1. Information You Provide

1-1. Authentication & Account Data

When you sign in via Google OAuth on Supabase Auth, we receive the following limited profile information from Google:

• Google UID
• Display name (if provided)
• Email address (used solely for account management and login)

We do not have access to your Google password. Supabase acts as our authentication provider and stores these credentials securely on our behalf.

1-2. Share & Rating Data

When you use the Share feature, we collect and store metadata including:

• Your user ID (from Supabase Auth)
• Timestamp of the upload
• Original filename and generated storage path

When you “like” or “unlike” a tip, we record your user ID and the tip’s ID for the purpose of displaying your favorites and preventing duplicate actions. This data is never shared with third parties except as required by law.

1-3. Comment Data

When you post a comment, we collect, store, and publicly display the following:

• User ID: A unique identifier provided by Supabase Auth.
• Display Name: The name you registered or your Google OAuth display name.
• Comment Content: The actual text you submit as your comment.
• Posted Timestamp: The date and time when the comment was created on our server.

By posting a comment, you agree that your display name, User ID, and comment text will be visible to other users in the comments section. We treat all comments as public content.

To prevent spam and abuse, we enforce a server‐side rule that prohibits posting more than one comment per tip within a 60‐second window. If you attempt to post again before 60 seconds have passed, your comment will be rejected.

Storage Duration: Unless you manually delete your comment, it will remain stored indefinitely on our servers.
Third-Party Disclosure: We will not share your comment data with third parties except when required by law or to protect the safety and rights of others.

2. Hosting & Infrastructure Logs

We host GameNoter on Cloudflare to ensure fast, secure delivery. Cloudflare automatically collects technical data such as your IP address, browser type, device information, and request logs for the purposes of performance optimization, caching, and security (e.g. DDoS protection). Please review Cloudflare’s Privacy Policy for details: cloudflare.com/privacypolicy.

2-1. Data Storage & Retention

Web version: Your notes, pins and settings live in your browser’s localStorage, and any attached file handles are stored in an internal IndexedDB store.
Desktop version: All data (including attachments) is saved in a local SQLite database file.
We never upload your personal notes or attachments to our servers.

Quiz progress & review flags:
The CS2 Callouts Quiz stores your current question index and any “HARD” marks exclusively in your browser’s localStorage. These values are never sent to or stored on our servers. You can clear them at any time by clearing site data in your browser settings.

2-2. Uploads, Downloads & Server Logs

Uploads: When you upload a tip file, the JSON is stored in our Supabase Storage bucket together with metadata such as:

• Your user ID
• Timestamp of the upload
• Original filename / generated storage path

Download logs: To prevent abuse, we record the requesting IP address and timestamp whenever someone downloads a public tip file. These logs are automatically purged after 24 hours.

These server-side logs are used only for rate-limiting, abuse prevention and troubleshooting, and are never shared with third parties except as required by law.

3. Cookies, Analytics & Advertising

We use cookies and similar technologies for:

• Preferences & Session: Remembering UI preferences and session state.
• Analytics: If enabled, Google Analytics collects anonymous usage data. See Google Analytics Privacy Policy.
• Advertising: Google AdSense may set cookies to deliver personalized ads based on your browsing. Control your settings: Google Ad Settings.
• Authentication: Short-lived cookies needed to keep you signed in via Google OAuth.

You can disable cookies in your browser—note that this may affect functionality and ad delivery.

4. Third-Party Content & Links

5. Data Sharing & Disclosure

We do not sell personal data. We may share:

• Infrastructure Logs: Aggregated performance and security logs with Cloudflare.
• Analytics & Ads Data: Aggregated, anonymized statistics with Google.

We may also disclose information if required by law or to protect rights and safety.

5-1. User Data Management

You can delete or export your data at any time:

• Web version: Clear the site data (including localStorage and IndexedDB) in your browser settings.
• Desktop version: Delete the local SQLite database file in the application data folder.

5-2. Account Deletion

You may delete your account at any time. Deleting your account will permanently remove all personal data we store on our servers, including uploaded files, settings, and logs. This action cannot be undone.

• Web version: Use the “Delete Account” button in your My Page.

6. Security

We implement reasonable technical and organizational measures to protect your data. However, no system is fully secure; use the Application at your own risk.

6-1. Attachments & Exported File Paths

Web version: local attachments are not included in the exported JSON.
Desktop version: any local file paths of attachments (images, videos, etc.)will be included in the exported backup. Please exercise caution when sharing that file, as it may expose your personal folder structure or reveal sensitive paths.

7. Children

The Application is not intended for children under 13. We do not knowingly collect personal data from minors.

8. Local File References

The Application may access and display files (images, videos) from your local device for preview and note‐taking purposes. These files are never uploaded or stored on our servers and remain solely on your device. You assume all risk associated with accessing or modifying these files, and the Service Provider disclaims any liability for file corruption, data loss, or unauthorized access arising from local file operations.

8-1. File-Picker Consent

Web version: When you attach a file in the browser, the built-in File System Access API prompts you to choose via a file-picker; no file is accessed without your explicit consent.
Desktop version: All local file access (images, videos) is initiated by you via an explicit file-picker dialog in the desktop application. The Application never reads files without your direct consent.

9. Donations

GameNoter uses third-party platforms (such as Buy Me a Coffee and Ko-fi) to collect donations. When you make a donation:

• Payment processing: All payment data (e.g., credit card details, PayPal account) is handled and stored by the third-party platform you choose. We do not collect or store your full payment information.
• Donor information: Depending on the platform’s settings, the service may share your display name, donation amount, and any message you include. We only receive the information that these services explicitly provide, and we use it solely to record your donation and send an automatic “Thank You” message.
• Use of donations: Donations are used to support the continued operation of GameNoter and help cover ongoing costs. They also help sustain the developer’s efforts and time to keep improving the platform.
• Refund policy: Donations are considered voluntary contributions and are non-refundable. Please confirm your decision before donating.
• Third-party terms: By donating, you agree to comply with the terms and privacy policies of the chosen platform (Buy Me a Coffee, Ko-fi, etc.). We encourage you to review their policies in detail before proceeding.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Continued use of the Application after updates constitutes acceptance of the revised policy. Significant changes will be noted here and, if feasible, via a banner in the app.

Effective Date: May 29, 2025

Contact

For questions about this policy, please visit our Contact page.