← Back

Privacy Policy

Last updated: June 2025

Taotris ("we", "us", "our") respects your privacy. This policy explains what data we collect when you use tetris.taozi4887.dev, how we use it, and what rights you have.

1. What We Collect

When you register an account, we store:

• Your username and display name
• Your email address (used only for account recovery; never shared)
• A hashed password (we never store your plain-text password)
• An optional bio and country code
• An optional profile avatar image you upload

When you play, we store:

• Game statistics (scores, lines, wins, losses, time played)
• Match history (opponent names, ELO changes, timestamps)
• XP, level, and cosmetic/achievement progress

2. Cookies & Sessions

We use a single HTTP-only session cookie to keep you signed in. This cookie:

• Contains only a session identifier — no personal data
• Is deleted when your session expires or you sign out
• Is not accessible to JavaScript (HTTP-only flag)

We do not use advertising cookies, analytics cookies, or third-party tracking of any kind.

3. How We Use Your Data

We use your data solely to operate the game:

• Authenticating your account
• Displaying stats, leaderboards, and match history
• Awarding XP, cosmetics, and achievements
• Enabling ranked matchmaking (ELO system)
• Allowing you to add friends and send challenges

We do not sell, rent, or share your data with third parties. We do not run ads.

4. Data Storage & Security

Your data is stored in a PostgreSQL database hosted on a private server. Passwords are hashed with bcrypt. We use HTTPS for all connections. We take reasonable technical measures to protect your data, but no system is perfectly secure.

5. Your Rights (GDPR & Others)

You have the right to:

• Access — request a copy of what data we hold about you
• Rectification — correct inaccurate data via your profile settings
• Erasure — permanently delete your account and all associated data via Profile → Settings → Delete My Account
• Portability — request your data in a machine-readable format
• Objection — contact us if you have concerns about how we process your data

6. Data Retention

We retain your account data for as long as your account is active. If you delete your account, all personal data is removed within 30 days. Match history entries that reference your account may be anonymised rather than deleted to preserve historical leaderboard integrity.

7. Children

Taotris is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child has registered, contact us and we will delete the account.

8. Changes to This Policy

We may update this policy. Material changes will be noted with a new "Last updated" date at the top of this page. Continued use after changes constitutes acceptance.

9. Contact

Questions or requests: mail@taozi4887.dev or Discord @taozi4887.