privacy
last updated: 5 june 2026
Follow is a horror PWA. We collect as little as the game needs, and we tell you exactly what that is. No ad networks. No third-party analytics. No cookies beyond what the browser sets for its own state.
what we collect
session id — a random string generated on your device the first time you open the app. Stored in localStorage. We use it to key your journal, unlock status, and preferences. It is NOT your identity — it is a pseudonymous rowkey. If you clear site data, the session ID is gone and a new one is generated when you return.
operative name (optional) — the name you type on the landing screen. Stored only on your device, and passed to the AI narrator so your in-game lines reference you by name. Never shared with third parties.
email address (optional) — if you enter one on the landing screen, we store it against your session ID so you can receive the weekly dispatch. You can unsubscribe by clearing the field or using the opt-out link in any dispatch email. We never sell this address.
location (GPS) — used only while the tracker page is active, and only if you grant the browser permission. Approximate latitude / longitude is sent to our server to place encounters in your real environment and to record a journal entry location. Coordinates in the shared encounter heatmap are rounded to roughly 3-decimal-place precision (~110 metres) before they are stored, so shared data cannot pinpoint you. Your own private journal keeps each encounter’s full-precision location so your field log is accurate to you. The browser never shares your exact position with us without a new permission prompt.
camera + microphone (rituals) — requested when a ritual needs them and only for the duration of that ritual. Microphone audio is read as amplitude only — we never record or upload audio buffers. Ritual / evidence camera frames stay on your device. When the ritual ends, the stream is released and the mic indicator turns off.
your face (optional, biometric) — if you tap “let her see you” on the opening face screen, the app takes ONE photo of your face with the front camera and sends it to our AI image provider, OpenAI, to generate your personalised entity portrait. The generated portrait is then cached on our server (Turso) so it is not regenerated every time. We treat your face as biometric data and use it for nothing else. This is optional: you can skip it on that screen and still play (you simply won't see your own face in the AI reveals), and you can erase the captured face and every generated portrait at any time via profile → field settings (“clear AI portraits”) or “delete all data.”
compass + motion — on-device only. Never leaves your phone.
journal entries — your encounter log, kept against your session ID on our server so you can read it back across devices if you later link an email. Includes entity identified, brief narrator excerpt, danger level, and approximate location.
evidence photos + evp recordings — stored in your browser only (IndexedDB). They never leave your device. Clear them any time via profile → field settings.
anonymous analytics — first-party event counts (e.g. how often identify_success fires vs. identify_fail) used to improve the product. No IP, no user-agent, no cookies, no third-party SDK. Disable any time in profile → field settings.
push notifications — only if you opt in. We store your browser's push subscription endpoint against your session ID so we can send the haunting-reminder. You can revoke via profile → haunting reminders or your browser's notification settings.
what we don't collect
- — your IP address (the analytics endpoint deliberately ignores it)
- — your device fingerprint
- — any cross-site tracking cookie
- — your contact list, photos, or files
- — your real name, unless you typed it into the operative name field
- — any payment details (handled by Lemon Squeezy — we never see your card)
where your data lives
Server data (session row, journal entries, email signup, unlocks, push subscription, analytics events) is stored in Turso (SQLite). Turso is based in the USA. Data in transit is encrypted (HTTPS); data at rest is encrypted by the provider. We do not back up journal entries to any other location.
our processors. We rely on a small set of service providers, each handling only what its function requires: Vercel (USA — hosts and serves the app), Turso (USA — the database), OpenAI and Replicate (USA — generate your AI portrait still and, where shown, the short reveal video, from your face photo), Anthropic and ElevenLabs (USA — narrator text and voice), Resend (USA — sends the weekly dispatch email if you signed up), Sentry (USA — error diagnostics; we strip personal fields before sending), and a map-tile provider (renders the map). Transfers to these US providers are made under the EU Standard Contractual Clauses (or the provider's equivalent safeguard). We never sell your data.
Client data (session ID, operative name, preferences, evidence photos, EVP recordings, narrator voice cache, haunting locations) lives only in your browser. Clearing site data deletes it.
ai narration
The narrator voice + encounter prose are generated by Anthropic Claude and ElevenLabs. The prompt we send contains:
- — the encounter context (entity, location type, time of day)
- — your operative name if set
- — a brief summary of your last 8 encounters for continuity
- — a region locale tag from your browser (e.g. “en-IE”)
- — your local hour (the integer 0-23, never minutes)
- — how many days you've been a player (an integer count)
- — your battery percent if your browser exposes it (Chrome / Edge / Android only)
- — hours since your last successful banishment, if recent
The last four fields above are sent so the narrator can reference the context of the moment (e.g. “the hour the dogs go quiet”) without ever quoting specific values. The narrator never sees your email, your exact GPS coordinates, your phone number, your contact list, or any other personally identifying field.
You can review the full set of fields the prompt receives (and verify the narrator has no hidden inputs) at the /diagnostics page, which surfaces the live audio engine + sensor + power-mode state of your device.
Separately, if you consent to the face capture, your face photo is sent to OpenAI to generate your personalised entity portrait (see “your face” above). It is used only to make that image — never for advertising, never shared with data brokers — and you can delete it any time from profile → field settings.
your rights
You can delete everything at any time from profile → field settings → “delete all data”. That removes your session row, journal, unlocks, push subscription, email signup, and analytics events — everything keyed to your session ID. The deletion is immediate and irreversible.
If you'd rather export first, that feature is on the roadmap. In the meantime, emailing the address below with your session ID gets you a CSV by hand.
your gdpr rights. If you are in the UK or EU you have the right to access, correct, export, restrict, or object to our use of your data, and to withdraw any consent at any time — most of which you can do yourself from profile → field settings, or by emailing the address below. You also have the right to lodge a complaint with your data-protection supervisory authority (in Ireland, the Data Protection Commission, dataprotection.ie).
legal basis. We process core gameplay data (session, journal, location while you play) to provide the game you asked for; analytics only with your consent; your email and push subscription with your consent; and your face photo only with your explicit consent (special-category biometric data), which you can withdraw at any time by deleting it.
retention. Inactive session data, journal entries, and anonymous heatmap points are pruned on a rolling retention schedule; invite links expire within days; your face photo and generated portraits are kept only until you delete them or your session is erased. Deletion is immediate.
minors
Follow is intended exclusively for adult players aged 18 and over. The game contains horror themes and uses persistent location, microphone, and camera sensors that are not appropriate for minors. We do not knowingly collect, store, or process data from anyone under 18. If you believe a minor has created a session, email the contact address below with the session ID and we will purge the associated records.
changes
If we change what we collect, we update this page and bump the “last updated” date above. Material changes (e.g. adding a new data type) will also be called out in a toast on the landing screen.
contact
Follow is operated by the DreadWorks team, who act as the data controller and can be reached at the address below.
Privacy questions, data access requests, deletion requests: privacy@dreadworks.io
Everything else (bugs, refunds, press, support): support@dreadworks.io