PRIVACY POLICY

Your privacy matters. We're committed to being transparent about how we collect and use your data.

Version 1.1 Last Updated: March 23, 2026
👋
Introduction

Welcome to Pointless Button ("we", "our", "us"). We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our service.

TL;DR: We only collect what we need to make the game work. We don't sell your data, and you can delete your account anytime. Now go push that button!

👤
Data Controller

Pointless Button is operated by Balazs Simon (sole proprietor), who serves as the data controller responsible for your personal data.

For any privacy-related questions or requests, submit a ticket:

Submit Privacy Request
📊
Data We Collect

We collect the following categories of personal data:

Account Information

  • Username: Your display name
  • Email: For verification
  • Country: Optional

Game Data

  • Push Stats: Counts, streaks
  • Rewards: PBits, items
  • Preferences: Button, avatar

Technical Data

  • IP Address: Security
  • Session: Stay logged in
  • Timestamps: Activity
Legal Basis for Processing

We process your personal data under the following legal bases (GDPR Article 6):

  • Contract Performance: Processing necessary to provide our game service to you
  • Legitimate Interest: Security, fraud prevention, and service improvement
  • Consent: For optional features like marketing emails
🍪
Cookies & Similar Technologies

We use cookies to make our service work properly. Here's what we use:

Cookie TypePurposeConsent Required
EssentialSession management, authentication, security (CSRF protection)No - Required for site to function
FunctionalRemember your preferences (login, settings)No - Legitimate interest
Marketing EmailsPromotional emails (not cookies). Not opted-in by default. You can opt-in via "Get Free PBits" to receive occasional offers in exchange for bonus PBits.No - Opt-in only

Since we only use essential and functional cookies, no consent banner is required. We use privacy-friendly server-side analytics that don't use cookies.

📅
Data Retention

We keep your data for as long as your account is active. Specifically:

Until Deletion Account Data & Game Statistics
7 Years Transaction History (legal requirement)
90 Days Security Logs

When you delete your account, we remove or anonymize your personal data typically within 7 days, and no later than 30 days.

🚨
Data Breach Notification

In the unlikely event of a personal data breach that poses a risk to your rights and freedoms:

  • We will notify the relevant supervisory authority within 72 hours of becoming aware of the breach (GDPR Article 33)
  • If the breach is likely to result in a high risk to you, we will notify you directly without undue delay (GDPR Article 34)
  • Notifications will include the nature of the breach, likely consequences, and measures taken
🔐
Your Rights (GDPR Articles 15-22)

As a user, you have the following rights regarding your personal data:

Access - Request a copy of your data
Rectification - Correct inaccurate data
Erasure - Delete your account
Portability - Export your data
Restrict - Limit data processing
Object - Object to processing

How to Exercise Your Rights: Visit your account settings to download your data or delete your account, or submit a privacy request ticket. We will respond within 30 days.

👥
Data Sharing & Third-Party Services

We share data with these specific service providers:

  • Stripe — Payment processing (PCI DSS compliant). We never store your card details.
  • Railway — Application hosting. Our servers are in the EU.
  • Cloudflare — CDN and privacy-friendly analytics. No personal data stored, no tracking cookies.
  • Sentry — Error monitoring (only loaded with your consent). Helps us fix bugs.
  • Authentication Providers — Google, Facebook, GitHub, Discord, Twitter/X, Twitch, Steam. Used for login only — we receive your name and email.
  • Other Users: Public game data only (username, leaderboard stats)
  • Legal: If required by law or to protect our rights

We never sell your personal data.

🌎
International Transfers

Our servers are located in the European Union, providing strong data protection.

  • CDN is caching proxy only - no personal data stored
  • Payment processor is EU-based and GDPR compliant
👶
Children's Privacy

Our service is not intended for children under 13 (or 16 in some EU countries). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.

🔒
Security

We implement appropriate technical and organizational measures:

  • • Encryption in transit and at rest
  • • Secure authentication & password storage
  • • Access controls & security monitoring
  • • Fraud detection systems
📝
Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes via email or by posting a notice on our website. The "Last Updated" date at the top indicates when changes were last made.

💬
Contact Us

For privacy questions, data requests, or concerns:

Submit Privacy Request

You also have the right to lodge a complaint with your local data protection authority.

Secret Unlocked