Privacy Policy
Last updated: January 2025
1. Information We Collect
When you create an account, we collect:
- Account information: Username, email address, and password (securely hashed)
- Profile information: Optional bio and avatar URL
- Game data: Your progress, scores, completion times, and streaks
When you play games, we collect:
- Gameplay analytics: Time spent on each puzzle step, number of attempts, and mistakes made
- Session data: Browser session information to save your game progress
When you submit a bug report, we collect:
- Your description of the issue
- The page URL where the bug occurred
- Your browser's user agent string
2. How We Use Your Information
We use your information to:
- Provide and improve our games
- Save your game progress across sessions
- Display your statistics and achievements
- Analyze gameplay patterns to improve puzzle difficulty
- Respond to bug reports and support requests
3. Third-Party Services
We share limited data with the following services:
Google OAuth (Optional)
If you choose to sign in with Google, we receive your name, email, and profile picture from Google. We store only your email address to link your account.
Resend (Email Service)
We use Resend to send transactional emails (password reset, email verification). Your email address and email content are transmitted to Resend for delivery.
Railway (Hosting)
Our application is hosted on Railway. All data is stored on their servers in accordance with their privacy policy.
4. Cookies
We use essential cookies for:
- Session management: To keep you logged in
- CSRF protection: To secure form submissions
We do not use third-party tracking cookies or advertising cookies.
5. Your Rights (GDPR)
You have the right to:
- Access your data: Download all your data as a JSON file
- Delete your data: Permanently delete your account and all associated data
- Correct your data: Update your profile information in your account settings
- Data portability: Export your data in a machine-readable format (JSON)
6. Data Retention
- Account data: Retained until you delete your account
- Gameplay analytics: Retained for 2 years, then anonymized
- Bug reports: Retained indefinitely (anonymized if you delete your account)
7. Data Security
We protect your data using:
- HTTPS encryption for all data transmission
- Secure password hashing (PBKDF2)
- CSRF protection on all forms
- HTTP security headers (HSTS, X-Frame-Options, etc.)
8. Contact
For privacy-related questions or to exercise your rights, please contact us using the bug report feature or through the contact information on our website.