WORDCLASH

Privacy Policy

Last updated: June 6, 2025

Wordclash (“we,” “us,” or “the game”), accessible at wordclash.fun, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your information when you play our web-based word game, suitable for all ages as a guest. We comply with global privacy laws, including GDPR (EU), CCPA (California), PIPEDA (Canada), LGPD (Brazil), and APPI (Japan).

1. Information We Collect

We collect minimal information to provide Wordclash:

  • Guest Players: A unique guest ID (random UUID) and your chosen player name (1–8 characters) are stored in your browser’s session for gameplay. This data is deleted after your session ends (1 hour).
  • Authenticated Players (X Sign-In): If you sign in with X (13+ per X’s terms), we collect your X account ID, X username, X display name, X profile description (if provided), a unique user ID, and your chosen player name to link your game progress.
  • Authenticated Players (Passkey Sign-In): If you sign in with a passkey, we collect a unique user ID, your chosen player name, and passkey credentials (credential ID, public key) for secure authentication. Passkeys may require device ownership, typically limiting use to older players.
  • Gameplay Data: For signed-in players, we collect: score, words guessed, total guesses, accuracy (calculated as guesses versus correct guesses), games played, games won, correct letter guesses, and bank percentages (progress in word banks, e.g., Countries). Guest gameplay data is not saved.
  • Feed Events: For signed-in players, we log events (e.g., wins, bank milestones) with your player name, event message, game ID, timestamp, and bank percentage (if applicable). These are publicly visible in game feeds (e.g., “{name} won Game {game_id}”).
  • Session and Cookies: Session cookies manage game state (e.g., user ID, player name, authentication status, X connection count). Cookies use HttpOnly and Secure flags in production and expire after 1 hour or sign-out.
  • Technical Data: Our hosting provider (Render) may collect server logs (e.g., IP addresses, browser type, device info, access times) for operations.

No email addresses, physical addresses, or payment information are collected.

2. How We Use Your Information

We use your information to:

  • Enable gameplay, track progress, and manage sessions.
  • Authenticate via X or passkeys for personalized play.
  • Show your player name and stats in profiles, leaderboards, and public feeds.
  • Analyze anonymized gameplay trends to improve Wordclash (e.g., word bank usage).
  • Maintain security and server performance.

3. Legal Basis for Processing (GDPR)

Under GDPR, we process data based on:

  • Consent: By signing in with X or passkeys, you consent to data collection for gameplay and stats. Withdraw consent by requesting deletion.
  • Contract: Data is needed to provide Wordclash (e.g., cookies for gameplay).
  • Legitimate Interests: Technical data supports security and performance, balanced with your rights.

4. How We Store Your Information

Guest data is temporary (browser session, 1 hour). Signed-in player data is stored in our SQLite database on Render until you request deletion. Passkey credentials are encrypted locally. Feed events are retained for leaderboards unless deleted upon request.

5. Sharing Your Information

We do not sell or share personal information, except:

  • X Sign-In: X account ID, username, name, and description are shared with X’s OAuth API, per their Privacy Policy.
  • Public Feeds: Player names appear in public feed events (e.g., “{name} won Game {game_id}”).
  • Hosting Provider: Render processes server logs, per their Privacy Policy.
  • Legal Requirements: We may disclose data if required by law.

6. Your Privacy Rights

Under GDPR, CCPA, PIPEDA, LGPD, APPI, you may:

  • Access: View stats in your profile.
  • Rectify: Update your player name in settings.
  • Delete: Request account and data deletion.
  • Portability: Request a data copy in a structured format.
  • Opt-Out: No data is sold (CCPA opt-out inapplicable). Disabling cookies prevents gameplay.

Email to exercise rights. We respond within 30 days.

7. Children’s Privacy

Wordclash is suitable for all ages as a guest, with no mature content. X sign-in requires users to be 13+ per X’s terms, and passkeys may limit access for very young players due to device requirements. We do not knowingly collect personal data from children under 13 without parental consent, per COPPA (US) and GDPR-K (EU). Guest data (guest ID, player name) is minimal and temporary. Contact if you believe a child under 13 has provided data.

8. Security

We use HTTPS, secure cookies, sanitized inputs, and encrypted passkeys to protect data. Our database is hosted on Render. No service is 100% secure, so use strong credentials and report issues to .

9. Cookies

Essential session cookies manage gameplay and authentication. They cannot be disabled without preventing play and expire after 1 hour or sign-out. No tracking or advertising cookies are used.

10. International Data Transfers

Wordclash is hosted on Render (US). Data from users outside the US (e.g., EU, Canada) may be transferred to the US. We comply with GDPR and other laws via Render’s data protection measures. Contact us for safeguard details.

11. Changes to This Policy

We may update this policy for legal or operational changes. Updates will be posted here with a new “Last updated” date. Continued use constitutes acceptance.

12. Contact Us

For privacy questions or data requests, email . We respond within 30 days.

Home