Ball IQ is operated by [Insert legal entity name] (“Ball IQ”, “we”, “us”, “our”). This Privacy Policy explains what personal data we collect, how we use it, and your rights.

Data controller contact: privacy@ball-iq.com
Postal address: [insert full postal address]

1.1 Sign-In & Account Connection

We only support third-party sign-ins (e.g., Google, Twitch, Discord). When you connect, we receive information that provider shares per your settings (e.g., name, email, provider user ID, avatar). We do not store your password for those providers.

1.2 Gameplay & Service Data

Answers, timestamps, session IDs, basic per-match results (e.g., win/loss), difficulty settings, and similar telemetry needed to operate the game and keep play fair. There are no public leaderboards at this time.

1.3 Device & Usage Data

IP address, country/region, browser type/version, device information, pages/events, crash logs, latency metrics, and anti-cheat signals (e.g., unusual request rates). Collected via our servers, Cloudflare, and application logs.

1.4 Donations (Ko-fi)

If you donate via Ko-fi, we receive limited transaction details from Ko-fi (e.g., donor name, email, amount, transaction references). We do not receive full card details. Your use of Ko-fi is also governed by Ko-fi’s own terms and privacy notice.

1.5 Cookies & Local Storage

We use strictly necessary cookies (e.g., session, CSRF) and may use optional analytics cookies where you consent. See our Cookie Policy for details and controls.

• Provide the Service (Contract): authenticate you via your chosen provider; run matches; save settings; deliver core functionality.
• Security & Anti-Cheat (Legitimate interests / Legal obligation): protect accounts, prevent abuse, detect anomalies, enforce rate limits.
• Analytics & Improvement (Legitimate interests / Consent for optional cookies): understand performance, crashes, and balance gameplay.
• Donations (Contract / Legal obligation): process and reconcile Ko-fi donations; comply with accounting/tax laws.
• Communications (Legitimate interests / Consent): service emails (e.g., support). Marketing emails only if you opt in, and you can opt out anytime.

• Service providers: Fly.io (hosting), Cloudflare (security/CDN), Ko-fi (donations), authentication providers (Google/Twitch/Discord), and other vetted vendors for infrastructure, error logging, or email delivery.
• Legal/compliance: where required by law, or to protect our rights, users, or the Service.
• Business transfers: in a merger, acquisition, or asset sale, subject to this Policy.

We do not sell your personal data.

We may transfer or access data from the UK/EEA to other countries (e.g., via global hosting/CDN). Where we do, we use appropriate safeguards (such as UK IDTA / EU SCCs and technical/organizational measures) to protect your information.

• Account & sign-in data: for as long as your account is active, then deleted within 30 days of account deletion.
• Security & application logs: typically up to 12 months unless we need longer for investigations.
• Backups: encrypted backups may persist up to 90 days before routine purge.
• Donation records (Ko-fi): up to 6 years to meet tax and accounting obligations.
• Aggregated/anonymized data: may be kept indefinitely (it does not identify you).

Under UK GDPR (and, where applicable, EU GDPR), you have rights to: access, rectification, erasure, restriction, portability, and to object to certain processing. Where processing is based on consent, you can withdraw it at any time (this won’t affect prior processing).

To exercise rights, contact privacy@ball-iq.com. We may need to verify your identity. You also have the right to complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk.

The Service is not intended for children under 13. We do not knowingly collect data from children under 13. If you believe we have, contact us and we will delete it.

We use appropriate technical and organizational measures (TLS in transit, access controls, least-privilege, monitoring, and safeguards against abuse). We do not store your third-party provider passwords. We encourage you to enable multi-factor authentication (MFA) with your sign-in provider(s). No system is 100% secure, but we work to protect your information.

We use strictly necessary cookies (e.g., session, CSRF) and, where you consent, optional analytics cookies. See our Cookie Policy for a list of cookies, purposes, retention, and how to change your preferences. You can also control cookies at the browser level, but disabling some may affect site functionality.

We do not rely on solely automated decisions that produce legal or similarly significant effects. Anti-cheat and security signals may temporarily restrict certain features; you can contact us to request a review.

If we make material changes, we will provide reasonable notice (e.g., in-product message or email) before they take effect. Continued use after the effective date constitutes acceptance.

Privacy: privacy@ball-iq.com
Legal: legal@ball-iq.com

Postal address: [insert full postal address]