Legal

Privacy Policy

Last updated: June 3, 2026

1. Data Controller

GameOn ("we", "us", "our") is the data controller for the personal data described in this policy. Contact us at hello@playgameon.app with any questions.

2. What Data We Collect

We collect and process the following categories of personal data:

  • Account data: email address and password (encrypted) when you create an account.
  • Game data: team names, scores, mission answers, and timestamps generated during a game.
  • Photos: images uploaded by players as answers to photo missions. These are stored temporarily and automatically deleted 30 days after the game ends.
  • Payment information: handled exclusively by Stripe. We never store card details.
  • Technical data: IP address, browser type, and usage patterns collected automatically when you use the service.

3. Legal Basis for Processing

We process your personal data on the following legal grounds:

  • Contract (GDPR art. 6.1 b): processing required to fulfil our agreement with you, such as providing the service.
  • Legitimate interest (GDPR art. 6.1 f): security, error tracking, and service improvement.
  • Consent (GDPR art. 6.1 a): for analytics and marketing, where you have given your consent.

4. How Long We Retain Data

We retain your data for as long as your account is active. Upon account deletion, personal data is erased within 30 days. Game data not linked to an account is automatically deleted after 90 days. Photos from photo missions are deleted after 30 days.

5. Third Parties and Sub-processors

We share data with the following sub-processors to operate the service:

  • Supabase Inc. (database and file storage) — USA, protected by standard contractual clauses.
  • Vercel Inc. (web hosting and CDN) — USA, protected by standard contractual clauses.
  • Stripe Inc. (payments) — USA, PCI-DSS certified.
  • Anthropic PBC (AI features — the in-app support chat and AI mission/game generation process the text you enter) — USA, protected by standard contractual clauses.
  • Resend (transactional email) — processes your email address to send account and subscription messages.

We never sell your personal data to third parties.

6. Your Rights

As a data subject you have the following rights under GDPR:

  • Access: request a copy of the data we process about you.
  • Rectification: request that incorrect data is corrected.
  • Erasure: request that your data is deleted ("right to be forgotten").
  • Data portability: request your data in a machine-readable format.
  • Objection: object to processing based on legitimate interest.

Account holders can exercise access, portability and erasure directly from the app: your profile menu has Export my data (a machine-readable JSON copy of your account) and Delete account (permanent erasure of your account and all associated data). For any other request, contact hello@playgameon.app. We will respond within 30 days. You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY).

7. Cookies

We use necessary cookies to keep you logged in and to ensure the service works correctly. If you accept analytics cookies, these are used to understand how the service is used (see section 8). You can clear cookies in your browser at any time.

8. Analytics

We use privacy-friendly analytics tools to measure traffic statistics. No personally identifiable data is sent to third parties for this purpose.

9. Security

All data is transmitted encrypted over HTTPS. Passwords are stored using bcrypt hashing. We conduct regular security reviews and follow industry standards for data protection.

10. Changes

We reserve the right to update this policy. For material changes, you will be notified by email or a prominent notice in the service. Continued use after the notified effective date constitutes acceptance of the updated policy.

11. Contact

Questions about this privacy policy can be sent to us at hello@playgameon.app.

Terms of Service →Data Processing Agreement →Back to home