Privacy Policy

This Privacy Policy explains how Rafał Szołtysik (sole proprietorship / JDG) ("we", "us", "our") processes personal data when you use the PlayGrid website at www.playgrids.app, download the Windows app, use the browser demo, or use the PlayGridWindows desktop application (together, the "Services").

Data controller: Rafał Szołtysik (sole proprietorship / JDG)
Address: ul. Wolna 35, 44-187 Wielowieś, Poland
Privacy contact: office@playgrids.app

This policy applies to personal data we process as a controller. It does not cover third-party websites, game stores, or platforms (such as Steam, Epic Games, or Discord) that you connect or link to separately; those services have their own privacy policies.

The marketing site may link to our API and authentication flows. Account and library features are provided primarily through the desktop app once you have access.

Depending on how you use the Services, we may process:

• Waitlist: email address, optional signup source (e.g. which page you used), and timestamp.
• Account (app): email address, display name, password (stored by our authentication provider, not in plain text), profile avatar if you set one, and account timestamps.
• Linked platform accounts (optional): identifiers and tokens needed to sync your game libraries (e.g. Steam, Epic Games, GOG, Xbox, EA, Ubisoft) - only if you choose to connect them.
• Library & gameplay metadata: game titles, ownership, play time, store metadata, launch preferences, and related technical identifiers from connected stores.
• Game artwork (display only):cover images and similar store-hosted artwork shown in your library and session views. For Steam-linked games we typically load images from Valve's public content delivery network (CDN) using your game's store app identifier - only for titles present in your synced library, not as a game store or resale catalog.
• Social & planning features: friend relationships, session invitations, votes, messages you send through product features, and scheduling preferences (including optional activity-time patterns you share with friends).
• Telemetry: play-session start/end, heartbeats, aggregated activity buckets, and limited product analytics events (e.g. library search usage) tied to your account.
• Communications: content of transactional emails (e.g. password reset, friend invites, session reminders), in-app notification inbox entries, optional Discord bot messages, and delivery metadata. You control channels and event types in Account → Notifications.
• Technical & security: IP address, device/client type, logs, and similar data needed to operate and secure the Services.

The browser demo uses sample data only; it does not create an account or send your personal data to our servers unless you register in the desktop app.

When you connect a platform (e.g. Steam via OpenID or other supported login), we retrieve data about your account only when you request it - for example to sync the games you own, play time, and profile identifiers needed to launch games and show your library. We do not collect your Steam password; authentication is handled by the platform.

For Steam, we may use the Steam Web API and related store endpoints under Valve's terms. We process that data to operate PlayGrid as a personal library and session-planning tool, not to sell games or to present PlayGrid as endorsed by Valve or Steam.

• We store platform identifiers, library entries, and metadata needed for sync, launch, and social features you enable.
• Cover art may be referenced by URL (e.g. Steam CDN) or cached briefly on our servers for performance; we do not claim ownership of publisher artwork.
• You can disconnect a platform in the app; we stop new sync from that source and remove linked library data as described in the app.
• Platform data is provided to you in the app on an "as is" basis, consistent with third-party platform terms.

Where we store data: account and library data are processed primarily in the European Economic Area (including Poland, where our operator is based) and, where our infrastructure providers require it, in other countries with appropriate safeguards (see section 7).

We process personal data for the following purposes:

• Providing the Services (contract / steps before contract): account creation, library sync, launching games, friends, and session planning.
• Waitlist & product updates (consent or legitimate interest, depending on jurisdiction): emailing you about early access and important product news. You can withdraw marketing consent at any time.
• Security & fraud prevention (legitimate interest / legal obligation): protecting accounts, APIs, and infrastructure.
• Improvement & analytics (legitimate interest): understanding how features are used to fix bugs and improve UX, using aggregated or pseudonymous data where possible.
• Legal compliance (legal obligation): responding to lawful requests and enforcing our terms.

Where we rely on consent, you may withdraw it without affecting the lawfulness of processing before withdrawal. Where we rely on legitimate interests, you may object as described in section 10.

We do not sell your personal data. We share data only as needed to run the Services:

• Infrastructure & hosting: cloud providers that host our website, API, and databases (e.g. Vercel for the marketing site).
• Authentication: Supabase (or equivalent) for secure sign-in and password management.
• Email delivery: SMTP or transactional email providers to send account and notification emails.
• Game platforms:when you connect a store account, we exchange data with that platform's APIs according to your authorization (e.g. Steam, Epic, GOG). Cover images may be loaded from those platforms' CDNs when you view your library; that traffic goes between your device (or our API) and the platform, not to other PlayGrid users except where you explicitly share library overlap with friends.
• Other users: information you choose to share with friends (e.g. online status, shared games, activity schedule if enabled in privacy settings).
• Professional advisers & authorities: when required by law or to protect rights and safety.

Processors act on our instructions under data-processing agreements where required by law.

We may process data in the European Economic Area and in other countries where our providers operate (including the United States). When personal data is transferred outside the EEA/UK, we use appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms, unless an adequacy decision applies.

We keep personal data only as long as necessary for the purposes above, including:

• Account data: for the life of your account and a reasonable period after deletion for backups and legal claims.
• Waitlist emails: until you unsubscribe or we no longer need the list for launch communications, then deleted or anonymized.
• In-app notifications: typically up to 90 days, then deleted automatically.
• Telemetry and logs: typically rolling periods (e.g. months), unless longer retention is required for security or law.
• Legal obligations: longer where statute requires.

We use technical and organizational measures appropriate to the risk (encryption in transit, access controls, hashed credentials via our auth provider, and least-privilege access). No method of transmission or storage is 100% secure; please use a strong, unique password and keep platform tokens confidential.

Depending on your location, you may have rights to access, rectify, erase, restrict or object to processing, data portability, and to withdraw consent. You may also lodge a complaint with a supervisory authority.

EEA/UK: contact us at office@playgrids.app. You may complain to President of the Personal Data Protection Office (UODO), Poland (uodo.gov.pl/).

United States (e.g. California): we do not sell personal information. You may request access, deletion, or correction as applicable under state law by emailing office@playgrids.app. We will verify your request as required.

In the app, use account and privacy settings to control what friends can see (e.g. activity schedule sharing). For other requests, email us from your account email.

On the marketing website (www.playgrids.app) we use Vercel Web Analytics and Speed Insights to measure page views and site performance (Core Web Vitals). These services are provided by Vercel Inc. and are configured to avoid third-party advertising trackers. Vercel Web Analytics does not use cookies for visitor counting; Speed Insights may send performance metrics tied to your visit. We do not use advertising cookies on the marketing site.

We may still use cookies or local storage that are strictly necessary to operate the site (e.g. security, load balancing). The desktop app may store tokens and preferences locally on your device. If we introduce additional optional analytics or marketing cookies on the website, we will update this policy and, where required, ask for consent before setting them.

We do not make decisions based solely on automated processing that produce legal or similarly significant effects. Scheduling suggestions use your data and friends' availability to assist planning; you remain in control of accepting session times.

The Services are not directed at children under 16 (or the minimum age required in your country). We do not knowingly collect personal data from children. Contact us if you believe a child has provided data and we will delete it.

We may update this Privacy Policy from time to time. We will post the new version on this page and update the "Last updated" date. Material changes may be notified by email or in-app notice where appropriate.

Questions or requests: office@playgrids.app
General support: office@playgrids.app