Save the Hormuz is a browser-based game. We do not require registration and do not directly collect personally identifiable information through the game interface itself.
The following data may be passively collected through our hosting infrastructure and third-party services you consent to:
| Data Type | Source | Purpose |
|---|---|---|
| IP address (anonymised where possible) | Web server / Cloudflare | Security, fraud prevention |
| Browser type & version | Web server logs | Technical compatibility |
| Device type & operating system | Web server logs | Technical compatibility |
| Pages visited, time on site | Google Analytics (consent required) | Usage improvement |
| Referring URL | Web server logs | Understanding traffic sources |
| Geographic location (country level only) | IP geolocation | Aggregate analytics |
| Advertising interaction data | Google AdSense (consent required) | Ad serving & personalisation |
| Payment & donation data | Buy Me a Coffee / Stripe / PayPal | Processing voluntary donations |
Analytics data is used in aggregate form only and is not used to personally identify individual visitors without their explicit consent.
Under GDPR Article 6, every processing activity requires a valid legal basis. We rely on the following:
| Processing Activity | Legal Basis | GDPR Article |
|---|---|---|
| Security logs, fraud prevention, server maintenance | Legitimate interests | Art. 6(1)(f) |
| Analytics cookies (Google Analytics) | Consent | Art. 6(1)(a) |
| Advertising cookies (Google AdSense) | Consent | Art. 6(1)(a) |
| Processing voluntary donation payments | Contract performance | Art. 6(1)(b) |
| Responding to data subject rights requests | Legal obligation | Art. 6(1)(c) |
We do not use your data for automated decision-making or profiling as defined under GDPR Article 22.
Any information collected is used solely for these purposes:
We do not sell, rent, trade, or otherwise transfer your personal data to any third parties for their independent marketing or commercial purposes.
Google AdSense only activates after you have given explicit cookie consent via our consent banner. If you decline advertising cookies, no advertising cookies will be placed.
| Service | Purpose | Data Sent | Privacy Policy |
|---|---|---|---|
| Google AdSense | Advertising (consent required) | Cookies, browsing behaviour | View β |
| Google Analytics | Usage statistics (consent required) | Anonymised usage data | View β |
| Google Fonts | Typography | IP address on font load * | View β |
| Buy Me a Coffee | Voluntary donations | Payment data via Stripe/PayPal | View β |
| Cloudflare | Hosting, CDN, DDoS protection | IP address, request metadata | View β |
Under the EU ePrivacy Directive and GDPR, non-essential cookies require your explicit prior consent. Our cookie consent banner appears on your first visit and lets you accept or decline each category before any cookies are set.
| Category | Examples | Requires Consent? |
|---|---|---|
| Strictly Necessary | Session security, load balancing, consent storage | No β exempt under ePrivacy Directive |
| Analytics | Google Analytics (_ga, _gid, _gat) | Yes β opt-in required |
| Advertising | Google AdSense (IDE, DSID, NID) | Yes β opt-in required |
You can change your cookie preferences at any time by clicking "Cookie Settings" in the footer. You can also manage cookies through your browser settings β visit allaboutcookies.org for instructions per browser.
Withdrawing consent does not affect the lawfulness of any processing carried out before withdrawal.
We retain personal data only for as long as necessary for its stated purpose:
| Data Type | Retention Period | Reason |
|---|---|---|
| Web server access logs | 30 days maximum | Security & technical diagnosis |
| Google Analytics data | 14 months | Usage trend analysis (shortest available setting) |
| Cookie consent records | 12 months | Proof of consent β GDPR requirement |
| Donation transaction records | 7 years | Legal / tax obligation |
| Data rights request records | 3 years | Legal obligation / dispute resolution |
After each retention period expires, data is permanently deleted or anonymised. We do not maintain any databases of personal user information beyond the above.
To exercise any right, contact us at developerreachpoint@outlook.com. We will respond within 30 days as required by GDPR Article 12. This service is free of charge.
| Right | What It Means | Legal Basis |
|---|---|---|
| Access (Art. 15) | Request a copy of personal data we hold about you | GDPR / UK GDPR / CCPA |
| Rectification (Art. 16) | Request correction of inaccurate or incomplete data | GDPR / UK GDPR |
| Erasure (Art. 17) | Request deletion of your personal data ("right to be forgotten") | GDPR / UK GDPR / CCPA |
| Restriction (Art. 18) | Request that we limit processing of your data | GDPR / UK GDPR |
| Portability (Art. 20) | Receive your data in a structured, machine-readable format | GDPR / UK GDPR |
| Object (Art. 21) | Object to processing based on legitimate interests | GDPR / UK GDPR |
| Withdraw Consent | Withdraw consent for cookie-based processing at any time | GDPR / ePrivacy |
| Non-Discrimination | Not be discriminated against for exercising your rights | CCPA |
| Opt-out of Sale | Opt out of the sale of personal information β we do not sell data | CCPA |
We would, however, appreciate the chance to address your concerns before you contact a DPA. Please email us at developerreachpoint@outlook.com.
| Country / Region | Authority | Link |
|---|---|---|
| All EU Member States | Your national DPA (find via EDPB) | Find your DPA β |
| United Kingdom | Information Commissioner's Office (ICO) | ico.org.uk β |
| Germany | Bundesbeauftragte fΓΌr den Datenschutz (BfDI) | bfdi.bund.de β |
| France | Commission Nationale Informatique et LibertΓ©s (CNIL) | cnil.fr β |
| Netherlands | Autoriteit Persoonsgegevens (AP) | autoriteitpersoonsgegevens.nl β |
| California, USA | California Privacy Protection Agency (CPPA) | cppa.ca.gov β |
Under GDPR Article 8, the minimum age of digital consent in the EU/EEA is 16 years (some member states have set a lower minimum of 13 β the age applicable in the user's country governs). Under US COPPA, the threshold is 13 years.
We do not knowingly collect personal data from children below the applicable age of digital consent in their jurisdiction. If you are a parent or guardian and believe a child has submitted personal data to us, please contact us immediately at developerreachpoint@outlook.com and we will delete it promptly and notify the relevant authority where required by law.
Some of our third-party service providers process data outside the EU/EEA. Where such transfers occur, we ensure appropriate safeguards as required by GDPR Chapter V:
| Service | Location | Transfer Mechanism |
|---|---|---|
| Google (AdSense, Analytics, Fonts) | USA | EU-US Data Privacy Framework (DPF) |
| Cloudflare | USA / Global CDN | Standard Contractual Clauses (SCCs) |
| Buy Me a Coffee / Stripe / PayPal | USA | Standard Contractual Clauses (SCCs) |
You can request details of the specific safeguards in place for any transfer by contacting developerreachpoint@outlook.com.
We may update this Privacy Policy to reflect changes in law, technology, or our practices. When we do: