Privacy Policy

HuddlePlay (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information. By using HuddlePlay, you agree to the practices described in this policy.

Host Accounts

When you create a host account, we collect:

• Email address (for authentication and account management)
• Name or display name (if provided via Google OAuth)
• Profile picture (if provided via Google OAuth)
• Billing information (processed and stored by Stripe — we never see or store your full card number)
• Subscription status and plan tier

Guest Players

Players who join a game session without an account provide only:

• A display name (chosen by the player for the session)

Guest data is temporary and session-scoped. It is not linked to any persistent user profile and is not used for any purpose beyond facilitating the game session.

Automatically Collected Data

• IP address and basic device/browser information (collected by our hosting infrastructure)
• Usage data such as pages visited and features used (used to improve the Service)

• To create and manage your host account
• To process subscription payments via Stripe
• To provide, operate, and improve the Service
• To communicate with you about your account, subscription, or support requests
• To comply with legal obligations

We do not sell your personal information to third parties. We do not use your data for advertising.

We use the following third-party services that may process your data:

• Supabase — Authentication, database, and real-time infrastructure. Your email and session data are stored in Supabase. Supabase Privacy Policy
• Stripe — Payment processing. Stripe stores your billing information securely. We receive only a customer token and subscription status. Stripe Privacy Policy
• Google OAuth — Optional sign-in method. If you sign in with Google, Google shares your email and profile name with us per their OAuth policies. Google Privacy Policy
• Vercel — Hosting and edge infrastructure. Vercel may collect IP addresses and request logs as part of serving the application. Vercel Privacy Policy

Host account data is retained as long as your account is active. Game session data (scores, answers, room records) is retained to support your session history and is subject to periodic cleanup. If you delete your account, your personal data will be removed from our systems within 30 days, except where retention is required by law.

Guest session data is temporary and automatically purged after the session ends.

If you are located in the European Union, you have the following rights under the General Data Protection Regulation (GDPR):

• Access — Request a copy of the personal data we hold about you
• Rectification — Request correction of inaccurate data
• Erasure — Request deletion of your personal data (“right to be forgotten”)
• Portability — Request a copy of your data in a machine-readable format
• Restriction — Request that we limit processing of your data
• Objection — Object to certain types of processing

To exercise any of these rights, contact us at hello@huddleplay.app. We will respond within 30 days.

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• The right to know what personal information we collect and how it is used
• The right to request deletion of your personal information
• The right to opt out of the sale of personal information (we do not sell personal information)
• The right to non-discrimination for exercising your privacy rights

To submit a California privacy request, email hello@huddleplay.app with “CCPA Request” in the subject line.

HuddlePlay uses strictly necessary cookies to maintain your authenticated session. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. No cookie consent banner is required for strictly necessary cookies under GDPR.

HuddlePlay is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us at hello@huddleplay.app and we will delete it promptly.

We implement industry-standard security measures including encrypted connections (HTTPS), secure authentication via Google OAuth and Supabase Auth, and payment processing via PCI-compliant Stripe infrastructure. No system is 100% secure — contact us immediately at hello@huddleplay.app if you suspect unauthorized access to your account. For vulnerability reports, use security@huddleplay.app.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date. Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

For any privacy-related questions, requests, or concerns, contact us at:
hello@huddleplay.app