Privacy Policy

1. Introduction

Startup Survival ("we," "us," "our") operates the startup-survival.fyardlest.net SaaS platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

2.1 Account Information

• Email address (for authentication and communication)
• Name (display purposes)
• Password (securely hashed using bcrypt, never stored in plain text)

2.2 Game Data

• Username
• Game statistics (days survived, MRR, users, reputation, bugs, burnout)
• Final scores and rankings
• Story log (actions taken during gameplay)

2.3 Payment Information

• Stripe Customer ID
• Subscription status and tier (Free, Chaos Mode, Supporter)
• Payment history (stored by Stripe, not on our servers)
• We NEVER see or store your credit card details - all payment processing is handled securely by Stripe

2.4 Technical Data

• JWT authentication tokens (stored in your browser)
• Session information
• API request logs (IP address, timestamp, endpoints accessed)

3. How We Collect Data

3.1 You Provide Directly

• Registration forms
• Account settings updates
• Game actions and decisions

3.2 Automatically Collected

• API calls during gameplay
• Authentication tokens
• Error logs for debugging

3.3 Third-Party Services

• Stripe: Payment processing (Stripe Privacy Policy)

4. How We Use Your Data

• Account Management: Create and manage your account
• Game Features: Save progress, display leaderboards, track achievements
• Communication: Send password reset emails and important service updates
• Security: Detect fraud, prevent abuse, ensure platform integrity
• Compliance: Meet legal obligations and enforce our Terms of Service

5. Data Sharing

We DO NOT sell your data. We share data only with:

• Stripe: For payment processing (their privacy policy applies)
• Hosting Provider: To store data securely on our servers
• Legal Authorities: If required by law or to protect our rights

6. Your Rights (GDPR/CCPA)

You have the right to:

• Access: Request a copy of your data
• Deletion: Request account and data deletion
• Correction: Update inaccurate information
• Export: Download your data in JSON format
• Opt-out: Decline marketing emails (we send very few)

To exercise these rights, email: privacy@fyardlest.net

7. Data Retention

• Active accounts: Retained while your account is active
• Deleted accounts: Purged within 30 days of deletion request
• Leaderboard entries: Anonymized if account is deleted
• Payment records: Retained for 7 years (tax compliance requirement)

8. Security

We implement industry-standard security measures:

• HTTPS encryption for all data transmission
• Bcrypt password hashing (passwords never stored in plain text)
• JWT token expiration and refresh mechanisms
• Regular security audits
• Access controls limiting data access to authorized personnel only

9. Cookies and Tracking

We use:

• Authentication tokens: Required for login (JWT stored in browser localStorage)
• Session cookies: Maintain logged-in state

10. Children's Privacy

We do not knowingly collect data from children under 13 years of age. If we discover such data, we delete it immediately. If you believe a child has provided us with personal information, please contact us at privacy@fyardlest.net.

11. International Data Transfers

Your data may be processed on servers located in various regions. We ensure adequate safeguards are in place as required by GDPR Article 46 for international data transfers.

12. Changes to This Policy

We may update this policy from time to time. We will notify users of material changes via email or an in-app notice. Continued use of the service after changes constitutes acceptance of the updated policy.

13. Contact Us