PRIVACY POLICY

1 · TL;DR — privacy in one paragraph

We collect only what is needed to make RetroPlayland work: your email (to log you in), play sessions (to enforce daily limits and power leaderboards), and an anonymous browser fingerprint (to prevent anonymous users from circumventing limits). We never sell data. Analytics are self-hosted (Plausible Analytics — no cookies, no fingerprinting). You can delete your account and all associated data at any time from your dashboard settings. We are GDPR-compliant by design.

2 · What personal data we collect

2.1 — Account data (only if you sign up)

• Email address — for login, password recovery, and essential notifications.
• Username — your public handle, visible to other users.
• Password hash — Argon2id with random salt; we never see your plain password.
• Profile data — avatar (optional), bio (optional), country (optional).
• Preferences — chosen theme, language, scanline setting (stored in localStorage and synced to your account if logged in).

2.2 — Gameplay data

• Play sessions — game ID, start time, end time, duration, score (if applicable). Used for leaderboards and enforcing daily play limits.
• Save states — uploaded to our storage when you click "Save". Encrypted at rest.
• Achievements & ratings — what you've unlocked, what you've rated.
• Forum posts & comments — content you publish publicly.

2.3 — Anonymous browser fingerprint

For users without an account, we generate a SHA-256 hash from a combination of: canvas rendering, WebGL renderer, available fonts, screen resolution, timezone, and audio context. This does not identify you personally but allows us to:

• Apply daily play limits across browser sessions (so users can't reset by clearing cookies).
• Detect abuse (botting, scraping, multi-account creation).
• Sync your guest progress if you create an account later.

The fingerprint hash is stored separately from any personal data and is automatically deleted after 12 months of inactivity.

2.4 — Technical data (automatically logged)

• IP address (truncated to /24 for IPv4, /48 for IPv6 — sufficient for security, anonymous enough for privacy).
• User agent string (browser + OS, for emulator compatibility).
• Referrer URL (which site brought you to us).
• Request timestamps (for rate limiting and abuse prevention).

3 · Lawful basis for processing (GDPR Art. 6)

• Contract performance (Art. 6(1)(b)) — account data needed to provide our service.
• Legitimate interests (Art. 6(1)(f)) — fraud prevention, security, abuse detection (fingerprinting, IP logging).
• Consent (Art. 6(1)(a)) — optional features (newsletter subscription, analytics, cookie preferences).
• Legal obligation (Art. 6(1)(c)) — tax records for paid passes, DMCA logs.

4 · Who we share data with

We share personal data only with these categories of recipients, all bound by data processing agreements (DPAs):

• Cloudflare Inc. (USA) — DDoS protection, CDN, Turnstile CAPTCHA. Adequacy: EU-US Data Privacy Framework certified.
• Stripe Inc. (Ireland for EU customers) — payment processing. Only payment metadata (no card numbers reach our servers).
• Postmark / SendGrid — transactional email delivery (login, receipts).
• Plausible Analytics (Germany) — self-hosted analytics, no cookies, no tracking.
• Polish tax authorities — required by law for invoice records.

We do not sell, rent, or share personal data with advertisers, brokers, or third parties for marketing purposes. Ever.

5 · Your rights (GDPR)

You have the right to:

• Access — request a copy of all personal data we hold about you (CSV or JSON export from dashboard).
• Rectification — correct inaccurate data.
• Erasure ("right to be forgotten") — delete your account and all associated data. Click Dashboard → Settings → Delete account. Full erasure within 30 days.
• Restriction — pause processing while we resolve a dispute.
• Portability — receive your data in machine-readable format.
• Objection — refuse processing based on legitimate interests.
• Withdraw consent — at any time for features that required it.
• Complain — file a complaint with your local data protection authority. In Poland: UODO (uodo.gov.pl).

To exercise any of these rights, email privacy@retroplayland.com. We respond within 30 days as required by GDPR Art. 12(3).

6 · Cookies & localStorage

We use a small number of strictly necessary cookies and localStorage items. See our Cookie Policy for the full list.

7 · How long we keep data

• Account data — for as long as your account exists.
• Play sessions — 24 months, then aggregated into anonymous statistics.
• Save states — until you delete them or close your account.
• Forum posts & comments — indefinitely (you can delete individual posts; we anonymize on account deletion).
• Payment records — 5 years (Polish tax law).
• Anonymous fingerprints — 12 months from last activity.
• Server logs — 90 days.

8 · Security measures

• All traffic encrypted with TLS 1.3 (HTTPS only, HSTS enabled).
• Passwords hashed with Argon2id (memory-hard, RFC 9106).
• Save states encrypted at rest with AES-256-GCM.
• Two-factor authentication available (TOTP).
• Cloudflare WAF + rate limiting against common attacks.
• Quarterly penetration tests by independent third party.
• Incident response: breach notification to affected users within 72 hours per GDPR Art. 33.

9 · Children's data

RetroPlayland is suitable for all ages but our service is not directed at children under 13 (or 16 where local law applies, e.g. Germany). We do not knowingly collect personal data from children below these ages. If you believe a child has signed up, contact us at privacy@retroplayland.com and we will delete the account immediately.

10 · Changes to this policy

We may update this policy occasionally. Material changes will be announced via email (to all account holders) and on the homepage at least 30 days before they take effect. Continued use of the service constitutes acceptance.

11 · Data protection contact

RetroPlayland Data Protection
Email: privacy@retroplayland.com
Postal address: ul. Marszałkowska 1, 00-001 Warszawa, Poland
Polish supervisory authority: UODO — Urząd Ochrony Danych Osobowych
Response SLA: 30 days (GDPR Art. 12(3))