Privacy Policy

Last updated: 7/16/2026.

This page explains in plain terms what Jungle Arena collects, why, where it's stored, and what you can do to leave with your belongings.

Who is responsible?

Jungle Arena is a personal site with no commercial entity. The data controller is the site's developer. To exercise your rights or for any question, write to: info@jungle-arena.com.

What data we collect

  • Account : username, email, password (hashed with bcrypt, never in plain text), email verification status.
  • Profile : avatar (animal + color from 48 presets), chosen visual theme, plan (free or premium).
  • Game : games played, ranking (rating, W/L/D), unlocked achievements, messages exchanged during games.
  • Social : friends list, tournaments joined, invitations sent and received.
  • Session : a jg_session HttpOnly cookie to keep you signed in (~30 days).
  • Payment (if Premium) : no card data is stored on our side. Stripe handles the payment and only returns a customer ID + subscription status.
  • Transactional email : email address sent to Resend solely to send verification, password reset and Premium confirmation emails.
  • Analytics (optional) : if you accept, Vercel Analytics sets an anonymous identifier to count visits. Refusal is respected 100%.

No personal file uploads. Avatars are chosen from 48 predefined combinations, we store no user image.

Why we collect this

  • Sign you in and keep your session open.
  • Let you play with your friends and compute your ranking.
  • (If you accept) understand which pages work to improve the site.

Legal basis: contract (account/game) and consent (analytics).

Where it's stored (sub-processors)

  • Database: Neon (serverless Postgres, EU hosting by default).
  • Application hosting: Vercel (United States and Europe depending on the region).
  • Payment: Stripe (United States, PCI-DSS certified, signed DPA).
  • Transactional email: Resend (United States, signed DPA).
  • Analytics: Vercel Analytics — no advertising cookie, no resale, no fingerprinting.
  • Error monitoring (optional): Sentry — does not capture PII from error messages when enabled.

How long

  • Account: until you request deletion.
  • Sessions: 30 days, then automatically expired.
  • Finished games: kept for the ranking history.

Your rights (GDPR)

You have the right to access, rectify, erase, port, restrict, and object to the processing.

  • One-click account deletion: from your profile → “Danger zone” → “Delete my account”. Immediate and irreversible: your email, username, avatar and friendships are erased. Your game history stays accessible to your opponents under an anonymized username (deleted_XXXX) to preserve their record, that's the only trace left, with no PII whatsoever.
  • Edit your data: username, email, password, avatar → editable from your profile.
  • Withdraw your analytics consent: revisit the home page after clearing your site data, and the cookie banner will reappear.

For any other request (data export, objection, etc.): info@jungle-arena.com. You can also file a complaint with the CNIL.

Cookies used

NameRoleDurationOptional?
jg_sessionSign-in / session30 daysNo, without it you can't play signed in.
jg_consentRemembers your cookie choiceLocal (localStorage)Essential to honoring your choice.
va-*Vercel AnalyticsVariableYes, only if you accept.