DailyPlay DailyPlay
Newcomer 1
Sign In Sign Up

Privacy Policy

Last updated: February 26, 2026

1. Introduction

GreatGamesNetwork ApS ("we", "us", "our") operates DailyPlay.com (the "Service").

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR). This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights regarding that data.

2. Data Controller

The data controller responsible for your personal data is:

GreatGamesNetwork ApS
CVR: DK46157885
Registered in Denmark
Email: hi@dailyplay.com
Website: https://dailyplay.com

3. Data We Collect

3.1 Account Data

  • Email address (required) — used for login and communication
  • Username (required) — chosen during registration
  • Display name (optional)
  • Avatar URL (optional)
  • Password — stored as a bcrypt hash, never in plaintext

We process this data because it is necessary to provide you with the Service.

3.2 Game Data

  • Game completions: date, result (won/lost), score, moves, time, attempt count
  • Statistics: games played, games won, current streak, max streak
  • Gamification: experience points (XP), level, milestones

For guest users, this data is stored only in your browser's localStorage and is not sent to our servers. For registered users, this data is stored in our database.

We process this data because it is necessary to provide you with the Service.

3.3 Payment Data

  • Subscription status, billing period, order amounts, currency
  • Payment processing is handled entirely by Lemon Squeezy
  • We do not store credit card numbers, bank account details, or full payment instruments
  • We receive from Lemon Squeezy: provider customer ID, subscription events (created, renewed, cancelled)

We process this data because it is necessary to provide you with the Service.

3.4 Communication Preferences

  • Newsletter subscription status (opt-in)
  • Game reminder subscription status (opt-in)

We process this data based on your consent. You may withdraw your consent at any time.

3.5 Security and Technical Data

  • Failed login attempt counts
  • Account lock timestamps
  • Last login and last active timestamps

We process this data to protect accounts and prevent abuse.

3.6 Terms Acceptance

  • Terms version accepted and acceptance timestamp

We process this data to comply with our legal obligations.

4. Cookies and Local Storage

4.1 Session Cookie

We use a single session cookie: paas_session

  • Purpose: Keeps you logged in and maintains your session
  • Properties: httpOnly (not accessible to JavaScript), Secure (HTTPS only in production), SameSite: lax
  • Duration: Up to 30 days, or until you log out

This is a strictly necessary cookie. No consent is required under the ePrivacy Directive.

4.2 Local Storage

We use browser localStorage to store game progress for guest users. This data is keyed by game and date, stays in your browser, and is under your control. You can clear it at any time through your browser settings.

4.3 What We Do Not Use

  • No analytics cookies (no Google Analytics, no tracking pixels)
  • No advertising cookies
  • No third-party tracking of any kind

5. How We Use Your Data

We use the data we collect to:

  • Provide and operate the games service
  • Track your game progress, statistics, and achievements
  • Process premium subscriptions and payments (via Lemon Squeezy)
  • Send communications you have opted into (newsletters, game reminders)
  • Protect account security and prevent abuse (rate limiting, lockout)
  • Comply with legal obligations (tax records, law enforcement requests)
  • Improve the Service (using aggregated, anonymized usage patterns)

6. Data Sharing and Third Parties

We do not sell your personal data to anyone. We do not use advertising networks. We do not use third-party analytics services.

We may disclose your data when required by law, such as in response to a valid court order or legal obligation.

In the event of a business transfer (merger, acquisition), your data may be transferred to a successor entity with equivalent privacy protections.

7. Data Retention

  • Account data: Retained while your account is active
  • Game data: Retained while your account is active
  • Payment records: Retained for 5 years per Danish bookkeeping requirements (Bogføringsloven)
  • Security logs: Retained for security purposes, periodically purged
  • After account deletion: Personal data deleted within 30 days, except where legal retention is required
  • Guest data (localStorage): Stored only in your browser, entirely under your control

8. Your Rights Under GDPR

Under the General Data Protection Regulation, you have the following rights:

  • Right of access — Request a copy of your personal data
  • Right to rectification — Correct inaccurate personal data
  • Right to erasure — Request deletion of your data ("right to be forgotten")
  • Right to restriction of processing — Limit how we use your data
  • Right to data portability — Receive your data in a structured, machine-readable format
  • Right to object — Object to processing based on legitimate interest
  • Right to withdraw consent — Withdraw consent for optional processing (such as newsletters) at any time

To exercise any of these rights, email hi@dailyplay.com with your request. We will respond within 30 days as required by the GDPR.

You also have the right to lodge a complaint with the Danish Data Protection Authority (Datatilsynet).

9. International Data Transfers

Our servers and database are hosted within the EU/EEA.

Lemon Squeezy may process payment data outside the EEA, subject to appropriate safeguards (Standard Contractual Clauses or equivalent mechanisms) as described in their privacy policy.

We do not otherwise transfer personal data outside the EEA.

10. Data Security

We take appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Passwords are securely hashed and never stored in plaintext
  • HTTPS encryption for all data in transit
  • Protection against common web application vulnerabilities
  • Abuse prevention measures on authentication endpoints

While we strive to protect your data, no method of transmission or storage is completely secure. We continuously review and improve our security practices.

11. Children's Privacy

DailyPlay is not intended for children under 13. Users aged 13 to 15 require parental or guardian consent to use the Service.

We do not knowingly collect personal data from children under 13. If we become aware that we have collected data from a child under 13 without appropriate consent, we will delete it promptly.

Parents or guardians may contact us at hi@dailyplay.com to request deletion of a child's data.

12. Data Breach Notification

In the event of a personal data breach:

  • We will notify the Danish Data Protection Authority (Datatilsynet) within 72 hours as required by law.
  • If the breach is likely to result in high risk to your rights and freedoms, we will notify affected users without undue delay.
  • Notification will include: the nature of the breach, data affected, measures taken, and steps you can take to protect yourself.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on the Service. The "Last updated" date at the top of this page will be revised accordingly.

Continued use of the Service after changes are posted constitutes your acceptance of the updated Privacy Policy.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

GreatGamesNetwork ApS
CVR: DK46157885
Email: hi@dailyplay.com
Website: https://dailyplay.com
Danish Data Protection Authority (Datatilsynet): https://www.datatilsynet.dk