This Privacy Policy explains what information Planet Snake (“the Service”, “we”, “us”) collects when you play the game, how we use it, and the choices you have. The Service is a free, browser-based multiplayer game funded by advertising. We try to collect as little personal information as possible, and we never sell your data.
1. Information we collect
1.1 Information you provide
- Guest play. If you click “Play as Guest” we generate a temporary in-game identity and a nickname you choose. Guest accounts are not stored in our database after the session ends.
- Sign-in with Google. If you sign in with Google, we receive your Google account ID, email address, display name, and profile picture URL from Google. We use these to create or recognise your account.
- Sign-in with Facebook. If you sign in with Facebook, we receive your Facebook account ID, email address (if you grant permission), display name, and profile picture URL from Facebook. We use these to create or recognise your account.
- Sign-in with Discord. If you sign in with Discord, we receive your Discord user ID, email address, username, and avatar hash from Discord. We use these to create or recognise your account; the avatar hash lets us build the URL to your Discord profile picture so we can show it in-game.
- Sign-up with email and password. If you create a Planet Snake account directly with an email address, we store that email and a one-way hash of your password. We do not currently verify the email (no confirmation message is sent), and we do not send marketing or transactional email to it. You can use the email for sign-in only.
- In-game preferences. Your nickname, snake colour, preferred language, and chosen avatar variant.
- Social graph. The list of players you choose to follow or block.
1.2 Information we generate as you play
- Game session records. For each round you play while signed in we record a single XP score (your snake’s weight at the end of the round) and a timestamp. We do not store durations, death causes, or per-item collection data.
-
Authentication session. A session cookie
(
connect.sid) is set in your browser so you stay signed in. The session record itself is stored on our server.
1.3 Information collected by Google Ads
We load the Google Ads tag (gtag.js) on every public page
of the Service so that we can measure how many people visit Planet
Snake after clicking one of our Google Ads. The tag is provided by
Google and runs in your browser. Through it, Google may receive:
- Your IP address, browser user-agent, and the URL of the page you are visiting on planetsnake.io.
-
A Google click identifier (
gclid) appended to the URL when you arrive from one of our ads, used to attribute the visit to the ad you clicked. -
A Google-set cookie (
_gcl_au) that helps Google distinguish unique visitors for conversion measurement (90-day lifetime).
Google’s use of this data is governed by the Google Privacy Policy and the Google Ads data-processing terms. We do not access individual conversion records — we only see aggregated reports inside the Google Ads dashboard. You can opt out of Google’s advertising cookies at adssettings.google.com.
1.4 Information collected by Google AdSense
We monetise the Service through Google AdSense. The AdSense loader
script (adsbygoogle.js) is loaded only on the content
pages of the Service —
/about, /leaderboard,
this Privacy Policy, the Terms of Service, and
the Delete account page — and is
deliberately not loaded on the game page itself, so
no ad code ever runs while you are playing. When you visit one of
those content pages, Google may receive:
- Your IP address, browser user-agent, screen size, and the URL of the page you are visiting on planetsnake.io.
- Cookies that Google sets to remember your ad preferences, distinguish unique visitors, measure ad performance, and (for users who have not opted out) personalise the ads you see across Google’s ad network. See section 4 for the specific cookie names.
- Interactions with an ad (impression, click) if Google decides to fill an ad slot on the page.
We use AdSense in manual-placement mode only. Auto Ads is off, so Google cannot inject overlay, anchor, or vignette ads, and never injects ads into the game canvas. Google’s handling of AdSense data is governed by the Google Privacy Policy and the How Google uses information from sites or apps that use our services page. You can manage your ad personalisation at adssettings.google.com.
1.5 Information we do not collect
- We do not store your password in clear text. If you sign up with email and password, we store only a one-way hash that we use to check future sign-in attempts. We never see, log, or share the plaintext password.
- We do not run our own analytics tracker.
- We do not use Auto Ads, anchor ads, vignette ads, or any other automatically-placed ad format. Ads only appear inside the explicit slots on the content pages listed in section 1.4.
- We do not collect your precise geolocation, contacts, or device sensors.
- We do not record voice, video, or chat messages — the game has no chat feature.
2. How we use your information
| Purpose | Data used | Legal basis (GDPR) |
|---|---|---|
| Create and authenticate your account | OAuth ID, email, display name (for Google / Facebook / Discord); email + password hash (for email sign-up) | Performance of a contract |
| Show your nickname, avatar, and snake colour to other players in the same world | Nickname, avatar variant, snake colour | Performance of a contract |
| Compute XP, leaderboards, and your profile statistics | Game session records | Performance of a contract / legitimate interest |
| Operate the follow / block social features | Follow and block lists | Performance of a contract |
| Keep you signed in across visits | Session cookie | Strictly necessary |
| Detect and prevent abuse, cheating, and other policy violations | Game session records, account identifiers | Legitimate interest |
| Measure the effectiveness of our Google Ads campaigns (which ads brought visitors to the Service) |
IP address, page URL, Google click identifier
(gclid), _gcl_au cookie
|
Legitimate interest |
| Show advertising (Google AdSense) on the content pages of the Service in order to fund free hosting | IP address, page URL, AdSense cookies (see section 4), ad-interaction signals | Legitimate interest / consent where required by law |
3. How information is shared
- With other players. Your nickname, avatar, snake colour, and aggregated XP / leaderboard standing are visible to other players. Your public profile page also lists your followers and the people you follow.
- Sign-in providers. When you choose to sign in via a third-party provider, that provider (Google, Facebook, or Discord) receives a request from your browser. Their use of your data is governed by their own privacy policies: Google, Facebook, Discord.
-
Discord avatar CDN. When you sign in with Discord
and choose the “Discord” avatar style, your browser
requests your profile picture directly from
cdn.discordapp.com. Discord may receive your IP address and the avatar hash as part of this request. - Avatar image services. If you pick an avatar style other than “Default”, “Initial”, “Google”, “Facebook”, or “Discord”, your browser requests the image directly from a third-party avatar generator (DiceBear, Boring Avatars, RoboHash, or Pravatar). Your IP address and an anonymous seed are visible to that service. We do not send them your name or email.
- Service providers. Our application is hosted on standard cloud infrastructure (database, web hosting, CDN). These providers process data on our behalf to keep the Service running.
- Google Ads. Because we load the Google Ads tag on every public page (see section 1.3), Google receives the data described in that section whenever you visit Planet Snake. We use this only to measure how well our advertising works.
- Google AdSense. On the content pages listed in section 1.4 we load the AdSense ad-serving script. Google receives the data described in section 1.4 in order to fill the ad slots on those pages and to measure ad performance.
- Legal requirements. We may disclose information if required by law or to protect the rights and safety of users and the Service.
- We do not sell your personal information in the ordinary sense of the word. Some privacy laws (notably the California Consumer Privacy Act) treat the sharing of online identifiers with an ad platform as a “sale” or “sharing for cross-context behavioural advertising” even when no money changes hands. Under that broader definition, our use of the Google Ads tag and Google AdSense may qualify. If you live in a jurisdiction that gives you the right to opt out of such sharing, contact us at the address in section 11 and we will honour your request.
4. Cookies
We use a single first-party cookie of our own,
connect.sid, which stores your authentication session. It
is strictly necessary for sign-in to work and is removed when you log
out or when the session expires (after 30 days of inactivity).
In addition, the Google Ads tag described in section 1.3 may set the following cookies in your browser when you visit any public page of the Service:
-
_gcl_au— set by Google to store and track conversions (90-day lifetime). -
_gcl_aw,_gcl_dc,_gcl_gb,_gcl_gf,_gcl_ha— set by Google when you click a Google Ad to attribute the visit to a specific campaign (90-day lifetime).
Google AdSense (section 1.4) may set the following cookies when you
visit one of the content pages where it is loaded
(/about, /leaderboard,
/privacy, /terms,
/data-deletion). It is not loaded on the
game page, so none of these cookies are set while you are playing.
-
__gads— used by AdSense to record the number of ads you see and to detect invalid traffic (about 13-month lifetime). -
__gpi— used by AdSense for ad personalisation (about 13-month lifetime). -
IDE,DSID,NID— set by Google on thedoubleclick.netandgoogle.comdomains to measure how you interact with ads and to remember your ad preferences across sites.
You can block or delete these cookies through your browser settings, and you can opt out of personalised Google advertising at adssettings.google.com. Doing so will not affect your ability to play Planet Snake — the game page does not load any advertising code.
5. Data retention
- Account data is retained for as long as your account exists.
- Game session records are retained indefinitely so that historical leaderboards and your lifetime XP remain accurate.
- Guest sessions are not persisted to the database; they exist only in server memory while you are connected.
- Authentication sessions expire after 30 days of inactivity.
6. Your rights
Depending on where you live, you may have the right to access, correct, port, or delete the personal information we hold about you, and to object to or restrict certain processing. To exercise these rights, contact us at the address in section 10. We will respond within the time required by applicable law.
You can also delete your data yourself at any time. Visit our Delete account page while signed in and press the delete button: this permanently removes your account record (username, nickname, email, OAuth identifiers, profile preferences), every follow and block relationship that involves you, every recorded game session, and any active sign-in session. The same effect happens automatically when you remove the app from your Facebook “Apps and Websites” settings, in which case Facebook notifies us via a signed callback. If you cannot sign in, contact us at the address in section 10 and we will action the request manually within 30 days.
7. International transfers
The Service is hosted on cloud infrastructure that may process data in countries other than your own. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) for such transfers.
8. Security
We use HTTPS for all traffic and store sessions in a managed Cloudflare D1 (SQLite) database. When you sign in through Google, Facebook, or Discord we never see or store your provider password. When you sign up with email and password directly, the password is stored only as a one-way hash (scrypt-family); we cannot recover it if you forget it. No method of transmission or storage is perfectly secure, but we work to protect your information using industry-standard practices.
9. Children’s privacy
The Service is not directed to children under 13 (or under 16 in the EEA / UK), and we do not knowingly collect personal information from them. If you believe a child has provided us with personal information, please contact us and we will delete it.
10. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will revise the “Effective date” above. If the changes are material we will take reasonable steps to notify signed-in users.
11. Contact
For questions about this Privacy Policy or to exercise your privacy rights, contact us at support@planetsnake.io.