Privacy Policy

Introduction

We take the protection of your personal data very seriously. This privacy policy informs you about how we collect, process, and use your personal data when you use our website Obscari.

Data Controller

The responsible party (data controller) for data processing on this website is:

Data We Collect

When you use our website, we may collect the following types of data:

Technical Data

• Your IP address (may be logged by our hosting and analytics providers for security and diagnostics)
• Browser type and version
• Operating system and device type
• Date and time of access

Account Data (if you log in)

• Email address
• Username
• Profile image (avatar URL)

Authentication Services

We use Auth.js with the following authentication providers:

We do not transmit your personal data to these providers; you enter your credentials directly with them during the OAuth flow.

We receive and store your email address, name, and profile picture from these providers to create and manage your account.

For more information about how these services process your data, please refer to their privacy policies:

• Google (Privacy Policy)
• Discord (Privacy Policy)

Player Data (with consent)

Player names entered during games are stored only if the player-statistics feature is enabled by a registered user. When the feature is disabled, stored player names will be deleted; anonymised game statistics remain.

Feedback Data

If you submit feedback, we collect the message text plus contextual information (page URL, device/browser, screen size, app version) and—if you are logged in—your user ID.

Analytics Data

We use PostHog analytics (autocapture, session replay) to understand how our services are used and improve the user experience. Collected events may include clicks, page views, scrolls, element interactions, device information, IP-derived location (city/region), and—if you are logged in—an internal user ID. For more details see PostHog’s privacy policy.

Purpose of Data Processing

• To provide and maintain the functionality of our website and games.
• To manage your user account if you choose to create one.
• To improve our website, services, and user experience.
• To analyze website usage and gather insights for further development.
• To process your feedback.

Our Service Providers

We rely on trusted third-party services to provide and improve Obscari. These services have their own privacy policies, which we encourage you to review:

Data Storage and Retention

Your personal data is stored on servers provided by Supabase, located within the European Union (EU). Data is retained only for as long as necessary to fulfil the purposes described in this policy or to comply with legal obligations. Back-ups are purged after 30 days.

Legal Basis for Processing

We rely on the following GDPR legal bases: (a) Contract performance (Art. 6 (1)(b)) - operating the game and website for both registered and anonymous users; (b) Legitimate interest (Art. 6 (1)(f)) - ensuring security, preventing abuse, keeping minimal server logs, and carrying out basic product analytics; (c) Consent (Art. 6 (1)(a)) - analytics cookies (PostHog), optional player-statistics feature, and any marketing emails you opt into; (d) Legal obligation (Art. 6 (1)(c)) - records needed for accounting or to comply with lawful requests.

How We Protect Your Data

All traffic is encrypted in transit via TLS. Database access is restricted to authorised personnel.

International Data Transfers

Some providers (Google, Discord, PostHog, Cloudflare) may process data outside the EU/EEA. In these cases data is transferred directly between you and the provider; we do not actively transmit personal data to them. The providers rely on Standard Contractual Clauses or adequacy decisions to ensure an appropriate level of data protection.

Children’s Privacy

Obscari is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

Your Rights

You have the following rights regarding your personal data:

• Right to access your data.
• Right to correct inaccurate data.
• Right to delete your data ('right to be forgotten').
• Right to restrict the processing of your data.
• Right to object to the processing of your data.
• Right to data portability.
• Right to withdraw consent at any time (if processing is based on consent).
• Right to lodge a complaint with a supervisory authority.

To exercise these rights, please contact us using the details provided above.

Cookies

We use first-party cookies and local storage for: (1) essential language, game and authentication session functions, (2) remembering your cookie preferences, (3) analytics with PostHog—its cookie/localStorage key is set only after you accept analytics cookies. You can change or withdraw your consent for analytics cookies at any time via Cookie Settings (you find the link in the footer on the landing page) or in your browser.

Changes to This Privacy Policy

We may update this privacy policy from time to time. We will notify you of any significant changes by posting the new policy on this page and updating the 'last updated' date.

Contact Us

If you have any questions about this privacy policy, please contact us using the information provided in the 'Data Controller' section.