Privacy Policy

Last updated: April 5, 2026

1. Overview

Undercover Word ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains our data practices when you use our website and game.

2. Information We Collect

Gameplay Data

When you play Undercover Word, we collect: your display name, game room codes and duration, game phase and voting information, and device/browser information. This data facilitates gameplay and is automatically deleted after 30 days.

Contact Form Data

If you submit our contact form, we collect your name, email, and message only to respond to your inquiry. This data is not used for marketing.

Analytics

We use Google Analytics (with IP anonymization) to understand site usage. For EU users, a consent banner appears requesting permission before analytics cookies are set. You can change your preference anytime.

Cookies

We use minimal cookies: player token (stored locally), Google Analytics tracking cookie, and ad service cookies. See our Cookies Policy for details.

3. How We Use Your Data

We use collected data to operate the game, respond to inquiries, improve user experience, comply with legal obligations, and prevent abuse.

4. Legal Basis for Processing (GDPR)

Under GDPR, we process your data based on:

  • Contractual Necessity: Game data is necessary to provide the game service
  • Consent: Analytics and advertising require explicit opt-in for EU users
  • Legitimate Interest: Security, fraud prevention, and service improvement
  • Legal Obligation: Compliance with applicable laws

5. Who We Share Data With

We do not sell your data. We share data only with: Supabase (hosting), Vercel (hosting), Google (analytics & ads). All service providers are contractually obligated to protect your data.

6. Data Retention

Game data is deleted after 30 days. Contact form submissions are retained up to 6 months then securely deleted.

7. Security

We implement HTTPS encryption, secure authentication tokens, regular audits, and data protection at rest and in transit. Report vulnerabilities to contact@undercoverword.com.

8. Your Rights (GDPR & General)

  • Access your personal data
  • Request deletion (right to be forgotten)
  • Request correction of inaccurate data
  • Request data portability
  • Object to certain processing
  • Withdraw consent at any time

EU users can lodge complaints with your data protection authority. We respond to rights requests within 30 days. Contact: contact@undercoverword.com

9. Children's Privacy

We do not knowingly collect data from children under 13. If we learn we have, we will delete it immediately. Parents concerned about privacy should contact us.

10. International Data Transfers

Your data may be processed in the United States or other countries. By using Undercover Word, you consent to such transfers. We ensure compliance with GDPR and applicable data protection laws.

11. Changes to This Policy

We may update this Privacy Policy. Significant changes will be notified via email or website notice. Your continued use constitutes acceptance of changes.

12. Contact Us

Questions? Email: contact@undercoverword.com
Website: undercoverword.com