Privacy Policy
Plain language, no padding. Only the data actually collected, only the processors actually used. Operator details are injected from environment variables, so each deployment shows its own.
Last updated: 2026-04-13 · Version 1.0
1. Controller identity (Art. 13(1)(a))
- Data controller: MorganKryze (natural person, non-commercial)
- Contact email: contact@libresoftware.cloud. Use this address for all privacy requests (access, erasure, rectification, objection, complaints).
- Hosted at: https://memes.libresoftware.cloud
2. Purposes and lawful bases (Art. 13(1)(c))
| Purpose | Data used | Lawful basis |
|---|---|---|
| Authentication (magic link login) | Email address | Contract, Art. 6(1)(b) |
| Account management | Username, email | Consent, Art. 6(1)(a) |
| Game history and leaderboards | Submissions, votes, scores | Consent, Art. 6(1)(a) |
| Security monitoring | Operational logs | Legitimate interest, Art. 6(1)(f) |
| Admin accountability | Audit log | Legitimate interest, Art. 6(1)(f) |
3. Categories of personal data collected
- Email address:used to send authentication links; not shared with other players.
- Username:displayed in-game and on leaderboards; visible to all players in a room.
- Consent timestamp:recorded when you accept this policy at registration.
- Game submissions:captions or answers you submit; visible to room players.
- Game scores:points earned per game; visible on leaderboards.
- Session cookie:one
HttpOnlyfunctional cookie for authentication; no tracking.
4. Data retention (Art. 13(2)(a))
| Data | Retained for |
|---|---|
| Account (email, username) | Until you request deletion |
| Game history (rooms, submissions, scores) | 2 years after the game ends |
| Session cookie | 30 days, renewed on each visit |
| Authentication tokens | 15 minutes, single-use |
| Operational logs | Up to 30 days (automatic rotation) |
| Database backups | 7 days after deletion (see §10) |
5. Your rights (Art. 13(2)(b))
- Access (Art. 15):download your data at Profile → "Download My Data".
- Portability (Art. 20):same as above; downloads as JSON.
- Rectification (Art. 16):update username or email at Profile.
- Erasure (Art. 17):email contact@libresoftware.cloud, processed within 30 days.
- Objection (Art. 21):email contact@libresoftware.cloud.
- Withdraw consent (Art. 7(3)):withdrawal counts as an erasure request; email contact@libresoftware.cloud.
6. How to lodge a complaint (Art. 13(2)(d))
If you believe your data is being processed unlawfully, you have the right to lodge a complaint with your national data protection authority:
- France: CNIL, cnil.fr
- Germany: BfDI, bfdi.bund.de
- UK: ICO, ico.org.uk
- Other EU/EEA: EDPB member list
7. Minimum age (Art. 8)
This platform is intended for users aged 16 and above. By registering, you confirm that you meet this requirement. If you are under 16, parental consent must be obtained; contact contact@libresoftware.cloud.
8. Cookies (Art. 13)
This platform sets exactly one cookie:
| Name | Flags | Purpose | Duration |
|---|---|---|---|
session | HttpOnly, Secure, SameSite=Strict | Authentication, required to stay logged in | 30 days |
No tracking, analytics, or advertising cookies are used. No third-party cookies are set.
9. Data processors (Art. 28)
Your email address is transmitted to the SMTP provider configured by the operator to send authentication links:
| Processor | Role | Data sent |
|---|---|---|
| OVHcloud (OVH SAS, France) — EU-only transactional relay | Transactional SMTP relay | Your email address, authentication link |
All other data (username, submissions, votes, scores, session, logs, backups) is stored on the operator's own infrastructure and is not shared with any third party.
10. Backup disclosure
Database backups are retained for 7 days for disaster recovery. If you request erasure, your data is deleted from the live database immediately, but may persist in backups for up to 7 days. This is permitted under GDPR Art. 17(3)(b) (legitimate interest, incident recovery).
11. Groups
When you join a group — by invite code, or at registration through a platform+group invite — some moderation decisions pass from the platform operator to the admin(s) of that group. The operator still runs the infrastructure, still enforces age and SFW/NSFW rules at the platform level, and still holds your account data. But the group admin — another user, not the operator — decides who stays in the group, which content is evicted, and whether the group is labelled SFW or NSFW. This means: group admins see your membership in their group (username, role, join and last-login timestamps); they do not see your email or any data outside the group. Moderation inside the group is on group admins, not us — if you are kicked, banned, or have content evicted, that's their action. You can report it to us directly only for classification breaches or when the complaint is about the group admin themselves. Joining an NSFW group requires a one-time age affirmation at join time. Leaving a group removes you from it; rejoining requires a fresh invite. If the group is deleted, its state enters a 30-day recovery window and is then hard-deleted; historical games continue under the normal 2-year rule with deleted references shown as [deleted]. If your account is deleted or banned, you are removed from every group; if you were the sole admin, another member is auto-promoted. Group admins are separate data controllers for group-level data (GDPR Art. 4(7)). The platform operator is the controller for your account and for the platform-wide SFW/NSFW taxonomy. Group admins and the operator are not joint controllers — each is accountable for their own decisions. For data access or erasure that spans both layers, send a single request to the operator contact email at the top of this page.