DarkSweeper Privacy Policy

Effective: March 19, 2026.
Last updated: March 19, 2026.

This Privacy Policy explains how the operator of DarkSweeper ("we", "us", "our"), an individual based in Finland, collects, uses, and protects information when you use https://darksweeper.com (the "Service"). By using the Service, you acknowledge the practices described in this policy.

1. Data Controller

The data controller for the Service is the operator of DarkSweeper, an individual residing in Finland. You may contact us at hello@darksweeper.com.

2. What Data We Process

2.1 Analytics

We collect anonymous usage data to understand how the Service is used and to improve game quality. Analytics events are sent from your browser to our own server endpoint, which forwards them to Mixpanel's EU servers (api-eu.mixpanel.com). There is no direct connection between your browser and Mixpanel.

The events we collect are:

Single-player

• Page load: page path.
• Game start: board configuration (level name, rows, columns, mines, game mode).
• Game end: board configuration, game duration, progress percentage, integrity flag.
• Game reset: board configuration.

Multiplayer

• Room created: room identifier, board configuration, room visibility.
• Room deleted: room identifier, deletion reason.
• Game start: room identifier, player count, board configuration, game mode.
• Game end: room identifier, player count, game duration, player outcome, progress percentage.
• Game abort: room identifier, phase at abort, player count.

Each event includes a random session identifier (UUID) that is generated in memory when you load the page. This identifier rotates every 120 minutes, is never stored on your device, and cannot be used to identify you across sessions. Analytics are automatically skipped in private browsing mode. You may also disable analytics entirely by appending #incognito to the URL.

Legal basis: legitimate interest (GDPR Article 6(1)(f)) — understanding usage patterns to improve a free service. The data collected is minimal, non-identifying, and processed server-side only.

For more information on how Mixpanel processes data, see Mixpanel's Privacy Policy.

2.2 Local Data Storage

The Service stores data locally in your browser to provide core game functionality. This data never leaves your device and is never transmitted to any server.

localStorage (persists until you clear browser data):

• ds-game: current game state snapshot, enabling save and resume.
• ds-settings: board preferences (difficulty level, grid dimensions, zoom).
• ds-pending: pending move queue for crash recovery.
• ds-mp-player: your chosen multiplayer display name.
• ds-mp-reconnect: multiplayer reconnection token (room ID and player ID).
• ds-mp-active-room: currently active multiplayer room.

sessionStorage (cleared when the browser tab is closed):

• ds-mp-flash: temporary notification messages.
• ds-mp-tab-id: tab identification for multi-tab coordination.

IndexedDB (database name: ds-game-history, persists until you clear browser data):

• Top 10 completion times per board configuration and game mode, plus total completion counters. Used to display your personal records in the game.

BroadcastChannel: the Service uses the browser's BroadcastChannel API to synchronize game state across multiple tabs on the same device. This is a same-origin, client-side mechanism — no data leaves your browser.

Legal basis: localStorage and sessionStorage items listed above are strictly necessary for the Service to function as requested. IndexedDB game history is processed under legitimate interest (enhancing the gaming experience). You may clear all local data at any time through your browser's settings.

2.3 Multiplayer

The multiplayer feature connects your browser to a game server hosted on Cloudflare Workers via the PartyKit platform. The following data is processed during a multiplayer session:

• Your chosen display name (visible to all players in the room).
• Game moves, room settings, and connection state.
• Your IP address is processed by Cloudflare's infrastructure as part of establishing the WebSocket connection.

All multiplayer room data is ephemeral — it is held in server memory only and is permanently deleted within approximately 5 minutes after the last player leaves the room. There is no persistent server-side storage of multiplayer game data.

Legal basis: contract performance (GDPR Article 6(1)(b)) — providing the multiplayer service that you actively chose to use.

2.4 Hosting

The Service is hosted on Vercel Inc. ("Vercel"). When you access the Service, your IP address is necessarily processed by Vercel's infrastructure as part of delivering web pages to your browser. We do not ourselves log, store, or access your IP address. Vercel processes this data under its own privacy policy and data processing agreement.

For more information, see Vercel's Privacy Policy.

2.5 Fonts

The Service uses the Silkscreen font, which is downloaded at build time and served from our own domain. No requests are made to Google's servers at runtime when you use the Service.

3. Data Processors and International Transfers

We use the following third-party service providers (data processors) to operate the Service. Each processes data on our behalf under a data processing agreement:

• Mixpanel Inc.(United States) — analytics. Data is stored on Mixpanel's EU servers. International transfer safeguards: EU Standard Contractual Clauses.
• Vercel Inc. (United States) — website hosting. Requests are served from EU edge nodes where possible. International transfer safeguards: Data Processing Addendum with Standard Contractual Clauses.
• Cloudflare Inc. (United States) — multiplayer server infrastructure (PartyKit). International transfer safeguards: Data Processing Addendum with Standard Contractual Clauses.

All processors maintain appropriate safeguards for international data transfers as required by GDPR Chapter V.

4. Data Retention

• Analytics data: retained by Mixpanel in accordance with their data retention policy.
• Multiplayer room data: ephemeral; automatically deleted within minutes of a room closing.
• Hosting logs: retained by Vercel in accordance with their standard log retention periods.
• Local browser data (localStorage, sessionStorage, IndexedDB): persists until you clear your browser data. We have no access to this data.

5. Your Rights

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

• Right of access (Article 15)
• Right to rectification (Article 16)
• Right to erasure (Article 17)
• Right to restriction of processing (Article 18)
• Right to data portability (Article 20)
• Right to object to processing (Article 21)

Please note that the analytics data we collect is pseudonymous and cannot be linked to any identifiable individual. This means that in practice, we may be unable to identify your specific data in our analytics systems, which may limit our ability to fulfil certain rights (such as access or deletion of specific records). Local browser data is stored entirely on your device and can be deleted at any time through your browser settings.

To exercise any of these rights, contact us at hello@darksweeper.com.

You also have the right to lodge a complaint with your local data protection supervisory authority. For users in Finland, this is:

Office of the Data Protection Ombudsman
(Tietosuojavaltuutetun toimisto)
Lintulahdenkuja 4, 00530 Helsinki, Finland
Website: tietosuoja.fi
Email: tietosuoja(at)om.fi

6. Children

The Service is not directed at children under the age of 13. If you are under 13 years of age, please do not use the Service. We do not knowingly collect personal data from children under 13. In Finland, the age of digital consent is 13 years.

7. Cookies and Consent

The Service does not use cookies. Local storage technologies (localStorage, sessionStorage, IndexedDB) are used as described in Section 2.2. The storage items marked as essential are strictly necessary for the Service to function and are exempt from consent requirements under the ePrivacy Directive (Article 5(3)) as implemented by Finnish law.

If we introduce non-essential cookies or tracking technologies in the future, we will update this policy and provide an appropriate consent mechanism before such technologies are deployed.

8. Automated Decision-Making

The Service does not engage in automated decision-making or profiling as defined under GDPR Article 22.

9. Data Security

We implement appropriate technical and organizational measures to protect data against unauthorized or unlawful processing and against accidental loss, destruction, or damage. These measures include strict Content Security Policy headers, server-side analytics processing (no third-party scripts on the client), and encryption in transit (HTTPS/WSS).

10. External Links

The Service may contain links to external websites that are not operated by us. We have no control over the content or privacy practices of those sites and accept no responsibility for them. We encourage you to review the privacy policies of any external sites you visit.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

12. Contact

For any questions or concerns regarding this Privacy Policy or our data practices, contact us at:

hello@darksweeper.com