Growth Lab Games
Growth Lab Games← Back to Home
Legal

Privacy Policy

Last updated: March 1, 2025 · Effective: March 1, 2025

1. Introduction

Growth Lab Games ("we," "us," or "our"), operated by the Shamelyss Growth Project, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at growthlabgames.com.

2. Information We Collect

For Host Accounts:

  • Email address and display name
  • Password (stored as a secure hash — never in plain text)
  • Game content you create (questions, prizes, room configurations)
  • Usage data (games hosted, player counts, session duration)
  • Payment information (processed by Stripe — we do not store card details)

For Players (no account required):

  • Display name (chosen by the player for each session)
  • Game answers and scores (session-only, not linked to identity)
  • IP address (for security and abuse prevention)

3. How We Use Your Information

  • To provide and operate the Platform
  • To process payments and manage subscriptions
  • To send account-related communications (password resets, billing)
  • To improve the Platform through analytics
  • To enforce our Terms of Service and prevent abuse
  • To comply with legal obligations

4. Data Sharing

We do not sell your personal data. We may share data with:

  • Supabase — database hosting (EU/US data centers)
  • Stripe — payment processing
  • Vercel — frontend hosting
  • Railway — backend hosting
  • Law enforcement when required by law

5. Data Retention

Host account data is retained for the duration of your account plus 90 days after deletion. Player session data (display names, scores) is retained for 30 days then automatically deleted. You may request deletion of your data at any time by contacting us.

6. Your Rights (GDPR & CCPA)

Depending on your location, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data ("right to be forgotten")
  • Object to or restrict processing of your data
  • Data portability
  • Opt out of marketing communications

To exercise these rights, email hello@growthlabgames.com.

7. Children's Privacy (COPPA)

Growth Lab Games is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us immediately and we will delete it.

8. Security

We implement industry-standard security measures including TLS encryption in transit, bcrypt password hashing, JWT authentication with expiry, rate limiting, and regular security audits. No system is 100% secure, and we cannot guarantee absolute security.

9. Cookies

We use essential cookies for authentication and session management. See our Cookie Policy for details.

10. Payment, Gifting & Transaction Data

When you make purchases, send virtual gifts, or receive payouts on the Platform, we collect and process the following data:

  • Payment data: All payment card details are processed directly by Stripe and are never stored on our servers. We receive only a tokenized reference and the last 4 digits of your card for display purposes.
  • Transaction records: We store records of purchases, virtual gift sends, order history, and payout transactions for legal compliance, dispute resolution, and tax reporting purposes. These records are retained for a minimum of 7 years as required by financial recordkeeping laws.
  • Virtual gift activity: We record which virtual gifts you send and receive, including timestamps and associated live session IDs. This data is used for leaderboards, fraud prevention, and platform analytics.
  • Gift-to-Open-Box purchases: When you gift a physical product to another user, we store the gifter identity, the recipient identity, the product details, and the transaction amount. The recipient is notified of the gift but their shipping address is only shared with the seller upon acceptance.
  • Seller payout data: Sellers who connect a Stripe Connect account share their identity verification data directly with Stripe. We receive confirmation of verification status but do not store raw identity documents.
  • Tax reporting: For transactions that trigger tax reporting obligations, we collect and retain the required tax identification information and share it with relevant tax authorities as required by law.

For questions about your transaction data, contact privacy@growthlabgames.com.

11. Contact

For privacy questions or data requests: hello@growthlabgames.com

Terms of Service →Cookie Policy →← Back to Home