Privacy Policy

Last Updated: June 20, 2026

1. Information We Collect

Mission Masters collects information that you provide directly to us, including:

  • Account information (name, email address, phone number)
  • Profile information and preferences
  • Event participation and game data
  • Location data when using our app
  • Payment information (processed securely through third-party providers)

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process transactions and send related information
  • Send technical notices, updates, and support messages
  • Respond to your comments and questions
  • Monitor and analyze trends and usage
  • Personalize your experience

3. Information Sharing

We do not sell your personal information. We may share your information only in the following circumstances:

  • With your consent
  • To comply with legal obligations
  • To protect our rights and safety
  • With service providers who assist in our operations

4. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

5. Your Rights

You have the right to:

  • Access your personal information
  • Correct inaccurate data
  • Request deletion of your data
  • Object to processing of your data
  • Data portability

6. Selfies and Personalized Media (Murder Mystery add-on)

If your organization purchases the optional Personalized Media add-on for a Murder Mystery event, we may collect a selfie from each consenting player so we can generate personalized evidence photos and short video clips that feature their likeness in the game's world. Participation is strictly opt-in and governed by these rules:

  • Consent is event-specific. You must grant consent for each event; consent granted for one event does not carry over to another.
  • In-app capture + liveness required. Selfies are captured through our in-app camera with a liveness check. We do not accept uploaded files, because that would make it impossible to confirm the selfie is of the consenting person.
  • Decline at any time. If you decline consent (or later revoke it), you can pick a fictional avatar from our built-in catalog for the game instead. Declining never affects gameplay or scoring.
  • Third-party processors are named and limited. We process selfies and derived media through AWS services (Rekognition for liveness and moderation, S3 for storage) and the media generation vendors disclosed in the in-app consent screen. We never send your selfie to any LLM (including Bedrock / Claude), and we never train a model on your selfie.
  • Retention is short and automatic. Selfies are deleted from our storage (and from any cached device copy) approximately 24 hours after the event ends or 24 hours after the event recap video is ready, whichever is later, capped at 7 days post-event regardless of recap status. Generated images and videos are retained for up to 30 days so you can download them as a keepsake, then deleted.
  • Immediate deletion on request. You can revoke your consent at any time in the app. Revocation cancels any in-flight generation, expires any generated assets, and schedules the selfie for immediate deletion from S3.
  • Biometric disclosure (Illinois BIPA and similar state laws). To the extent any state law classifies the liveness check or the generated derivative as a biometric identifier, we do not sell it, we do not disclose it to third parties except as strictly necessary to render your selected media, and we delete it on the retention schedule above or sooner upon your request.
  • Abuse reporting. If you see a generated asset you believe misuses a likeness, use the in-app Report action. Reported assets are hidden from gameplay immediately while our team reviews.

If you are located in the European Economic Area or the United Kingdom and your organization has enabled this feature for you, we rely on your explicit consent under Article 9 of the GDPR. You can withdraw consent at any time using the same in-app revoke control.

Questions or deletion requests for selfies or generated media can be sent to privacy@missionmasters.io.

7. Children's Privacy (COPPA / GDPR Article 8)

We require an age gate (birth month + year) before any account can play. If a user appears to be under our local children's privacy threshold (13 in the US, 13–16 in the EU/EEA, 13 in the UK) we collect verifiable parental consent ("VPC") before collecting any personal information from the child. We never sell children's data, never show targeted ads to children, and never build behavioral profiles of children. We do not collect a parent's birthdate.

Parents and guardians can review, withdraw consent, request deletion, or export their child's data at any time by emailing privacy@missionmasters.io or using the "Withdraw approval" control in the player's account settings. Read our full Children's Privacy Notice for the complete details, including jurisdiction-specific rules and 2027 US state-law preparedness (CAADCA, AASA, AB 1949).

8. GDPR Data Subject Rights

If you are located in the EU/EEA or UK, you have the right to access, correct, erase, restrict, port, or object to processing of your personal data. You may also withdraw any consent at any time. Send requests to privacy@missionmasters.io. We respond within 30 days as required by Article 12 of the GDPR.

9. Contact Us

If you have questions about this Privacy Policy, please contact us at:

Email: privacy@missionmasters.io
Address: [Your Company Address]