Privacy Policy

Last updated: 2026-05-17.

1. Who we are

Archdle ("we", "us") is a personal project operated by Samuel Orlando, a natural person based in Italy (no VAT number — this is a non-commercial side project). For privacy or data-protection questions, write to samuel.orlando.sfdc+archdle@gmail.com.

Because Archdle is run by a natural person and processes a limited amount of personal data, no Data Protection Officer (DPO) is appointed. The operator above acts as the data controller ("titolare del trattamento") under Regulation (EU) 2016/679 (GDPR) and Italian Legislative Decree 196/2003 as amended by D.Lgs. 101/2018.

2. Data we collect

• Account data (when you sign up): email address, hashed password (handled by Supabase), display name and optional first name / last name / profession that you provide on the profile page.
• Gameplay data: each daily game you play (per category) — start time, end time, attempts, hints used, score, status (solved / failed).
• Guest gameplay: anonymous aggregate counts of solved/failed games per category. No identifier is associated.
• Technical data: IP address, user agent (used for rate limiting and audit logs of admin actions).

3. Why we collect it

• To deliver the service (your daily game, your dashboard, your leaderboard ranking).
• To improve the product (aggregate metrics).
• To prevent abuse (rate limiting, audit logs).

4. Legal basis (GDPR)

• Contract performance for account and gameplay data.
• Legitimate interest for security and abuse prevention.
• Consent for any non-essential cookies (none used today).

5. Sharing

We use Supabase (PostgreSQL + Auth) as our data processor. Data is stored on Supabase infrastructure (region of your project). We do not sell or rent your data. We do not share data with third parties for marketing.

6. Retention

Account data is kept for as long as your account exists. Gameplay data is kept for as long as your account exists; it can be exported or deleted at any time from your profile page. Audit logs of administrator actions are kept for 12 months.

7. Your rights

You have the right to:

• Access your data — use the "Export your data" button in your profile.
• Rectify errors — edit your profile fields directly.
• Erase your account — use the "Delete my account" button. This is irreversible and cascades to your sessions and attempts.
• Object / restrict processing — write to samuel.orlando.sfdc+archdle@gmail.com.
• Lodge a complaint with your data protection authority. In Italy this is the Garante per la protezione dei dati personali; if you reside in another EU country, with your national DPA.

8. International transfers

Your data is stored on Supabase infrastructure located within the European Union, so it does not leave the EEA under normal operation. Should Archdle ever migrate to a non-EU region, this page will be updated and registered users will be notified by email; in that case transfers would rely on Standard Contractual Clauses (SCCs) provided by Supabase.

8.1. Hosting and processors

Archdle is hosted on Vercel (frontend) and Supabase (database, authentication, storage), which act as data processors. GitHub Actions is used for scheduled content-generation jobs and does not process end-user personal data. No analytics, advertising or third-party tracking provider is in use at the time of this update.

9. Changes to this policy

We will update this page when our practices change and bump the "Last updated" date. For material changes, we will notify registered users by email.