PRIVACY POLICY

Last updated: April 4, 2026

1. DATA CONTROLLER

Drugwars Online is operated by Tuxxin. For privacy inquiries, contact us at tuxxin.com or email [email protected].

2. LEGAL BASIS FOR PROCESSING

Under the General Data Protection Regulation (GDPR), we process your data on the following legal bases:

  • Contract performance (Art. 6(1)(b)): Account creation, authentication, game session management, and leaderboard functionality.
  • Consent (Art. 6(1)(a)): Analytics cookies (Google Analytics) and advertising cookies (Google AdSense). You may accept or reject these via our cookie consent banner.
  • Legitimate interest (Art. 6(1)(f)): Session cookies (essential site functionality), IP logging for security and abuse prevention, and admin reporting.

3. INFORMATION WE COLLECT

Account data: When you register, we collect your username, email address, password (stored hashed), and optionally your country. If you sign in with Google, we receive your Google account ID, display name, and email address from Google's OAuth service. We do not receive or store your Google password.

Game data: We record game sessions including scores, duration, and gameplay statistics for leaderboards and profiles.

Technical data: We collect IP addresses for security, abuse prevention, and anonymous analytics. We use cookies for session management.

Guest play: If you play without an account, we may log your IP address for analytics. No personal information is required to play.

4. HOW WE USE YOUR INFORMATION

  • Email addresses are used solely for account functionality (password resets, account notifications) and important website communications. All emails include an unsubscribe link. We do not sell, rent, or share your email address with third parties.
  • Usernames and scores are displayed publicly on leaderboards and profiles.
  • IP addresses are used for security monitoring and admin reporting. They are not shared externally.

5. DATA SHARING

We do not sell your personal information. We may share data only when:

  • Required by law or legal process.
  • Necessary to protect the security of the Site or its users.

6. INTERNATIONAL DATA TRANSFERS

We use third-party services operated by Google (Analytics, AdSense, OAuth) that may transfer and process your data on servers located in the United States and other countries outside the European Economic Area (EEA). These transfers are protected by Google's data processing terms, which incorporate Standard Contractual Clauses (SCCs) approved by the European Commission as a safeguard for international data transfers.

7. THIRD-PARTY SERVICES

The Site uses the following third-party services:

  • Google Analytics — for anonymous usage statistics. Only loaded after you consent via the cookie banner. See Google's Privacy Policy.
  • Google AdSense — for advertising. Only loaded after you consent. AdSense may use cookies to serve personalized ads. See Google's Ad Policy.
  • Google OAuth — for optional "Sign in with Google" authentication. When you choose to sign in with Google, we receive your name, email, and a unique account identifier. We use this solely to create or link your account. See Google's Privacy Policy.

8. COOKIES

We use cookies for:

  • Essential cookies — session management (keeping you logged in and maintaining game state) and cookie consent preference. These do not require consent.
  • Referral tracking — crediting the player who shared a link with you (30-day cookie).
  • Analytics and advertising — via Google Analytics and AdSense (third-party cookies). These are only loaded after you provide consent via our cookie banner.

You can manage your cookie preferences by clearing your cookies and revisiting the site, which will display the consent banner again. You can also disable cookies in your browser settings.

9. YOUR RIGHTS

Under the GDPR and applicable data protection laws, you have the following rights:

  • Right of access (Art. 15): Request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): Request correction of inaccurate personal data.
  • Right to erasure (Art. 17): Request deletion of your personal data ("right to be forgotten").
  • Right to restrict processing (Art. 18): Request that we limit how we use your data.
  • Right to data portability (Art. 20): Request your data in a structured, machine-readable format.
  • Right to object (Art. 21): Object to processing based on legitimate interests.
  • Right to withdraw consent (Art. 7(3)): Withdraw your consent at any time (e.g., by rejecting cookies or requesting account deletion).
  • Right to lodge a complaint: You may file a complaint with your local data protection supervisory authority.

To exercise any of these rights, contact us at tuxxin.com or email [email protected]. We will respond within 30 days.

10. DATA RETENTION

Account data and game history are retained for as long as your account exists. Upon account deletion request, your data will be removed within 30 days. Guest game data (IP addresses) is anonymized after 90 days; anonymized aggregate statistics are retained indefinitely.

11. SECURITY

Passwords are hashed using bcrypt. All connections are encrypted via HTTPS. We take reasonable measures to protect your data but cannot guarantee absolute security.

12. CHILDREN

The Site is not intended for users under 16 years of age. We do not knowingly collect data from children under 16. If you are in a jurisdiction where a different minimum age applies, the higher of 16 or your local minimum applies. If we become aware that we have collected data from a child under 16, we will delete it promptly.

13. CHANGES TO THIS POLICY

We may update this policy from time to time. We will notify registered users of material changes via email or a prominent notice on the Site at least 14 days before the changes take effect. If you do not agree with the changes, you may delete your account.

14. CONTACT

Privacy questions? Visit tuxxin.com or email [email protected].