Privacy Policy | Imagine That

1. Introduction

Welcome to our game! We are committed to protecting your privacy and being transparent about how we handle information. This Privacy Policy explains our practices concerning the information related to your use of our website and game (collectively, the "Service").

Our game works like a "telephone game" where players' text prompts are used to create AI-generated images. As the operator of this Service, we want to be clear that we do not directly collect, store, or process your personal information for our own purposes.

Our goal is to provide a fun and creative experience without needing to know who you are. However, to make the game work, we rely on specialized third-party services for hosting, database management, and AI image generation. This policy will explain the roles of these services and what data is processed to make the game function.

2. The Data Controller and Data Processors

In the context of the General Data Protection Regulation (GDPR), we are the Data Controller for the processing activities described in this policy. This means we determine the purposes and means of the processing of data.

The third-party services we use are our Data Processors (or sub-processors). They process data on our behalf and based on our instructions. We have chosen these providers carefully and have ensured they are compliant with GDPR.

3. Information Processed by Our Third-Party Services

To operate our Service, we use the following third-party providers. They are contractually bound to handle data securely and only for the purposes we define.

Hosting Provider: Hetzner Online GmbH

Purpose: Our entire Service (website and backend) is hosted on servers provided by Hetzner, a German company. They provide the fundamental infrastructure that allows our game to be accessible on the internet.
Data Processed: Hetzner may process technical data required for the secure operation of its servers, such as your IP address when you connect to our Service. This processing is for security and operational purposes.
Governing Agreement: Our relationship with Hetzner and their data processing activities are governed by their Data Processing Agreement (DPA).

Database & Authentication: Supabase, Inc.

Purpose: We use Supabase to manage our game's database and handle user authentication (account creation and login).
Data Processed: When you create an account, Supabase processes your authentication credentials (such as an email address and a securely hashed password). Supabase also stores game-related data, such as the text prompts you submit, which are necessary for the game to function.
Governing Agreement: Supabase acts as a data processor under the terms of their Data Processing Addendum (DPA) and their Privacy Policy.

AI Image Generation: Replicate, Inc.

Purpose: The core feature of our game, turning text into images, is powered by Replicate.
Data Processed: When you submit a text prompt during the game, that text is sent to Replicate's API. Replicate's AI models then process this text to generate the corresponding image. The text prompts are processed only to create the image for your game session.
Governing Agreement: Replicate's handling of this data is detailed in their Terms of Service and Privacy Policy.

4. Cookies

We may use essential cookies to operate our Service. Cookies are small files stored on your device that are necessary for functions like keeping you logged in or remembering game state. We do not use cookies for tracking or advertising purposes. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent, but some parts of our Service may not function without them.

5. Your Rights Under GDPR

As a user, especially if you are in the European Economic Area (EEA), you have specific rights regarding your personal data. We are committed to upholding these rights.

The Right to Access: You have the right to request information about the data being processed and access to that data.
The Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
The Right to Erasure ('Right to be Forgotten'): You have the right to request that we erase your personal data under certain conditions.
The Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data under certain conditions.
The Right to Object to Processing: You have the right to object to our processing of your personal data under certain conditions.
The Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

To exercise these rights, please contact us at marvin.maerz@gmail.com. Since we do not process personal information for our own purposes, we will assist you by directing you to the appropriate third-party provider where the data is held (for example, Supabase for account information).

6. Data Security

We take the security of your data seriously. We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, and we rely on the robust security practices of our chosen third-party providers (Hetzner, Supabase, and Replicate).

7. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top. We encourage you to review this Privacy Policy periodically for any changes.

8. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please do not hesitate to contact us:

Marvin März
marvin.maerz@gmail.com

You also have the right to lodge a complaint with a supervisory authority. Since our hosting provider is in Germany, the relevant authority is the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA) or the authority in your EU member state.