Privacy Policy

Last updated · Revision 2

Wordo is a daily crossword and word-puzzle service. This policy explains how we handle the personal data of the people who use it.

We are the data controller for the data described below. You can contact us about anything in this policy at privacy@wordo.farnoosh.io.

What data we collect

When you sign up by email: your email address, a hashed copy of your password, your display name, and a self-attested date of birth.

When you sign in with Google or Apple: your email address and a unique account identifier from that provider. We never receive your password.

When you play: your gameplay progress — which puzzles you started, which clues you answered, the hints you used, and completion timestamps. This is what lets you resume a puzzle on another device.

When you pay: if you subscribe to a paid plan, our payment processor (Stripe) handles your card details directly. We receive only the subscription status, the plan tier, and a Stripe customer ID. We never see your card number.

Logs and diagnostics: our hosting provider records request metadata (URL, status code, timestamp, truncated IP) for security and debugging. If the app crashes, an error report goes to Sentry with a stack trace and a hashed user identifier — no email or display name.

Product analytics: only if you accept analytics cookies, we send anonymised event data to PostHog (EU cloud) about which features you use. You can withdraw consent at any time from the “Manage cookies” footer link.

Why we use your data

We use your data only to operate Wordo:

  • to give you access to your account and your saved progress;
  • to bill you correctly if you subscribe;
  • to send essential service emails (sign-up confirmation, password reset, payment receipts);
  • to keep the service running and secure;
  • to improve the product, only if you have given analytics consent.

We do not sell your data. We do not share it with advertisers. We do not build a marketing profile of you.

Legal basis for processing

Under the GDPR (Article 6), every kind of processing needs a legal basis. Ours are:

  • Performance of a contract (Art. 6(1)(b)) — your account, your gameplay progress, your subscription. Without these we cannot give you the service you signed up for.
  • Legal obligation (Art. 6(1)(c)) — keeping billing records for the period tax law requires.
  • Legitimate interest (Art. 6(1)(f)) — short-lived service logs and error tracking, so we can keep the service running and secure. You can object at any time.
  • Consent (Art. 6(1)(a)) — product analytics via PostHog. You give this consent in the cookie banner and can withdraw it at any time from the “Manage cookies” footer link.

How long we keep your data

  • Account profile and gameplay history: for as long as the account is active; deleted on account closure (see the next section).
  • Email address and password hash: for as long as the account is active; deleted on account closure.
  • Our internal Stripe customer and invoice references (we do not store card numbers): 7 years after the subscription ends, to meet Dutch tax-record retention rules.
  • Service request logs: 30 days.
  • Error reports in Sentry: kept according to Sentry’s configured retention (90 days on our current plan).
  • Analytics events in PostHog: 12 months.
  • Compliance receipts (the record that you accepted the terms at sign-up): 7 years after account deletion, for audit purposes.

Account deletion and the 30-day grace period

You can delete your account from the Settings page at any time. When you do, three things happen:

  1. Immediately: your account is soft-deleted. You are signed out and the account becomes inaccessible.
  2. Within 30 days: a support request can restore the account in full. This lets you change your mind.
  3. After 30 days: a scheduled job hard-deletes your profile, your authentication record, your gameplay history, and your avatar from our storage. Hard-deletion is permanent and cannot be reversed. Previously-shared avatar URLs stop resolving when this step runs.

A small set of records survives the hard-delete: anonymised aggregated statistics, compliance receipts, and Stripe billing records. None of these contain data that can identify you, or they are kept because the law requires it.

Who we share your data with

We use a small set of trusted processors. Each one handles your data only on our instructions.

  • Supabase (EU region) — database, authentication, file storage.
  • Vercel — application hosting.
  • Stripe — payment processing for paying subscribers.
  • PostHog EU Cloud — product analytics, only with your consent.
  • Sentry — error tracking, with a hashed user identifier only.
  • BetterStack — uptime monitoring and alerting.

We do not share your data with anyone else. Your data stays in the European Economic Area where possible. Where a processor or sub-processor is located outside the EEA (for example in the United States), the transfer is covered by the European Commission’s Standard Contractual Clauses.

Cookies and similar technologies

We use three categories of cookies. You can change your choices at any time using the “Manage cookies” link in the footer.

  • Essential — sign you in, remember your session, and protect against CSRF. Always on, because you cannot use Wordo without them.
  • Functional — remember your interface preferences. Optional.
  • Analytics — anonymised product analytics via PostHog. Optional, opt-in only.

We do not use advertising cookies, tracking pixels, or third-party social-media plug-ins.

Your rights under the GDPR

You have the following rights, free of charge, at any time:

  • Access — get a copy of your personal data.
  • Rectification — correct data that is wrong.
  • Erasure — delete your account and personal data.
  • Restriction — pause processing in certain situations.
  • Objection — object to processing based on our legitimate interest.
  • Portability — get a machine-readable export of your data.

To use any of these rights, the in-app tools are the quickest path (Settings → Export my data, Settings → Delete account). For anything else, email privacy@wordo.farnoosh.io. We respond within 30 days.

Lodging a complaint

If you think we have handled your data against the law, you have the right to lodge a complaint with a data-protection supervisory authority. In the Netherlands, this is the Autoriteit Persoonsgegevens. In other EU countries, you can complain to your local supervisory authority.

Children

Wordo is not directed at children under 13. We ask for your date of birth at sign-up to check this. If we find that we have collected personal data from a child under 13 without parental consent, we delete it.

Changes to this policy

When we change this policy in a way that affects you, we bump the revision number at the top of this page and email every account holder. The revision number must match the value stamped on your sign-up consent record — auditors and you can cross-check it.

← Back to sign-up