Home | Apps
EN | HU

GreenCloth.Games

← Back to Home
Magyar

Privacy Policy

Effective: March 19, 2026

1. Data Controller

Reindeer Entertainment OÜ
Sepapaja 6, Tallinn 15551, Estonia
Registration number: 16202332
Email: privacy@reindeer.red

2. Scope of This Policy

This privacy policy applies to the processing of personal data in connection with the use of the GreenCloth Games platform (hereinafter: the "Service"). The Service includes the greencloth.games website, the associated progressive web applications (PWA), the game server, and all related subdomains.

3. Personal Data Processed

3.1 Registration and Sign-In (OAuth)

The Service uses third-party OAuth2 providers for sign-in. Upon sign-in, we receive the following data from the chosen platform:

Data Discord Google Facebook
Platform ID
Name
Email address
Profile picture (avatar)

Legal basis: consent of the data subject (GDPR Article 6(1)(a)) — sign-in is voluntary, and the user authorizes the transfer of data on the platform.

3.2 Cookies

The Service uses strictly necessary cookies only:

  • JWT session cookie: an authentication token required to maintain the sign-in session. The token contains the following data:
    • internal user identifier (user ID)
    • username received from the OAuth platform
    • profile picture URL (avatar)
    • role labels (roles) — e.g., admin, dev, player
    The token cannot be used for tracking; it serves solely for session authentication.

We do not use third-party cookies, advertising cookies, or tracking cookies.

Legal basis: legitimate interest (GDPR Article 6(1)(f)) — the cookie is necessary for the basic operation of the Service.

3.3 Telemetry and Error Reporting

The Service operates a proprietary telemetry system for detecting errors and monitoring performance. The collected data does not contain any personal identifier (no userId).

Automatically collected data:

  • Error reports: JavaScript errors (filename, line number, stack trace), unhandled promises, console errors
  • Performance metrics (Web Vitals): page load time (LCP), interactivity (INP), visual stability (CLS)
  • Page views: visited route and referrer
  • Device information (once per session): screen size, browser type, platform, language, touch support, connection type
  • Session identifier: randomly generated, new per session, not linked to any person

Retention periods:

Data type Retention period
Logs 7 days
Metrics 30 days
Device data 90 days

Legal basis: legitimate interest (GDPR Article 6(1)(f)) — ensuring the stability and quality of the Service.

3.4 Payment Data

Payments are processed through Stripe, Inc. (a third party). We do not store credit card or payment data directly — these are handled exclusively by Stripe in accordance with its own privacy policy. Stripe's privacy policy is available at: https://stripe.com/privacy

Data received from Stripe: transaction ID, payment status.

Legal basis: performance of a contract (GDPR Article 6(1)(b)).

4. Purposes of Data Processing

Purpose Data processed
Creating and managing user accounts OAuth data (ID, name, email, avatar)
Maintaining sign-in sessions JWT cookie
Ensuring Service stability Telemetry data (anonymous)
Processing payments Stripe transaction data

5. Data Sharing with Third Parties

We do not sell, rent, or share personal data with third parties for marketing purposes.

Data is shared only in the following cases:

Third party Purpose Data shared
Discord, Google, Facebook Authentication (OAuth2) We receive the platform's own data
Stripe, Inc. Payment processing Transaction data

6. Location of Data Storage

All data is stored on servers located within the European Union. We do not transfer personal data outside the EU, except where the third-party provider's (Discord, Google, Facebook, Stripe) own data processing policies describe such transfers.

7. Data Retention

  • OAuth account data: retained until the user account is deleted or until the user requests deletion.
  • Telemetry data: retained for the periods specified in Section 3.3, after which it is automatically deleted.
  • Payment data: retained for the period required by statutory bookkeeping obligations.

8. Rights of the Data Subject

Under the GDPR, the user is entitled to the following rights:

  • Right of access — to request information about the data processed
  • Right to rectification — to correct inaccurate data
  • Right to erasure ("right to be forgotten") — to request deletion of personal data
  • Right to restriction of processing — to suspend data processing
  • Right to data portability — to receive data in a machine-readable format
  • Right to object — to object to processing based on legitimate interest

To exercise your rights, please write to privacy@reindeer.red. We will fulfill your request within 30 days.

9. Filing a Complaint

If you believe your data is being processed unlawfully, you may file a complaint with:

  • Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)
    Tatari 39, 10134 Tallinn, Estonia
    https://www.aki.ee
  • Or the data protection authority of the EU member state where you reside (in Hungary: Nemzeti Adatvédelmi és Információszabadság Hatóság — https://www.naih.hu).

10. Changes to This Policy

We reserve the right to amend this policy. The amended version will be published on the Service's website. In case of material changes, users will be notified within the Service.

11. Contact

For privacy-related questions, please contact us:

Reindeer Entertainment OÜ
Email: privacy@reindeer.red