Privacy Policy

What we collect

When you sign in with Google, we receive your email address from Google. We do not store your password — authentication is handled entirely by Google and Supabase.

When you choose a username, that username is stored in our database alongside your account ID. When you solve a puzzle, we record your chosen username, the puzzle you solved, your solve time (in seconds), and the time of completion.

How we use it

Your email is used only for authentication — to verify your identity when you sign in. We do not send marketing emails. Your username and solve times are displayed publicly on leaderboards. We use session cookies to keep you signed in.

How long we keep it

Solve records are kept indefinitely to preserve leaderboard integrity. If you delete your account, your profile and email are removed, but your solve records are kept in anonymised form (your username is replaced with a null reference).

Your rights under UK GDPR

You have the right to access, correct, or delete your personal data. You can delete your account at any time from your profile page. To request a copy of your data or to raise a concern, contact us at privacy@playtoku.com.

You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data has been handled improperly.

Cookies

We use HTTP-only session cookies for authentication. We do not use tracking cookies or third-party analytics cookies. Vercel may collect anonymous analytics data as part of their hosting service — this is GDPR-compliant and does not include personal information.

Third parties

We use Google for authentication (OAuth), Supabase for database storage, Upstash for caching, and Vercel for hosting. Each of these services has their own privacy policy. We do not sell your data to any third party.