Privacy Policy
Last updated May 28, 2026
The short version: You can play Inlet games without an account. If you sign in, we store your email so we can email you a sign-in link and remember which games you own. We don't sell data. We don't run third-party ads. You can delete your account and all associated data any time.
What we collect
- Email address — only if you sign in. Used to send magic-link authentication emails and to attach purchases to an account that survives device loss.
- Account identifier — a random UUID we generate so your saves and entitlements can be looked up. Not tied to any personal info beyond your email.
- Game saves — only if you opt into cloud saves. The save blob (score, progress, settings) is stored keyed to your account.
- Purchase records — which games you own (SKU + payment processor transaction id). Used to recognize you as the owner on other devices.
- Co-op game state — for turn-based matches, the shared board state is stored on our servers until the game ends or you delete it.
- Aggregate site analytics — page views, referrer, approximate (city-level) location, and device/browser type, collected via Google Analytics 4 on the marketing site to help us understand which games and pages people find. Not linked to your account.
What we don't collect
- No session recording, no cross-site advertising identifiers, no retargeting pixels, no behavioral ad profiling.
- No contact lists, photos, precise location, or device identifiers beyond what your browser or OS sends with ordinary HTTP requests.
- No credit card numbers — payments are handled by Stripe; we never see the card.
Who we share with
- Stripe — processes payments. Receives your email and billing info during checkout.
- Resend — delivers transactional email (sign-in links, gift receipts).
- Cloudflare — hosts our servers and delivers the games. Handles the underlying HTTP requests.
- Google Analytics — aggregate page-view analytics on the marketing site (inlet.games). Receives the same data your browser sends with any HTTP request, plus a GA-assigned client id stored in a first-party cookie. We have not enabled Google Signals, ad personalization, or data sharing with other Google products.
That's the full list. We do not sell data, and we do not share data with any other party.
How long we keep it
Account data is retained until you delete your account. Sign-in magic-link tokens are purged after use or 15 minutes, whichever comes first. Co-op game state older than 30 days is purged automatically.
Deleting your account
Email hello@inlet.games with "Delete account" and the email address you signed up with. We will delete the accounts row, all saves, DLC/entitlement records, and any co-op game state within 7 days. You can also delete your account from inside any Inlet game via Settings → Account → Delete account — the game calls our DELETE /account endpoint directly.
Children — COPPA compliance
Inlet games are not directed at children under 13. We do not knowingly collect personal data from anyone under 13, consistent with the U.S. Children's Online Privacy Protection Act (COPPA, 15 U.S.C. §§6501–6506) and EU GDPR Article 8 (digital consent at age 16, lowered by Member State to 13). If you believe a child has submitted data, email us and we will remove it within 30 days.
Your rights (GDPR / UK GDPR / CCPA)
Wherever you live, you can email hello@inlet.games to: (a) see what data we hold about you, (b) correct it, (c) delete it, or (d) export it as a JSON file. We respond within 30 days. The legal frame that applies to your request depends on jurisdiction:
- EU + UK residents — GDPR (Regulation 2016/679) and UK GDPR. You have the rights of access (Art. 15), rectification (Art. 16), erasure / "right to be forgotten" (Art. 17), restriction (Art. 18), portability (Art. 20), and objection (Art. 21). Lawful basis for processing your account data is contract (Art. 6(1)(b)) for game saves/entitlements and legitimate interest (Art. 6(1)(f)) for security/anti-fraud telemetry. We do not transfer data outside the EEA except via Stripe (payment processing, processor agreement) and Cloudflare (hosting, EU-bound traffic stays in EU data centers under Cloudflare's Standard Contractual Clauses).
- California residents — CCPA (Cal. Civ. Code §§1798.100 et seq.) and CPRA. You have the rights to know, to delete, to correct, to opt-out of sale/sharing, and to limit use of sensitive personal information. We do not sell your data and have not in the prior 12 months. We do not share data for cross-context behavioral advertising. The categories of personal information we collect, as defined in §1798.140(v), are: identifiers (email address), internet/network activity (purchase telemetry, game state), and commercial information (purchase history).
- All other jurisdictions. We honor erasure and access requests on the same 30-day timeline regardless of legal mandate.
Changes to this policy
If we materially change how we handle data, we will update this page and (if you have an account) email signed-in users. The "last updated" date above always reflects the most recent change.
Contact
Questions, concerns, or requests: hello@inlet.games.