Privacy Policy
Effective date: April 11, 2026
This Privacy Policy explains how Pixel Color Wars ("we", "our", "us") collects, uses, and shares information when you visit pixelcolorwars.com (the "Site") and play the game. This policy is provided as a transparency notice — it is not a consent mechanism. Where we rely on your consent to process personal data, we will ask for it separately.
0. Data Controller
The data controller responsible for your personal data is:
Pixel Color Wars
Kentucky, United States of America
Email: [email protected]
We are not established in the European Economic Area (EEA) or the United Kingdom. We process EEA and UK personal data on the basis that our processing is occasional, does not involve large-scale processing of special category data, and is unlikely to result in a high risk to individuals, such that appointment of an EU/UK representative under GDPR Article 27 is not required. If this assessment changes, we will appoint a representative and update this policy.
1. Information We Collect
1a. Account data (registered users only)
If you create an account, we collect and store:
- Username — chosen by you; publicly visible in the game.
- Email address — used for account login; never shown publicly.
- Password — stored only as a salted PBKDF2-SHA-256 hash (200,000 iterations). We never store or transmit your plain-text password.
- Game statistics — total pixels claimed, round wins, power pixels captured, and earned badges.
- Shield count — your in-game defensive resource; stored server-side.
- Account created timestamp.
- Login-attempt counter and temporary lockout timestamp — used to detect brute-force attempts and lock your account for up to 15 minutes after 10 failed logins.
1b. Session data
When you log in, we create a session token (a random 64-character hex string) stored in
Cloudflare D1 alongside your user ID and an expiry timestamp. Sessions expire after 30 days. The token is stored in your browser's localStorage under the key pcw_token and sent as a Bearer token
with authenticated requests.
1c. Browser storage (all visitors)
We do not set first-party cookies. Instead, we use your browser's localStorage to store site preferences and session state. The ePrivacy Directive treats localStorage used
for advertising-related purposes the same as cookies — our consent banner covers both. The
following keys are stored locally in your browser and (unless marked otherwise) are never
sent to our servers:
| Key | What it stores | Sent to server? |
|---|---|---|
pcw_token | Auth session token for registered users | Yes — as Bearer header on authenticated requests |
pcw_lang | Active display language code (e.g. ru, ar); set by the language picker or auto-detected from your browser | No |
pcw_tribe | Last selected tribe (0–7) — UX convenience | No |
pcw_mode | Game mode preference: "local" or "online" | No |
pcw_difficulty | AI difficulty preference: easy / medium / hard / insane | No |
pcw_consent | Your ad/cookie consent choice: "granted" or absent | No |
pcw_adfree | Flag ("1") set when you purchase ad-free access | No |
pcw_tutorial_done | Flag ("1") set once you have completed or dismissed the new-player tutorial | No |
pcw_audio | JSON object storing your audio mute preference and per-category mute settings | No |
pcw_state_local / pcw_state_online | Snapshot of transient UI state (e.g. last tribe, leaderboard open) used to restore your view when switching between modes | No |
pcw_taps | Lifetime pixel-claim count | No (synced to D1 on login) |
pcw_wins | Lifetime round wins | No (synced to D1 on login) |
pcw_power_pixels | Lifetime power pixels captured | No (synced to D1 on login) |
pcw_badges | JSON array of earned badge IDs | No (synced to D1 on login) |
pcw_max_combo | All-time highest tap combo streak | No (synced to D1 on login) |
pcw_rounds | Lifetime rounds completed | No (synced to D1 on login) |
pcw_items_used | Lifetime shop items used | No (synced to D1 on login) |
pcw_reinforces | Lifetime reinforce actions used | No (synced to D1 on login) |
pcw_consec_wins | Highest consecutive-win streak ever achieved | No (synced to D1 on login) |
pcw_wins_easy / pcw_wins_medium / pcw_wins_hard / pcw_wins_insane | Round wins per AI difficulty level | No (synced to D1 on login) |
pcw_wall_zoom | Pixel Donor Wall saved zoom level (1–32) | No |
pcw_wall_session_id | UUID for Pixel Wall reservation recovery after page reload | Yes — sent to /api/pixel-wall/reservation-status to recover an active reservation |
pcw_wall_my_pixels | Cached list of pixel indices the user has purchased on the Donor Wall | No |
pcw_wall_recent_colors | Up to 16 recently used pixel colours (hex values) in the Pixel Wall colour picker | No |
1d. IP address
When you register an account, your IP address is recorded in a rate-limiting table
(ip_registrations) to prevent automated account creation. This record stores
your IP, the start of the current one-hour window, and a registration count. It is
overwritten each time a new hourly window begins and is not used for any other purpose.
1e. WebSocket connection state (in-memory only)
While you are connected to the online multiplayer game, the server holds ephemeral in-memory state for your connection: your selected tribe, coin balance, shield count, in-game power-up charges, and last-activity timestamp. This data exists only in RAM for the duration of your session and is not written to any database (except shields, which sync to D1 every 60 seconds and on disconnect). Local vs AI mode runs entirely in your browser — no connection state is sent to our servers.
1f. Game world data (public by design)
The online game state — which tribe owns which pixel — is shared among all players and is
public by design. There is no private game data attached to individual players in the game
grid. Local vs AI game state is stored exclusively in your browser's IndexedDB
(pcw_local database) and never transmitted to our servers.
2. Lawful Basis for Processing (GDPR)
For users in the EEA, UK, and Switzerland, we process personal data under the following lawful bases under GDPR Article 6:
| Processing activity | Lawful basis |
|---|---|
| Account creation, authentication, and session management | Performance of contract — Art. 6(1)(b) |
| Storing game statistics and badges | Performance of contract — Art. 6(1)(b) |
| Login rate-limiting and account lockout | Legitimate interests (security) — Art. 6(1)(f) |
| IP rate-limiting on registration | Legitimate interests (preventing abuse) — Art. 6(1)(f) |
| Personalised advertising via Google AdSense | Consent — Art. 6(1)(a) |
| Non-personalised advertising (when consent is denied) | Legitimate interests — Art. 6(1)(f) |
| Aggregate, non-personal site analytics | Legitimate interests — Art. 6(1)(f) |
| Processing payments via Stripe (when available) | Performance of contract — Art. 6(1)(b) |
| Pixel Donor Wall — collecting display name, message, pixel colour, and custom drawing | Performance of contract — Art. 6(1)(b) |
| Pixel Donor Wall — collecting email address for purchase receipt | Performance of contract — Art. 6(1)(b) |
| Pixel Donor Wall — recording IP address and User-Agent for fraud prevention | Legitimate interests (fraud prevention, dispute evidence) — Art. 6(1)(f) |
| Sending transactional emails via Resend | Performance of contract — Art. 6(1)(b) |
3. How We Use Your Information
- To operate and provide the game service (both online and local modes)
- To authenticate you and maintain your session
- To track your game statistics and award badges
- To protect account security (rate limiting, lockout on failed logins)
- To serve advertisements, subject to your consent (see Section 5)
- To improve the Site using aggregate, non-personal analytics
- To process payments for optional in-game purchases (when payment features are active)
- To operate the Pixel Donor Wall — fulfilling purchases, displaying pixel colours and drawings, and linking guest purchases to accounts
- To send transactional emails (Pixel Donor Wall purchase receipts) via Resend
- To prevent fraud and abuse on the Pixel Donor Wall (IP recording at checkout, chargeback dispute evidence)
We do not sell your personal data. We do not use your data for automated decision-making that produces legal or similarly significant effects. We do not use your data for any purpose incompatible with those listed above without first informing you and, where required, obtaining your consent.
4. Third-Party Services and International Transfers
4a. Cloudflare (infrastructure)
The Site and game server run on Cloudflare Workers and Cloudflare Pages. All traffic is routed through Cloudflare's global network. Cloudflare may process your IP address and request metadata for security (DDoS protection, bot mitigation) and reliability purposes. Your account data and game statistics are stored in Cloudflare D1 (SQLite) and online game world state in Cloudflare Durable Objects. Local vs AI game state is stored in your browser's IndexedDB only.
Cloudflare is a US-based company. Data transfers to Cloudflare from the EEA/UK are covered by Cloudflare's Standard Contractual Clauses (SCCs) and their participation in applicable data transfer frameworks. See Cloudflare's Privacy Policy for details.
4b. Google AdSense (advertising)
We use Google AdSense (publisher ID: ca-pub-5276620986793316)
to display advertisements. AdSense is operated by Google LLC, 1600 Amphitheatre Parkway,
Mountain View, CA 94043, USA.
When you visit the Site and have granted ad consent, Google AdSense may:
- Set third-party advertising cookies and use similar tracking technologies on your device
- Collect your IP address, browser type, device identifiers, and browsing behaviour
- Use that data to serve personalised ads and measure ad performance
- Share data with Google's advertising partners
We implement Google Consent Mode v2. All four consent signals
(ad_storage, ad_user_data, ad_personalization, and analytics_storage) default to denied on every page load. They are
only updated to granted if you actively click "Got it!" on the consent banner
or "Accept Ads & Play Online" on the online mode gate. If you click "Reject
non-essential" or take no action, all four signals remain denied and no
advertising cookies are set. Ad slots are not initialised until consent is granted.
Google is a US-based company. Data transfers from the EEA/UK to Google are covered by Google's Standard Contractual Clauses. See Google's Privacy Policy, Google's Advertising Technologies Policy, and Google Ad Settings (to opt out of personalised advertising across Google services).
4c. Google Analytics 4 (site analytics)
We use Google Analytics 4 (Measurement ID: G-69SCJ1KYXJ),
operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, to
understand how visitors use the Site.
Google Analytics 4 may collect:
- Pages visited and time spent on each page
- Game events including: mode selected (Local vs AI or Online), tribe chosen, shop items purchased (name, quantity, coins spent), shop items deployed, round outcomes, and authentication method (register / login / guest)
- Game context sent with events: selected difficulty level (easy / medium / hard / insane), game mode, and tribe name
- Persistent user properties set in GA4 to associate events across a session: tribe name, game mode, and difficulty — all non-personal gameplay preferences
- Device type, browser, operating system, and approximate location (country/region derived from IP address)
- Referring URL and session duration
We implement Google Consent Mode v2. Because we rely on legitimate interests
as the lawful basis for analytics (not consent), the analytics_storage signal
is set to granted by default — meaning GA4 runs without requiring you to click
the consent banner. No advertising cookies are set by GA4; only a first-party analytics
cookie (_ga) is used to distinguish sessions. Ad-related signals
(ad_storage, ad_user_data, ad_personalization) remain denied until you actively grant ad consent. We do not share any personally
identifiable data with Google Analytics — all custom event parameters and user properties
we send are non-personal gameplay statistics (tribe names, item names, difficulty levels,
and round outcomes). No usernames, email addresses, or account identifiers are ever sent
to Google Analytics.
You can opt out of Google Analytics tracking across all websites by installing the Google Analytics Opt-out Browser Add-on. Data transfers from the EEA/UK to Google are covered by Google's Standard Contractual Clauses. See Google's Privacy Policy for details.
4d. Stripe (payments)
Payment processing for Pixel Donor Wall purchases (and any future coin or ad-free purchases) is handled by Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA. Stripe will collect your payment card details, billing information, and transaction data directly. We do not store card numbers or full payment details on our servers. Data transfers from the EEA/UK to Stripe are covered by Stripe's Standard Contractual Clauses. See the Stripe Privacy Policy for details.
4e. Resend (transactional email)
We use Resend (operated by Resend Inc.) to send transactional emails, including Pixel Donor Wall purchase receipts. When you complete a Wall purchase, your email address is transmitted to Resend solely for the purpose of delivering your receipt. Resend does not use your email address for marketing or third-party advertising. Data transfers from the EEA/UK to Resend are covered by Standard Contractual Clauses. See the Resend Privacy Policy for details.
5. Advertising, Consent, and Online Mode Access
The online multiplayer server is provided free of charge and is funded entirely by advertising revenue. Accordingly:
- Local vs AI mode is available to all visitors with no ad consent required. No advertising cookies are set in this mode. Ad units are only displayed to users who have previously accepted the cookie consent banner in a prior session; visitors who have not yet consented, or who have rejected consent, will not see any ads.
- Online multiplayer mode requires that you accept advertising cookies (by clicking "Got it!" on the consent banner or "Accept Ads & Play Online" on the online mode gate). Users who have purchased ad-free access may access online mode without accepting advertising cookies.
This is a "pay or okay" model: you may access online multiplayer either by accepting personalised advertising, or by purchasing ad-free access. Local vs AI mode is always available as a free alternative with no advertising or consent requirement.
You may withdraw your ad consent at any time by clicking the cookie settings button (accessible on every page) and selecting "Reject non-essential". Withdrawing consent will remove your access to online multiplayer mode until consent is re-granted or ad-free access is purchased. Your withdrawal does not affect the lawfulness of processing carried out before withdrawal.
California residents (CCPA): We do not sell your personal data. However, Google AdSense may constitute "sharing" of personal data for cross-context behavioural advertising under the California Privacy Rights Act (CPRA). You may opt out of this sharing by clicking "Reject non-essential" in the cookie settings. This opt-out applies regardless of whether you are in online or local mode.
6. Data Retention
| Data | Retention period |
|---|---|
| Session tokens | 30 days, then automatically deleted on logout or expiry |
| IP rate-limit records | Overwritten after each 1-hour window; not archived |
| Account data (username, email, password hash, stats, badges) | Until you request deletion (see Section 7) |
| Browser localStorage data | Until you clear your browser storage or request deletion |
| Local vs AI game state (IndexedDB) | Until you clear your browser storage or reset the game |
| In-memory WebSocket state | Duration of your active connection only |
7. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access — request a copy of the personal data we hold about you
- Rectification — ask us to correct inaccurate data
- Erasure — ask us to delete your account and associated personal data
- Restriction — ask us to limit how we process your data
- Portability — receive your personal data in a portable, machine-readable format
- Objection — object to processing based on legitimate interests
- Withdraw consent — withdraw your advertising consent at any time via the cookie settings button; withdrawal does not affect prior lawful processing
EEA and UK residents have these rights under the GDPR / UK GDPR. California residents have similar rights under the CCPA/CPRA, including the right to opt out of the sharing of personal data for cross-context behavioural advertising (see Section 5).
Right to lodge a complaint: If you are in the EEA or UK and believe we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with your national data protection supervisory authority — for example, the Information Commissioner's Office (ICO) in the UK (ico.org.uk), or the supervisory authority in your EU member state. We would, however, appreciate the opportunity to address your concern first — please contact us at the address in Section 10.
To exercise any right, contact us at [email protected]. We will respond within 30 days (or within the timeframe required by applicable law).
8. Donor Pixel Wall
The Donor Pixel Wall feature collects additional personal data from users who purchase pixels. This section supplements the general information above.
8a. Data collected at checkout
- Email address — collected to send a purchase receipt and to link future guest purchases to a registered account. Stored in our D1 database under the purchase record. Never shown publicly.
- Display name (optional) — shown on hover when other users mouse over your pixels. You may use your username, a custom name (max 40 chars), or remain Anonymous.
- Message (optional, max 200 chars) — shown on hover alongside your display name.
- Custom pixel drawing (optional) — a PNG image painted over your selected pixels using the built-in drawing tools during checkout. Stored server-side (initially in Cloudflare D1 as base-64; migrated to Cloudflare R2 object storage when available). Displayed on the Wall at close zoom for all visitors.
- Chosen pixel colour — permanently associated with your pixels on the Wall.
- IP address and User-Agent — recorded at checkout time for fraud prevention and compliance purposes only.
- Country (derived from Cloudflare's
CF-IPCountryheader) — recorded for tax compliance purposes.
8b. Payment processing and storage
Pixel wall purchases are processed by Stripe, Inc. (see Section 4d). We do
not store payment card details. Stripe returns a session_id on successful payment
which we use to match the payment to the reserved pixels. A purchase record (including pixel
indices, colour, display name, message, and email) is stored in our Cloudflare D1 database and
in the Pixel Wall Durable Object's co-located SQLite database.
Custom pixel drawings (PNG images) are stored server-side. Initially they are stored as
base-64 encoded data in Cloudflare D1. As storage is migrated, drawings are moved to Cloudflare R2 object storage (bucket: pixel-images) and the D1
copy is cleared. Both storage locations are operated by Cloudflare, Inc. (see Section 4a).
A purchase receipt email is sent via Resend (see Section 4e) to the email
address you provided at checkout.
8c. Public display
If you provide a display name, it is shown to all visitors who hover over your pixels. If you provide a message, it is shown alongside your display name. If you painted a custom drawing, it is rendered on the Wall canvas when visitors zoom in close enough. If you choose to remain Anonymous, no personal data (name or message) is visible on the Wall. The pixel colour you chose and any custom drawing are always visible to all visitors regardless of your privacy settings.
8d. Your rights over Wall data
Logged-in users can edit or erase their display name, message, and associated email from any purchase at any time via their account profile. Guest purchasers can link their purchases to a registered account using the email address provided at checkout. The "erase my data" option permanently nulls the display name, message, email, and custom drawing for a purchase. Your pixel colour and position on the Wall remain unchanged after erasure.
To exercise your right to erasure, you may also contact us at [email protected] and we will process your request within 30 days.
8e. Retention
| Data | Retention period |
|---|---|
| Pixel colour and position | Permanent (as long as the Wall exists) |
| Display name and message | Until erased by the user or removed for policy violation |
| Custom pixel drawing (PNG) | Until erased by the user via "erase my data" or removed for policy violation; stored in Cloudflare D1 (base-64) then migrated to Cloudflare R2 |
| Email address (purchase record) | Until erased by the user via the "erase my data" option or on account deletion |
| IP address and User-Agent (checkout) | 90 days, then deleted |
| Country (checkout) | Permanent alongside the purchase record (non-personal, used for compliance) |
| Stripe session and payment intent IDs | Permanent (required for payment dispute resolution) |
9. Children's Privacy
The Site is not directed to children under 13 (or under 16 in the EEA). We do not knowingly collect personal data from children below the applicable minimum age. Registered accounts require users to confirm they meet the minimum age requirement at registration. If you believe a child has provided us personal information, please contact us at [email protected] and we will delete it promptly.
10. Contact
For privacy-related questions, data subject requests, or complaints, please contact us at:
Pixel Color Wars
Kentucky, United States of America
Email: [email protected]
11. Changes to This Policy
We may update this policy from time to time. The "Effective date" at the top of this page will reflect the most recent revision. For processing based on your consent, material changes will require us to seek fresh consent — we will not rely on continued use of the Site as implied re-consent for such changes. For other processing, continued use of the Site after changes are posted constitutes acknowledgement of the updated policy. Material changes will be communicated via an in-game notice where reasonably practicable.