Privacy Policy

Last updated · April 26, 2026

This Privacy Policy explains what personal information Ricochet Warfare collects when you visit or play Ricochet Warfare, why we collect it, how it’s shared, and the rights you have over it.

1. Information we collect

Account & identity

When you sign up, our authentication provider Clerk (clerk.com) handles your email address, password (hashed), and any social-login identifiers you choose to use. We store a Clerk user id, an internal account id, your chosen display name, and the timestamp you signed up.

Gameplay & progression

While you play, we record per-match events (start, end, abandonment), your XP, level, sparks, daily-challenge progress, battle-pass progress, owned cosmetics, equipped loadout, and end-of-match feedback. These power the leaderboard, the locker and your account history.

Payments

Purchases are processed by Stripe, Inc. We don’t see or store your full card number — Stripe does. We retain the Stripe session id, payment intent id, charge id, amount, currency, receipt URL, item snapshot (so we can render your receipt history) and refund status.

Technical & log data

Like virtually every web app, our servers receive your IP address, browser type, the page you requested, and a timestamp on every request. We use this for security (abuse detection, rate limiting), service health, and to route real-time gameplay traffic.

Cookies & local storage

We use a small number of strictly necessary cookies and localStorage entries (auth session, audio preferences, equipped cosmetics cache, referral attribution). See our Cookie Noticefor the full list. We don’t use ad-tech or cross-site tracking cookies on the marketing site at this time.

2. How we use your information

  • To run the matchmaker and persist your progression;
  • To process purchases, send receipts, and handle refunds and chargebacks;
  • To detect, investigate and prevent cheating, fraud, abuse and security incidents;
  • To send transactional emails (sign-in security, purchase receipts, refund confirmations) and, only if you opt in, marketing or product updates;
  • To debug, balance and improve the game using aggregated KPIs (e.g. average match duration, completion rate, mode-level win rates);
  • To meet our legal, tax and accounting obligations.

3. How we share information

We sell no personal information. We share only with:

  • Service providers who run the platform on our behalf — Clerk (auth), Stripe (payments), Neon (Postgres database), PartyKit (real-time game), Vercel (hosting), Resend (transactional email when configured), and Sentry / log drains (error monitoring) — bound by confidentiality and data-processing agreements;
  • Public surfaces you control: your display name and aggregated stats may appear on the leaderboard;
  • Legal & safety: when required by law, to enforce our Terms, or to protect rights, property and safety;
  • Business transfers: in connection with a merger, acquisition or sale of assets, with notice to you where required.

4. International transfers

Our service providers are primarily located in the United States. If you access the service from outside the U.S., information will be transferred to and processed in the U.S., subject to the safeguards of this policy and applicable data-transfer mechanisms.

5. Data retention

We keep account data while your account is active. Purchase records are retained for 7 years for tax and accounting purposes even after account deletion. Match-event logs, analytics events and XP ledger entries are retained for up to 24 months and then either deleted or fully anonymised. Server access logs are typically retained for 30 days.

6. Your rights

Depending on where you live, you may have rights under laws like GDPR (EU/UK) and CCPA (California) to:

  • Access the personal data we hold about you;
  • Correct inaccurate data;
  • Delete your account and associated data (subject to retention periods required for tax / fraud / legal reasons);
  • Object to or restrict certain processing;
  • Port your data to another service;
  • Withdraw any marketing-email consent at any time via the unsubscribe link in those emails.

Email privacy@ricochetwarfare.com to exercise any of these rights. We will respond within 30 days (or sooner where the law requires).

7. Children

The service is not directed to children under 13. We require new accounts to confirm they are 13 or older. If we learn we’ve collected personal information from a child under 13 without verifiable parental consent, we’ll delete that information promptly.

8. Security

We use TLS in transit, hashed credentials at rest (via Clerk), database-level access controls, and rate limiting on hot endpoints. No system is perfectly secure; we encourage you to use a strong unique password and to report any suspected security issue to support@ricochetwarfare.com.

9. Changes to this policy

We may update this policy as the service evolves. Material changes will be posted at this URL with an updated “Last updated” date and, where legally required, with notice before they take effect.

10. Contact

Privacy questions and data-rights requests: privacy@ricochetwarfare.com. General support: support@ricochetwarfare.com.