Privacy Policy — Are We On The Same Page?

1 Who We Are

Are We On The Same Page? is operated by Boris Jovanovic, a sole proprietor based in France. References to "we," "us," or "our" in this policy refer to this service.

For questions or requests about your personal data, contact us at hello@areweonthesamepage.com.

2 Data We Collect

Account data

Email address — required to create an account and receive your authentication code.

Game data

Player names — the first names you enter (e.g., "Alice" and "Bob") are stored with your game session so you can resume it later.
Answers — your selections are stored as anonymous numeric indices (e.g., answer #2 out of 4 options). The answer text itself is not stored on our servers.

Payment data

Payments are processed by Stripe. We receive confirmation that your payment succeeded, along with the amount and currency. We do not store your card number, CVV, or any other sensitive payment details — these never touch our servers.
We store a Stripe Customer ID linked to your account for billing reference.

Usage & analytics data

We use PostHog (hosted in the EU) to collect anonymised usage events such as pages visited, buttons clicked, game progress, and payment funnel steps. This helps us understand how people use the game and improve it.
Analytics data includes your device type, browser, and approximate country. It does not include your precise location.
If you are logged in, events are associated with a pseudonymous user ID (not your email) in PostHog.

Cookies & local storage

access_token — authenticates your session. HTTPOnly, stored for 365 days.
ab_price — stores the pricing variant assigned to you on first visit (part of ongoing price testing). HTTPOnly, stored for 365 days.
demo_answers / demo_names — temporarily stores your progress during a demo game, so it is not lost when you log in. Cleared upon authentication.

We do not use cookies for advertising. Analytics cookies are used based on our legitimate interest to improve the Service.

3 How We Use Your Data

To provide the Service — authenticating your account, saving your game progress, and restoring it when you return.
To process your payment — verifying and recording your purchase.
To communicate with you — sending your authentication code and your purchase confirmation email. We do not send marketing emails.
To improve the Service — analysing usage data (via PostHog) to understand how people use the game and improve it.
To test pricing — the price you see on your first visit may be assigned randomly as part of a pricing experiment.

Legal basis for processing:

Contractual necessity — to provide the Service and process your purchase.
Legitimate interests — to analyse usage and improve the Service.

We do not sell your personal data. We do not use your data for advertising.

4 Third-Party Services

We use the following third-party services to operate the Service. Each has its own privacy policy.

Service	Purpose	Data shared	Privacy policy
Stripe	Payment processing	Email, purchase amount, currency	stripe.com/privacy
Resend	Transactional emails (auth code, purchase confirmation)	Email address, email content	resend.com/privacy
PostHog	Product analytics (EU-hosted)	Usage events, device info, pseudonymous user ID	posthog.com/privacy

Some of our service providers may process data outside the European Economic Area (EEA). In such cases, appropriate safeguards (such as standard contractual clauses) are in place.

5 Data Retention

Account and game data are retained as long as your account is active.
Authentication codes (OTP) expire after 10 minutes and are deleted after use.
Session tokens expire after 365 days.
Inactive accounts may be deleted after a prolonged period of inactivity.
You may request deletion of your account and all associated data at any time.

6 Your Rights (GDPR)

If you are located in the European Economic Area (EEA), you have the following rights regarding your personal data:

Right of access — you can request a copy of the personal data we hold about you.
Right to rectification — you can ask us to correct inaccurate data.
Right to erasure — you can ask us to delete your personal data ("right to be forgotten").
Right to restriction — you can ask us to limit how we process your data in certain circumstances.
Right to data portability — you can request your data in a structured, machine-readable format.
Right to object — you can object to processing based on legitimate interests.

To exercise any of these rights, email us at hello@areweonthesamepage.com. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority.

7 Data Security

We take reasonable technical measures to protect your data, including:

HTTPS encryption for all data in transit.
HTTPOnly, SameSite cookies for authentication tokens.
No storage of passwords — authentication is code-based only.
No storage of payment card data — handled entirely by Stripe (PCI-DSS compliant).

No method of transmission over the internet is 100% secure. In the unlikely event of a data breach that affects your rights or freedoms, we will notify you as required by applicable law.

8 Children's Privacy

The Service is not directed to children under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe a minor has created an account, please contact us and we will delete it promptly.

9 Changes to this Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email. The "Last updated" date at the top of this page will always reflect the most recent version.