Privacy Policy
We believe transparency is not optional — it is a competitive advantage. This document explains exactly what data we collect, why we collect it, and how we keep it secure.
Information We Collect
When you create a Logic Arena account, we collect the minimum data required to operate a competitive multiplayer platform. This falls into two categories:
Your username, email address, custom uploaded avatars (processed securely via Cloudinary), and — when you authenticate via Google or GitHub — your public OAuth profile name. We do not collect passwords when you use OAuth. If you register with an email and password directly, your password is stored as a one-way bcrypt hash and is never readable by our team.
Match results, ELO rating history, AliScript program versions you submit, campaign progress, Black Market points, Garage cosmetic selections, and session metadata. This data is the engine of Logic Arena — it powers rankings, matchmaking, and replay systems.
We do not collect payment information. Logic Arena does not currently offer paid subscriptions or in-app purchases.
How We Use Your Data
Every piece of data we collect serves a defined operational purpose. We do not monetise your data, and we do not sell it to advertisers. Your data is used exclusively for the following:
Platform Operation
Running real-time multiplayer matches, maintaining persistent rankings, and delivering your campaign progress across sessions.
Skill-Based Matchmaking
Calculating ELO deltas and pairing you against opponents of comparable ability. Without this data, competitive integrity is impossible.
Service Notifications
Sending transactional emails such as email verification, security alerts, and critical service updates. Marketing emails are opt-in only.
Legal Compliance
Meeting any obligations required by applicable law, such as responding to a valid legal request from a competent authority.
OAuth Authentication
Logic Arena supports sign-in via Google and GitHub using OAuth 2.0. When you authenticate through either provider, you are redirected to their secure login page. We never see or handle your Google or GitHub password.
Upon successful authentication, the OAuth provider issues us a signed token. We use this token solely to verify your identity and retrieve only the data scopes you explicitly authorised — typically your public display name, primary email address, and profile avatar. We do not request access to your repositories, contacts, calendar, or any private data.
OAuth access tokens are stored encrypted and are rotated on each session. Refresh tokens, if issued, are stored in an HTTP-only, Secure, SameSite=Lax cookie that is inaccessible to JavaScript running in the browser.
Network & Technical Data
Transparency notice: As a real-time multiplayer platform powered by WebSocket connections, we necessarily process your IP address and device metadata to route game traffic. This section explains exactly what that means.
When your browser establishes a WebSocket connection to our game servers, our infrastructure logs your IP address, connection timestamp, and basic client metadata (browser engine, OS family) for the following operational purposes:
Latency Routing
Directing your connection to the nearest server region to minimise match ping.
DDoS Mitigation
Detecting and rate-limiting abusive connection patterns that would degrade the experience for all players.
Fraud & Abuse Prevention
Identifying multi-account patterns, ban evasion attempts, and bot traffic.
Server Diagnostics
Debugging disconnect events, packet loss anomalies, and infrastructure failures.
Raw connection logs containing IP addresses are retained for a maximum of 30 days before automatic deletion, unless a security event requires extended retention for investigation.
Data Sharing & Third Parties
We do not sell, rent, or trade your personal data. Full stop. The following are the only circumstances under which your data may leave our direct control:
Infrastructure Providers
We host on cloud infrastructure providers (such as a managed Kubernetes or VPS provider). These providers process data on our behalf under strict Data Processing Agreements (DPAs) and may not use your data for any other purpose.
Legal Obligations
We may disclose data when compelled by a valid legal order from a competent authority (e.g., court order, government subpoena). We will notify affected users to the extent legally permitted.
Safety Emergencies
In rare circumstances where there is a credible, immediate threat to the safety of a person, we may disclose the minimum necessary data to the appropriate authorities.
Business Transfers
In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity. We will notify you via email and provide a 30-day window to request deletion before any transfer is completed.
Data Retention
We retain your data only as long as necessary to fulfil the purpose for which it was collected, or as required by law.
All account data and platform data is retained for the lifetime of your account.
Upon account deletion, all personally identifiable information (name, email, OAuth identifiers) is purged within 30 days. This is irreversible.
Anonymised match records and aggregate statistics (e.g., total matches played, ELO distribution) may be retained indefinitely for platform integrity and historical leaderboard purposes. These records cannot be linked back to you after account deletion.
Raw server logs containing IP addresses are purged after 30 days. Aggregated abuse-detection signals may be retained longer in anonymised form.
Security
Security is not an afterthought at Logic Arena — it is a core design requirement. We implement the following measures to protect your data:
Encryption in Transit
All communication between your browser and our servers is encrypted using TLS 1.2+. WebSocket connections use WSS (WebSocket Secure).
Encryption at Rest
Sensitive fields in our database are encrypted at the column level. Passwords are hashed with bcrypt (cost factor 12+) and are never stored in plain text.
Access Controls
Production database access is restricted to a minimal set of backend services operating under least-privilege principles. No human can query raw user data without an audited approval workflow.
Infrastructure Hardening
Our servers do not expose unnecessary ports. SSH access is key-only and MFA-protected. All infrastructure changes are deployed through a CI/CD pipeline with mandatory review gates.
No system connected to the internet can guarantee absolute security. We encourage you to use a strong, unique password (or OAuth), and to contact us immediately at the address on our Contact page if you discover a potential security vulnerability.
Children's Privacy
Logic Arena is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you are under 13, you may not create an account or use the platform.
If you are a parent or guardian and believe that your child has provided us with personal data without your consent, please contact us immediately via our Contact page. We will investigate and delete the data promptly.
Your Rights
Depending on your jurisdiction, you may hold a number of statutory rights over your personal data. We honour these rights regardless of whether you are located in a jurisdiction that legally mandates them.
You may request a copy of all personal data we hold about you.
You may request correction of inaccurate or incomplete data. Many fields (username, avatar) can be updated directly in your account settings.
You may request deletion of your account and associated personal data. Match records will be anonymised, not deleted, to preserve platform integrity.
You may request that we restrict processing of your data while a dispute is being resolved.
You may request an export of your account and match data in a structured, machine-readable format (JSON).
You may object to processing based on our legitimate interests, including analytics and communications not covered by your consent.
To exercise any of these rights, contact us via the Contact page. We will respond within 30 days. No fee is charged for submitting a rights request.
Changes to This Policy
We may update this Privacy Policy as the platform evolves. When we make material changes — changes that meaningfully affect your rights or how we use your data — we will notify you by email and post a prominent notice in the platform for at least 14 days before the changes take effect.
Continued use of Logic Arena after the effective date of a revised policy constitutes your acceptance of the updated terms. If you do not agree, you may delete your account before the changes take effect.
Minor, non-material changes (such as clarifications or formatting updates) may be made without advance notice, but the "Last updated" date will always reflect the current revision.
Cookie questions? Read our Cookie Policy · Contact our team