Privacy Notice
Last updated: 9 June 2026
This notice describes what data we process when you use aeone.games, why, and what you can do about it. Plain English; if anything is unclear, write to us.
Who we are
The data controller is aeone.games OÜ, an Estonian private limited company.
Sepapaja tn 6, Lasnamäe linnaosa
Tallinn 15551, Harju maakond
Estonia
Registry code: 16904270
Privacy questions, data-access requests, and any other contact: team@aeone.games.
What we collect
We try to collect the minimum needed to make the games work. Specifically:
- An anonymous identity — when you first open the site, your browser generates an Ed25519 keypair and stores it locally. The public half (a base64url string we call your system ID) is what our server sees. There is no email, no real name, no account signup, no password.
- Game state — each game's saved progress is stored on our server, keyed by your system ID. The contents are opaque to the server (each game owns its own blob). You can transfer or delete this via the Profile tool.
- Anonymous active-user counts — once per day per game, your browser sends a ping. Before storage we hash the system ID with a monthly-rotating server-side secret, so we can count unique active users this month without being able to correlate them across months or back to your raw system ID.
- Server logs — standard request logs (IP address, timestamp, URL, user agent) kept for short-term operational and security purposes, then discarded.
- Peer-to-peer signaling — multiplayer matches use WebRTC. To set up a connection your browser exchanges signaling messages (IP candidates, session descriptors) with our server, which it forwards to your peer. We do not store these.
- Purchase records — if you buy a game or the lifetime pass, our payment provider FastSpring tells our server that an order completed, and we store a small record linking your system ID to the item purchased and FastSpring's order reference, so we can unlock what you paid for. This record holds no name, email, address, or card data — those are handled by FastSpring and never reach us (see Payments).
What we do not collect
- No cookies. None. Not session, not analytics, not "essential" — none.
- No third-party trackers (Google Analytics, Facebook Pixel, etc.). The page loads no third-party scripts and makes no background calls outside our own domain.
- No email, password, or real name on our side — we have nowhere to put them. (If you make a purchase, FastSpring collects a billing email for your receipt; we never receive it.)
- No payment or card data on our servers. Paid games and the lifetime pass are sold and processed by FastSpring, our Merchant of Record. You enter your payment details, email, and billing information on FastSpring's checkout — not on our site — and your card details never pass through our servers (see Payments).
- No precise geolocation, no microphone, no camera.
Payments
Paid games and the lifetime pass are sold through FastSpring, which acts as the Merchant of Record — the legal seller for the transaction. When you buy something:
- You complete checkout on FastSpring's hosted page. Your card data, billing email, and address are collected and processed by FastSpring under FastSpring's privacy policy — they never pass through our servers.
- FastSpring notifies our server that an order completed, identified by your system ID and the item purchased. We store that as a purchase record (system ID, item, FastSpring order reference) so we can unlock what you paid for. We do not receive your card, name, email, or address.
- If a purchase is refunded or charged back, FastSpring notifies us and the corresponding unlock is removed.
FastSpring is a payment processor headquartered in the United States. Any transfer of your payment information outside the EU/EEA is carried out by FastSpring as part of processing your payment, under its own safeguards — not by us. We never transfer your data outside the EU/EEA ourselves.
Legal basis
Under the GDPR (Article 6):
- Game state and identity: necessary for the performance of the contract we have with you when you use the games (Article 6(1)(b)).
- Purchase records: necessary to perform the purchase contract — to deliver and honour the unlock you paid for — and to meet our accounting and tax obligations (Article 6(1)(b) and 6(1)(c)).
- Anonymous active-user counts and server logs: our legitimate interest in understanding how the site is used and keeping it secure (Article 6(1)(f)). Because the data is anonymous or transient, the impact on your privacy is minimal.
- Future tracking, if ever added: only with your prior explicit consent (Article 6(1)(a)). No such tracking exists today.
Where data lives
Our server and database are hosted on Fly.io in EU regions (Frankfurt today, with additional EU regions as the platform grows). Backups, when added, will use EU-based object storage.
No data is transferred outside the EU/EEA by us (your payment information is handled separately by FastSpring — see Payments). If you connect from outside the EU and play with a peer also outside the EU, peer-to-peer WebRTC traffic flows directly between your devices (it never touches our servers).
How long we keep it
- Game state: until you sign out from the Profile tool (which clears it from this device and is your prompt to also delete the server-side row on request — see "Your rights" below).
- Hashed daily-active digests: kept indefinitely as anonymous counts. The monthly hash rotation means digests from previous months cannot be re-linked to current system IDs.
- Server logs: rotated within days.
- Purchase records: kept while your unlock is active, and the associated order reference is retained only as long as needed to honour your purchase and to meet any legal obligations that apply to us.
Your rights
Under the GDPR you have the right to:
- Access — ask us what data we hold about you (Articles 15).
- Rectify or erase — correct or delete your data (Articles 16-17). Server-side game state can be deleted on request; identify yourself by your system ID (visible in the Profile tool). Purchase records are an exception: we may need to retain order references to meet our legal obligations, so these can persist even if you delete your game state.
- Restrict or object to processing (Articles 18, 21).
- Portability — receive your data in a portable form (Article 20). The Profile tool already offers a self-service version of this: the "transfer code" exports your full identity for use on another device, no server interaction required.
- Withdraw consent, where consent is the basis (today: no processing relies on consent).
Send requests to team@aeone.games. We reply within 30 days (usually much faster).
Transferring your account to another device
The Profile tool gives you a transfer code that encodes your full identity. Paste it on another browser to move your account; the original device still has it. There is no server-side "login" or "logout" — possession of the private key (held only in your browser's storage) is what authorizes writes against your account. If you wipe your browser's storage without saving the transfer code first, that identity is permanently unreachable.
Supervisory authority
If you believe we have mishandled your data, you have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon):
Tatari 39, 10134 Tallinn, Estonia
aki.ee
· info@aki.ee
Changes to this notice
If we change how data is processed in a material way, we will update this page and the "last updated" date above. For substantial changes affecting the rights you have today, we will additionally surface a notice on the homepage on your next visit.