Privacy Policy

The data controller responsible for processing personal data on this site is:

Stuart BellKollwitzstr. 7610435 BerlinGermany

Email: contact@mtsudoku.com

a) Server logs. When you load any page, our hosting and content-delivery providers automatically record technical information so we can serve the page and protect against abuse. This includes your IP address, user agent, the URL you requested, the HTTP status of the response, and the timestamp. We use this only for technical operation, error analysis, and abuse prevention. Lawful basis: Article 6 (1) (f) GDPR (legitimate interests). Retention: typically up to 30 days at the provider level.

b) Account and sign-in. If you choose to sign in, we ask for your email address and send you a one-time sign-in link ("magic link"). We store your email together with the dates of account creation and last sign-in. Optionally, you may also provide a first name during sign-up so we can address you by name in the streak banner; this is voluntary and can be left blank. Lawful basis: Article 6 (1) (b) GDPR (performance of the user agreement). Retention: until you delete your account.

c) Game progress. If you are signed in, completed puzzles are saved with the date, mode, difficulty, time taken, and number of mistakes, so that statistics and streaks work across devices. Lawful basis: Article 6 (1) (b) GDPR. Retention: until you delete your account or delete the individual entries.

d) Local game state. While you play, the in-progress board, your last difficulty selection, and your colour-mode preference are kept in your browser's localStorage so the site remembers your settings between visits. This data never leaves your device and is not seen by us. You can clear it at any time through your browser's site-data controls.

e) Consent records. When you respond to our cookie banner, our consent-management provider stores a record of your choices (which categories you accepted or rejected, and when). This is required so that we can honour your choices and prove that consent was given. Lawful basis: Article 6 (1) (c) GDPR (legal obligation under § 25 TTDSG). Retention: 12 months, after which the banner is shown again.

f) Advertising. We display advertising on the site through Google AdSense, operated by Google Ireland Limited. When you load a page that shows ads, AdSense may set cookies in your browser — including __gads, __gpi, NID, and IDE — to measure ad performance and, where you have consented, to personalise the ads you see based on your visits to this and other sites. The cookie banner asks for your permission before any non-essential cookies are set. If you decline, you'll still see ads, but they will not be personalised based on your browsing history. Lawful basis: Article 6 (1) (a) GDPR (consent). You can withdraw consent at any time via the "Cookie settings" link in the footer, or manage Google's ad personalisation directly at https://adssettings.google.com. Google's full description of how it uses data for advertising is at https://policies.google.com/technologies/ads.

g) Newsletter and free booklets. If you ask us to email you a free booklet, or sign up to our newsletter, we collect your email address and (optionally) your first name. To prove that consent was freely given, we also record the date and time of the request, the page or modal on which it was made, and the IP address you used. The actual sending is done by MailerLite, our processor (see section 3 below). We use double opt-in: every new sign-up receives a confirmation email and only joins the list once the link in that email is clicked. You can unsubscribe with one click from the footer of every newsletter we send, and we will then stop sending you marketing emails — though the consent record itself is kept as required proof. Lawful basis: Article 6 (1) (a) GDPR (consent). Retention: the email address is kept until you unsubscribe; the timestamp + source + IP record is kept for as long as the law requires us to be able to prove consent (typically up to three years after the last contact).

h) Analytics. We use Google Analytics 4, operated by Google Ireland Limited, to understand how visitors use the site so we can improve it — for example, which pages are read, which game modes are played, and how long sessions last. Where you have consented to analytics cookies, Google Analytics may set cookies in your browser (including _ga and _ga_*) to recognise return visits in an aggregated form. If you decline, Google Consent Mode v2 falls back to cookieless behavioural modelling: no identifying cookies are set, and only aggregate, anonymised pings are sent. The cookie banner asks for your permission before any non-essential cookies are set. Lawful basis: Article 6 (1) (a) GDPR (consent) for cookie-based collection; Article 6 (1) (f) GDPR (legitimate interest in product improvement) for the consent-mode fallback. You can withdraw consent at any time via the "Cookie settings" link in the footer.

We use the following processors to operate the site. Each one has a contractual data-processing agreement with us under Article 28 GDPR.

Vercel, Supabase, and Cloudflare are organised in the United States. Where data is processed in the United States, transfers are protected either by certification under the EU–US Data Privacy Framework or by Standard Contractual Clauses adopted by the European Commission, together with the supplementary technical and organisational measures described in those agreements. You can request a copy of the relevant safeguards by contacting us at the address above.

We use cookies and localStorage entries in four categories: (i) strictly necessary entries to operate the site (the login session, your in-progress board, your colour-mode preference); (ii) the consent record stored by our cookie-management provider; (iii) advertising cookies set by Google AdSense, described in section 2 (f) above; and (iv) analytics cookies set by Google Analytics 4, described in section 2 (h) above. Categories (i) and (ii) are set without consent because they are technically required to provide the service or required by law; categories (iii) and (iv) are set only after you accept the relevant cookie categories in the consent banner. You can manage your choices at any time using the "Cookie settings" link in the footer.

Under the GDPR, you have the right to:

• request access to the personal data we hold about you (Article 15)
• have inaccurate data corrected (Article 16)
• have your data erased (Article 17)
• have processing restricted in defined cases (Article 18)
• receive your data in a portable format (Article 20)
• object to processing based on our legitimate interests (Article 21)
• withdraw any consent you have given, with effect for the future (Article 7 (3))

You can delete your account and all associated data yourself at any time at /en/account/delete — sign in, type the confirmation word, and your account, puzzle history, and streaks are removed immediately.

For any other request — access, correction, restriction, portability, objection, or consent withdrawal — write to contact@mtsudoku.com. We will respond within one month.

You have the right to complain to a supervisory authority if you believe our processing of your data is unlawful. The competent authority for our establishment is:

Berliner Beauftragte für Datenschutz und InformationsfreiheitAlt-Moabit 59–6110555 Berlinmailbox@datenschutz-berlin.dehttps://www.datenschutz-berlin.de

We may update this policy when our processing changes — for example, when we introduce advertising or analytics, or when we change a processor. The "last updated" date below reflects the most recent change. Substantive changes will be made visible on the site before they take effect.