Privacy Policy

MindRift Arena ("we", "us") is a real-time competitive brain-sport platform. This policy explains what data we collect when you use the service at mindrift.gg, how we use it, and what rights you have over it.

If you have questions, email us at privacy@mindrift.gg.

Account data

• Email address — used for account verification, password reset, and optional notifications
• Username and display name — shown publicly on leaderboards and in matches
• Password — stored as a one-way bcrypt hash; we never see your plaintext password
• Country — optional, used for regional leaderboards

Game data

• Match history, ELO rating, win/loss record, XP, and coins
• Daily streak and quest progress
• Battle Pass tier and clan membership
• Answers submitted in matches — used for anti-cheat flagging and stat tracking
• Code submitted in code-execution problems — stored temporarily for replay and review

Technical data

• IP address — used for rate limiting and abuse prevention; not linked to your public profile
• Browser push subscription endpoint — only if you grant notification permission
• Basic session analytics (page views, match start/end events) via PostHog — anonymised
• Error traces via Sentry — include stack traces and request context, no passwords

OAuth (if you sign in with Discord or Google)

• We receive your provider user ID, email, and display name from Discord or Google
• We do not receive or store your OAuth access/refresh tokens after account creation

• Run the game — matchmaking, scoring, leaderboards, progression
• Send transactional emails — account verification, password reset. No marketing email without consent
• Detect and remove cheaters via the anti-cheat flag system
• Fix bugs — error traces help us identify and resolve crashes
• Improve the product — anonymised analytics show which features are used

We use the following sub-processors to operate the service:

• Neon / PostgreSQL — database hosting (your account and game data)
• Render.com — server hosting (processes all requests)
• Resend — transactional email delivery (receives your email address to deliver messages)
• PostHog — product analytics (anonymised events only)
• Sentry — error monitoring (stack traces, no passwords or full request bodies)

Each of these services has their own privacy policy. We only share the minimum data each service needs to function.

• Account data is kept as long as your account is active
• Match history and game stats are kept indefinitely to maintain leaderboard integrity
• Email verification tokens expire after 24 hours; password reset tokens expire after 1 hour
• Anti-cheat flags are reviewed by admins and retained for moderation purposes
• If you delete your account, your email and password hash are removed within 30 days. Username and anonymised game stats may be retained to preserve historical match records

You have the right to:

• Access the personal data we hold about you
• Correct inaccurate data (username, display name, country) via your profile
• Request deletion of your account and personal data
• Withdraw push notification consent at any time via your browser settings
• Object to processing — contact us and we will respond within 30 days

To exercise any of these rights, email privacy@mindrift.gg.

We do not use cookies for tracking. We use localStorage in your browser to store your JWT session token and cached profile data. No third-party tracking cookies are set.

MindRift Arena is not directed at children under 13. We do not knowingly collect data from anyone under 13. If you believe a child has registered, contact us at privacy@mindrift.gg and we will delete the account.

If we make material changes, we will update the effective date above and post a notice in the game. Continued use after the notice constitutes acceptance.