Legal

Privacy Policy

Last updated: 6 July 2026

PLUNGEON is built to be played, not to harvest data. There is no account to create, no email to hand over, and no password. This page explains — in plain language — the little that we do process, and the rights you have over it.

The short version

1. Who we are

PLUNGEON ("the game", "we", "us", "our") is an independent game operated by Samu Aaltonen from within the European Union. This policy covers the game at play.plungeon.com, this website at plungeon.com, and the game's backend at api.plungeon.com.

For any privacy question or request, contact us at privacy@plungeon.com. For the purposes of the EU General Data Protection Regulation (GDPR), Samu Aaltonen is the data controller.

2. What we process

On your device

The game stores a few things in your browser's local storage (not cookies) so it can run and remember your progress between visits:

This data stays on your device. You can remove it at any time by clearing site data for the game in your browser, or with the in-game reset.

In the cloud (the online game)

So your progress can survive a cleared cache and appear on the leaderboard, the online game mirrors a copy to our backend. This is tied to a random, anonymous account — not to you.

We also keep anonymous, aggregate community totals (for example, the total number of players and the total ore mined across everyone) to display on the site. These are counts only and can't be traced back to any individual.

If you play an offline build of the game, none of this cloud processing happens — the game runs entirely on your device.

3. What we do not do

4. Legal bases (GDPR)

Where the GDPR applies, we rely on the following bases:

5. Hosting and third parties

We keep the list of third parties short and functional:

Because these providers operate globally, your data may be processed in countries outside your own, including outside the European Economic Area, under the safeguards those providers maintain.

6. How long we keep it

Because there is no login, an anonymous cloud account and its save persist until you ask us to delete them. Clearing your browser removes the local copy and the link to your cloud account from that device, but the cloud copy itself remains until you request deletion. Anonymous, aggregate community totals are kept indefinitely, as they contain no personal data.

7. Your rights

Under the GDPR (and similar laws) you have the right to access, correct, delete, export, restrict, or object to the processing of your personal data, and to withdraw consent at any time. To exercise any of these, email privacy@plungeon.com.

Two practical notes, given how anonymous the game is:

We currently handle deletion and export requests manually; we aim to respond within 30 days. If you believe we have mishandled your data, you also have the right to lodge a complaint with your local data protection supervisory authority.

8. Children

PLUNGEON is not directed at children under 16, and we do not knowingly collect personal data from them. As described above, ordinary play collects no personal data at all. If you believe a child has provided us personal data (for example, a nickname containing personal information), contact us and we will remove it.

9. Security

All traffic is served over HTTPS. We minimise what we collect, store passkeys as public keys only, and keep no passwords. No method of transmission or storage is ever completely secure, but keeping so little data is itself a core part of how we protect you.

10. Changes to this policy

If we change how we handle data — for example, if we later introduce optional rewarded ads or a feature that processes new data — we will update this page and its "last updated" date before that change takes effect, and note material changes in the game or on the site.

11. Contact

Samu Aaltonen
privacy@plungeon.com