The Playground Lab
Sign inCreate account

Legal

Privacy Policy

Effective date: 2026-02-21

1. What this policy covers

This policy explains how The Playground (Lab) collects, uses, and stores data when you use the app, including account features, gameplay, and tools.

2. Data collected

  • Account data: email, username, display name, avatar URL (if provided by OAuth provider).
  • Auth/session data: secure session tokens and identity/session cookies needed for sign-in.
  • Gameplay data: game states, moves/guesses, outcomes, and leaderboard stats.
  • Operational data: server logs and diagnostic events used for reliability and abuse protection.
  • Analytics data (optional): aggregate usage analytics only when analytics consent is accepted.

3. Cookies and similar storage

The app uses two cookie categories:

  • Required cookies: needed for authentication, session continuity, guest-session handling, and security.
  • Optional analytics cookies: used by Vercel Analytics only after you choose "Allow analytics" in the consent dialog.

You can decline analytics and continue using core app features. Required cookies remain active because they are necessary for app functionality.

4. Why data is used

  • Authenticate users and maintain sessions.
  • Persist game progress, matchmaking context, and leaderboard ranking.
  • Protect services from abuse (security checks, rate limiting, fraud/spam prevention).
  • Understand aggregate app usage patterns (only with analytics consent).

5. Data sharing and processors

Infrastructure and providers used by this project include:

  • Vercel (frontend hosting and optional analytics)
  • Railway (backend hosting)
  • MongoDB Atlas (database hosting)
  • Cloudflare (DNS, proxy, and edge protections)
  • Google OAuth (only when you use Google sign-in)

Data is not sold.

6. Retention and deletion

Account and gameplay data are retained while the account is active and as needed for application functionality and security. You can request account/data deletion using the contact method below.

7. Security practices

The project uses password hashing, internal service authentication headers, role checks for privileged actions, and rate limiting controls. No system can be guaranteed perfectly secure, but protections are continuously improved.

8. Your choices

  • Choose whether to allow optional analytics in the consent prompt.
  • Use account features or play guest-eligible modes without account creation.
  • Request access, correction, or deletion inquiries via the contact below.

9. Contact

For privacy questions or data requests, contact the project owner viawww.xmoravec.com.

By creating an account or using authenticated gameplay, you acknowledge this policy.Create account · Sign in