This privacy policy is valid for the pages queens-online.up.railway.app and queens-online-dev.up.railway.app as well as all their sub-pages.

If any questions regarding data protection arise, feel free to write us under the email address stated above or use the Feedback Form.

Information we collect

We may collect the following types of information:

1. Account data: If you register, we store your chosen username. If you choose to link an email address, we store it solely for authentication purposes (sending one-time login codes). We never share your email with third parties.
2. Game data: For each completed puzzle we record solve time, number of moves, number of undos, the solution you submitted, and whether you played on a mobile or desktop device. This data is used to compute puzzle statistics and is linked to your account if you are logged in.
3. Feedback: If you submit feedback, we store your message and any name or email you voluntarily provide.
4. Usage data: Standard server logs may include your IP address, browser type, and the time and date of your visit.

All data is processed on servers hosted in the United States (Railway). By using this service you acknowledge that your data is transferred outside the EU.

Legal basis for processing (GDPR Art. 6)

We process personal data only where a legal basis under Art. 6 GDPR applies:

• Account data (username, email): Performance of a contract (Art. 6(1)(b)) — processing is necessary to provide the account and authentication service you requested.
• Game data (solve time, move count, client type, submitted solution): Legitimate interest (Art. 6(1)(f)) — we use this data to compute puzzle statistics and improve difficulty calibration. This interest is not overridden by your rights, as the data is linked to an account only while the account exists and is anonymised on deletion.
• Feedback messages: Consent (Art. 6(1)(a)) — you voluntarily provide this data when submitting the feedback form.
• Google Analytics: Consent (Art. 6(1)(a)) — analytics tracking is disabled by default and only activated if you explicitly accept. You can withdraw consent at any time by clicking here.
• Server logs (IP address, browser type, visit timestamps): Legitimate interest (Art. 6(1)(f)) — retained for 7 days for security monitoring and abuse prevention.

How long we keep your data

• User accounts: Active as long as you use the service. Accounts that have not been accessed for 2 years are automatically deleted, with game records anonymised as described above.
• Game records: Retained indefinitely for aggregate statistics. Records are anonymised (unlinked from your account) when your account is deleted, whether by you or through inactivity.
• Authentication tokens: One-time login codes expire after 15 minutes and are purged from our database immediately on next use. JWT session tokens expire after 24 hours (access) or 30 days (refresh).
• Server logs: Retained for 7 days.

How we protect your information

We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect it from unauthorized access, disclosure, alteration, or destruction.

Cookies and local storage

Our website uses cookies and browser local storage to function correctly and to understand how it is used. You can manage cookies in your browser settings.

We use two categories of cookies:

1. Essential cookies — required for the site to work. These include:
   • access_token / refresh_token — authentication tokens, valid for 24 hours and 30 days respectively. Only set if you create an account.
   • anon_token — a random identifier that links puzzle attempts to a single browser session before you create an account. Retained for 1 year.
   • session — stores the current puzzle state (which puzzle is active and when you started). Deleted when your browser session ends.
2. Non-essential cookies — help us understand how the site is used. These include Google Analytics. They are only activated with your explicit consent. You can withdraw consent at any time by clicking here.

We also use browser local storage to remember which puzzles you have already solved, so we can serve you new ones. This data never leaves your device.

Google Analytics

This page uses the tracking tool "Google Analytics". By default, tracking is deactivated, and it activates only when you explicitly consent to it. You can decline any further tracking in the future by clicking here.

Your rights

Under the GDPR you have the right to access, correct, or delete your personal data, to object to or request restriction of its processing, and to receive it in a portable format.

Account deletion: If you have a registered account, you can delete it at any time from the user panel on the main page. Deleting your account permanently removes your username, email address, and login tokens. Game statistics (solve times, move counts, etc.) are anonymised: your user link is replaced with a randomly generated identifier that is not derived from any personal attribute and cannot be traced back to you. The anonymised records are retained for aggregate statistics.

For any other data requests, contact us at the address above.

You also have the right to lodge a complaint with the Austrian data protection authority: Datenschutzbehörde (DSB), Barichgasse 40–42, 1030 Wien, www.dsb.gv.at.

Changes to this policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new policy on this page. We recommend that you review this policy periodically for any changes. Changes are effective when they are posted on this page.

Effective Date

This privacy policy was last updated on May 17, 2026.