Privacy Policy
Last updated: April 2026
1. Overview
Hansa Teutonica Online ("the Service") can be played without an account. If you choose to sign in with Google in order to play online, we collect and store limited personal information as described below. This policy explains what data is collected, why, and how it is handled.
2. Data We Collect
Anonymous session identifier: A randomly generated ID is created for your browser session and stored in local storage. This is used to associate you with your games when you are not signed in. It contains no personal information.
When you sign in with Google, we additionally collect and store:
- Display name — your first name and last initial as provided by Google (e.g. "Leo B."), which you can edit at any time.
- Email address — stored for future use in optional turn notifications. We do not currently send emails.
- Google account identifier — an opaque unique ID from Google used to recognise your account on future sign-ins.
Game state: The state of any games you participate in is stored on our server, including your player name and in-game actions.
3. How We Use Your Data
Session identifier and game state: used exclusively to run the game service — to let you resume games and play with others.
Display name: shown to other players in shared games.
Email address: stored for future use in optional turn notifications (e.g. "it's your turn"). You will be able to opt out when this feature is introduced. We will never share your email with third parties or use it for marketing.
Google account identifier: used solely to authenticate you when you return to the Service.
We do not use any data for advertising or profiling.
4. Third-Party Services
The Service uses the following third-party providers, each with their own privacy policies:
- Google Sign-In — used for authentication (policies.google.com/privacy)
- Supabase — hosts the database storing game and account data (supabase.com/privacy)
- Cloudflare Pages — serves the client application (cloudflare.com/privacypolicy)
- Render — hosts the game server (render.com/privacy)
These providers may collect standard server log data (IP addresses, request timestamps) as part of normal infrastructure operation.
5. Cookies & Local Storage
We do not set cookies. We use browser local storage to store:
- A randomly generated anonymous session identifier
- A signed authentication token (JWT) when you are signed in
You can clear local storage at any time through your browser settings, which will sign you out and end your anonymous session.
6. Data Retention
Anonymous session data and game states are retained on our servers to allow you to resume games. Sessions inactive for an extended period may be deleted.
Account data (name, email, Google identifier) is retained until you delete your account. You can delete your account at any time from the profile menu in the top navigation bar.
7. Your Rights (GDPR)
If you are located in the European Economic Area, you have the following rights regarding your personal data:
- Right of access — you can request a copy of the data we hold about you.
- Right to rectification — you can update your display name at any time from the profile menu.
- Right to erasure — you can delete your account and associated personal data at any time from the profile menu, or by contacting us (see Section 10). Note that game records are anonymised rather than deleted, as they may be part of other players' game histories.
- Right to object — you can stop using the Service and delete your account at any time.
To exercise any of these rights, use the in-app account deletion option or contact us by email.
8. Children
The Service is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal data, please contact us and we will delete it.
9. Changes to This Policy
We may update this Privacy Policy from time to time. The "last updated" date at the top of this page will reflect any changes. Where changes are material, we will take reasonable steps to notify you. Continued use of the Service after an update constitutes acceptance of the revised policy.
10. Contact
For privacy-related questions, data access requests, or deletion requests, please email: [email protected]