Trust, security, and compliance
Plain-language answers for IT, legal, and accessibility reviewers. We improve this page as our stack and processes evolve—ask hello@geoquestr.com if something is missing for your tender.
Data handling overview
GeoQuestr is a cloud-hosted web application. Creators sign in to build experiences; participants usually join via a link or QR code in the mobile browser (PWA) without installing an app from a store. Activity content you author (text, images, locations) is stored so participants can load the experience. Gameplay data (scores, progress, optional photos where you enable those features) is processed to run the activity and show hosts analytics and reports. AI-assisted features (where enabled) send only the inputs needed for that feature to the configured AI provider. Maps and geolocation rely on third-party map APIs. Exact categories of personal data are described in our privacy policy.
Accessibility
We aim for WCAG 2.1 Level AA conformance for core marketing pages and creator flows where feasible. Participant play uses maps, motion, and 3D visuals that depend on device capabilities; some rich experiences may not be fully accessible to every assistive technology. If you have a public-sector mandate, tell us your requirements when you reach out and we can discuss reasonable adjustments or scope for your pilot.
GDPR & Data Processing Agreement (DPA)
For organizations that need a DPA under the GDPR, email hello@geoquestr.com with your legal entity name, address, and a short description of the processing. We will respond with next steps. Consumer-facing details are covered in the privacy policy.
Security contact
To report a security issue or suspected vulnerability, email hello@geoquestr.com with “Security” in the subject line. For general data requests, use the same address and describe your relationship to the account or activity.
Invoicing & custom terms
Self-serve plans are billed via Stripe. For purchase orders, custom participant limits, or municipal procurement processes, use the Enterprise / Custom contact paths on the pricing page or the solution contact forms—we will work with you case by case.
Subprocessors & key services
GeoQuestr relies on the following categories of processors to deliver the service. This list is for procurement convenience and may be updated as vendors change—contractual terms are governed by our agreements and privacy policy.
| Service / vendor | Typical purpose |
|---|---|
| Google Firebase (Auth, Firestore, Realtime Database, Storage, Hosting-related infrastructure) | Authentication, application data, live gameplay sync, file storage, hosting |
| Mapbox | Interactive maps, geocoding, terrain and map visuals in the client |
| Stripe | Payments and subscriptions for creators |
| Resend | Transactional email (e.g. contact form, account messages) |
| OpenAI (or configured AI provider) | Optional AI features such as activity generation, descriptions, or judging when enabled by the creator |
| Analytics / measurement (if configured) | Product usage measurement when enabled in your deployment |