridgeQuest — understand what scenarios work well and which need revision
- For academic research — only when you explicitly consent; used to study how people reason about ethics in immigration contexts
- For security — detect abuse and protect your account
3. How long we keep it
- Account data: retained as long as your account is active
- Game sessions and decisions: 2 years from the session date
- Behavioral profile: 3 years
- Chat messages with AI: 12 months
- AI model interaction logs: 24 months
- After these periods, data is automatically purged or irreversibly anonymized
4. Who we share it with
We do not sell your data. We share it only with:
- IONOS Cloud — our server and AI model provider, based in Germany (EU data protection standards apply)
- Cloudinary — persona and game image hosting
- University of Alberta — the research institution overseeing the study (only anonymized, consent-gated research data)
All service providers are bound by data processing agreements and may not use your data for their own purposes.
5. Your rights
Under PIPEDA (Canada) and GDPR (EU), you have the right to:
- Access — request a copy of all data we hold about you (fulfilled within 30 days)
- Correction — correct inaccurate information
- Deletion — delete your account and all associated data
- Withdrawal — withdraw research consent at any time without affecting your game access
- Portability — receive your data in a machine-readable format (JSON)
Exercise these rights from your Privacy Dashboard or email privacy@bridgequest.ca.
6. Security
We protect your data using:
- HTTPS encryption for all data in transit
- Encrypted database connections
- Passwords stored as bcrypt hashes (never stored in plain text)
- IP address anonymization (only the first two octets are stored)
- Regular automated data purges after retention periods expire
In the event of a data breach affecting your personal information, we will notify you by email within 72 hours of becoming aware of it.
7. Children under 18
BridgeQuest is intended for users 18 and older. We do not knowingly collect personal data from anyone under 18 without verifiable parental consent. If you believe we have collected data from a minor, please contact us immediately at privacy@bridgequest.ca and we will delete it.
Privacy questions, requests, or complaints:
privacy@bridgequest.ca
University of Alberta, Faculty of Arts
Edmonton, Alberta, Canada
We will respond within 30 days. If you are unsatisfied with our response, you may contact the
Office of the Privacy Commissioner of Canada.