⚗ WizardRPG — Privacy Policy
Last updated: April 2026
WizardRPG is an indie browser RPG. This policy explains what data we collect, why we collect it, and your rights over it. We collect the minimum data needed to run the game.
What we collect
- Email address — used only for account authentication via one-time code. Never shared or used for marketing.
- Game save data — your level, items, gold, proficiency, and progression. Stored to enable cross-device play and save history.
- Display name — the name you set in Account Settings, shown on the leaderboard and in global chat.
- Chat messages — visible to all players. The last 200 messages are kept; older messages are automatically deleted.
- Login history — the date of each day you log in, used for daily reward tracking. No times or IP addresses.
- Leaderboard score — your game progression score, display name, and active title.
- Session token — a random string stored in your browser that keeps you signed in. Expires after 90 days of inactivity.
- Crash reports — if the game crashes, an anonymous error report is sent including your game version, equipped items, and the error message. No personal identifiers are included.
What we do not collect
- Passwords (we use email one-time codes only)
- Payment information (the game is free)
- Location data or IP addresses
- Device identifiers beyond a random session ID
- Tracking cookies or advertising data
How we use your data
- To authenticate you and keep your save safe
- To display your name and score on the leaderboard
- To enable global chat between players
- To deliver daily login rewards
- To diagnose and fix game bugs via crash reports
Data storage
All data is stored in Cloudflare D1 (a SQLite-compatible database hosted by Cloudflare, Inc.). Cloudflare's servers are located primarily in the United States and European Union. See Cloudflare's privacy policy for their data handling practices.
Your rights
You have the right to:
- Access your data — your save data is viewable within the game. Contact us for a full export.
- Delete your account — use the "Delete Account" option in Account Settings → Danger Zone. This permanently removes all your data from every system.
- Correct your data — you can change your display name at any time in Account Settings.
- Data portability — your save data can be exported via the game's save management screen.
If you are an EU resident, you have additional rights under GDPR including the right to lodge a complaint with your local supervisory authority.
Data retention
- Active accounts: data kept as long as your account exists
- Session tokens: expire after 90 days of inactivity
- Chat messages: rolling 200-message window; older messages deleted automatically
- Save history: last 10 snapshots per account
- Deleted accounts: all data removed immediately on account deletion
Children
WizardRPG is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us their data, contact us and we will delete it.
Changes to this policy
We may update this policy. Significant changes will be noted in the game's What's New section. Continued use of the game after changes constitutes acceptance.