🔒 Privacy Policy

1. Introduction

This privacy policy describes what information we collect, how we use it and how we protect it. Your privacy is important to us.

2. Data we collect

DiceRoll collects the following types of personal data:

• Registration data: E-mail address, nickname, hashed password
• Profile information: Profile picture (optional)
• Game data: Created characters, rooms, maps, chat messages
• Technical data: IP address, browser type, access time (in server logs)
• OAuth data: If you sign in via Google or Discord, we obtain basic profile information (name, e-mail, profile picture)

3. Purpose of data processing

We use your personal data for the following purposes:

• Providing and managing the DiceRoll service
• Authentication and authorization of users
• Storing game data (characters, rooms, maps)
• Communication between users (chat, room invitations)
• Service security and abuse prevention
• Improving service quality

4. Legal basis for processing

The processing of your personal data is based on the consent you grant during registration (GDPR art. 6(1)(a)) and on the necessity for the performance of the service contract (GDPR art. 6(1)(b)).

5. Data storage and security

Your data is stored in a secure MongoDB database. Passwords are always hashed using bcrypt and are never stored in readable form. We use the following security measures:

• HTTPS encryption for all communication
• Bcrypt password hashing (10 rounds)
• JWT tokens for session management
• Rate limiting to protect against attacks
• Regular security updates

6. Sharing data with third parties

We do not share your personal data with third parties, except in the following cases:

• OAuth providers: Google, Discord (only if you sign in via these services)
• Analytics provider: Google Analytics (only if you grant consent for analytics cookies)
• Hosting services: The server where the application and database run (MongoDB)
• Legal requirements: In the case of a legal order or protection of our rights

We do not share your data with commercial third parties for marketing purposes.

7. Cookies and tracking

8. Your rights (GDPR)

In accordance with GDPR you have the following rights:

• Right of access: You can request a copy of your personal data
• Right to rectification: You can correct inaccurate data in your profile
• Right to erasure: You can request the deletion of your account and all data
• Right to portability: You can obtain your data in a structured format (JSON)
• Right to object: You can refuse the processing of your data
• Right to withdraw consent: You can withdraw your consent to processing at any time

9. Data retention period

We keep your personal data for as long as your account is active. After the account is deleted, all data is permanently erased from the database within 30 days. Server logs are kept for a maximum of 90 days.

10. Protection of children

DiceRoll is not intended for children under 13 years of age. We do not knowingly collect personal data from children under 13. If we discover that we have collected such data, we will delete it immediately.

11. Changes to the privacy policy

We may update this policy from time to time. We will inform you of significant changes by e-mail or by a notification in the application. We recommend checking this page regularly.

12. Contact and questions

If you have any questions about the processing of your personal data or wish to exercise your rights under GDPR, contact us through the application or by e-mail.

You also have the right to lodge a complaint with the Office for Personal Data Protection (ÚOOÚ) in the Czech Republic.