Privacy Policy

Privacy Policy

We respect your privacy and are committed to protecting your personal data.

This policy explains how we collect, use, and protect your information.

Data Collection and Processing

We collect and process the following personal data:

  • Account Information: Name, email address, profile image
  • Authentication Data: Password (hashed), session tokens
  • Social Authentication: GitHub account information (if using OAuth)
  • Friends Feature: Friend codes, friend requests, friendships, blocked users
  • Usage Data: Rate limiting records, session activity

Legal Basis for Processing

We process your personal data based on the following legal bases:

  • Contract Performance: To provide the services you request (account creation, friends feature)
  • Consent: For email verification and optional features
  • Legitimate Interests: For security (rate limiting, fraud prevention), service improvement, and analytics

Data Retention

We retain your personal data as follows:

  • Account Data: Until account deletion or as required by law
  • Sessions: Until expiration or logout
  • Friend Requests: Until accepted, declined, cancelled, or expired (7 days)
  • Rate Limit Records: Up to 24 hours (automatically cleaned up)

Your Rights (GDPR)

Under GDPR, you have the following rights:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate personal data
  • Right to Erasure: Request deletion of your personal data ("Right to be Forgotten")
  • Right to Restrict Processing: Request restriction of processing
  • Right to Data Portability: Receive your data in a structured format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, please contact us at [contact email].

Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Password hashing (secure algorithms)
  • HTTPS encryption for data transmission
  • Secure session management (HTTP-only cookies)
  • Rate limiting and security controls
  • Regular security updates

Data Sharing

We do not sell your personal data. We may share data with:

  • Service Providers: Hosting providers, email services (only as necessary for service operation)
  • Legal Requirements: When required by law or legal process

Cookies

We use the following cookies:

  • Authentication: Session token (HTTP-only, secure)
  • Preferences: Welcome dialog last seen timestamp

You can manage cookies through your browser settings.

Updates to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes.

Contact

For questions about this privacy policy or your personal data, please contact us at [contact email].

Last updated: 2/27/2026