Privacy Policy

Last updated: 5 June 2026

This Privacy Policy explains how MisuVerse ("we", "us", the "Service", available at misuverse.com) collects, uses, and protects your personal data. We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Finnish law.

1. Who is responsible for your data (Controller)

MisuVerse is operated by a private individual, Ville Linden, based in Finland.
For any privacy question or request, contact: [email protected].

2. What data we collect

Category	Examples	Source
Account & identity	Email address; display name; account ID; for Google/Discord sign-in, the name, email and avatar shared by that provider	You / your sign-in provider
Content you create	Games/maps you build, names and descriptions, scores, leaderboard entries, parkour replays ("ghosts")	You
Virtual currency	Your Misu coins balance and transaction history	Generated by your activity
Technical & usage	IP address, browser/device type, approximate region, timestamps, security and error logs	Automatically, via our hosting provider
Local storage	Preferences stored in your browser (audio settings, recently used parts, a local device identifier for guests)	Your browser

We do not intentionally collect special-category (sensitive) data.

3. Why we use your data and our legal basis

To provide the Service (accounts, saving games, multiplayer, leaderboards, coins) — performance of a contract.
Security and abuse prevention (rate-limiting, moderation, fraud/cheat detection) — our legitimate interest.
To communicate service messages such as the sign-in "magic link" email — performance of a contract.

We do not use your data for advertising or for analytics/tracking.

4. Who we share data with (Processors & third parties)

We use trusted service providers who process data on our behalf:

Supabase — authentication and database (account data, content).
Cloudflare — website hosting, edge database, and serverless functions (content, technical logs).
PartyKit — real-time multiplayer sessions.
Google / Discord — only if you choose to sign in with them.
Email delivery for sign-in links.

We do not sell your personal data.

5. International transfers

Some of the providers above may process data outside the EU/EEA. Where this happens, transfers are protected by appropriate safeguards such as the EU Standard Contractual Clauses.

6. How long we keep data

We keep account and content data for as long as your account is active. If you delete your account, we delete or anonymise your personal data within 30 days, except where we must keep it longer for legal reasons. Technical logs are kept for a short period for security purposes.

7. Your rights

Under the GDPR you have the right to:

access the data we hold about you;
have inaccurate data corrected;
have your data erased ("right to be forgotten");
restrict or object to certain processing;
receive your data in a portable format;
withdraw consent at any time (where processing is based on consent).

To exercise any right, contact [email protected]. You also have the right to lodge a complaint with your local supervisory authority — in Finland, the Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto, tietosuoja.fi).

8. Cookies and local storage

We use only essential browser storage needed to keep you signed in and remember your settings. We do not use advertising or analytics cookies, so no cookie-consent banner is required.

9. Children

The Service is intended for users aged 13 and over. In Finland, a child of 13 or older may consent to information-society services; children under 13 may use the Service only with the consent and supervision of a parent or guardian.

10. Changes to this policy

We may update this policy from time to time. Material changes will be announced in the Service, and the "Last updated" date above will change.

11. Contact

Questions? Email [email protected].