Privacy Policy
Effective Date: 03.01.2026
Last Updated: 03.07.2026
1. Introduction & Controller Identity
This Privacy Policy describes how Interesantumi SIA (“we,” “us,” or “our”), a company registered in the Republic of Latvia (registration number 42103102653), collects, uses, and shares information when you use the Take n Run platform at taken.run (the “Platform”).
Take n Run is an interactive photo scavenger hunt game platform where organizers create games with checkpoints and players participate by submitting check-in photos.
Contact Information:
- Email: hello@taken.run
- Mailing Address: Sigulda, Nurmizu 33-90, LV-2150, Latvia
2. Information We Collect
2.1 Game Organizers
When you create a game, we collect:
- Display name — used within the game interface only; no account or email required.
2.2 Players
When you participate in a game, we collect:
- Player name — up to 20 characters, used for in-game identification.
- Check-in photos — images you submit at checkpoints.
- GPS coordinates — extracted from photo EXIF metadata or obtained via your browser’s geolocation API, used for game validation.
- Feedback and ratings — optional post-game feedback you choose to provide.
2.3 Automatically Collected Information
When you access the Platform, we automatically collect:
- IP address — up to 45 characters, supporting both IPv4 and IPv6.
- User agent — your browser type and version.
- Session data — stored via browser cookies for session management.
- Browser cookies — as described in Section 5 below.
2.4 Advertising & Analytics Identifiers
By default, with opt-out available, we may collect:
- Facebook identifiers:
_fbc(click ID),_fbp(browser ID) - Google identifiers:
_ga(Analytics client ID),_gid(Analytics session ID),_ga_*(GA4 stream cookies),_gcl_aw/gclid(Google Ads click ID)
3. How We Use Your Information
We use collected information for the following purposes:
- Game operation — delivering the core scavenger hunt experience, including check-in validation, scoring, real-time updates, and displaying results.
- Location verification — comparing GPS coordinates from your photos or browser with checkpoint locations.
- Analytics — understanding how the Platform is used to improve functionality (requires analytics consent).
- Marketing — measuring advertising effectiveness through conversion tracking (requires marketing consent).
- Public gallery — displaying select checkpoint photos in our public gallery (only when the game organizer has granted consent for their game).
- Security and abuse prevention — fraud detection and protecting the Platform.
4. Photo Data & EXIF Handling
When you upload photos to the Platform:
- GPS extraction — We read EXIF metadata from your photo to extract GPS coordinates (latitude and longitude) for game validation purposes.
- EXIF stripping — After extracting GPS data, all EXIF metadata is removed from the photo during image processing. The stored photo does not contain EXIF data.
- GPS storage — Extracted GPS coordinates are stored separately in our database, associated with your check-in record.
5. Cookies & Tracking Technologies
We use the following cookies:
| Cookie | Purpose | Duration |
|---|---|---|
takenrun_session |
Session management (HttpOnly, Secure, SameSite: Lax) | 120 minutes |
tnr_consent |
Stores your cookie consent preferences | 1 year |
Third-party cookies (set based on your consent preferences):
| Cookie | Service | Purpose |
|---|---|---|
_ga, _gid, _ga_* |
Google Analytics (GA4) | Website analytics |
_gcl_aw |
Google Ads | Conversion tracking |
_fbc, _fbp |
Facebook (Meta) | Conversion tracking |
Cookie Consent
We operate an opt-out model. Analytics and marketing cookies are enabled by default. You may opt out at any time here:
Your consent preference is stored in the tnr_consent cookie for 1 year.
6. Third-Party Services
We use the following third-party services that may process your data:
| Service | Provider | Purpose | Data Shared |
|---|---|---|---|
| Pusher | Pusher Ltd. | Real-time game communication (WebSockets) | Game events, messages |
| Google Maps | Google LLC | Interactive maps, location display | GPS coordinates |
| Google Analytics (GA4) | Google LLC | Website analytics | Client ID, page views, user agent |
| GA4 Measurement Protocol | Google LLC | Server-side analytics | Client ID, user agent, consent status |
| Facebook Pixel | Meta Platforms, Inc. | Conversion tracking | Browser ID, click ID, page views |
| Facebook Conversions API | Meta Platforms, Inc. | Server-side conversion tracking | IP address, user agent, click IDs, event data |
| Google Ads Enhanced Conversions | Google LLC | Conversion measurement | Click ID, user agent, event data |
| Mailgun | Sinch Email (Mailgun) | Transactional email delivery | Email address (if applicable) |
We use Google Consent Mode v2 to manage data collection by Google services. The Google tag loads on all pages but operates in a restricted mode until you grant consent. When consent is denied, Google may collect anonymized, cookieless pings for basic measurement but does not set advertising or analytics cookies. Full data collection and cookie storage are enabled only after you grant the corresponding consent (analytics or marketing). Facebook Pixel and server-side services only receive data when you have provided the corresponding consent.
7. Data Sharing
We do not sell your personal data.
We share data only with the third-party service providers listed in Section 6, and only as necessary to operate and improve the Platform. We may also disclose information if required by law or to protect our legal rights.
8. Data Retention
We retain game data according to the following schedule. After a game ends, an automated cleanup process runs daily to enforce these retention periods.
| Data Type | Retention Period |
|---|---|
| Game summary (scores, standings) | 180 days after game ends |
| Check-in photos and submissions | 30 days after game ends |
| Player-uploaded checkpoint photos* | 30 days after game ends |
| Messages and chat history | 30 days after game ends |
| Player feedback and ratings | 30 days after game ends |
| Tracking events (analytics/marketing) | 30 days after game ends |
| Full game record (all remaining data) | 180 days after game ends |
| Application logs | 14 days |
| Session data | 120 minutes (2 hours) |
| Consent cookie | 1 year |
| Game-specific browser cookies | 4 hours |
*Checkpoint photos selected for the public gallery (with organizer consent) are preserved beyond the 30-day cleanup.
Games may also be deleted earlier at our discretion or if access is terminated.
9. Your Rights Under US State Privacy Laws
Depending on your state of residence, you may have the following rights:
California (CCPA/CPRA)
- Right to know — what personal information we collect, use, and share.
- Right to delete — request deletion of your personal information.
- Right to opt out — of the sale or sharing of personal information. We do not sell personal information.
- Right to non-discrimination — for exercising your privacy rights.
Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and Similar State Laws
- Right to access — confirm whether we process your personal data and access it.
- Right to correct — inaccurate personal data.
- Right to delete — your personal data.
- Right to data portability — obtain a copy of your data in a portable format.
- Right to opt out — of targeted advertising, sale of personal data, or profiling. We do not sell personal data or engage in profiling.
Exercising Your Rights
To exercise any of these rights, contact us at hello@taken.run. We will respond to verified requests within the timeframes required by applicable law (generally 45 days). We may ask you to verify your identity before fulfilling a request.
10. Children’s Privacy
The Platform is not directed at children under 13. You must be 18 or older to purchase a game.
Players under 13 may participate in games only under the direct supervision of a parent or legal guardian who has purchased or organized the game. We do not knowingly collect personal information from children under 13 without parental involvement through the game organizer.
If you believe we have collected information from a child under 13 without appropriate parental supervision, please contact us at hello@taken.run and we will promptly delete such information.
11. Data Processing Location
Your data is processed on servers located in the United States. Our third-party service providers, including Google LLC, Meta Platforms Inc., and Pusher Ltd., are also based in the United States.
12. Security Measures
We implement the following security measures to protect your data:
- HTTPS encryption — all data transmitted between your browser and our servers is encrypted.
- EXIF stripping — photo metadata is removed before storage.
- CSRF protection — forms are protected against cross-site request forgery.
- HttpOnly and Secure cookies — session cookies cannot be accessed by JavaScript and require HTTPS.
- Input validation — all user inputs are validated and sanitized.
13. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will update the “Last Updated” date at the top of this page. We encourage you to review this policy periodically.
For material changes that significantly affect how we handle your personal data, we will make reasonable efforts to provide notice (such as a prominent notice on the Platform).
14. Contact Us
If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:
- Email: hello@taken.run
- Mailing Address:
Interesantumi SIA
Sigulda, Nurmizu 33-90, LV-2150, Latvia