MidnightQuest (“we”, “us”, “the Company”) uses cookies and similar technologies when you access our website at midnightquest.app and associated services. This policy explains what cookies we use, why we use them, and how you can control them. By using our Platform, you consent to our use of cookies in accordance with this policy.
Section 2
Essential Cookies
Essential cookies are strictly necessary for the Platform to function. Without them, core features such as authentication, booking, and navigation will not work. These cookies cannot be disabled. They do not track you for marketing purposes and collect no personally identifiable information beyond what is required for platform operation.
| Cookie Name | Purpose | Duration | Type |
|---|---|---|---|
| mq_session | Authenticates your logged-in session. Required for account access, booking, and dashboard features. | Session | Essential |
| mq_auth_token | Stores your authentication token securely (httpOnly). Keeps you logged in between visits. | 30 days | Essential |
| mq_csrf | Cross-site request forgery protection token. Prevents malicious form submissions. | Session | Essential |
| mq_cookie_consent | Remembers your cookie consent preferences so we do not ask again on every visit. | 1 year | Essential |
| mq_locale | Stores your language and regional preference. | 1 year | Essential |
Section 3
Analytics Cookies
Analytics cookies help us understand how visitors interact with the Platform. This data is used in aggregate and anonymised form to improve user experience, identify popular features, and diagnose technical problems. You can opt out of analytics cookies without affecting your ability to use the Platform.
| Cookie Name | Purpose | Duration | Type |
|---|---|---|---|
| _ga | Google Analytics — distinguishes unique users by assigning a randomly generated number as a client identifier. | 2 years | Analytics |
| _ga_* | Google Analytics — stores and counts pageviews for this property. | 2 years | Analytics |
| mq_analytics | MidnightQuest internal analytics — tracks page views, feature usage, and quest engagement (anonymised). | 90 days | Analytics |
| _plausible | Plausible Analytics — privacy-friendly, GDPR-compliant aggregate analytics. No cross-site tracking. | Session | Analytics |
We use Google Analytics with IP anonymisation enabled and data sharing with Google disabled. Analytics data is retained for 14 months before automatic deletion. You may opt out of Google Analytics tracking via the Google Analytics opt-out browser add-on.
Section 4
Functional Cookies
Functional cookies enable enhanced features and personalisation on the Platform. They remember choices you have made — such as map preferences, saved locations, and quest filters — so you do not have to reconfigure them on each visit.
| Cookie Name | Purpose | Duration | Type |
|---|---|---|---|
| mq_map_prefs | Remembers your last map viewport, active filters, and layer preferences. | 6 months | Functional |
| mq_ui_theme | Stores your interface theme preference (dark variants). | 1 year | Functional |
| mq_saved_draft | Preserves unsaved listing or quest creation drafts to prevent data loss. | 7 days | Functional |
| mq_recently_viewed | Tracks recently viewed locations and stays for quick access on your homepage. | 30 days | Functional |
| intercom-session-* | Intercom live chat — identifies returning users and loads your support history. | 7 days | Functional |
Section 5
Marketing Cookies
Marketing cookies track your activity across websites to build a profile of your interests so that relevant advertising can be shown to you. These cookies are only set with your explicit consent. You may withdraw consent at any time through our cookie preference centre or your browser settings.
| Cookie Name | Purpose | Duration | Type |
|---|---|---|---|
| _fbp | Facebook Pixel — identifies users for targeted advertising on Facebook and Instagram. Only active if you have consented to marketing cookies. | 3 months | Marketing |
| _ttp | TikTok Pixel — tracks conversions and enables retargeting on TikTok. | 13 months | Marketing |
| ads/ga-audiences | Google Ads remarketing — identifies visitors for remarketing campaigns in Google Ads. | Session | Marketing |
Consent Required
Marketing cookies are never active by default. They are only placed after you explicitly click “Accept All” or “Allow Marketing” in our cookie banner. If you selected “Essential Only” or closed the banner, marketing cookies are not set.
Section 6
Third-Party Cookies & Services
Our Platform integrates third-party services that may set their own cookies. These services operate under their own privacy policies. We have selected partners that meet high standards of data protection, and where applicable, we have Data Processing Agreements in place.
Mapbox
We use Mapbox to render all interactive maps on the Platform, including the location explorer, quest maps, and stay location maps.
Cookies: Mapbox may set cookies to cache map tile data and session information for performance.
Data Protection: Mapbox is a subprocessor under our DPA. Map data queries are anonymised.
View Privacy Policy →Supabase
Supabase provides our database, authentication, and real-time infrastructure.
Cookies: Supabase sets session tokens (sb-access-token, sb-refresh-token) that are required for authenticated access to the Platform. These are classified as essential.
Data Protection: Supabase is an EU data processor with servers in the EU (Frankfurt). A signed DPA is in place.
View Privacy Policy →Stripe
Stripe processes all payment transactions on the Platform. We do not store card details ourselves.
Cookies: Stripe sets cookies (__stripe_mid, __stripe_sid) required for fraud detection and payment processing. These are essential cookies that cannot be disabled.
Data Protection: Stripe is a certified PCI DSS Level 1 service provider and an EU data processor under our DPA.
View Privacy Policy →Section 7
How to Control Cookies
You have several options for controlling or disabling cookies. Note that disabling essential cookies will prevent you from logging in or completing bookings.
Cookie Preference Centre
The easiest way to manage your preferences is through our cookie preference centre, which you can access at any time by clicking “Cookie Settings” in the footer of any page. You can enable or disable analytics, functional, and marketing categories independently.
Browser Settings
All major browsers allow you to view, delete, and block cookies through their settings. Instructions for the most common browsers:
- ·Chrome: Settings → Privacy and Security → Cookies and other site data
- ·Firefox: Settings → Privacy & Security → Cookies and Site Data
- ·Safari: Preferences → Privacy → Manage Website Data
- ·Edge: Settings → Cookies and site permissions → Cookies and site data
Do Not Track
Some browsers send a “Do Not Track” (DNT) signal. We honour DNT signals by disabling non-essential cookies when this signal is detected, subject to the technical limitations of individual browsers.
Opt-Out Tools
- ·Google Analytics: tools.google.com/dlpage/gaoptout
- ·Google Ads: adssettings.google.com
- ·Facebook/Meta: facebook.com/adpreferences
- ·NAI opt-out (US): optout.networkadvertising.org
- ·YourAdChoices (EU): youronlinechoices.eu
Section 8
Your GDPR Rights
If you are located in the European Economic Area (EEA) or United Kingdom, you have rights under the General Data Protection Regulation (GDPR) and applicable national data protection law. These rights apply to personal data processed via cookies where that data is associated with you as an identifiable individual.
- ·Right of Access: You have the right to request a copy of the personal data we hold about you, including data derived from cookie tracking.
- ·Right to Rectification: You have the right to request correction of inaccurate personal data.
- ·Right to Erasure: You have the right to request deletion of your personal data (“right to be forgotten”), subject to certain legal exceptions.
- ·Right to Restrict Processing: You have the right to request that we restrict how we process your personal data in certain circumstances.
- ·Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
- ·Right to Object: You have the right to object to processing based on legitimate interests, including profiling for direct marketing purposes.
- ·Right to Withdraw Consent: Where processing is based on consent (e.g. marketing cookies), you have the right to withdraw that consent at any time without affecting the lawfulness of processing prior to withdrawal.
To exercise any of these rights, contact our Data Protection Officer at privacy@midnightquest.app. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection authority. In the Czech Republic, this is the Office for Personal Data Protection (ÚOOÚ).
Section 9
Contact Us
If you have any questions about our use of cookies or this policy, please contact us:
MidnightQuest s.r.o.
Czech Republic
Privacy / DPO: privacy@midnightquest.app
General Support: support@midnightquest.app
This policy was last updated on January 1, 2025. We may update this policy from time to time to reflect changes in our practices or applicable law. Material changes will be communicated via email or a notice on the Platform.
Last updated: January 1, 2025