Backgammon Circle
Privacy Policy
Last updated: March 2026
1. Introduction
This privacy policy describes how Backgammon Circle (hereinafter "we", "our" or "the Platform"), accessible at backgammoncircle.com, collects, uses and protects your personal data in accordance with the General Data Protection Regulation (GDPR — EU Regulation 2016/679) and applicable French data protection law.
We are committed to protecting your privacy and processing your data in a transparent, fair and lawful manner.
2. Data Controller
The data controller is:
Address: 11 Cité de Pusy, 75017 Paris, France
Email: contact@backgammoncircle.com
Phone: +33 6 02 04 39 68
Note: This information will be completed upon company registration (company registration number, registered capital).
3. Personal Data Collected
3.1 — Data Provided by the User
When you create your account and use the Platform, we collect the following data:
| Data | Purpose |
|---|---|
| Email address | Account creation and management, communications |
| Username | Identification on the platform, public display |
| Password | Secure authentication (stored in hashed form, never in plain text) |
| Country (optional) | Experience personalization, aggregated statistics |
| Avatar (optional) | Profile personalization |
3.2 — Automatically Collected Data
When you browse the Platform, certain data is collected automatically:
- Preference cookies: display language, visual theme. These cookies are strictly necessary for the operation of the site and do not require your prior consent.
- Browsing data: via Vercel Analytics, a privacy-friendly analytics service that does not use third-party cookies and does not collect personally identifiable information.
3.3 — Game-Related Data
When you use the Platform to play, we record:
- Your game history (results, moves played, dates)
- Your game statistics (win rate, Elo ranking — coming soon)
- Your progress in puzzles and courses (coming soon)
4. Legal Bases for Processing
Each data processing operation relies on a legal basis in compliance with the GDPR:
| Processing | Legal basis | GDPR Article |
|---|---|---|
| Account creation | Performance of contract | Art. 6.1.b |
| Game history | Performance of contract | Art. 6.1.b |
| Preference cookies | Legitimate interest | Art. 6.1.f |
| Analytics (Vercel) | Legitimate interest | Art. 6.1.f |
| Newsletter (future) | Consent | Art. 6.1.a |
5. Data Retention Periods
Your personal data is retained for the following periods:
- Account data: for the duration of your account, then deleted within 30 days of account deletion.
- Game history: for the duration of your account, then anonymized or deleted within 30 days of account deletion.
- Preference cookies: 13 months maximum, in accordance with CNIL recommendations.
- Browsing data (analytics): 26 months maximum.
6. Recipients and Processors
Your personal data may be shared with the following processors, strictly for the purpose of providing the service:
| Processor | Role | Location |
|---|---|---|
| Vercel Inc. | Website hosting and analytics | United States (DPF certified) |
| Cloudflare Inc. | DNS, DDoS protection, email routing | United States (DPF certified) |
| Railway Corp. | Backend server and database hosting | United States |
| Brevo (ex-Sendinblue) | Transactional emails and newsletter (future) | France / EU |
We never sell your personal data to third parties. No data is shared for advertising purposes.
7. Data Transfers Outside the European Union
Some of our processors are located in the United States. These transfers are governed by the EU-US Data Privacy Framework (DPF), adopted by the European Commission on July 10, 2023, which ensures an adequate level of protection for personal data transferred to certified American companies.
Should the DPF be invalidated, we will implement Standard Contractual Clauses (SCCs) approved by the European Commission to govern these transfers.
8. Data Security
We implement the following technical and organizational security measures to protect your data:
- Encryption of communications via HTTPS (TLS)
- Password hashing with a robust algorithm (bcrypt or Argon2)
- Restricted access to the database (key-based authentication)
- Regular database backups
- Regular updates of software dependencies
9. Your Rights
In accordance with the GDPR, you have the following rights regarding your personal data:
- Right of access (Art. 15): obtain a copy of all personal data we hold about you.
- Right to rectification (Art. 16): request the correction of inaccurate or incomplete data.
- Right to erasure (Art. 17): request the deletion of your personal data and your account.
- Right to data portability (Art. 20): receive your data in a structured, commonly used and machine-readable format (JSON).
- Right to object (Art. 21): object to certain processing of your data, particularly for marketing purposes.
- Right to restriction (Art. 18): request the suspension of processing of your data in certain circumstances.
To exercise your rights, contact us at: contact@backgammoncircle.com
We commit to responding to any request within a maximum period of one month, in accordance with Article 12 of the GDPR.
You also have access to a "Delete my account" button directly in your profile settings, which triggers the permanent deletion of all your data within 30 days.
10. Cookies
The Platform uses only cookies that are strictly necessary for the operation of the service:
- Language cookie: records your language preference (French or English). Duration: 13 months.
- Session cookie: maintains your login session. Duration: session length.
These cookies do not require your prior consent as they are essential for the provision of the service (Article 82 of the French Data Protection Act).
The Platform does not use any advertising cookies, tracking cookies or third-party cookies.
11. Protection of Minors
The Platform is intended for users aged 13 and over. We do not knowingly collect personal data from children under 13. If you are the parent or legal guardian of a child under 13 who has created an account, contact us at contact@backgammoncircle.com to request the deletion of the account and associated data.
For minors aged 13 to 16 residing in the European Union, parental or legal guardian consent is required for account creation.
12. Changes to this Policy
We reserve the right to modify this privacy policy. Any substantial modification will be notified by email to users with an account and will be clearly indicated on the Platform. The last update date is shown at the top of this document.
13. Complaint to the Supervisory Authority
If you believe that the processing of your personal data constitutes a violation of the GDPR, you have the right to lodge a complaint with the French Data Protection Authority (CNIL):
You may also lodge a complaint with the supervisory authority of your country of residence if you are located in another EU member state.