Privacy Policy

How we handle your data.

1. Data We Collect

When you sign up and use PikStats, we collect:

  • Account information: name, email, phone, company (optional), role (optional), years in industry (optional)
  • Usage data: games you create, variables you define, player data you submit via the API
  • Event logs: audit trail of all your actions (creating games, editing variables, logging in, purchases, etc.) with your IP address for security and accountability
  • Transaction logs: PIKE purchases, coupon redemptions, extension upgrades
  • Cookies: session cookies for login, optional "remember me" email
  • Player IP addresses: NOT logged — player data submitted via API is anonymized for privacy

2. Legal Basis

We process your data under these bases (GDPR/CCPA compliant):

  • Contract: to provide the service (accounts, games, API)
  • Legitimate interest: security auditing (IP logging), fraud prevention, platform analytics
  • Consent: optional marketing communications (you can opt out anytime)

3. What We Do With Your Data

  • Service delivery: run your games, store your variables and player data, process API requests
  • Audit logging: track all your actions (account edits, game/variable management, PIKE purchases, key regeneration, etc.) with your IP for accountability and security
  • Security: detect abuse, investigate suspicious activity, prevent unauthorized access
  • Billing: track PIKE purchases and coupon redemptions
  • Analytics: understand platform usage (anonymized trends only)
  • Communication: respond to support requests, send critical updates

4. Data Retention

  • Account & game data: kept as long as your account is active. Deleted accounts are purged within 30 days.
  • Player data: you control this — it stays until you delete it or your game is deleted.
  • Event logs (audit trail with IP addresses): kept for 90 days for security and accountability, then deleted.
  • Transaction logs: kept indefinitely for compliance and billing disputes.
  • Cookies: session cookies expire after 30 days of inactivity. Remember-me cookies last 1 year.

5. Sharing & Third Parties

We do not sell, rent, or share your data with third parties for marketing. We may disclose data:

  • To comply with legal requests (law enforcement, court orders)
  • To protect safety and security of the platform
  • To service providers (hosting, email) under strict data processing agreements

6. Your Rights (GDPR/CCPA)

You have the right to:

  • Access: request a copy of all data we hold about you
  • Correct: update your profile information anytime via Account settings
  • Delete: request deletion of your account and all associated data
  • Portability: request your data in a portable format
  • Object: opt out of non-essential communications

To exercise these rights, contact: privacy@pikstats.local

7. Security

We use industry-standard security measures:

  • HTTPS encryption for all data in transit
  • Password hashing (bcrypt) — we never store plain passwords
  • Secure session management (httpOnly, SameSite cookies)
  • Access controls and audit logging

No service is 100% secure. If you discover a vulnerability, please report it responsibly.

8. International Data Transfers

PikStats is operated from within the EU. If you're outside the EU, your data may be transferred to our EU servers. By using PikStats, you consent to this transfer.

9. Children

PikStats is not intended for anyone under 16. We do not knowingly collect data from minors. If we become aware of such collection, we will delete it immediately.

10. Policy Changes

We may update this policy. We'll notify you of material changes via email or a banner on the site. Continued use after changes constitutes acceptance.

11. Contact

Questions about this policy or your data? Reach out:

Email: privacy@pikstats.local
Last updated: June 2026