Privacy Policy

This page describes what personal data the application processes, the purposes and legal bases, how long data is retained, and the rights available to users under applicable data protection laws (such as the GDPR).

Summary

  • Account data: We store your chosen username and a password hash (not the plaintext password).
  • Session data: We store an opaque session ID and expiry to keep you signed in.
  • Seed data: We store your seed configuration and generated seed metadata to let you revisit and download results.
  • On-device storage: We store theme preference, uploaded ROMs, and sprite selections in your browser storage to provide requested features.
  • No trackers: We do not use analytics, advertising cookies, or third‑party trackers.

Data We Process

Account — When you register, we store:

  • Username
  • Password hash generated with Argon2id (never the plaintext)

Sessions — When you log in, we create a server‑side session record (ID, user ID, expiry) and set a browser cookie containing the session ID.

Seeds — When you generate a seed, we save the configuration options, generated patch data, and timestamps. If you are logged in, we associate seeds with your account.

Browser storage — We save a few items locally on your device to deliver functionality you request:

  • Theme preference in localStorage (key: theme).
  • Sprite selections in localStorage / IndexedDB (sprite_selection_<gameId>).
  • Uploaded ROM data in IndexedDB via LocalForage (rom_global_<gameId>).

Purposes and Legal Bases

  • Provide the service: Account, session, and seed data are necessary to provide requested features (legal basis: contract or legitimate interests).
  • Security: We use secure cookies and standard safeguards to protect accounts (legal basis: legitimate interests).

Retention

  • Sessions: Expire automatically based on the session expiry set by the server.
  • Seeds: Retained so you can revisit results. You may delete your account to remove associations; contact us for deletion if needed.
  • On‑device storage: Stored until you clear it or use in‑app controls to remove items.

Data Sharing

The app calls a backend randomizer service to generate seeds. We forward only the configuration options required to create the seed. We do not send your password or session cookie to third parties. If external processors are used, we ensure appropriate agreements and safeguards are in place.

Your Rights

  • Access your data
  • Rectify inaccuracies
  • Erase your account and associated seeds (subject to technical constraints)
  • Object to or restrict processing where applicable
  • Data portability for information you provided

To exercise these rights, contact the project maintainers via the repository or app support channel.

Security

  • Session cookie is HttpOnly, Secure in production, and SameSite=Lax.
  • Passwords are hashed with Argon2id.
  • All traffic should be served over TLS/HTTPS in production.

Contact

For privacy questions or requests, please open an issue on the project or use the support contact provided in the repository.

Last updated: 2025-09-04