Privacy Policy

Last updated: 2026-03-26

Controller

Name: Kevin Labécot
Privacy contact: see www.labecot.fr
Postal address: 27 rue du 19 mars 1962, 33760 Bellebat, France

Data processing

• Browser local storage (`localStorage`) is used for game operation: options, local stats, unique-game history, daily challenges, and portrait cache.
• Local profile/cloud storage includes display name, country, local installation identifier, and API access token.
• Backend data (hosted on Bunny Database / libSQL): player identifier, installation hash (raw installation ID is not stored), display name, country, avatar (if provided), and technical timestamps.
• Audience analytics events are processed through Umami (for example: game completion, score, language, host).
• Technical server logs are processed for security and abuse prevention (for example: rate limiting), with authentication secrets redacted in application logs.

Purposes

• Provide the game and its features (sessions, rendering, preferences, challenges).
• Synchronize player profile data when cloud profile is enabled.
• Reduce external API requests and improve performance.
• Secure the API (authentication, abuse prevention, minimal technical logging).
• Measure global service usage.

Legal basis

Performance of a service requested by the user (GDPR Article 6(1)(b)) for game and profile sync features, and legitimate interest (GDPR Article 6(1)(f)) for technical security, abuse prevention, and audience measurement.

Recipients / processors

Host provider: MVPS LTD. (Cyprus)
Backend database: Bunny Database (Bunny.net, libSQL service)
External third-party services called by the browser: Wikipedia API, Wikimedia Commons API, Bunny Fonts (fonts.bunny.net) for web font delivery, and Umami (umami.kelab.io) for audience analytics.

International transfers

Some third-party services may involve processing outside the European Union depending on your location and provider infrastructure (including Wikimedia/Wikipedia, Bunny Fonts, and Umami). Backend data is stored on Bunny Database; the effective storage location depends on your instance configuration and regions.

Retention

• Browser local storage: kept until manually deleted by the user or cleared from in-game options.
• Cloud profile backend data: kept while the service is operated or until a valid erasure request is processed.
• Technical logs: retained only for the period required for operations, security, and diagnostics.

Data subject rights

You may request access, rectification, erasure, restriction, or objection through www.labecot.fr. You may also lodge a complaint with your data protection authority.

Security measures

Measures include secure hosting, regular updates, data minimization, token-based API authentication, strict input validation, rate limiting, and redaction of authentication secrets in application logs.