Privacy Policy — Griddles

1. Who We Are

Griddles is a word puzzle game operated from the United Kingdom. For the purposes of data protection law, we are the data controller. You can contact us at hello@griddles.io.

2. What Data We Collect

Data you provide

Data	When	Purpose
Username & password	When you register an account	Account authentication and cross-device access
Email address	When you contact us or subscribe	Responding to enquiries; payment processing
Payment information	When you subscribe to Premium	Processed by Stripe — we never see or store your card details
Contact messages	When you use the contact form	Responding to feedback, bug reports, and support requests

Data collected automatically

Data	Purpose
Auto-generated username	Identifying your game progress (stored in your browser)
Game data (scores, times, hints, streaks)	Leaderboards, achievements, and personal records
Avatar selection and preferences	Personalising your experience

Data collected by third parties

Service	Data	Purpose
Google AdSense	Cookies, device info, browsing data	Serving relevant advertisements to free users
Stripe	Payment and billing information	Processing premium subscriptions
Cloudflare	IP address, request data	Security, performance, and DDoS protection

3. Legal Basis for Processing (UK GDPR)

Contract: Processing your account and subscription data to provide the Service
Legitimate interest: Game data for leaderboards, analytics, and improving the Service
Consent: Advertising cookies (you can manage consent via the cookie banner)

4. How We Use Your Data

To provide and maintain the game, including leaderboards and progress tracking
To process premium subscriptions and manage billing
To respond to your enquiries and support requests
To display advertisements to free users (via Google AdSense)
To improve the Service based on usage patterns

    We do not sell your personal data. We do not use your data for profiling beyond what is necessary for ad delivery by Google AdSense.
  

5. Data Storage & Security

Your data is stored on secure servers. Game data and account information are stored in a MySQL database. Client-side data (preferences, puzzle state) is stored in your browser's localStorage and sessionStorage.

Passwords are hashed using bcrypt and are never stored in plain text.

Payment data is handled entirely by Stripe and never touches our servers.

6. Data Retention

Game data (scores, leaderboards): retained indefinitely to maintain leaderboard history
Account data: retained until you request deletion
Contact messages: retained for up to 2 years, then deleted
Subscription data: retained for as long as required for billing and legal purposes

7. Your Rights

Under UK GDPR, you have the right to:

Access the personal data we hold about you
Rectify inaccurate data
Erase your data ("right to be forgotten")
Restrict processing in certain circumstances
Object to processing based on legitimate interest
Data portability — receive your data in a structured format
Withdraw consent for cookie-based advertising at any time

To exercise any of these rights, contact us at hello@griddles.io. We will respond within 30 days.

8. Children's Privacy

Griddles is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it.

9. International Transfers

Some of our third-party providers (Google, Stripe, Cloudflare) may process data outside the UK. These providers maintain appropriate safeguards including Standard Contractual Clauses and adequacy decisions.

10. Changes to This Policy

We may update this policy from time to time. The date at the top of this page indicates the most recent revision.

11. Contact & Complaints

For any privacy-related questions, contact us at hello@griddles.io.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data rights have been violated.