Privacy Policy

The data controller responsible for processing personal data on this site is:

Stuart Donald BellRichard-Sorge-Str. 1110249 BerlinGermany

Email: [email protected]

a) Server logs. When you load any page, our hosting and content-delivery providers automatically record technical information so we can serve the page and protect against abuse. This includes your IP address, user agent, the URL you requested, the HTTP status of the response, and the timestamp. We use this only for technical operation, error analysis, and abuse prevention. Lawful basis: Article 6 (1) (f) GDPR (legitimate interests). Retention: typically up to 30 days at the provider level.

b) Account and sign-in. If you choose to sign in, we ask for your email address and send you a one-time sign-in link ("magic link"). We store your email together with the dates of account creation and last sign-in. Optionally, you may also provide a first name during sign-up so we can address you by name in the streak banner; this is voluntary and can be left blank. Lawful basis: Article 6 (1) (b) GDPR (performance of the user agreement). Retention: until you delete your account.

c) Game progress. If you are signed in, completed puzzles are saved with the date, mode, difficulty, time taken, and number of mistakes, so that statistics and streaks work across devices. Lawful basis: Article 6 (1) (b) GDPR. Retention: until you delete your account or delete the individual entries.

d) Local game state. While you play, the in-progress board, your last difficulty selection, and your colour-mode preference are kept in your browser's localStorage so the site remembers your settings between visits. This data never leaves your device and is not seen by us. You can clear it at any time through your browser's site-data controls.

e) Consent records. When you respond to our cookie banner, our consent-management provider stores a record of your choices (which categories you accepted or rejected, and when). This is required so that we can honour your choices and prove that consent was given. Lawful basis: Article 6 (1) (c) GDPR (legal obligation under § 25 TTDSG). Retention: 12 months, after which the banner is shown again.

f) Advertising. We display advertising on the site through Google AdSense, operated by Google Ireland Limited. When you load a page that shows ads, AdSense may set cookies in your browser — including __gads, __gpi, NID, and IDE — to measure ad performance and, where you have consented, to personalise the ads you see based on your visits to this and other sites. The cookie banner asks for your permission before any non-essential cookies are set. If you decline, you'll still see ads, but they will not be personalised based on your browsing history. Lawful basis: Article 6 (1) (a) GDPR (consent). You can withdraw consent at any time via the "Cookie settings" link in the footer, or manage Google's ad personalisation directly at https://adssettings.google.com. Google's full description of how it uses data for advertising is at https://policies.google.com/technologies/ads.

We do not currently run third-party analytics on the site. If we add any, this policy will be updated and — where consent is required — the cookie banner will ask before any such processing starts.

We use the following processors to operate the site. Each one has a contractual data-processing agreement with us under Article 28 GDPR.

Vercel, Supabase, and Cloudflare are organised in the United States. Where data is processed in the United States, transfers are protected either by certification under the EU–US Data Privacy Framework or by Standard Contractual Clauses adopted by the European Commission, together with the supplementary technical and organisational measures described in those agreements. You can request a copy of the relevant safeguards by contacting us at the address above.

We use cookies and localStorage entries in three categories: (i) strictly necessary entries to operate the site (the login session, your in-progress board, your colour-mode preference); (ii) the consent record stored by our cookie-management provider; and (iii) advertising cookies set by Google AdSense, described in section 2 (f) above. Categories (i) and (ii) are set without consent because they are technically required to provide the service or required by law; category (iii) is set only after you accept advertising cookies in the consent banner. You can manage your choices at any time using the "Cookie settings" link in the footer.

Under the GDPR, you have the right to:

• request access to the personal data we hold about you (Article 15)
• have inaccurate data corrected (Article 16)
• have your data erased (Article 17)
• have processing restricted in defined cases (Article 18)
• receive your data in a portable format (Article 20)
• object to processing based on our legitimate interests (Article 21)
• withdraw any consent you have given, with effect for the future (Article 7 (3))

You can delete your account and all associated data yourself at any time at /en/account/delete — sign in, type the confirmation word, and your account, puzzle history, and streaks are removed immediately.

For any other request — access, correction, restriction, portability, objection, or consent withdrawal — write to [email protected]. We will respond within one month.

You have the right to complain to a supervisory authority if you believe our processing of your data is unlawful. The competent authority for our establishment is:

Berliner Beauftragte für Datenschutz und InformationsfreiheitAlt-Moabit 59–6110555 Berlin[email protected]https://www.datenschutz-berlin.de

We may update this policy when our processing changes — for example, when we introduce advertising or analytics, or when we change a processor. The "last updated" date below reflects the most recent change. Substantive changes will be made visible on the site before they take effect.