Privacy Policy

1. Information We Collect

1.1 Authentication Information

When you sign in to RetroChallenges, we use Google OAuth 2.0 for authentication. We collect:

• Google Account Information: Your Google email address, name, and profile picture (if you choose to share it)
• Authentication Tokens: Secure tokens provided by Google to maintain your login session
• User ID: A unique identifier associated with your Google account

1.2 Application Usage Data

To improve our service, we may collect:

• Challenge Progress: Information about challenges you complete, including completion timestamps
• Game Data: Information about which games you play and challenge scripts you use (no ROM data or game content)
• Application Performance: Technical data about app crashes, performance metrics, and error logs
• Feature Usage: Which features of the application you use most frequently

1.3 Community Interaction Data

When you participate in our Discord community or GitHub discussions:

• Discord Information: Your Discord username and messages you share in our community server
• GitHub Data: Issues, discussions, and contributions you make to our GitHub repository
• Challenge Submissions: Custom challenges you create and share with the community

2. How We Use Your Information

2.1 Core Service Functionality

• Authentication: To verify your identity and maintain secure access to your account
• Challenge Tracking: To track your progress through challenges and celebrate your achievements
• Personalization: To customize your experience and show relevant challenges
• Data Synchronization: To sync your progress across different devices

2.2 Service Improvement

• Analytics: To understand how users interact with our application and identify areas for improvement
• Bug Fixes: To identify and resolve technical issues
• Feature Development: To develop new features based on user needs and preferences
• Performance Optimization: To improve application speed and reliability

2.3 Communication

• Support: To provide customer support and respond to your inquiries
• Updates: To notify you about important updates, new features, or changes to our service
• Community: To facilitate interaction within our Discord community and GitHub discussions

3. Information Sharing and Disclosure

3.1 Third-Party Services

We may share your information with trusted third-party services that help us operate our platform:

• Google: For authentication services (OAuth 2.0) - subject to Google's Privacy Policy
• Discord: For community features - subject to Discord's Privacy Policy
• GitHub: For code hosting and community discussions - subject to GitHub's Privacy Policy
• Analytics Providers: For understanding user behavior and improving our service

3.2 Legal Requirements

We may disclose your information if required by law or in response to:

• Legal processes, such as court orders or subpoenas
• Government investigations or requests
• Protection of our rights, property, or safety
• Protection of our users' rights, property, or safety

3.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity, subject to the same privacy protections.

3.4 What We Never Share

We will never share, sell, or rent your personal information to third parties for marketing purposes. We do not distribute ROM files or any copyrighted game content.

4. Data Security

4.1 Security Measures

We implement appropriate technical and organizational measures to protect your personal information:

• Encryption: All data transmission is encrypted using industry-standard protocols (HTTPS/TLS)
• Secure Authentication: We use OAuth 2.0 with Google for secure authentication
• Access Controls: Limited access to personal data on a need-to-know basis
• Regular Updates: We keep our systems updated with the latest security patches
• Monitoring: We monitor our systems for security threats and vulnerabilities

4.2 Data Storage

Your data is stored securely using industry-standard practices:

• Data is stored in secure, encrypted databases
• Regular backups are performed to prevent data loss
• Access to stored data is logged and monitored

4.3 Data Breach Response

In the unlikely event of a data breach, we will:

• Notify affected users within 72 hours of discovery
• Work with security experts to contain and resolve the breach
• Provide guidance on steps users can take to protect themselves
• Report the breach to relevant authorities as required by law

5. Your Rights and Choices

5.1 Access and Control

You have the right to:

• Access: Request a copy of the personal information we have about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal requirements)
• Portability: Request a copy of your data in a portable format
• Restriction: Request restriction of processing of your personal information

5.2 Account Management

You can manage your account and data through:

• Application Settings: Update your preferences within the RetroChallenges application
• Google Account: Manage your Google account settings and permissions
• Discord Settings: Control your participation in our Discord community
• GitHub Settings: Manage your GitHub account and repository access

5.3 Communication Preferences

You can control how we communicate with you:

• Opt out of non-essential email communications
• Control Discord notification settings
• Manage GitHub notification preferences

6. Data Retention

6.1 Retention Periods

We retain your information for different periods depending on the type of data:

• Account Information: Retained while your account is active and for a reasonable period after account closure
• Challenge Data: Retained to maintain your progress history and achievements
• Usage Analytics: Retained for up to 2 years for service improvement purposes
• Support Communications: Retained for up to 3 years for customer service purposes

6.2 Data Deletion

When you request account deletion or when data is no longer needed:

• Personal information is securely deleted from our systems
• Anonymized data may be retained for analytics purposes
• Some data may be retained longer if required by law

7. International Data Transfers

RetroChallenges is operated from the United States. If you are located outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States.

We ensure that any international transfers of personal data are conducted in accordance with applicable data protection laws and include appropriate safeguards to protect your information.

8. Children's Privacy

RetroChallenges is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

If we discover that we have collected personal information from a child under 13, we will take steps to delete such information from our systems.

9. Third-Party Services

9.1 Google Services

We use Google OAuth 2.0 for authentication. Your use of Google services is subject to Google's Privacy Policy and Terms of Service.

9.2 Discord

Our Discord community is subject to Discord's Terms of Service and Privacy Policy. We do not control Discord's data practices.

9.3 GitHub

Our GitHub repository and discussions are subject to GitHub's Terms of Service and Privacy Policy. We do not control GitHub's data practices.

9.4 BizHawk Emulator

RetroChallenges integrates with BizHawk emulator. BizHawk's data practices are governed by their own privacy policy.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by:

• Posting the updated Privacy Policy on our website
• Sending an email notification to registered users
• Displaying a notice within the application

Your continued use of RetroChallenges after any changes to this Privacy Policy constitutes acceptance of the updated policy.

11. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us:

We will respond to your inquiry within 30 days of receipt.

12. Compliance and Legal Basis

12.1 GDPR Compliance

For users in the European Union, we comply with the General Data Protection Regulation (GDPR). Our legal basis for processing your data includes:

• Consent: When you explicitly consent to data processing
• Contract Performance: To provide the services you have requested
• Legitimate Interest: To improve our services and prevent fraud
• Legal Obligation: To comply with applicable laws

12.2 CCPA Compliance

For users in California, we comply with the California Consumer Privacy Act (CCPA). You have the right to:

• Know what personal information we collect and how we use it
• Delete your personal information
• Opt out of the sale of personal information (we do not sell personal information)
• Non-discrimination for exercising your privacy rights