← Back to home
Data protection

Privacy Policy

Last updated: April 24, 2026
This policy describes how Hammerpint collects, processes, and protects your personal data, in accordance with the General Data Protection Regulation (GDPR) and the French Data Protection Act.

1. Data controller

The data controller is the editorial lead of Hammerpint, reachable at [email protected]. Their full identity is disclosed without delay to any person exercising their GDPR rights (access, rectification, erasure, portability) or on a reasoned request from a supervisory authority (CNIL).

2. Data collected

When you sign in with Google (OAuth), we receive:

  • your email address (primary identifier);
  • your Google display name (editable later in your settings);
  • your Google avatar URL (optional).

As you use the service, we store:

  • your language preference (fr/en);
  • the armies and battles you create (units, options, battle outcomes);
  • your IP address and browser user-agent, for security and abuse prevention;
  • in-game chat messages, retained for the duration of the battle and up to 30 days afterwards (moderation).

3. Purposes and legal bases

  • Service delivery (contract performance): authentication, army persistence, battle flow;
  • Service security (legitimate interest): abuse detection, anti-bot (Cloudflare Turnstile), moderation;
  • Service-related communication (legitimate interest / consent): waitlist invitations, paused-game reminders.

No data is used for advertising purposes or sold to third parties.

4. Retention

  • Active account: retained as long as the account exists;
  • Deleted account: data removed within 30 days, except for mandatory retention (connection logs: 12 months);
  • Waitlist: email retained until activation or after 24 months of inactivity;
  • Saved games: 21 days (then automatic purge).

5. Recipients and processors

  • DigitalOcean (infrastructure hosting) — EU;
  • Cloudflare (CDN + Turnstile anti-bot) — US transfers covered by Standard Contractual Clauses;
  • Google (OAuth authentication) — transfers covered by SCCs;
  • Anthropic (AI opponent, where applicable) — AI decisions run on anonymised game state; no account data is transmitted.

6. Your rights

Under GDPR, you have the following rights:

  • right of access, rectification, and erasure of your data;
  • right to portability (JSON export of your armies on request);
  • right to object and to restrict processing;
  • right to withdraw consent at any time.

To exercise these rights: [email protected]. You also have the right to lodge a complaint with the French data protection authority, the CNIL.

7. Cookies

Hammerpint uses a restricted set of strictly necessary cookies. See the Cookie management page for details.

8. Changes

This policy may be updated to reflect service or regulatory changes. The last-updated date is displayed at the top of this page.