Privacy Policy – Glorb.io

This Privacy Policy explains how Glorb.io processes personal data and usage data and how we meet disclosure requirements for Google services (e.g., AdSense). It forms part of our legal terms for using this website and game.

1. Controller

The controller responsible for processing personal data is the operator of Glorb.io. Operator details are set out on our Legal Disclosure page.

2. Data We Process

Technical connection data: IP address (truncated or full depending on infrastructure), timestamps, user agent.
Gameplay data: player name (pseudonym), score, game statistics (e.g., kills, survival time), internal player ID.
Security/anti‑cheat data: suspicious movement patterns, message frequency, integrity flags.
Sign‑in data (if you sign in with Google): ID token payload (stable Google sub identifier), name, email, profile picture as provided by Google.
Advertising data: cookies or similar technologies of advertising partners (e.g., Google) as required to serve ads, measure performance, apply frequency capping, and (where permitted) personalize ads.
Logs: server logs and diagnostic information to ensure reliability and security.

We process this data to provide the multiplayer game, secure our systems, prevent abuse, and improve the product.

3. Google Services & Cookies

We integrate the following Google services:

Google Analytics: We use Google Analytics 4 to collect anonymous usage statistics (page views, events, demographics) to better understand how users interact with our game. Google Analytics uses cookies to track user activity.
Google AdSense: We integrate Google advertising services to serve ads. Vendors may use cookies or similar technologies (e.g., web beacons) to serve ads, measure their performance, and show personalized or contextual advertising depending on regional consent settings.

Google and participating partners may place and read cookies in your browser and use IP addresses or other identifiers (e.g., device identifiers) to store and retrieve data obtained through these services on this site.

Learn how Google uses data on partner sites: Google – How we use information from sites or apps that use our services.

To opt out of Google Analytics, you can install the Google Analytics Opt-out Browser Add-on.

4. Legal Bases

Art. 6(1)(b) GDPR – providing the website and game (contractual or pre‑contractual measures).
Art. 6(1)(f) GDPR – legitimate interests (IT security, fraud prevention, product improvement, abuse prevention).
Art. 6(1)(a) GDPR – where you give consent for cookies and/or personalized advertising (depending on regional consent requirements).

5. Google Identity / Sign‑In

If you sign in with Google, we validate your Google ID token (OAuth/OpenID). The server receives a signed token containing your Google‑specific sub ID (stable pseudonymous identifier). This is used locally for authentication/account linking and storing your statistics. We do not store passwords.

6. Storage Periods

Game statistics (leaderboards, historical games): until account deletion or valid objection/withdrawal.
Logs and anti‑cheat data: typically 30–90 days, unless needed longer for security analyses.
Session/reconnect tokens: until expiration or manual reset.

7. Recipients

We share data only with service providers or infrastructure/analytics vendors as necessary to provide the service (e.g., hosting, CDN, logging), or where legally required. For Google Ads/AdSense, Google and certain ad partners may act as independent controllers.

8. International Transfers

Where data is transferred to countries outside your jurisdiction, we rely on appropriate safeguards (e.g., standard contractual clauses) or other legal mechanisms as applicable. Google describes its transfer mechanisms in its policies.

9. Your Rights (GDPR/UK)

Access to personal data
Rectification
Erasure ("right to be forgotten")
Restriction of processing
Data portability (where technically feasible)
Objection to processing based on legitimate interests
Withdrawal of consent with effect for the future

To exercise your rights, please use the contact form provided on our Legal Disclosure page. We may request proof of identity to prevent abuse.

10. Children

The game is not directed at children under 13. If we become aware of unauthorized data collection, we will delete the data where possible.

11. Security

We implement technical and organizational measures (e.g., transport encryption, input validation, anti‑cheat checks) to protect data against manipulation or unauthorized access.

12. Changes to this Policy

We may update this Privacy Policy if technical or legal requirements change. The latest version will always be available on this page.

13. Contact & Complaints

For questions or complaints, please use the contact form on our Legal Disclosure page. You also have the right to lodge a complaint with a supervisory authority.

Note: This page does not constitute legal advice. Requirements vary by region (e.g., GDPR/ePrivacy in the EU/UK, U.S. state privacy laws).