Privacy policy

Last updated: April 26, 2026

At Puzzlelands we want you to know exactly what data we store, what we use it for and what you can do with it. This policy is written in plain language, without unnecessary jargon. If something isn't clear, write to us (contact info at the end).

1. Who we are

Puzzlelands is an independent website, made as a personal project, dedicated to logic games (Minesweeper, Slant, Sudoku, Nonogram, Memo-test and more). The site is operated by its author, with no company behind it.

2. What data we collect

We only store what's needed for the site to work and to keep the rankings competitive. Specifically:

2.1 Account data
  • Username: the public identifier that appears in rankings and on your profile. Anyone can see it.
  • Email: used for sign-in, password recovery and, if applicable, administrative confirmations. Never shown publicly.
  • Password: stored as a hash (ASP.NET Identity algorithm). We don't know it in plain text and can't email it to you.
2.2 Game data
  • Scores (normal mode and daily): puzzle, difficulty, time, points and date. They feed the rankings — they are public by design.
  • Streaks (current and best) of dailies.
  • Unlocked achievements and the date they were obtained.
  • Country you choose in your profile (optional). If you don't set it, we don't infer or geolocate via IP.
  • Supporter status: if you donated and let us know, it's marked on your profile. The amount and payment method are not shown.
2.3 Automatic technical data
  • Session cookies generated by ASP.NET Identity and Antiforgery, needed to keep you signed in and prevent CSRF. Not used for ad tracking.
  • Server logs: IP address, user-agent and visited URLs, retained for a short period for debugging and abuse prevention. We don't cross-reference them with your account beyond what's needed to investigate incidents.
2.4 What we DO NOT collect
  • We don't use advertising or third-party ad trackers.
  • We don't sell or rent your information to anyone.
  • We don't ask for phone number, postal address or biometric data.
  • We don't store credit card data: donations are processed on external platforms (section 5).

3. What we use the data for

  • Run the site: authentication, saving games and streaks, calculating your rank, showing your achievements.
  • Maintain competitive rankings: the global, per-puzzle, daily and monthly championship rankings use your username, country, points, rank and supporter status.
  • Detect abuse: cheats, automated scripts, attempts to inflate the ranking. That's why we do server-side validation and keep short-term logs.
  • Operational communication: password recovery and critical account notices. We don't send newsletters or spam.

Legal basis (where GDPR / equivalent laws apply): performance of contract (providing the service), legitimate interest (abuse prevention) and consent (optional fields like country).

4. What's public and what's private

🌐 Public
  • Username
  • Country (if set)
  • Total points and rank
  • Position in rankings
  • Unlocked achievements
  • Supporter status (if active)
🔒 Private
  • Email
  • Password (hash, we don't see it)
  • IP address and server logs
  • Donation details (amount, date)

5. Third parties the site interacts with

We try to minimize dependencies, but some things go through external services:

  • Cafecito: if you use the "Buy a coffee" button, the transaction happens at cafecito.app. We don't receive or store payment data. Cafecito may share your name/alias and an optional message with us.
  • Crypto donations: on-chain transactions. The addresses we show are ours; the send happens from your wallet. Blockchain data is public by nature — we can't delete it.
  • Hosting and database: the site runs on a server provider and the data is stored in a PostgreSQL database we administer. We don't share this information with other platforms.
  • CDNs: we use public CDNs to load frontend libraries (Bootstrap, Alpine.js, fonts). These services may see your IP when the page loads, which is standard on the modern web.

6. How long we keep the data

  • While your account is active, we keep your account data, scores, streaks and achievements so you can keep playing and competing.
  • If you ask to delete your account, we remove email, password hash, country and the link between your scores and you. Scores may be kept anonymously (without your name) to maintain ranking history, unless you explicitly ask for them to be deleted too.
  • Server technical logs: short rotation (typically less than 30 days) and automatic deletion.

7. Your rights

Regardless of where you are, we recognize the following rights over your personal data:

  • Access: request a copy of the data associated with your account.
  • Rectification: correct username, email or country. Some fields you can change yourself from your profile.
  • Deletion: remove your account and associated personal data (see section 6 about scores).
  • Portability: receive a structured export of your scores and achievements.
  • Objection / restriction: object to specific uses of your data (e.g. removing your name from a ranking), unless it affects system integrity.

To exercise any of these rights, email the contact (section 11). We respond within 30 days.

8. Security

We apply reasonable measures to protect your information:

  • HTTPS across the entire site.
  • Hashed passwords (not stored in plain text).
  • Server-side validation of all scores — the client never decides how much you scored.
  • Protection against CSRF and SQL injection (Razor Pages + Entity Framework Core).
  • Database access restricted to the site team.

No system is 100% bulletproof. If you find a vulnerability, please report it responsibly before disclosing it publicly.

9. Minors

Puzzlelands is suitable for all ages, but registration is intended for people 13 or older. If you're younger, ask your parent or guardian to create the account or approve your use. If we find we accidentally registered data from someone under 13, we'll delete the account.

10. Changes to this policy

If we update this policy, we'll:

  • Change the "Last updated" date above.
  • Show a visible notice on the site when changes are significant (e.g. new third parties or new uses of data).
  • If changes are significant and you have an account, we'll notify you by email.

Continued use of the site after a change implies you agree to the new policy.

11. Contact

For privacy questions, exercising your rights, or reporting an incident:

Use "Privacy — Puzzlelands" in the subject line so we can attend to it faster.