Privacy Policy for Kattilapeli
Last Updated: June 18, 2026
Kattilapeli (referred to as "we", "our", or "the service") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web-based party game, including both registered accounts and anonymous play sessions.
1. Data Controller
The development team of Kattilapeli acts as the data controller of the service:
- Controller: Kattilapeli Developers
- Contact Email: palaute@kattilapeli.fi
2. Legal Basis for Processing
We process your personal data under the following legal bases:
- Performance of a Contract: To provide the game services, manage active game rooms, and handle user authentication (registered and anonymous users).
- Legitimate Interest: To maintain the security of our platform, prevent abuse, fix technical issues, and analyze usage trends to improve the service.
- Consent: When you authorize us to connect a third-party login provider or save your custom question packs.
3. What Personal Data We Collect
The type of information we collect depends on how you use the service:
A. Registered Users (Created Accounts)
If you create a user account, we collect:
- Account Information: Name, email address, email verification status, and profile image URL (if in use).
- Authentication Data: Linked third-party login providers (e.g., Google, Discord), OAuth tokens, and password hashes.
B. Anonymous Users (Anonymous Players)
If you play Kattilapeli without registering:
- We create a temporary, anonymous user identifier for the duration of the session to manage your participation, connection, and content in the game.
C. Game Data and User-Generated Content
Regardless of whether you are registered, we process the following information:
- Active Games: Game codes, participant lists, cookie consent information, and questions and answers submitted during the game.
- Custom Question Packs: Pack title, description, game settings, questions, and the author's identifier. Packs can be public or private.
D. Technical Data and Session Details
To ensure security and system functionality, we automatically collect:
- Session Details: Temporary session tokens, IP addresses, and User-Agent data (browser and device details).
| Cookie name | Reason | Time |
|---|---|---|
| kattila.session_token | Authentication | 7d |
| SOCS | Terms | 30d |
| PARAGLIDE_LOCALE | Language | 400d |
E. Usage Statistics and Analytics
To monitor the platform's stability and popularity, we log:
- User Events: Information on when a user creates or joins a game. If you have not consented to statistics, this information will not be linked to your identifier.
- General Game Statistics: Anonymous metrics, such as game duration, player counts, total questions, and total answers.
4. How We Use Your Data
We use the collected data for the following purposes:
- To Maintain Game Sessions: Matching players to rooms, distributing questions, displaying answers, and restoring connections during network interruptions.
- To Authenticate Users: Creating secure sessions and managing user accounts.
- To Store Custom Content: Saving and displaying the question packs you create according to your chosen visibility settings.
- To Ensure Security: Analyzing IP addresses and log data to prevent abuse, spam, and denial-of-service attacks.
- For Analytics and Development: Understanding peak usage times, average game lengths, and popular features to improve the service.
5. Data Retention
We retain personal data only as long as necessary to fulfill the purposes defined in this policy:
- Session and IP Data: Session tokens and associated IP addresses are periodically deleted after the session ends or expires.
- Game-Specific History: Data, questions, and answers from individual game rooms are deleted shortly after the game session ends (available for 2h).
- User Accounts and Question Packs: Retained as long as the user account remains active. You can request the deletion of your account and its associated data at any time.
- Analytics: As long as necessary for statistical purposes.
6. Disclosures of Data to Third Parties
We do not sell your personal data. We may disclose data to third parties only in the following situations:
- Service Providers: Trusted service providers (such as server hosting, database services, and authentication services) that process data on our behalf in accordance with GDPR-compliant agreements.
- Legal Requirements: If required to do so by applicable law or by order of a public authority.
7. Data Security
We use appropriate technical and organizational security measures to protect your personal data from unauthorized access, loss, or alteration. These measures include cryptographic protection of passwords, API access key security, and secure HTTPS/TLS connections for all data transfer.
8. Rights of the Data Subject (GDPR)
If you reside within the European Economic Area (EEA), you have the following rights in accordance with the EU General Data Protection Regulation (GDPR):
- Right of Access: The right to request a copy of the personal data we have stored about you.
- Right to Rectification: The right to demand correction of inaccurate or incomplete data.
- Right to Erasure ("Right to be Forgotten"): The right to request the deletion of your user account and associated data.
- Right to Restriction of Processing: The right to demand that the processing of your data be restricted in certain situations.
- Right to Object: The right to object to the processing of your data based on our legitimate interest.
- Right to Data Portability: The right to receive your data in a structured and machine-readable format to transfer it to another service.
To exercise these rights, please contact us at the designated contact email address. You also have the right to lodge a complaint with your local data protection authority.
9. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. Any changes will be announced on this page by updating the date at the top of the policy.