When you use Pixelbones Play, we collect the following types of information:

• Account info — your username, email address, and hashed password when you register with email and password.
• Google OAuth data — your name, email address, and Google profile ID if you choose to sign in with Google. We never receive or store your Google password.
• Game activity — scores, achievements, game session data, leaderboard entries, and Pixel Coins balance associated with your account.
• Usage data — pages visited, features used, session timestamps, and browser/device type, collected automatically via Google Analytics.
• IP address — logged automatically by our server for security and rate-limiting purposes only. Not stored long-term.

We do not collect payment card numbers or banking information directly. Wallet top-up flows do not store raw financial data on our servers.

We use the information we collect to:

• Create and manage your account and authenticate your identity on each visit.
• Save your game progress, scores, and Pixel Coins balance across sessions.
• Display leaderboards and public profile information — only your username is shown publicly.
• Send transactional emails such as email verification links and password reset requests.
• Detect and prevent abuse, fraud, and unauthorised access to accounts.
• Improve the site using aggregated, anonymised analytics data from Google Analytics.
• Show relevant advertisements on the platform via Google AdSense.

We do not use your data for automated decision-making or profiling that produces legal effects on you.

We share limited data with the following third party solely to operate the site:

• Google LLC — for Google OAuth login, Google Analytics (usage statistics), and Google AdSense (advertising). Google may collect data independently per their own privacy policy.

We do not sell, rent, or trade your personal information to any other third parties. We do not share your data with advertisers directly — Google AdSense handles ad personalisation independently under Google's policies.

We use the following types of cookies on this site:

• Session cookies — essential cookies that keep you logged in during your visit. Deleted when you close your browser.
• Authentication cookies — a secure, HTTP-only JWT cookie that remembers your login across sessions. Not accessible by JavaScript.
• Google Analytics cookies — anonymised usage statistics such as pages visited and session duration. This data does not personally identify you.
• Google AdSense cookies — used by Google to serve and personalise ads. You can opt out via Google Ad Settings.

You can control cookies through your browser settings. Disabling essential cookies will affect login functionality and your ability to save game progress.

Your data is stored on secured servers. We apply the following protections:

• Passwords are hashed using bcrypt (cost factor 12) and are never stored in plaintext under any circumstances.
• All connections to the site are encrypted via HTTPS/TLS.
• Authentication tokens are stored in secure, HTTP-only cookies that JavaScript cannot access.
• Rate limiting is enforced on login and sensitive endpoints to prevent brute-force and abuse.

While we take reasonable precautions, no method of internet transmission is 100% secure. We encourage you to use a strong, unique password for your account.

Our platform is operated from Bangladesh and we comply with applicable local data protection practices under the ICT Act 2006 and its amendments.

You have the following rights regarding your personal data:

• Access — view your account information at any time from your profile page.
• Correction — update your username and profile details in account settings.
• Deletion — request full deletion of your account and all associated data by contacting us. We will process requests within 30 days.
• Portability — request a copy of your personal data in a readable format.
• Opt-out of ads — personalised Google ads can be disabled at adssettings.google.com.

To exercise any of these rights, use the contact details in the section below.

Pixelbones Play is a general-audience gaming platform. We do not knowingly collect personal information from children under the age of 13.

If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately and we will delete it promptly. We recommend that parents supervise their children's online activity.

We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date at the top of this page. For significant changes, registered users will be notified by email or via a notice on the site.

Continued use of Pixelbones Play after changes are posted constitutes acceptance of the updated policy.

If you have any questions, concerns, or data requests regarding this Privacy Policy, please get in touch: