Privacy Policy
Last updated: 7/16/2026.
This page explains in plain terms what Jungle Arena collects, why, where it's stored, and what you can do to leave with your belongings.
Who is responsible?
Jungle Arena is a personal site with no commercial entity. The data controller is the site's developer. To exercise your rights or for any question, write to: info@jungle-arena.com.
What data we collect
- Account : username, email, password (hashed with bcrypt, never in plain text), email verification status.
- Profile : avatar (animal + color from 48 presets), chosen visual theme, plan (free or premium).
- Game : games played, ranking (rating, W/L/D), unlocked achievements, messages exchanged during games.
- Social : friends list, tournaments joined, invitations sent and received.
- Session : a
jg_sessionHttpOnly cookie to keep you signed in (~30 days). - Payment (if Premium) : no card data is stored on our side. Stripe handles the payment and only returns a customer ID + subscription status.
- Transactional email : email address sent to Resend solely to send verification, password reset and Premium confirmation emails.
- Analytics (optional) : if you accept, Vercel Analytics sets an anonymous identifier to count visits. Refusal is respected 100%.
No personal file uploads. Avatars are chosen from 48 predefined combinations, we store no user image.
Why we collect this
- Sign you in and keep your session open.
- Let you play with your friends and compute your ranking.
- (If you accept) understand which pages work to improve the site.
Legal basis: contract (account/game) and consent (analytics).
Where it's stored (sub-processors)
- Database: Neon (serverless Postgres, EU hosting by default).
- Application hosting: Vercel (United States and Europe depending on the region).
- Payment: Stripe (United States, PCI-DSS certified, signed DPA).
- Transactional email: Resend (United States, signed DPA).
- Analytics: Vercel Analytics — no advertising cookie, no resale, no fingerprinting.
- Error monitoring (optional): Sentry — does not capture PII from error messages when enabled.
How long
- Account: until you request deletion.
- Sessions: 30 days, then automatically expired.
- Finished games: kept for the ranking history.
Your rights (GDPR)
You have the right to access, rectify, erase, port, restrict, and object to the processing.
- One-click account deletion: from your profile → “Danger zone” → “Delete my account”. Immediate and irreversible: your email, username, avatar and friendships are erased. Your game history stays accessible to your opponents under an anonymized username (
deleted_XXXX) to preserve their record, that's the only trace left, with no PII whatsoever. - Edit your data: username, email, password, avatar → editable from your profile.
- Withdraw your analytics consent: revisit the home page after clearing your site data, and the cookie banner will reappear.
For any other request (data export, objection, etc.): info@jungle-arena.com. You can also file a complaint with the CNIL.
Cookies used
| Name | Role | Duration | Optional? |
|---|---|---|---|
| jg_session | Sign-in / session | 30 days | No, without it you can't play signed in. |
| jg_consent | Remembers your cookie choice | Local (localStorage) | Essential to honoring your choice. |
| va-* | Vercel Analytics | Variable | Yes, only if you accept. |