GamesLeaderboardsAchievementsShop

Legal

Privacy Policy

Version 5 — March 21, 2026

Privacy Policy

Version 4 — Effective Date: March 21, 2026

This policy explains what data dmnshd.gg collects, why we collect it, and how we handle it. We believe in being straightforward — no legalese walls of text.

Data Controller: dmnshd, LLC, a Delaware limited liability company, 1111b South Governors Ave, STE 92908, Dover, DE 19904, United States. When we say "we," "us," or "our," we mean dmnshd, LLC.

Privacy Contact: Florian Isikci — contact via legal@dmnshd.gg or by mail at the address above. Note: dmnshd, LLC has not appointed a formal Data Protection Officer (DPO) under GDPR Article 37, as our core activities do not involve large-scale systematic monitoring of individuals or large-scale processing of special categories of data. Our Privacy Contact handles all privacy-related inquiries and requests.

---

1. What We Collect & Why (Legal Bases)

For each category of data, we explain what we collect, why, and (for users in the EU/EEA and UK) the legal basis under GDPR for processing it.

Account & Authentication Data

  • Email address — for account creation, login, and communication. *Legal basis: Contractual necessity.*
  • Username and display name — for your public profile. *Legal basis: Contractual necessity.*
  • Password hash — for authentication (we never store your actual password). *Legal basis: Contractual necessity.*
  • OAuth data (Google/Discord provider name + provider user ID) — for authentication via third-party sign-in. *Legal basis: Contractual necessity.*

Profile Data

  • Avatar (JPEG, PNG, WebP, GIF up to 5MB) — for profile display, stored on our servers. *Legal basis: Contractual necessity / Consent.*
  • Social links (optional website, Twitter, GitHub, YouTube, Twitch, Discord URLs) — for profile display. *Legal basis: Consent (you choose to provide these).*

Gameplay Data

  • Save games (JSON, up to 100 slots per game) — for game progress persistence. *Legal basis: Contractual necessity.*
  • Leaderboard scores and metadata — for competitive features. *Legal basis: Contractual necessity.*
  • Achievements — for game progress tracking. *Legal basis: Contractual necessity.*
  • Inventory items (counts, expiration dates) — for in-game item management. *Legal basis: Contractual necessity.*
  • Ratings (thumbs up/down on games) — for community feedback. *Legal basis: Legitimate interest.*
  • Comments and replies on game pages — for community engagement. *Legal basis: Legitimate interest.*

Purchase & Token Data

  • Token balance — for virtual currency management. *Legal basis: Contractual necessity.*
  • Transaction history (amount, date, Paddle transaction ID, items purchased, tips sent) — for purchase records, support, and dispute resolution. *Legal basis: Contractual necessity / Legal obligation.*
  • Paddle customer ID — for linking purchases. We do NOT store credit card numbers, billing addresses, or other payment details. *Legal basis: Contractual necessity.*

Analytics Data

  • Per-game statistics (daily play counts, unique user counts, average session duration) — for platform improvement. This data is aggregated and not tied to individual users. *Legal basis: Legitimate interest.*

Advertising Data

  • Third-party ad cookies (Google AdSense: device info, browser type, IP address, browsing activity) — for ad delivery and personalization. *Legal basis: Consent (collected by Google via cookies — see Section 3).*

---

2. How We Use Your Data

  • To provide and operate the platform.
  • To authenticate you and maintain your session.
  • To display your profile, scores, and achievements.
  • To store and serve your game saves.
  • To process Token purchases and maintain your Token balance.
  • To keep a record of your transactions for support and dispute resolution.
  • To send notifications via Discord webhooks (game updates, new high scores).
  • To display advertisements through third-party ad networks (see Sections 3 and 4).
  • To detect and prevent fraud, abuse, or unauthorized use of the Token and payment systems.
  • To facilitate a business transfer in the event of a merger, acquisition, or sale of assets (see Section 6).
  • To comply with legal obligations (tax records, fraud prevention, law enforcement requests).

---

3. Cookies

Our Cookies

We use a single first-party cookie for authentication — a JWT session token stored in an httpOnly cookie scoped to .dmnshd.gg. This token expires after 7 days. This cookie is strictly necessary for the platform to function and does not require consent.

Advertising Cookies

We display ads on dmnshd.gg through Google AdSense, which may set its own cookies on your device. These third-party cookies may be used to:

  • Serve personalized ads based on your browsing activity across the web;
  • Measure ad performance;
  • Prevent the same ads from being shown repeatedly.

Google's advertising cookies include identifiers that help build an interest profile associated with your device.

Cookie Consent

For users in the EU/EEA and UK: Before any non-essential advertising cookies are set on your device, we will present a cookie consent banner requesting your affirmative consent. You may:

  • Accept personalized advertising cookies;
  • Reject non-essential cookies (you will still see ads, but they won't be personalized);
  • Withdraw consent at any time by revisiting your cookie preferences through the cookie settings link available in the site footer.

If you reject or do not interact with the consent banner, no non-essential cookies will be set.

Managing Ad Preferences

You can also manage or opt out of personalized advertising in the following ways:

  • Google Ad Settings — adjust your ad personalization preferences at [adssettings.google.com](https://adssettings.google.com).
  • Browser settings — you can configure your browser to block third-party cookies. Note that this may affect your experience on other websites as well.

If you opt out of personalized ads, you will still see ads on dmnshd.gg — they just won't be tailored to your interests.

---

4. Third-Party Services

We interact with the following third-party services:

  • Google AdSense — serves advertisements on dmnshd.gg. Google may collect data about your device, browsing activity, and interactions with ads through cookies and similar technologies. This data is processed by Google in accordance with [Google's Privacy Policy](https://policies.google.com/privacy). See Section 3 for details on advertising cookies and how to opt out.
  • Paddle — processes all payments on dmnshd.gg as the Merchant of Record. When you make a purchase, Paddle collects and processes your payment information (such as credit card details and billing address) directly. We do not receive or store this information. Paddle shares with us only your Paddle customer ID, transaction ID, and purchase amount. Subject to [Paddle's Privacy Policy](https://www.paddle.com/legal/privacy).
  • Google OAuth — if you choose to sign in with Google. Subject to [Google's Privacy Policy](https://policies.google.com/privacy).
  • Discord OAuth — if you choose to sign in with Discord. Subject to [Discord's Privacy Policy](https://discord.com/privacy).
  • Discord Webhooks — we send notifications to Discord channels (game updates, high scores). These contain game/score information, not private user data.

We do not sell your personal data to data brokers or other third parties for their own marketing purposes. Note that third-party advertising partners (such as Google AdSense) may collect data through cookies on our platform to serve ads, as described in Section 3. Some privacy laws may classify this as a "sale" of personal information — see Section 10 for how to opt out.

---

5. Data Storage, Security & International Transfers

Storage & Security

  • All data is stored on our own self-hosted servers located in Ashburn, Virginia, United States. We do not use third-party cloud storage providers (such as AWS, GCP, or Azure).
  • Passwords are hashed using bcrypt before storage.
  • Sessions use signed JWT tokens in httpOnly cookies (not accessible to JavaScript).
  • Payment information is handled entirely by Paddle — we never see, process, or store your payment details.
  • We use reasonable security measures to protect your data, but no system is 100% secure.

International Data Transfers

If you are located outside the United States (including in the EU/EEA or UK), your data will be transferred to and processed on our servers in the United States.

For users in the EU/EEA and UK: The United States does not currently have a blanket adequacy decision under GDPR (though the EU-U.S. Data Privacy Framework covers certified organizations).

Transfers to us (dmnshd, LLC). Your data is transferred to our servers in the United States. We rely on the following legal bases for this transfer:

  • Contractual necessity — the transfer is necessary for us to provide the dmnshd.gg platform services you signed up for (Article 49(1)(b) GDPR);
  • Your explicit consent — provided at account registration, after being informed that your data will be stored in the United States (Article 49(1)(a) GDPR).

Transfers to third-party processors. Where your data is shared with third-party processors (such as Paddle for payment processing, and Google for ad serving), we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission, as incorporated into our agreements with these processors;
  • The processors' own transfer mechanisms (e.g., Paddle's and Google's compliance frameworks).

You may request a copy of the safeguards we use by contacting us at legal@dmnshd.gg.

---

6. Business Transfers

If dmnshd.gg or its assets are involved in a merger, acquisition, sale, reorganization, or bankruptcy, your data (including account information, Token balances, transaction history, and gameplay data) may be transferred to the successor entity as part of that transaction.

Notice and opt-out. We will notify you at least 30 days before your data is transferred to a successor entity (via email and/or platform notification). During this notice period, you may delete your account to prevent your data from being transferred. Deleting your account will remove your data as described in Section 7.

For users in the EU/EEA and UK: The successor entity must have a valid legal basis under GDPR to process your data. Where our processing of your data is based on consent, the successor may need to obtain fresh consent from you. We will inform you of any changes to the data controller or processing purposes before the transfer takes effect. The successor entity will be bound to honor the commitments made in this policy with respect to data collected before the transfer.

---

7. Data Retention & Deletion

  • Your data is retained as long as your account exists.
  • Account deletion is available and triggers cascade deletion of all your associated data: saves, scores, achievements, comments, ratings, Token balance, and OAuth connections.
  • Transaction records — we may retain anonymized or aggregated transaction records after account deletion for accounting, tax compliance, and fraud prevention purposes, as required by applicable law. These records will not be linked to your personal identity.
  • We don't retain other deleted data — when it's gone, it's gone.

---

8. Children's Privacy

dmnshd.gg is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account, please contact us at legal@dmnshd.gg and we will delete the account.

EU/EEA age of digital consent. GDPR allows EU/EEA member states to set the age of digital consent between 13 and 16. If you are in a jurisdiction where the age of digital consent is higher than 13 (e.g., 16 in Germany, France, and the Netherlands; 15 in Greece; 14 in Austria and Italy), you must meet that age or have verifiable parental consent to use dmnshd.gg.

Age verification. Currently, we rely on self-certification at registration — users confirm they meet the minimum age requirement. We acknowledge that self-certification has limitations. We are evaluating additional age-gating mechanisms and will implement stronger measures as they become available and practical for our platform size.

Personalized ads and minors. For users who are known to be under the applicable age of consent in their jurisdiction:

  • We set Google AdSense child-directed treatment (TFCD/TFUA) flags to prevent personalized advertising;
  • We enable limited data processing mode for ad serving, meaning Google will not build interest profiles or serve personalized ads to these users;
  • These users will see only contextual (non-personalized) ads.

Purchases (including Tokens) require users to be at least 18 years old or have parental/guardian consent, as stated in our Terms of Service.

---

9. Your Rights

You have the right to:

  • Access your data — your profile, saves, scores, Token balance, and transaction history are visible through your account.
  • Correct your data — you can update your profile information at any time.
  • Delete your data — you can delete your account, which removes all associated data (subject to the transaction record retention noted in Section 7).
  • Export — we don't currently offer a bulk export feature, but you can access your data through the platform. If you need a copy of your data, contact us at legal@dmnshd.gg and we will provide it in a commonly used electronic format.
  • Opt out of personalized ads — you can opt out of interest-based advertising via [Google Ad Settings](https://adssettings.google.com), your browser's cookie settings, the cookie consent banner, or by contacting us.

Additional Rights for EU/EEA and UK Users (GDPR)

If you are located in the EU/EEA or UK, you also have the right to:

  • Restrict processing — you may ask us to restrict the processing of your personal data in certain circumstances (e.g., if you contest its accuracy).
  • Object to processing — where we process data based on legitimate interest, you may object. We will stop unless we have compelling legitimate grounds that override your interests.
  • Data portability — you may request your personal data in a structured, commonly used, machine-readable format and have it transmitted to another controller.
  • Withdraw consent — where processing is based on consent (e.g., advertising cookies, optional profile data), you may withdraw consent at any time without affecting the lawfulness of prior processing.
  • Lodge a complaint — you have the right to lodge a complaint with your local data protection supervisory authority (e.g., the CNIL in France, the BfDI in Germany, the ICO in the UK). A list of EU/EEA supervisory authorities is available at [edpb.europa.eu](https://edpb.europa.eu/about-edpb/about-edpb/members_en).

To exercise any of these rights, contact us at legal@dmnshd.gg. We will respond within 30 days (or within the timeframe required by applicable law).

Rights for California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the CPRA provides you with specific rights:

  • Right to know — you may request the categories and specific pieces of personal information we have collected about you.
  • Right to delete — you may request deletion of your personal information.
  • Right to correct — you may request correction of inaccurate personal information.
  • Right to opt out of "sale" or "sharing" — while we do not sell personal information in the traditional sense, the use of Google AdSense cookies may constitute a "sale" or "sharing" under the CCPA's broad definitions. You have the right to opt out. See Section 10.
  • Right to non-discrimination — we will not discriminate against you for exercising your CCPA rights.

Rights Under Other U.S. State Privacy Laws

We are also aware of and respect privacy rights under similar laws in other states, including Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and others as enacted. If you reside in one of these states and wish to exercise your data rights, please contact us at legal@dmnshd.gg and we will process your request in accordance with applicable law.

---

10. Do Not Sell or Share My Personal Information

We do not sell your personal information to third parties for monetary consideration. However, our use of Google AdSense involves sharing certain data (such as device identifiers, IP address, and browsing activity) with Google for ad personalization, which may be classified as a "sale" or "sharing" of personal information under the CCPA/CPRA and similar state laws.

To opt out:

  • Use the "Do Not Sell or Share My Personal Information" link available on our website;
  • Reject non-essential cookies via the cookie consent banner;
  • Adjust your settings at [Google Ad Settings](https://adssettings.google.com);
  • Contact us at legal@dmnshd.gg with the subject line "Do Not Sell."

When you opt out, we will configure ad serving to use limited data processing / restricted data processing mode, so that Google does not use your data for personalized advertising.

---

11. Changes to This Policy

We may update this privacy policy as the platform evolves. When we do, we'll update the version number and effective date at the top. If changes materially affect how we handle your payment, Token, or advertising data, we will make reasonable efforts to notify you (e.g., via email or a platform notification). We encourage you to review this policy periodically.

---

12. Contact

Questions or concerns about your privacy? Reach out to us:

Data Controller:

dmnshd, LLC

1111b South Governors Ave, STE 92908

Dover, DE 19904, United States

Privacy Contact: Florian Isikci

Email: legal@dmnshd.gg

For GDPR-related inquiries, you may also contact your local data protection supervisory authority.