Privacy Policy

1. Data We Collect

  • JWT session token provided after Google authentication.
  • No other personal data is collected or stored in localStorage.
  • Usage data via Google Analytics (e.g., load times, feature usage).
  • Technical metadata logged by Cloudflare (e.g., IP addresses, request paths, browser info).
  • Consent records via Usercentrics: timestamp, device/browser fingerprint, consent choices.

Important: We do not share any of this data with third parties.

2. Where We Store It

The JWT token is stored exclusively in the user’s browser localStorage. We do not use cookies for this.

Google Analytics data is stored and processed by Google, used internally only, under Google’s privacy policy.

Cloudflare logs are stored temporarily (e.g. ≤ 25 hours for DNS resolver logs, request metadata longer for security/performance).

Usercentrics stores consent logs for **12 months** in accordance with GDPR audit requirements.

3. Purpose of Processing

  • JWT token: session authentication.
  • Google Analytics: measure performance and feature engagement to improve the game.
  • Cloudflare: enhance security, mitigate abuse, optimize delivery and uptime.
  • Usercentrics: record and manage consent for legal compliance (GDPR).

4. Retention Period

JWT token: expires in 30 days of inactivity or upon logout.
Google Analytics: as per Google's settings;
Cloudflare logs: temporary, per their policy
Usercentrics consent logs: retained for 12 months.

5. User Rights

  • Delete the JWT token via browser or by logging out.
  • Withdraw or update cookie consents via the cookie banner (managed by Usercentrics).
  • Request access, correction or deletion of consent data logged by Usercentrics.
  • For Cloudflare logs, users may contact Cloudflare at [email protected] under GDPR rights requests
  • Use Google’s privacy tools to access or manage Analytics data.

6. Cookie & Consent Management

We use Usercentrics as our Consent Management Platform. It:

  • Automatically blocks scripts (e.g. Google Analytics) if no consent is given
  • Records who consented, what they consented to, when, and via which device/browser
  • Keeps consent logs securely for 12 months to enable auditability