// Funcoded · Legal

Privacy Policy

Last updated: May 5, 2026 · Effective May 5, 2026

1. Scope

Funcoded, LLC, a California limited liability company ("Funcoded", "we", or "us"), is the data controller responsible for the personal data described in this Privacy Policy. This Privacy Policy explains how we collect, use, and share personal data when you use our websites, mobile games, and Discord activities — including funcoded.com, the Busted Wheel, Bubble Flubble, and any future Funcoded games (the "Service").

2. Data we collect

Identity (when you sign in)

• Apple Sign-In: a stable Apple identifier and the email/name you choose to share.
• Google: your Google ID, email, name, and profile image URL.
• Discord: your Discord user ID, username, avatar, and (if you join via the Activity) the Discord guild (server) you played in. We never receive your Discord password.
• A display name shown on leaderboards (you can change it).

Gameplay data

• Spins, scores, multipliers, badges/achievements, custom-game memberships, custom-game settings.
• Your friend code and friend connections, if you create them.

Operational / device data

• IP address (used briefly for security/abuse prevention and rate-limiting; not stored long-term against your account).
• Basic device and browser metadata sent automatically by your client (user agent, language).
• Crash logs, when you opt in via the OS (mobile) or the browser console (web).

Communications

• If you contact us by email, we keep that correspondence to respond and follow up.

We do not collect: precise location, contacts, microphone, camera, biometrics, or payment card numbers. Purchases (when applicable) are processed by Apple, Google, or Discord — they handle payment details, not us.

3. How we use data

• Operate the Service: authenticate you, run games, show leaderboards, save scores.
• Maintain integrity: anti-cheat, abuse-prevention, rate-limiting, audit logs.
• Communicate with you about important account or service events.
• Improve the Service: aggregate gameplay analytics (e.g., which segments are spun) — we don't sell or re-identify these.
• Comply with legal obligations.

4. Who we share data with

We share personal data only as follows:

• Identity providers (Apple, Google, Discord) — they receive what's needed to authenticate you.
• Hosting and infrastructure — DigitalOcean (servers) and Cloudflare/Squarespace (DNS / CDN / domain) hold and transmit data on our behalf, under their own security and privacy commitments.
• App stores — Apple App Store, Google Play, Discord App Directory — when you install or purchase, they receive transactional data per their own policies.
• Other players — your display name, avatar, and scores are visible on leaderboards by design. Don't put anything on a leaderboard you don't want shown publicly.
• Legal & safety — when required by law, to protect Funcoded's rights, or to prevent fraud or imminent harm.
• Successors — if Funcoded merges, is acquired, or sells assets, your information may be transferred under terms at least as protective as this policy.

We do not sell or rent your personal data, and we do not share it for cross-context behavioral advertising.

5. Cookies & local storage

We use only what's needed to keep you logged in and remember your preferences (e.g., volume, accepted-terms flag). We don't run third-party advertising trackers. Specifically:

• localStorage — login tokens, sound preferences, "I've accepted the Terms" flag.
• Cookies — minimal session cookies on hosted services if applicable.
• No third-party advertising or tracking pixels.

6. Retention

We keep your account and gameplay data for as long as your account exists, plus a short period afterward to meet legal, security, or backup obligations. Server logs that include IP addresses are typically rotated within 30 days. You can request deletion at any time.

7. Your rights (including GDPR & CCPA)

You may have rights under your local law to access, correct, delete, or export the personal data we hold about you, to restrict or object to processing, and to lodge a complaint with a data-protection authority. EU/UK residents have GDPR rights; California residents have CCPA/CPRA rights, including the right to know what we collect and to request deletion. To exercise any of these, email privacy@funcoded.com. We respond within 30 days.

8. Children

The Service is not directed to children under 13 (or under 16 in the EEA/UK). We don't knowingly collect data from children below those ages. If you believe a child has provided us with personal data, contact us and we'll delete it.

9. Security

We use HTTPS everywhere, encrypt secrets at rest where the platform supports it, restrict server access to admins, and back up our database daily. No system is 100% secure — please use a unique password on your identity providers and enable two-factor authentication where possible.

10. International transfers

Funcoded, LLC is based in California, USA, and operates the Service from the United States. By using the Service from outside the U.S., you understand that your data may be transferred to and processed in the U.S. and other countries with different data-protection laws than your own. Where required, we rely on Standard Contractual Clauses or equivalent safeguards.

11. Changes

We may update this Privacy Policy. When we do, we'll change the "Last updated" date above and, for material changes, give you notice (in-Service prompt or email). Continued use means you accept the updated policy.

12. Contact

Privacy questions or rights requests:

Funcoded, LLC
Attn: Privacy
privacy@funcoded.com