Privacy Policy

Last updated 17 May 2026.

Plain-language summary: we store the minimum needed to run the game, encrypt the sensitive parts, and auto-delete game sessions within 48 hours. No advertising, no analytics tracking, no selling data.

1. Who is responsible

Do You Know Well is operated as a personal project by A.A. Gde Agung Smaraputra, located in Bali, Indonesia. For any privacy question, write to [email protected]. There is no dedicated Data Protection Officer at this scale.

2. What we collect and why

We try to collect as little as possible. The exact data depends on the mode you use.

Play Local (no account)

Nothing is sent to our servers. The subject's name, answers, and your session state stay in your browser's sessionStorage and are cleared when you finish or close the tab.

Play Online (account required)

  • Account: email address, password (stored as an argon2id hash; we never see your plaintext password), and an optional display name. If you sign in with Google instead, we also store your Google account identifier and your Google avatar URL; in that case no password is stored. Lawful basis: contract (we need this to create your account).
  • Game session content: the subject's name, pronouns, your answers, and your partner's guesses. The subject name, answers, and guesses are encrypted at rest with AES-256-GCM using a key generated fresh for each session and wrapped by our master key. Lawful basis: contract.
  • Session metadata: the chosen category, an irreversible hash of the 4-digit join code, attempt counters, and an expiry timestamp 24-48 hours in the future. Lawful basis: contract.
  • Security audit log: each time the server decrypts a row to score a guess, we record which user did it on which session and when. Lawful basis: legitimate interest (abuse detection and breach forensics).
  • Server logs: IP address, user-agent, request path, and timestamp, retained on the host for routine debugging. Lawful basis: legitimate interest (operating the service).

3. Information about other people (the 'subject')

When you play Online, you enter information about a third person - the person whose answers the game is about. We do not contact that person and they cannot see what was entered unless you share it.

You are responsible for whether you have that person's permission to discuss them in the game. Our Terms require you to confirm this. The question bank is curated to avoid sensitive identifiers (real addresses, ID numbers, financial details, health, sexual orientation, religion); please do not enter any such information in free-text answers. If the subject objects, contact us and we will delete the relevant session immediately.

4. Where your data lives

The primary database is hosted on a virtual server provided by Contabo GmbH, in a Contabo datacenter located inside the European Union. Traffic reaches the server through Cloudflare, which proxies requests globally and terminates TLS at its edge before forwarding to our origin over TLS.

If you sign up from outside the EU (including Indonesia), your data is transferred to and stored in the EU. Indonesia's Personal Data Protection Law (UU PDP, Law 27/2022) is still being implemented in detail and no jurisdiction has yet been formally designated as offering an adequate level of protection. Until that designation is published, we rely on the Standard Contractual Clauses contained in our processors' data-processing agreements (see section 6) as the transfer mechanism for personal data leaving Indonesia.

Outbound email (password reset, verification, security alerts) is sent through Zoho's ZeptoMail service. Where Zoho processes email-related personal data outside the EEA, that transfer is protected by the Standard Contractual Clauses in Zoho's processing addendum (see section 6 below).

5. How long we keep it

  • Game sessions and their encrypted answers/guesses: 24 to 48 hours from creation. Expired sessions are hard-deleted hourly together with their session keys, which makes the encrypted rows mathematically unrecoverable.
  • Account record: kept until you delete your account from /profile. Deleting the account cascades to remove your sessions, answers, guesses, and session keys.
  • Security audit log: 180 days. The retention is documented in config/privacy.php and enforced by a scheduled purge job.
  • Server / webserver logs: typically a few weeks of rotated logs on the origin host; we do not retain them long-term.
  • Backups: daily database snapshots are retained for up to 14 days, then overwritten. Account deletion is reflected in all subsequent backups; older backups are not selectively edited because doing so would compromise their integrity.

6. Who we share data with (sub-processors)

We use three providers to run the service. None of them receive your game answers in plaintext (the encryption key never leaves our origin server). They receive only what is necessary for their function.

  • Contabo GmbH (Germany) - hosts the virtual server and database storage in their European Union datacenter region. Contabo's privacy policy: contabo.com/en/legal/privacy.
  • Cloudflare, Inc. - DNS, TLS termination, reverse proxy, and the Turnstile anti-bot challenge shown on the registration page. Sees request headers, URLs, and (because TLS terminates at the edge) request bodies in transit; on the registration page it also sees the Turnstile interaction signals from your browser. Does not have access to the database. Cloudflare's processing terms: cloudflare.com/cloudflare-customer-dpa.
  • Zoho Corporation (ZeptoMail) - sends transactional email (password reset, email verification, security alerts). Receives only your email address and the contents of those messages. Where processing occurs outside the EEA, the transfer relies on the Standard Contractual Clauses incorporated in Zoho's GDPR programme: zoho.com/gdpr.
  • Google LLC (Sign in with Google) - when you choose "Continue with Google" on the login or registration page, you authenticate with Google directly. Google sees that you signed in to Do You Know Well and returns your email address, name, profile picture URL, and a stable Google account identifier to us. We store only the identifier (to recognise you on subsequent logins), the email, the name, and the avatar URL. We do not receive your Google password or anything else from your Google account. Google's privacy policy: policies.google.com/privacy.
  • Bunny Fonts (BunnyWay d.o.o., Slovenia) - serves the typeface used on this site. Your browser makes a request to fonts.bunny.net to fetch the font files, which exposes your IP address and user-agent to Bunny. Bunny Fonts' privacy notice: fonts.bunny.net/privacy.

We do not use advertising networks, marketing pixels, or analytics platforms. We do not sell or rent personal data.

7. How we protect it

  • Encryption at rest for the subject name, answers, and guesses using AES-256-GCM with per-session keys.
  • Passwords hashed with argon2id; never stored or transmitted in plaintext.
  • TLS in transit end-to-end (Cloudflare uses Full (Strict) mode to origin).
  • Security headers including HSTS, a strict Content-Security-Policy, and X-Frame-Options DENY.
  • Rate limiting on login, registration, code verification, and game endpoints.
  • Decrypt audit log with automated anomaly detection.

8. Your rights

You can, at any time:

  • Access and correct your account details at /profile.
  • Delete your account at /profile. This cascades to your game data.
  • Export your data by emailing us; we will return a JSON file with your account and active sessions within 30 days. A self-service export endpoint is on our short-term roadmap.
  • Withdraw consent for any optional processing by deleting your account or contacting us.
  • Complain to a supervisory authority. In Indonesia, this is the data protection authority designated under UU PDP (presently Kominfo). In the EU/UK, this is the DPA in your country of residence.

9. Children

Do You Know Well is intended for users aged 17 or older. We do not knowingly collect data from anyone under 17. If we learn that an underage account exists, we will delete it. If you believe a minor signed up, please contact us.

10. Cookies and local storage

We use only essential cookies and local-browser storage. No tracking, no advertising. See the Cookies notice for a per-item list and purposes.

11. Security incidents

If we discover a security breach with material impact on you, we will notify the relevant authority within 3x24 hours (UU PDP) or 72 hours (GDPR) and notify affected users by email. Our internal runbook for responding to incidents is published in the source repository.

12. Changes to this policy

We update this policy as the service changes. The "Last updated" date at the top reflects the most recent change. Material changes are announced on the home page for at least 14 days.

13. Contact

Email [email protected] for any privacy request, takedown, or breach report. We aim to respond within 7 days; statutory deadlines are met regardless.