Privacy Policy

Ludo Nexus is a free multiplayer board game available at ludo-nexus.com. This policy explains how we collect, use, and protect your personal data in compliance with the EU General Data Protection Regulation (GDPR).

Account data (when you register):

• Email address and display name
• Avatar selection
• Hashed password (for email/password accounts)
• Google profile info — email and name (for Google sign-in)

Automatically collected data:

• Game statistics (wins, losses, games played, captures, chaos cards used)
• Authentication tokens (JWT access and refresh tokens, including device info)
• Chat messages sent during games
• Issue reports you submit (description, optional email, room code)

Google Analytics (GA4) — We use Google Analytics to understand how visitors interact with our site (page views, session duration, general location). GA4 is only activated after you give consent via our cookie consent banner (ConsentManager). No analytics data is collected without your explicit opt-in. Legal basis: consent (Art. 6(1)(a) GDPR).

Sentry — We use Sentry for error tracking to detect and fix bugs. Sentry collects anonymous error reports (stack traces, browser info) without personally identifiable information. No session replays or user identifiers are sent. Legal basis: legitimate interest (Art. 6(1)(f) GDPR).

ConsentManager — We use ConsentManager to manage your cookie consent preferences. ConsentManager may set its own cookie to remember your choices. Legal basis: legitimate interest (Art. 6(1)(f) GDPR).

• Account creation and authentication
• Displaying your profile, stats, and leaderboard position
• Transactional emails: email confirmation and password resets (via Resend)
• Maintaining game sessions, chat, and room management
• Error tracking and bug fixing (Sentry)
• Website usage analytics (Google Analytics, consent-gated)

• Google OAuth — sign-in; subject to Google's Privacy Policy
• Google Analytics (GA4) — website usage analytics (consent-gated); subject to Google's Privacy Policy
• Sentry — error tracking (anonymous); subject to Sentry's Privacy Policy
• ConsentManager — cookie consent management; subject to ConsentManager's Privacy Policy
• Resend — transactional email delivery (email confirmations, password resets)
• Cloudflare — CDN and DNS; may log IP addresses per their own policy

Your data is stored in a PostgreSQL database hosted on Hetzner servers located in Germany (EU). Passwords are hashed using industry-standard algorithms. Refresh tokens are stored as SHA-256 hashes. All connections use HTTPS/TLS encryption.

• Account data: retained until you delete your account
• Refresh tokens: expire after 30 days and are automatically purged
• Game statistics: retained as long as your account exists; anonymized on deletion
• Chat messages: deleted when you delete your account
• Issue reports: retained indefinitely for service improvement; user association removed on account deletion

Under the GDPR, you have the right to:

• Access — request a copy of your personal data
• Rectification — correct inaccurate data
• Erasure — delete your account and data (available in your profile settings)
• Portability — receive your data in a structured format
• Restriction — limit how we process your data
• Objection — object to data processing
• Withdraw Consent — withdraw analytics consent at any time via the cookie settings

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

Ludo Nexus is not directed at children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

We may update this policy from time to time. The "last updated" date at the top of this page reflects the most recent revision. Continued use of the service after changes constitutes acceptance of the updated policy.

For any privacy-related questions or data requests, email us at [email protected].