Last updated: May 27, 2026
Privacy Policy
This Privacy Policy describes how Sudoku Arena processes users' personal data to provide the service, manage passwordless accounts, profiles, games, progress, leaderboards, multiplayer challenges, technical communications, security and optional consent-based analytics.
1. Data controller
The data controller is Sudoku Arena.
For questions about personal data processing or to exercise privacy rights, you can write to [email protected].
2. Personal data processed
- Account data: username, email address, country, selected avatar, user identifier, account creation and update date.
- Authentication data: email address, temporary access codes, purpose of the request, expiry and usage status of the code. The codes are used to allow passwordless access and to protect relevant operations, such as changing the email address.
- Profile and progress data: experience, level, statistics, achievements, game history, completed or ongoing games.
- Game data: assigned puzzle, mode, size, difficulty, game status, entered values, notes, elapsed time, pauses, mistakes, hints used, start, save and completion date.
- Challenge and leaderboard data: lobby, invitation code or link, host, participants, settings, game status, moves, times, mistakes, results, winner and leaderboards.
- Data related to use without an account: temporary technical identifiers, local preferences and game data needed to allow the guest experience.
- Technical and security data: IP address, device and browser information, technical logs, error events, diagnostic data, service requests and information generated by hosting, security and traffic protection systems.
- Data saved in the browser: language, theme, approximate country, user or guest identifier, profile cache, privacy preferences and analytics preference.
- Optional analytics data: site usage events, visited page or section, language, aggregated or pseudonymous technical information and interactions with features, processed only if the user gives consent.
3. Data not required by the service
- Sudoku Arena does not require traditional passwords: access takes place through a temporary code sent by email.
- Sudoku Arena does not require payment data, banking data, billing addresses or precise geolocation data.
- Sudoku Arena does not use advertising cookies or third-party marketing profiling tools, except for any future changes that will be indicated in the Cookie Policy and, where necessary, subject to consent.
4. Purposes and legal bases
| Purpose | Main data | Legal basis |
|---|---|---|
| Account creation and management | Username, email, country, avatar, user identifier | Performance of the contract or pre-contractual measures |
| Passwordless access and email change | Email, temporary codes, expiry and request status | Performance of the contract and legitimate interest in service security |
| Provision of the game | Games, grids, times, mistakes, hints, progress and preferences | Performance of the contract |
| Leaderboards, levels, achievements and challenges | Results, statistics, username, lobbies, matches and winners | Performance of the contract and legitimate interest in platform fairness |
| Security, abuse prevention and diagnostics | Technical logs, IP, errors, anomalies, abuse attempts and infrastructure data | Legitimate interest and security obligations |
| Optional analytics | Usage events, visited pages or sections, language and pseudonymous data | User consent |
| Technical communications by email | Email and message content necessary for access or account security | Performance of the contract and legitimate interest in security |
5. Processing methods and security
Data is processed with IT tools and technical and organizational measures proportionate to the nature of the service, with the aim of ensuring its availability, integrity, confidentiality and proper functioning.
Sudoku Arena uses temporary-code access procedures, server-side controls, anti-abuse measures, logging systems and diagnostic tools. Access to data is limited to what is necessary to provide, maintain, protect and improve the service.
Some information is saved in the user's browser to maintain preferences, the application session and continuity of the game experience.
6. Data retention
- Accounts, profiles, progress, games, levels, achievements and challenges are retained for as long as the account remains active or for as long as they are needed for the purposes of the service.
- Data related to games and leaderboards may be retained to maintain progress history, ensure leaderboard fairness and prevent abuse.
- Temporary access codes are retained only for the time necessary for verification, security and abuse prevention.
- Technical logs are retained for 30 days, unless further retention is necessary for security, investigation of abuse, protection of rights or legal obligations.
- If the account is deleted, the main data linked to the profile is removed or made no longer associated with the user, except for data temporarily retained in technical logs, backups, security systems or for legal obligations.
- Preferences saved in the browser remain on the device until the user deletes them, changes the preferences or clears browser data.
7. Third-party services and external processors
| Service | Purpose | Data processed |
|---|---|---|
| Railway | Hosting of the application infrastructure and related services | Application data, technical logs, IP and data generated by the use of the service, according to the production configuration |
| Resend | Sending technical emails, such as temporary access and verification codes | Email address, technical content of the message and data necessary for delivery |
| PostHog EU | Optional analytics and measurement of site usage, only with prior consent | Usage events, pseudonymous identifiers, technical information and event properties configured by Sudoku Arena |
| Cloudflare | Protection, traffic routing, performance, security and approximate country detection | IP, technical request data, security information and approximate country derived from the connection |
8. Transfers outside the European Economic Area
Some providers may also process data outside the European Economic Area, directly or through sub-processors. In these cases, the transfer takes place on the basis of the tools provided for by applicable law, such as adequacy decisions, standard contractual clauses or other appropriate safeguards.
For analytics, the European region of PostHog is used when the service is active and the user has given consent.
9. User rights
The user may request access, rectification, deletion, restriction, objection, data portability and, where processing is based on consent, withdrawal of consent.
Requests can be sent to [email protected]. The user can also edit some data from the profile and delete the account through the features available on the platform.
The user also has the right to lodge a complaint with the competent supervisory authority, in particular with the Italian Data Protection Authority, if they believe that the processing violates applicable law.
10. Analytics consent and privacy preferences
Optional analytics are disabled until the user gives consent. Refusal or withdrawal of consent does not prevent the use of Sudoku Arena's essential features.
Withdrawal of consent prevents the sending of new analytics events and may result in the removal of analytics identifiers saved in the browser, according to the features available on the site.
The user can also manage cookies, localStorage and other similar technologies from the browser settings, bearing in mind that deleting technical data may affect preferences, session and game continuity.
11. Minors
Sudoku Arena is a recreational and educational service, but it is not designed to intentionally collect data from minors without the consent or supervision of the person exercising parental responsibility or guardianship.
If a parent or guardian believes that a minor has provided personal data without adequate consent, they can contact [email protected] to request the appropriate checks and actions.
12. Changes and contacts
This Privacy Policy may be updated when features, providers, processing purposes or regulatory obligations change. The last updated date indicates the published version.
For privacy questions or to exercise rights, you can write to [email protected]. For general service requests, you can write to [email protected].