Register Log in

Privacy policy

Last updated: 22 May 2026

1. Who we are

JMBLD is operated by the publisher of jmbld.fun (the "Controller"). For privacy enquiries write to [email protected].

2. What we collect

  • Account data (email, username, hashed password) - only if you register.
  • Game data (moves, runs, hints used, trophies, streaks).
  • A locale cookie storing your language preference.
  • A guest code in your browser's localStorage so we can resume a guest game across reloads.
  • IP address and approximate location (country/region only), used for abuse prevention and geo-aware leaderboards.
  • Billing identifiers from Stripe (customer ID, subscription ID) - only if you subscribe.

3. Why we process it

We process data for the following purposes:

  • Run the game (mandatory functional data, e.g. moves).
  • Leaderboards and statistics (your gameplay results, aggregated daily).
  • Authentication and account security.
  • Enforce play-pace limits for free and guest players (countdown locks between runs).
  • Process subscription payments via Stripe.
  • Fraud, abuse, and bot detection (IP and device signals; limited retention).

4. Legal bases

  • Performance of a contract - game, account, billing.
  • Consent - optional cookies. You can withdraw it at any time from the "Manage cookies" link in the footer.
  • Legitimate interests - fraud prevention, security, basic analytics. Balanced against your rights; you can object.
  • Legal obligation - tax records for paid subscriptions.

5. Who we share data with

  • Stripe - payment processing for subscriptions and coin bundles.
  • Cloudflare - DDoS protection and traffic routing.
  • We do not sell personal data. We do not share it with other advertisers, brokers, or data aggregators.

6. International transfers

Some processors (Google, Stripe, Cloudflare) are based in the United States. Transfers rely on the EU–US Data Privacy Framework and Standard Contractual Clauses where applicable.

7. Retention

  • Game runs and daily counters: retained while your account is active.
  • IP logs: 30 days for abuse prevention.
  • Billing records: 7 years where required by law.

8. Your rights

Under GDPR and UK GDPR you have the right to:

  • Access your data.
  • Rectify inaccurate data.
  • Request erasure (the "right to be forgotten").
  • Restrict processing.
  • Object to processing based on legitimate interests.
  • Data portability.
  • Withdraw consent at any time without affecting prior lawful processing.
  • Lodge a complaint with your local Data Protection Authority.

To exercise any of these rights write to [email protected]. We respond within 30 days.

9. Cookies and similar tech

  • Functional cookies (locale, session, the consent decision itself) - always on, no choice required, strictly necessary.
  • We currently do not load third-party advertising cookies. If that changes we will re-prompt this banner before any are set.

10. Ads and play-pace limits

We do not currently run third-party advertising. Free and guest players see short countdown locks between runs in Infinite mode and an occasional gate on the home page, to keep server load predictable. Subscribers are exempt.

We count completions of those countdowns per day per user (or per guest code) so we can size the limits. This is a count, not a profile, and never leaves our database.

11. Children

The game is not directed at children under 13. We do not knowingly process personal data of children under 13 (or under 16 in countries where that is the digital-age-of-consent threshold) without verifiable parental consent. If you believe a child has provided us data write to [email protected] and we will delete it.

12. Changes to this policy

We will update this policy as needed. Material changes are signalled by re-prompting the consent banner - your previous decision is invalidated and you choose again.