Circle Back Back to today's puzzle

Privacy

Wed Apr 29 2026 10:00:00 GMT+1000 (Australian Eastern Standard Time)

Privacy

Status: Placeholder. Shield is drafting the production-ready text. The notes below describe Circle Back's data posture as of v1 and are written in plain English so a normal human can read them. Do not treat any sentence here as legal advice — the final document, with the AU Privacy Act citations and APP language Shield owns, replaces this file before public link-out.

What we collect

Almost nothing.

You can play Circle Back without an account, an email address, a cookie banner, or a sign-in. The site does not ask for your name, your email, or your location.

We do collect a few non-identifying things to make the daily puzzle work:

  • Your local play stats. Streak, last-played date, and a short history of recent puzzles are stored in your browser's local storage. They never leave your device. Clear your browser storage and they're gone.
  • Anonymous puzzle telemetry. Google Analytics 4 records that someone played puzzle CB-042, finished in N seconds, and shared a result. No identifiers. No personal data. GA4 runs in cookieless mode (client_storage: 'none').
  • The Today's Office aggregate. When you finish a puzzle, your time gets added to that day's puzzle aggregate so the strip can show median, fastest, and your percentile. See the next section for exactly what this involves.

That's the full list.

How the Today's Office aggregate works

The Today's Office strip on the win screen is the one place Circle Back talks to a backend. Here's what happens, in order:

  1. When you load the page, your browser asks the Circle Back server for an anonymous play token. The server hashes your IP address with a secret salt that rotates daily, embeds the puzzle id, signs the token, and sends it back. The server never stores your raw IP.
  2. When you finish the puzzle, your browser submits your time and the token. The server verifies the signature, checks the token hasn't been replayed, and appends your time to a daily blob keyed only by the puzzle id.
  3. The blob is an array of integers — like [31, 47, 52, 58, ...]. It does not contain your IP, your token, your timestamp, your user-agent, or anything else about you. It only contains seconds.
  4. After 30 days, the blob is deleted.

The IP-hash never appears in any blob, never appears in any log, and is salted with a daily-rotating secret so even the hash is meaningless across days.

We chose this design because it gives the strip its social-proof value without ever holding personal information about a player.

What we don't collect

  • Your name.
  • Your email address (unless you opt into the post-share email pack — and we haven't shipped that yet in v1).
  • Your IP address. (We hash it, then throw the raw IP away. The hash is never stored.)
  • Your User-Agent string.
  • Your geolocation.
  • Cookies of any kind.
  • Browser fingerprinting signals.
  • Any telemetry from devices that don't open the site.

Logs

The Netlify Functions that run the Today's Office API write minimal logs:

  • HTTP method, response status, function duration. (Default Netlify telemetry.)
  • A short reason code for rejected submissions, e.g. [score-submit] reason=token_replay.
  • An error message if the function throws.

Logs do not contain the request body, the token, the IP, or the User-Agent. Logs are retained for 7 days, the Netlify default.

Australian Privacy Act 1988

Circle Back is built and operated from Australia. Where the Privacy Act applies, the position is straightforward: we don't collect "personal information" as defined in s6 of the Act, because hashed IPs salted with a daily-rotating secret are not reasonably re-identifiable. No APP 5 collection notice is required. No APP 7 direct-marketing consent is required.

If we ever start collecting personal information — for example, when the optional email pack ships — we'll update this page first.

Third parties

Circle Back uses three third parties, all of which see only what's already public:

  • Netlify — hosts the site and runs the functions. Netlify processes IP addresses to route traffic. We never store the IPs Netlify routes.
  • Google Analytics 4 — receives anonymous puzzle play events. Cookieless mode, no client storage.
  • Google Fonts — none. We self-host fonts. Google Fonts does not see your visit.

Contact

If you have a privacy question, please email privacy@circlebackaustralia.com. We try to reply within 7 days.

If we change this policy, the updated date at the top of this page changes too.