Privacy Policy

Last updated: December 2025

Responsible Party

Stefan Wibmer (SW)
Contact: office@playtheai.com | Feedback Form | Impressum

What Data is Collected?

πŸ” Full Transparency: We believe in complete openness about data collection. Below is everything we collect - no hidden tracking, no surprises.

Automatically Collected Data

  • Session ID (randomly generated, not personal)
  • Game data (moves, results, timestamps)
  • Browser type and version (aggregated)
  • IP hash for rate limiting (SHA256, not reversible, deleted after 7 days)

Voluntarily Provided Data

  • Feedback (optional)
  • Game results

AI Game Logs (Full Transparency)

For AI research and quality improvement, we store the following data for each game:

  • Game board state (position of pieces)
  • AI prompts and responses (what we asked the AI, what it answered)
  • Token counts and API costs (for cost tracking)
  • Response times (how fast the AI responded)
  • Parse success (whether the AI gave a valid move)

Important: These logs contain NO personal data. There is no connection between game logs and real people. We cannot identify who played which game.

What Data is NOT Collected?

  • No registration required
  • No email addresses
  • No raw IP addresses (only hashed for rate limiting)
  • No tracking cookies
  • No advertising

Purpose of Data Processing

  • Game operation and evaluation
  • Elo rating calculation
  • Anonymous statistics
  • Service improvement

Data Retention

  • Game data: Unlimited (for benchmark)
  • Feedback: 1 year (automatic deletion)
  • Session data: 30 days

Third Parties

We use the following external services. Here's exactly what each one does:

Supabase

Database hosting for game statistics and AI logs. Servers located in EU (Frankfurt). No personal data is stored - only anonymous game data.

Cloudflare

Website hosting, CDN (Content Delivery Network), and DDoS protection. Cloudflare may temporarily process IP addresses for security purposes, but we do not store or have access to this data.

Cloudflare Turnstile

Bot protection to prevent automated abuse. This invisible CAPTCHA analyzes browser behavior (mouse movements, typing patterns) to distinguish humans from bots. No personal data is collected or stored by us. Cloudflare's Privacy Policy.

AI Model Providers

When you play against an AI, your game moves are sent to AI providers to generate responses:

OpenRouter - Routes to various AI models (Claude, GPT, Gemini, Llama, Grok, etc.)

What is sent: Only the game board state and game rules. No personal information, no IP address, no session ID. The AI providers do not know who is playing.

Your Rights (GDPR)

Note: Since we do not collect personal data (no accounts, no email, no IP addresses), there is typically no data that can be attributed to you personally. Your session ID is anonymous and stored only in your browser's localStorage.

Nevertheless, the following GDPR rights apply:

  • Information - Request what data we have
  • Correction - Request correction of incorrect data
  • Deletion - Request deletion of your data
  • Data portability - Request export of your data

Tip: To delete your local session data, simply clear your browser's localStorage or use your browser's "Clear site data" function.

Contact: office@playtheai.com

International Privacy Laws

PlayTheAI is accessible worldwide. Here's how various privacy regulations apply:

GDPR (EU/EEA)

We comply with GDPR. Since we don't collect personal data, most requirements don't apply. Your rights are described above.

CCPA (California, USA)

California residents have the right to know what data is collected. We do not sell personal information. Since we collect no personal data, CCPA's "Do Not Sell" provision does not apply.

Other Regions

Similar laws exist in Brazil (LGPD), Canada (PIPEDA), UK (UK GDPR), and others. Our approach of not collecting personal data means we meet or exceed these requirements.

Privacy by Design: By not collecting personal data in the first place, we avoid most privacy compliance requirements. This is intentional - we believe the best way to protect your privacy is to not collect your data.

Cookies

PlayTheAI only uses technically necessary cookies:

  • theme: theme: Light/Dark mode preference
  • session_id: session_id: Player identification (anonymous)

No tracking or advertising cookies.

This privacy policy may be updated.
Last update: December 2025

πŸ†• Neue Version verfΓΌgbar!