Privacy Policy

Word Chains (“we”, “our”, “us”) is an online word game. This policy explains what we collect, how we use it, and your choices. We keep it simple: we collect what’s needed to run the game, show leaderboards, and improve reliability. We do not sell your data.

• Account data (via Google Sign-In): Google user ID, name, email, and profile image.
• Public username: the handle you choose during onboarding (displayed on leaderboards/profile).
• Gameplay stats: totals, records (e.g., best score, longest chain, highest multiplier), category counts.
• Technical logs: IP address, device/browser info, error logs, and basic request metadata.
• Cookies & local storage: session cookies for sign-in; local keys for gameplay UX (e.g., cached stats).

• Authenticate users and manage accounts.
• Store and display gameplay stats and leaderboards.
• Improve performance, troubleshoot, and fight abuse/fraud.
• Send essential service communications when necessary.
• Comply with legal obligations when applicable.

Legal bases (EEA/UK): performance of a contract, legitimate interests (security/quality), and consent where required.

• Required cookies: session/auth cookies (NextAuth) to keep you signed in.
• Local storage: items like wc_stats, wc_peak_multipliers, or a local device ID to enhance gameplay UX on your device. Clear your browser data to remove them.
• Optional analytics: If we add analytics or additional cookies in the future, we’ll update this page and request consent where required.

• Public: username, avatar image (if any), and game stats shown on leaderboards and your profile.
• Not public: your email address and internal identifiers.
• We may remove suspicious entries to protect fairness and integrity.

We don’t sell personal data. We share limited data with service providers that help operate Word Chains: hosting/build (e.g., Vercel), managed database (PostgreSQL), and authentication (Google Sign-In). Providers process data under our instructions and safeguards. We may disclose data to comply with law or to protect rights, safety, and service integrity.

Data may be processed in countries outside your own. Where required, appropriate safeguards are used for cross-border transfers.

• Account & stats: kept while your account is active.
• Deletion: on verified request, we delete/anonymize account-linked stats and profile data. Aggregated or de-identified data may be retained.
• Local storage: remains on your device until you clear it.

Depending on your region, you may have rights to access, correct, delete, object/restrict processing, or request portability. You can also withdraw consent where processing relies on consent.

To exercise rights, email huxardedu@gmail.com from the address linked to your account.

The Service is not directed to children under the lawful age of online consent in their region. If a child provided data without appropriate consent, contact us and we’ll delete it.

We use reasonable technical and organizational safeguards. No service can guarantee perfect security, but we work to protect your data against unauthorized access and misuse.

We may update this policy. We’ll revise the effective date above and, for material changes, may provide in-app notice.

Questions or requests? Email huxardedu@gmail.com.