This Privacy Policy explains what information Planet Snake (“the Service”, “we”, “us”) collects when you play the game, how we use it, and the choices you have. The Service is a free, browser-based multiplayer game funded by advertising. We try to collect as little personal information as possible, and we never sell your data.
1. Information we collect
1.1 Information you provide
- Guest play. If you click “Play as Guest” we generate a temporary in-game identity and a nickname you choose. Guest accounts are not stored in our database after the session ends.
- Sign-in with Google. If you sign in with Google, we receive your Google account ID, email address, display name, and profile picture URL from Google. We use these to create or recognise your account.
- Sign-in with Facebook. If you sign in with Facebook, we receive your Facebook account ID, email address (if you grant permission), display name, and profile picture URL from Facebook. We use these to create or recognise your account.
- In-game preferences. Your nickname, snake colour, preferred language, and chosen avatar variant.
- Social graph. The list of players you choose to follow or block.
1.2 Information we generate as you play
- Game session records. For each round you play while signed in we record the start and end time, the world you joined, your final weight, the cause of death, the items you collected, and an XP score derived from your performance.
-
Authentication session. A session cookie
(
connect.sid) is set in your browser so you stay signed in. The session record itself is stored on our server.
1.3 Information collected by Google AdSense
The Service is monetised through Google AdSense. AdSense loads on the lobby, public-profile, and legal pages — it is not loaded on the gameplay screen. When AdSense is active in your browser, Google may collect (independently of us):
- your IP address, user agent, approximate location, and language;
- cookies and similar identifiers used to measure ad performance and, unless you opt out, to personalise ads;
- information about which ads were shown, viewed, or clicked.
Google’s collection and use of this information is governed by its own Privacy Policy. You can review and adjust your ad-personalisation choices in Google Ad Settings. Users in the EEA, UK, and Switzerland are shown a Google-certified consent prompt the first time AdSense loads, and can change their choice from the “Privacy & Terms” control Google provides on each ad.
1.4 Information we do not collect
- We do not collect your password (we use OAuth for sign-in).
- We do not run our own analytics tracker — we only use the advertising tracker described in section 1.3.
- We do not collect your precise geolocation, contacts, or device sensors.
- We do not record voice, video, or chat messages — the game has no chat feature.
- We do not place ads, or load the AdSense script, on the gameplay screen.
2. How we use your information
| Purpose | Data used | Legal basis (GDPR) |
|---|---|---|
| Create and authenticate your account | OAuth ID, email, display name | Performance of a contract |
| Show your nickname, avatar, and snake colour to other players in the same world | Nickname, avatar variant, snake colour | Performance of a contract |
| Compute XP, leaderboards, and your profile statistics | Game session records | Performance of a contract / legitimate interest |
| Operate the follow / block social features | Follow and block lists | Performance of a contract |
| Keep you signed in across visits | Session cookie | Strictly necessary |
| Detect and prevent abuse, cheating, and other policy violations | Game session records, account identifiers | Legitimate interest |
| Fund the Service through advertising (via Google AdSense) | Data collected by AdSense in your browser (IP, cookies, ad interactions — see section 1.3) | Legitimate interest / consent in EEA, UK, CH |
3. How information is shared
- With other players. Your nickname, avatar, snake colour, current world, online status, and aggregated XP / leaderboard standing are visible to other players. Your public profile page also lists your followers and the people you follow.
- Sign-in providers. When you choose to sign in, Google or Facebook receives a request from your browser. Their use of your data is governed by their own privacy policies: Google, Facebook.
- Avatar image services. If you pick an avatar style other than “Default”, “Initial”, “Google” or “Facebook”, your browser requests the image directly from a third-party avatar generator (DiceBear, Boring Avatars, RoboHash, or Pravatar). Your IP address and an anonymous seed are visible to that service. We do not send them your name or email.
- Google AdSense. On the lobby, public-profile, and legal pages, Google’s ad scripts run in your browser and receive the data described in section 1.3. We do not pass your account identifiers, email, or game-session data to Google. AdSense is not loaded on the gameplay screen. Google’s own Privacy Policy and “How Google uses information from sites or apps that use our services” apply.
- Service providers. Our application is hosted on standard cloud infrastructure (database, web hosting, CDN). These providers process data on our behalf to keep the Service running.
- Legal requirements. We may disclose information if required by law or to protect the rights and safety of users and the Service.
- We do not sell your personal information and we do not share it for cross-context behavioural advertising.
4. Cookies
We use a single first-party cookie of our own,
connect.sid, which stores your authentication session. It
is strictly necessary for sign-in to work and is removed when you log
out or when the session expires (after 30 days of inactivity).
On the pages where Google AdSense is active (lobby, public profile, legal pages — never on the gameplay screen), Google may set additional cookies and similar identifiers in your browser to measure ad performance and, with your consent where required, to personalise the ads you see. You can review and adjust these choices in Google Ad Settings. See Google’s Cookies and similar technologies page for the current list.
5. Data retention
- Account data is retained for as long as your account exists.
- Game session records are retained indefinitely so that historical leaderboards and your lifetime XP remain accurate.
- Guest sessions are not persisted to the database; they exist only in server memory while you are connected.
- Authentication sessions expire after 30 days of inactivity.
6. Your rights
Depending on where you live, you may have the right to access, correct, port, or delete the personal information we hold about you, and to object to or restrict certain processing. To exercise these rights, contact us at the address in section 10. We will respond within the time required by applicable law.
You can also delete your data yourself at any time. Visit our Data Deletion page while signed in and press the delete button: this permanently removes your account record (username, nickname, email, OAuth identifiers, profile preferences), every follow and block relationship that involves you, every recorded game session, and any active sign-in session. The same effect happens automatically when you remove the app from your Facebook “Apps and Websites” settings, in which case Facebook notifies us via a signed callback. If you cannot sign in, contact us at the address in section 10 and we will action the request manually within 30 days.
7. International transfers
The Service is hosted on cloud infrastructure that may process data in countries other than your own. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) for such transfers.
8. Security
We use HTTPS for all traffic, store sessions in a managed PostgreSQL database, and rely on OAuth providers for sign-in so we never see or store your password. No method of transmission or storage is perfectly secure, but we work to protect your information using industry-standard practices.
9. Children’s privacy
The Service is not directed to children under 13 (or under 16 in the EEA / UK), and we do not knowingly collect personal information from them. If you believe a child has provided us with personal information, please contact us and we will delete it.
10. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will revise the “Effective date” above. If the changes are material we will take reasonable steps to notify signed-in users.
11. Contact
For questions about this Privacy Policy or to exercise your privacy rights, contact us at [email protected].