No accounts, no tracking, fast deletion.

Last updated 2026-04-30

What we don't do

• No accounts.No email address, no password, no identity, no OAuth-via-social to sign up. You join a game with a 6-character code and a display name; that's it.
• No advertising. No ad tech, no remarketing pixels, no third-party trackers, no fingerprinting. Tessera does not sell or share data with anyone.
• No analytics for profiling. We do not build behavioural profiles of you across games, sessions, or visits. Tessera has no data warehouse, no event tracker, no segmentation tool.
• No long-term storage.Game data is auto-deleted within 24 hours of the last activity in that game and hard-deleted within 7 days. After that, it's gone from our database.
• No data shared with third parties for marketing, training, or any commercial purpose. The only third parties involved are the infrastructure providers we use to run the service (below) — and only for the operational purpose of running the service.

What we do collect (and why)

To make a real-time browser game work without accounts, we have to keep a small amount of state on the server while a game is in flight:

• The display name you typewhen you join a game. This is the only personally identifiable input we accept, and it's whatever you choose to type — “Sam”, “Player 4”, an emoji, a pseudonym. Used to show your partner who they're working with. Deleted with the game.
• Game state— the workshop name set by the facilitator, the game code, your role, where you placed pieces on the canvas, the briefs assigned to your pair, the score, and the round timer. Everything you'd expect a multiplayer puzzle game to keep so the screen reflects what just happened. All of it deleted with the game.
• A session cookie (named ts_<game-code>) to recognise that you're the same browser between requests inside one game. HttpOnly + SameSite=Lax + Secure. Expires in 4 hours. Not used for tracking across games or sites.
• A one-shot recovery token(yours and the facilitator's, shown once at join/host time) so you can reclaim your seat if your tab dies. Only the bcrypt hash is stored on the server; the plain token only ever exists in your browser.

That's the entire list. We do not collect IP addresses, geolocation, device fingerprints, contact lists, or any kind of biometric data.

Retention

Tessera is built to forget. A game row is marked for deletion 24 hours after its last interaction; the row is permanently removed by a daily cleanup job within 7 days. There is no archive, no cold-storage backup we restore from, no “just in case” copy. After deletion, we can't recover your data — and neither can anyone else.

Third-party services

Tessera runs on a small handful of vendor-hosted services. Each one receives only the data it strictly needs to do its job:

• Vercelhosts the application and may receive request metadata (URL, user-agent) for the duration of each HTTP request. Server logs are retained per Vercel's policy. Vercel Analytics is loaded for aggregate page-view counts; it is designed to be cookie-less and not to identify individual visitors. See Vercel's privacy policy.
• Supabase is the database + realtime broadcast backend. It receives game state for as long as the game exists. See Supabase's privacy policy.
• OpenAI and Google (Gemini)may receive a brief generation prompt — and only that — when the facilitator picks “AI-generated” as a brief source. The prompt does not include player names or any identifying information. See OpenAI's privacy policy and Google's privacy policy.
• Google Calendar & Meet are involved only when a facilitator opts in to per-pair breakout rooms and signs in with Google. In that case, Tessera uses the Calendar API to create a short, private, past-dated calendar event per pair (so a Google Meet link can be auto-attached) and deletes those events automatically when the game ends. We store the OAuth access / refresh tokens encrypted at rest, only for the lifetime of that game, and revoke the OAuth grant on game-end. Tessera asks for the minimum scope required (calendar.events), never reads existing events, and never writes to any other Google surface.

Cookies

Tessera sets two kinds of cookies, both first-party, both functional (i.e. required to make the game work — you cannot meaningfully use the service without them):

• ts_<game-code>— a session JWT that proves you're the same browser between requests inside one game. Expires in 4 hours.
• tessera_recovery_<code>— a backup of your one-shot recovery URL stored in the browser's localStorage (technically not a cookie, but worth disclosing) so you can recover your seat if your session cookie gets clobbered.

Tessera does not set advertising or tracking cookies. There is no consent banner because there is nothing on this site that would require one under GDPR / ePrivacy — only strictly necessary functional storage.

Children

Tessera is intended for adult facilitation workshops and is not directed at children under 13. We do not knowingly collect data from children. If you become aware that a child has used Tessera, contact the maintainer (below) and we'll delete the relevant game row.

Your rights

Because Tessera doesn't collect anything that identifies you beyond a chosen display name, and deletes everything within a week, most data-subject rights resolve themselves automatically. If you want a game deleted sooner, the facilitator can end it from the dashboard, which marks the game for immediate cleanup. If you have any other request, open an issue on the GitHub repository and we'll respond.

Changes to this policy

Tessera is open source. The page you're reading is the live version of the policy. Any change is visible in the file's git history. Material changes (new third-party services, broader collection) will land via a public commit; cosmetic edits (typos, link fixes) will not.