Privacy Policy

Last updated: [Date]

1. Data Controller

The data controller for personal data collected on Kluzio website is: [Name/Company], located at [Address]. Contact: [email@contact.com].

2. Data Collected

We collect the following data as part of your use of the service:

  • Email address — required for account creation and authentication.
  • Display name — freely chosen, used for leaderboards and in-game display.
  • Game data — game sessions, puzzle progress, badges, streaks, scores. This data is necessary for the service to function.
  • Payment data — processed directly by Stripe. We do not store your card number or banking details. We only retain a Stripe customer reference and invoice history.
  • Technical data — IP address and connection data, automatically collected by our hosting providers (Vercel, Supabase) for service security.

3. Purpose of Processing

  • Creation and management of your user account.
  • Delivery of the game service: progress saving, leaderboards, badges, streaks.
  • Management of subscriptions and payments via Stripe.
  • User support and responding to your requests.
  • Service security and abuse prevention.

4. Legal Basis for Processing

  • Contract performance (Article 6.1.b GDPR) — processing your data is necessary to provide the service you subscribed to (account, game, subscription).
  • Legitimate interest (Article 6.1.f GDPR) — service security, fraud prevention, service improvement.
  • Legal obligation (Article 6.1.c GDPR) — retention of invoices and transaction data for 6 years in compliance with French commercial law.

5. Third-Party Processors

Your data is shared with the following providers, strictly for the purpose of delivering the service:

  • Supabase Inc. (United States) — database hosting and authentication service. Receives: email, display name, game data.
  • Stripe Inc. (United States) — payment processing. Receives: email, payment data. Stripe is PCI-DSS certified.
  • Google LLC (United States) — OAuth authentication (sign in with Google). Receives: authentication data (identifier, email) only if you choose this sign-in method.

6. Cookies

The site uses only strictly necessary cookies for the authentication service (Supabase session cookies). These cookies are essential for login and do not require consent under Article 82 of the French Data Protection Act. No tracking, analytics, or advertising cookies are used.

7. Data Retention

  • Account data (email, name) — retained until you delete your account.
  • Game data (progress, badges, streaks) — retained until you delete your account.
  • Invoices and transaction data — retained for 6 years from the transaction date, in compliance with legal accounting obligations.
  • Technical logs — retained for a maximum of 12 months.

8. Your Rights

Under the GDPR and French Data Protection Act, you have the following rights:

  • Right of access — obtain a copy of your personal data.
  • Right to rectification — correct inaccurate or incomplete data.
  • Right to erasure — request deletion of your data (subject to legal retention obligations).
  • Right to data portability — receive your data in a structured, machine-readable format.
  • Right to object — object to processing based on legitimate interest.
  • Right to restriction — request restriction of processing in certain cases.

To exercise these rights, contact us at: [email@contact.com]. You can also delete your account directly from your profile settings. We respond to all requests within 30 days.

You also have the right to lodge a complaint with the CNIL (French Data Protection Authority): www.cnil.fr.

9. International Transfers

Some of our processors (Supabase, Stripe, Google) are located in the United States. These transfers are governed by the European Commission's Standard Contractual Clauses (SCCs) and/or the EU-U.S. Data Privacy Framework, ensuring an adequate level of protection for your personal data.

10. Contact

For any questions regarding the protection of your personal data, you can contact us at: [email@contact.com].

11. Changes

We reserve the right to modify this privacy policy. In the event of a substantial change, we will notify you by email or by a notice on the site. The date of the last update is indicated at the top of this page.