Effective May 26, 2026
Lofi Dungeon is run by one developer. We collect the minimum personal data needed to run the game, save your progress across devices, and process payments. We never sell your data, and you can delete your account at any time from the in-game Settings or by emailing support@lofidungeon.com.
Lofi Dungeon (the "Service") is an independent project ("we", "us"). Contact: support@lofidungeon.com. This Policy explains what personal data we collect, how we use it, and the rights you have over it.
We only collect what we need to run the game.
We do not collect: payment card details (Stripe handles those directly), precise location data, contact lists, facial-recognition data, or biometrics.
We rely on a small set of third-party "sub-processors" to run the service. Each one only sees the data it needs:
| Provider | What they see | Why |
|---|---|---|
| Supabase | Email, cloud save, purchase records | Database + auth backend |
| Stripe | Email, purchase amount, payment method, IP at time of purchase | Payment processing |
| Netlify | IP, browser, page requests | Web hosting + CDN |
| Resend | Email address (only if you opt in to marketing) | Sending newsletter / update emails |
We do not sell your personal data to anyone, and we do not share it with advertisers. We may disclose data if required by a valid legal process (court order, subpoena) — if that happens, we will push back where appropriate and notify you unless legally barred.
Depending on where you live, you have some or all of the following rights over your personal data:
We will respond to rights requests within 30 days (sometimes faster — usually within a couple of business days). We will never charge you for exercising these rights.
We use a small number of "strictly necessary" cookies and local-storage entries to run the service. We do not use advertising or tracking cookies.
Since all of these are necessary to provide the service you asked for, we do not show a cookie consent banner under GDPR's "strictly necessary" exemption.
The Service is intended for users aged 13 and older. We do not knowingly collect personal data from anyone under 13. If we learn we have, we will delete the account and refund any payments. Parents who believe their child has signed up: please email support@lofidungeon.com and we will act quickly.
Our infrastructure providers (Supabase, Stripe, Netlify, Resend) may store and process data outside the country where you live — including in the United States. Where required (e.g., for EU/UK users), these transfers rely on Standard Contractual Clauses or equivalent safeguards published by each provider.
We use HTTPS everywhere, Supabase's row-level security for the database (each user can only read their own rows), magic-link authentication (no passwords to leak), and a strict separation between the public game client and the privileged server-side service-role key (which lives only in our edge-function environment). No system is perfectly secure; if we ever suffer a breach affecting your data, we will notify affected users promptly and as required by law.
We may update this Policy from time to time. Material changes will be communicated to registered users by email at least 14 days before they take effect. The effective date at the top reflects the latest revision.
For privacy questions, deletion requests, or anything else covered by this Policy: support@lofidungeon.com