Privacy Policy

Last updated: 22 June 2026

This policy is provided as a plain-English template and is not legal advice. Please have it reviewed by a qualified professional before relying on it at scale.

1. Who we are

Prawn ("Prawn", "we", "us") is a daily word game at playprawn.com. The data controller is playprawn.com.

Contact: hello@playprawn.com

2. What we collect

A player account. When you first open the game we create an anonymous account so you can play and keep scores. It has a random identifier — no name or email required.
Email address — when you save a score, opt into daily reminders, or join/create a league. We verify it by sending a confirmation link (double opt-in).
Display name — the name you choose to appear on leaderboards.
Phone number — only if you optionally provide one for future SMS reminders.
Gameplay data — your daily scores, the words you found, your streak, and your time zone (to send reminders at a sensible local hour).
Technical data — your approximate country and IP address, and basic logs, collected by our hosting providers for security and reliability.
Local storage — we store game state and your login session in your browser's local storage so the game works smoothly.

3. How we use it & our legal bases (UK GDPR)

Running the game and leaderboards — to let you play, save scores, and appear on public/league boards. Legal basis: legitimate interests (providing the service you asked for).
Daily reminder emails — only if you opt in and confirm your email. Legal basis: consent, which you can withdraw at any time.
Security, abuse prevention and debugging. Legal basis: legitimate interests.

4. Cookies & similar technologies

We do not use advertising or third-party tracking cookies. We only use essential browser local storage to keep you logged in and remember your game progress, so no cookie consent banner is required.

5. Who we share it with

We don't sell your data. We use a small number of processors to run the service:

Supabase — database and authentication (hosted in the EU, London region).
Resend — sends our emails (EU, Ireland region).
Vercel — hosts the website on a global content-delivery network.

Where data is processed outside the UK/EU, it is protected by appropriate safeguards such as Standard Contractual Clauses.

6. Public information

If you verify your email and choose a display name, your display name and best weekly score appear on the public leaderboard, and in any league you join. Don't use a display name you wouldn't want shown publicly.

7. Email choices

Daily reminders are double opt-in. Every email has a one-click unsubscribe link, and you can stop them any time without affecting your ability to play.

8. Data retention

We keep your account and scores while your account is active. If you ask us to delete your account, we remove your personal data (scores cascade-delete with the account), subject to anything we must keep for legal reasons.

9. Your rights

Under UK GDPR you have the right to access, correct, delete, restrict, or port your data, and to object to or withdraw consent for processing. To exercise any of these, email hello@playprawn.com and we'll respond within one month. You also have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk.

10. Children

Prawn is not directed at children under 13, and we don't knowingly collect their personal data. If you believe a child has provided us data, contact us and we'll remove it.

11. Security

Access to your data is protected by database row-level security and encryption in transit (HTTPS). No system is perfectly secure, but we take reasonable measures to protect your information.

12. Changes

We may update this policy; we'll change the "last updated" date above and, for material changes, give notice in-app or by email.