Privacy Policy
Plain-language explanation of what we store, who else might see it, and how to control it. We deliberately collect as little as possible.
Contents
Summary
- No account, no email, no password — you can play without identifying yourself.
- We store the nickname and avatar you choose, your cookie-consent decision, and the live state of any room you're in.
- We use Google AdSense to show ads, and Google Funding Choices as our consent management platform. Both are loaded only after you've made a consent choice.
- You can withdraw consent at any time from the footer "Manage consent" link or the Cookie Policy page.
Data controller
The data controller for this website is Mohamed Rayene Romdhane, based in France, European Union. For any privacy question or request, contact:
- Email: privacy@chkobagame.xyz
- Postal address: available on request via the email above.
What we store
| Category | Examples | Where | Purpose |
|---|---|---|---|
| Profile choices | Nickname, avatar selection | Your browser (localStorage) + transmitted to the server while in a room |
Identify your seat in a multiplayer game |
| Game state | Room code, seat index, cards captured this round | Server memory (ephemeral) + your browser tab | Run the live multiplayer match |
| Consent state | "granted" / "denied" + IAB TCF consent string | Your browser (localStorage + cookie set by Funding Choices) |
Remember your cookie/ads choice |
| Connection metadata | IP address (transient), user-agent | Server logs & CDN logs (rotated) | Security, abuse prevention, rate limiting |
| Bug-report content | Whatever you write in the Google Form on Contact | Google Forms (Google LLC) | Triage and fix bugs you report |
We do not collect names, postal addresses, phone numbers, payment details, or any other identifying data. There is no analytics tracker (no Google Analytics, no Plausible, no Matomo) at the time of writing.
Legal bases for processing (GDPR)
- Performance of a service / legitimate interest — running the multiplayer game (room state, connection metadata, security logs).
- Consent — loading Google AdSense and any non-essential cookies. You can withdraw at any time.
- Legal obligation — responding to verified data-rights requests, complying with court orders.
Third-party vendors & data sharing
We share the minimum amount of information needed for these vendors to perform their services. We do not sell personal data.
| Vendor | Service | Data received | Policy |
|---|---|---|---|
| Google LLC | Google AdSense (ads) | IP, user-agent, cookies, page URL, IAB TCF consent string | Google Privacy Policy · Ads policy · Partner sites |
| Google LLC | Funding Choices (consent management) | IP, user-agent, your consent answers | Funding Choices help |
| Google LLC | Google Fonts (Schoolbell, Roboto) | IP, user-agent (no cookies are set by Google Fonts CSS) | Google Fonts privacy |
| Google LLC | Google Forms (bug reports) | Whatever you choose to enter in the form | Google Privacy Policy |
| Hosting / CDN | Static asset delivery | IP, user-agent (server / edge logs) | Provider's privacy notice (provided on request) |
A complete list of advertising vendors is available through the consent dialog: open "Manage consent" → "How Google uses data" → vendor list. The list is maintained by Google and follows the IAB Transparency & Consent Framework v2.2.
Cookies & similar technologies
We use a small number of cookies and localStorage entries. The full table is on
the dedicated Cookie Policy page. In short:
- Strictly necessary — your nickname/avatar and cookie-consent decision (
localStorage, no cookie set by us). Set without consent because the site cannot function otherwise. - Advertising — Google AdSense cookies (e.g.
__gads,__gpi,IDE) and the Funding Choices TCF cookie. Set only after you grant consent.
Advertising & consent
Display advertising is the only revenue source for the site. We use Google AdSense
(publisher ID pub-9124857144736473), gated by Google Funding Choices.
- If you accept: AdSense may set cookies and use them to personalize ads, measure performance, and limit how often you see the same ad.
- If you decline: AdSense will be loaded in non-personalized mode only, where allowed; otherwise no ads at all. No personalization profile is built.
- You can change your decision any time via the Manage consent link in the footer.
Industry opt-out portals — useful even off our site:
Retention
- Profile (nickname, avatar) — kept in your browser only, until you clear it.
- Consent state — up to 12 months, after which we re-prompt.
- Live game state — held in server memory while the room is active; deleted when the room closes (typically minutes; at most a few hours).
- Server logs — connection logs are kept for up to 30 days for security and abuse investigation, then rotated out.
- Bug-report content — kept in Google Forms until manually deleted; retention follows Google's terms for that product.
Your rights (EEA, UK, Switzerland)
Under the GDPR / UK GDPR you have the right to:
- Access your personal data (Art. 15)
- Rectify inaccurate data (Art. 16)
- Erase your data (Art. 17)
- Restrict processing (Art. 18)
- Receive a copy in a portable format (Art. 20)
- Object to processing based on legitimate interests (Art. 21)
- Withdraw consent at any time (Art. 7(3)) — use the footer "Manage consent" link
- Lodge a complaint with your local supervisory authority. In France that is the national data-protection authority — contact details are on its official website.
To exercise any of these rights, email privacy@chkobagame.xyz. Because we don't tie data to identifiers, we may need to ask you for additional context (for example, the room code and approximate timestamp) so we can find what you are asking about. We aim to respond within 30 days.
Your rights (California — CCPA / CPRA)
California residents have the right to know, delete, correct, and opt out of the "sale" or "sharing" of personal information. We do not sell personal information for money. However, some advertising-cookie sharing may qualify as "sharing" under California law.
- Do Not Sell or Share My Personal Information — decline cookies in the consent dialog, or email privacy@chkobagame.xyz with subject "CCPA opt-out".
- Right to know / delete / correct — same email, please describe the data and the time window.
- Non-discrimination — exercising rights will not change the gameplay you receive.
Children
Chkobba Café is not directed to children under 13 (or under 16 in jurisdictions where the GDPR sets the digital-consent age higher). We do not knowingly process the personal data of children. If you believe a child has used the site, please email privacy@chkobagame.xyz and we'll delete any related data.
International transfers
Some of our vendors (Google in particular) operate worldwide and may process data outside the EEA. Where transfers occur, we rely on the European Commission's Standard Contractual Clauses, the EU-US Data Privacy Framework where applicable, and any additional safeguards required by law.
Security
We use TLS for every connection, server-authoritative game logic to prevent tampering, and per-event rate limiting on Socket.IO. We do not store passwords because there are no accounts. No internet service can be 100 % secure — please don't share sensitive personal information through chat or bug reports.
Changes to this policy
We may update this policy as the site or applicable law evolves. Material changes will be announced on the homepage for at least 14 days. The "Last updated" date at the top reflects the latest revision.
Contact
Privacy questions: privacy@chkobagame.xyz
General support: support@chkobagame.xyz
Bug-report form: Contact page