Back

Privacy Policy

Last updated: February 2026

1. Data We Collect

Registered accounts: Email address, display name, and hashed password. We never store your password in plain text.

Anonymous players: A temporary session ID stored in Redis with a 24-hour expiration. No personal information is collected.

Game data: Match results (scores, win/loss), timestamps, and display names for match history.

2. How We Use Your Data

  • Authentication and session management
  • Displaying your profile and match statistics
  • Game functionality (matchmaking, scorekeeping)

We do not sell, share, or use your data for advertising or analytics purposes.

3. Data Storage & Security

Data is stored in a PostgreSQL database. Passwords are hashed with bcrypt (cost factor 12). Sessions use encrypted JWT tokens with httpOnly cookies. All connections use TLS in production.

4. Your Rights (GDPR)

  • Right to access: View your data on your profile page
  • Right to deletion: Delete your account from your profile page. Match history will be anonymized.
  • Right to portability: Your profile and match data is available via the profile API.

5. Cookies

We use essential cookies only: a session cookie for authentication and an optional anonymous session cookie. No tracking or third-party cookies are used.

6. Data Retention

Account data is stored until you delete your account. Anonymous sessions expire after 24 hours. Match history is retained indefinitely but anonymized upon account deletion.

7. Contact

For privacy-related requests, please open an issue on our GitHub repository.