Privacy Policy

What we collect

Corflex collects minimal data to make gameplay and multiplayer features work:

• Anonymous player ID — A random UUID generated on your first visit. No email or personal information is required to play.
• Game scores — Your round scores, mode, difficulty, and device type (mobile/desktop) when you play challenges or daily games.
• Optional initials or display name — A 3-character name for leaderboards, or a display name up to 20 characters if you sign in.
• Subscription metadata (Premium only) — If you subscribe to Premium, we store your Stripe customer and subscription IDs, your tier (monthly or annual), and your subscription status. Payment card details are never stored by Corflex (see Payment information section).

Authentication (optional)

Corflex supports optional sign-in via Google or Discord to sync your progress across devices. Signing in is never required — all features work without it.

When you sign in, we receive from the OAuth provider:

• Your name or username
• Your email address
• A unique user ID from that provider

This information is used solely to link your anonymous player account across devices. We do not use your email for marketing or share it with anyone.

You can sign out at any time, which generates a fresh anonymous account. Signing back in restores access to your linked account.

Payment information (Premium subscribers only)

Corflex offers an optional paid Premium subscription. Payments are processed by Stripe, Inc., a PCI-DSS Level 1 certified payment processor.

What we never see or store: your credit card number, CVV, expiration date, or full billing address. Stripe collects and stores this information directly. We never have access to it.

What we do store (in our database, linked to your account):

• Stripe customer ID and subscription ID (random identifiers, no payment data)
• Subscription tier (monthly or annual) and current status (active or canceled)
• Subscription expiry date and whether cancellation is pending
• An audit log of webhook events from Stripe (subscription created, updated, canceled, payment succeeded, payment failed) used for support and debugging

Stripe collects additional information directly from you during checkout (name, billing address, country, payment method) and stores it under their own privacy policy. Review Stripe's Privacy Policy to understand how they handle that data.

If you cancel your subscription, our payment-related records remain associated with your account so support can resolve any post-cancellation issues. Stripe retains transaction records per their own retention policy and applicable financial regulations.

Public information

The following data is publicly visible to all Corflex users:

• Leaderboards — Your initials (or display name) and scores appear on daily, weekly, all-time, Brain Score, and tournament leaderboards.
• Player profiles — Each player has a public profile page showing their initials or display name, Brain Score, per-mode best scores, streaks, and tournament history. Profiles are accessible via leaderboard links.

No personal information (email, real name, or device data) is shown on leaderboards or profiles. Only your chosen initials or display name and game scores are visible.

What we store locally

Your browser's localStorage holds:

• Settings (sound, theme preference)
• Player ID and initials
• Daily challenge state (which dailies you've played)
• Personal bests and streak data
• Authentication session tokens (if signed in)

Advertising

Corflex displays ads via Google AdSense on select pages (game lobbies, score screens, and leaderboards). Ads never appear on the home screen or during active gameplay.

Google may use cookies to serve ads based on your browsing history. You can opt out of personalized ads at Google Ad Settings.

For visitors in the EEA, UK, and Switzerland, a consent banner will appear allowing you to accept, reject, or manage ad personalization preferences.

Cookies

Corflex uses cookies for authentication sessions when you sign in via Google or Discord. Google AdSense may also set cookies for ad serving and measurement. These are governed by Google's Privacy Policy.

What we don't do

• No personal data sold or shared
• No analytics that identify individual users
• No account or email required to play
• No marketing emails

Third parties and data location

Supabase hosts our database and authentication. Vercel hosts the website. Cloudflare provides DNS. Google AdSense serves advertisements. Stripe processes Premium subscription payments.

Player data is stored on Supabase's managed cloud infrastructure (built on AWS). The website itself is served globally through Vercel's edge network. Stripe stores subscription and payment data on their own infrastructure under their privacy policy. Your data may be transferred to and processed in the United States or other jurisdictions where these providers operate.

If you sign in, your OAuth provider's own privacy policy applies to data they collect:

• Google Privacy Policy
• Discord Privacy Policy

Data retention

We retain game scores, leaderboard entries, and account data for as long as your account is active so that your rankings, personal bests, Brain Score, streaks, and tournament history remain available to you and visible on public leaderboards.

If you would like your data deleted, contact support@corflex.gg and we will remove your scores, profile, and any linked OAuth identifiers within 30 days. Anonymous data on leaderboards may be deleted by clearing your browser's local storage on the device where it was created (provided you are not signed in). Data removed at your request cannot be restored.

Your rights

Depending on where you live, you may have rights under privacy laws like the EU/UK General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA), including:

• Access — request a copy of the personal data we hold about you
• Correction — ask us to correct inaccurate data (such as your initials or display name)
• Deletion — ask us to delete your account and associated data
• Objection — object to certain processing activities, including personalized advertising (manage ad preferences via the consent banner shown to EEA/UK/Swiss visitors)
• Portability — request your data in a machine-readable format

To exercise any of these rights, email support@corflex.gg. We will respond within 30 days. We do not sell personal information.

Children's privacy

Corflex is not directed at children under 13 (or under 16 in jurisdictions where that is the relevant age of digital consent under GDPR). We do not knowingly collect personal information from children below those ages. If you believe a child has provided us with personal information, contact support@corflex.gg and we will delete it.

Changes to this policy

We may update this Privacy Policy from time to time to reflect changes to our practices or for legal, operational, or regulatory reasons. The "Last updated" date at the top of this page reflects the most recent revision. Material changes will be communicated via a notice on the site. Continued use of Corflex after changes take effect constitutes acceptance of the revised policy.

Contact

Questions, deletion requests, or other privacy concerns? Reach out at support@corflex.gg

See also: Terms of Service · About Corflex · FAQ · Support