Privacy Policy

Crash or Moon (“we”, “our”, “us”) is an online trading-chart game operated by an individual developer. If you have questions about this policy, contact us at azzelliniandrea92@gmail.com.

We collect the minimum data necessary to operate the service:

• Account data:Email address and password (hashed) when you register; or OAuth tokens if you sign in with a third-party provider (e.g. Google).
• Profile data:Username and optional profile photo you provide.
• Gameplay data:ELO score, XP, win/loss history, streaks, league, powerup inventory, and daily quest progress.
• Technical data:IP address, browser type, operating system, and referral URL collected automatically in server logs. We do not use fingerprinting.
• Cookie & storage data:A single first-party cookie to keep you logged in; localStorage to remember your cookie consent preference and in-progress game sessions. We do not set any third-party tracking cookies.

• Service delivery:Authenticate you, save your progress, display the leaderboard.
• Service improvement:Aggregate (anonymised) gameplay analytics to balance difficulty and session length.
• Security:Detect abuse, fraud, and account breaches.
• Legal obligation:Retain data as required by applicable law.

We do not sell your data, use it for advertising profiling, or share it with third parties beyond the sub-processors listed below.

• Contract:Processing necessary to create and manage your account and deliver the game.
• Legitimate interests:Server logs for security monitoring and anonymised analytics for service improvement.
• Consent:Non-essential cookies (analytics/marketing, if any are introduced in future). You may withdraw consent at any time via the cookie banner.

We use the following third-party services that may process your data on our behalf:

Both providers maintain EU Standard Contractual Clauses (SCCs) for any cross-border transfers.

• Active accounts:Retained as long as your account is active.
• Deleted accounts:All personal data deleted within 30 days of your deletion request, except where retention is legally required.
• Server logs:Automatically purged after 90 days.

If you are located in the EEA, UK, or Switzerland, you have the right to:

• Access — request a copy of the personal data we hold about you.
• Rectification — ask us to correct inaccurate data.
• Erasure — request deletion of your account and associated data.
• Portability — receive your data in a structured, machine-readable format.
• Restriction — ask us to pause processing while a dispute is resolved.
• Objection — object to processing based on legitimate interests.
• Withdraw consent — at any time where consent is the legal basis.

To exercise any right, email azzelliniandrea92@gmail.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

We use the following storage technologies:

We do not use analytics, advertising, or social-media tracking cookies.

Crash or Moon is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has created an account, please contact us and we will delete it promptly.

We use industry-standard measures including TLS encryption in transit, bcrypt password hashing, and row-level security in our database. No method of transmission is 100% secure; we cannot guarantee absolute security.

We may update this policy. When we do, we will update the “Last updated” date above. Material changes will be notified via an in-app banner. Continued use of the service after notification constitutes acceptance.

Data controller: Andrea Azzellini
Email: azzelliniandrea92@gmail.com