Privacy Policy
Last updated: April 24, 2026 Version: 2026-04-24
This Privacy Policy describes how ReenTech LLC ("ReenTech", "we", "our", or "us") processes information when you use Color Conquest (the "Service").
We take privacy seriously and designed the Service around the principle of minimum-necessary data. We do not collect real names, email addresses, phone numbers, or payment information. We do not sell or share personal data with advertisers.
1. Who is the Data Controller
ReenTech LLC is the data controller for personal data processed in connection with the Service. For any privacy-related question or request, contact legal@reentechllc.com.
We are a U.S. company, and the Service is hosted in the United States on Cloudflare infrastructure. If you access the Service from outside the United States, including from the European Economic Area, the United Kingdom, or Switzerland, your information will be transferred to and processed in the United States.
2. What Data We Process
2.1 Data you provide
- Chosen handle — the public identifier made of a color slug, a word you pick, and a six-character color hex. Stored in cleartext; visible to other players.
- Hashed passphrase — your passphrase is stored only as a PBKDF2-SHA256 hash. We never store your passphrase in cleartext and cannot recover it.
- Declared location — if you choose to place yourself on the map, your latitude and longitude are stored along with a coarse geohash. This is used to match you with opponents within 500 km. You can set, clear, or change this at any time.
- Combat stance — three integers (Glow, Spark, Heat) describing your current combat posture.
2.2 Data generated by gameplay
- Ledger entries — the sources of color you have absorbed through combat, stored as weights tied to player or bot identifiers.
- Energy state — remaining daily fights, regeneration timer.
- Fight history — records of fights you participated in (attacker, defender, winner, timestamp).
2.3 Technical data
- IP address — Cloudflare logs IP addresses for every request. We also use your IP (never persisted in our own database) to apply rate limits that protect the Service from abuse.
- Request logs — standard access logs (URL, method, status, user agent, timestamp), retained by Cloudflare according to its own retention policy.
2.4 What we do not collect
We do not ask for, and do not store: your real name, email address, phone number, date of birth, government ID, payment card, or any information that directly identifies you outside of what you voluntarily put into your handle.
3. Why We Process This Data (Legal Bases under GDPR)
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Operating your account and gameplay (handle, passphrase, ledger, energy, stance) | Performance of a contract (Art. 6(1)(b)) — you agree to the Terms to use the Service |
| Matching you with opponents within 500 km (declared location) | Performance of a contract (Art. 6(1)(b)) |
| Rate limiting and abuse prevention (IP address) | Legitimate interests (Art. 6(1)(f)) — protecting the Service and other players |
| Keeping fight history (for leaderboards and profile display) | Performance of a contract (Art. 6(1)(b)) |
| Privacy-respecting traffic analytics (see Plausible below) | Legitimate interests (Art. 6(1)(f)) |
4. Third-Party Processors
We use the following third parties to operate the Service. We do not share personal data for advertising, profiling, or resale.
- Cloudflare, Inc. — hosts the application (Workers), database (D1), stateful objects (Durable Objects), queues, rate-limiting buckets, and request logs. Personal data processed: IP address, request metadata, all account and game data.
- MapTiler (Stadia Maps / MapTiler AG) and/or OpenFreeMap — these are the map-tile providers used by the
/map,/t/:handle, and related pages. When your browser requests map tiles, those providers receive your IP address and the tile coordinates requested. The Service may switch between these providers over time. - Plausible Analytics — a privacy-respecting analytics product used to count page views and referrers in aggregate. Plausible does not use cookies, does not collect IP addresses or personal data, and does not track users across sites. It is self-described as GDPR, PECR, and CCPA compliant.
5. Cookies and Local Storage
We use a minimal set of strictly-necessary technical cookies. We do not use cookies for advertising, profiling, or cross-site tracking.
| Name | Type | Purpose | Duration |
|---|---|---|---|
cc_sid |
HttpOnly, Secure, SameSite=Strict | Your signed session identifier — lets you stay logged in. | 30 days |
cc_hint |
HttpOnly, Secure, SameSite=Lax | Advisory flag that tells the app a session exists, used to work around SameSite=Strict on external-link arrivals. Never used for authentication. |
30 days |
We also store the following in your browser's local storage on your device:
theme— your preferred light/dark mode. Optional. Persists until you clear your browser data.
Because these cookies are strictly necessary to provide the Service, no consent banner is required under the ePrivacy Directive. Plausible Analytics does not set any cookies.
6. Data Retention
- Active account data (handle, passphrase hash, location, ledger, energy, stance, fight history) is retained for as long as your account exists.
- Fight records are retained indefinitely as part of the public game history and are referenced by other players' ledgers.
- Cloudflare request logs are retained according to Cloudflare's own retention policy (typically short, on the order of days to a few weeks).
- If you request deletion, we remove your account row, your ledger entries, and your session data within 30 days. Fight records may be anonymized rather than deleted where required to preserve other players' ledger integrity.
7. Your Rights
Depending on where you live, you may have one or more of the following rights:
If you are in the European Economic Area, the United Kingdom, or Switzerland (GDPR / UK GDPR)
- Access (Art. 15) — a copy of the personal data we hold about you.
- Rectification (Art. 16) — correction of inaccurate data.
- Erasure (Art. 17) — deletion of your account.
- Restriction (Art. 18) — limit our processing in specific circumstances.
- Portability (Art. 20) — receive your data in a machine-readable format.
- Object (Art. 21) — object to processing based on legitimate interests.
- Lodge a complaint with your local data protection authority.
If you are a California resident (CCPA / CPRA)
- Right to know what personal information we collect, use, disclose.
- Right to delete your personal information.
- Right to correct inaccurate personal information.
- Right to non-discrimination for exercising these rights.
- We do not sell personal information, and we do not share personal information for cross-context behavioral advertising.
How to exercise your rights
Email legal@reentechllc.com from an address that can be reasonably associated with your account (for example, because you reference your handle in the message). We respond within 30 days. Because we do not collect emails, we cannot always verify identity strongly; we may ask for additional confirmation.
8. Children
The Service is not intended for children under 13. If we learn that we have collected personal information from a child under 13, we will delete the account. If you believe a child under 13 has provided personal information, contact legal@reentechllc.com.
9. Security
We hash passphrases with PBKDF2-SHA256 and sign session cookies with HMAC-SHA256. We transport all data over HTTPS. No system is perfectly secure; if you suspect your account has been compromised, contact legal@reentechllc.com immediately and change your passphrase.
10. International Transfers
The Service is hosted in the United States. Data you provide will be transferred to and processed in the United States. For users in the European Economic Area, the United Kingdom, or Switzerland, this transfer relies on the legal basis you have given by entering into these Terms and using the Service, and on the U.S. third-party processors' own compliance frameworks (Cloudflare operates under the EU-U.S. Data Privacy Framework).
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will change the "Last updated" date and version at the top of this page. Continued use of the Service after changes take effect constitutes your acceptance of the updated Policy.
12. Contact
For any privacy question or to exercise your rights, email legal@reentechllc.com.