Privacy policy

The data controller is François-Marie Le Régent, operating OhMyQuest (ohmyquest.com). For privacy requests, use the contact page with the subject line "Personal data request" so we can find your message quickly.

Depending on how you use the site, we may process:

• Account and order data: name, email, billing country, and payment confirmation metadata from Stripe
• Personalization inputs you submit: children first names, optional notes for the story, language, and similar fields needed to build the quest and PDF
• Technical data: IP address, browser type, device type, approximate location from analytics, and cookies as described below
• Support messages: text you send through our contact or feedback forms

• To perform the contract: take payment, generate your quest, send access links, and deliver the PDF
• Legitimate interests: improve the product, secure the service, measure basic usage, and respond to inquiries
• Consent: where required for non-essential cookies or marketing (you can withdraw consent at any time)
• Legal obligations: tax, accounting, and fraud prevention where applicable

Your private quest page is accessed through a unique link tied to your purchase. We store the minimum information needed to operate that session (for example an identifier and progress state) on our infrastructure. Do not share your link in public channels if you want to keep the experience private to your family.

We rely on vetted providers, including:

• Stripe for payments
• Netlify for hosting and related infrastructure
• EmailJS for sending messages from our forms and some transactional emails
• Google Analytics and, when enabled, PostHog for product analytics
• Crisp for optional chat support
• Clickio for consent management where we load their CMP

We do not sell your personal information. Providers process data only on our instructions and where a lawful basis applies.

We keep data only as long as needed for the purposes above, including:

• Order and invoicing records: for the period required by tax and accounting law (often several years)
• Play session and delivery data: long enough to restore access if you lose your link, then pruned according to our operational policies
• Analytics identifiers: per vendor defaults unless shortened by configuration
• Support threads: typically up to two years unless a longer period is needed for an open dispute

• HTTPS for data in transit
• Card data handled only by Stripe (PCI scope on their side)
• Limited internal access to order and personalization data

We use essential cookies for the site to function. With your consent where required, we use analytics and support cookies. You can adjust preferences through our consent banner (Clickio) or your browser settings.

We are based in France and serve customers globally. Providers may process data in the United States or other countries. Where EU law applies, we rely on appropriate safeguards such as Standard Contractual Clauses offered by vendors where relevant.

Depending on your location, you may have rights to access, correct, delete, restrict, or export your data, and to object to certain processing. You may also lodge a complaint with your supervisory authority. To exercise a right, email us via the contact page with enough detail to identify your order.

Our product is designed for families to use together. We collect child first names only as personalization you voluntarily provide as the parent or guardian placing the order. We do not knowingly collect contact data directly from children for marketing.

Last updated: April 14, 2026. We will post substantive changes on this page.