Privacy Policy

1. Who we are Let's Play Together ("LPT", "we") is the controller of your personal data when you use our app and website. We operate from Chile and comply with Chile's Personal Data Protection Law 19.628, as well as with the EU General Data Protection Regulation (GDPR) and Brazil's Lei Geral de Proteção de Dados (LGPD) where applicable. For privacy inquiries write to privacy@letsplaytogether.app. 2. What data we collect 2.1 Account data. Email, username, password (processed by Stack Auth Inc. — our cloud identity provider, app.stack-auth.com — as a cryptographic hash, never in plain text), date of birth, country of residence, full legal name (where provided for billing), registration IP, timestamp and version of the Terms and Privacy Policy you accepted, and language preference. Date of birth and country are used to verify eligibility (legal age and jurisdictional suitability) and to comply with legal obligations. 2.2 Session data. Temporary room codes, connection IPs (to establish the peer-to-peer link and select the nearest TURN server), device identifiers, and technical stream metadata (bitrate, latency, errors). For security and audit purposes we also retain the IP address and browser or client user-agent of every successful or failed login attempt (admin panel, account portal, identity-provider sync, room access as a viewer, and broadcaster login). These records are retained for up to 90 days and are used for unauthorized-access detection, incident investigation, and responding to data-access requests. 2.3 Payment data. If you subscribe, the processor (FLOW as the primary provider — charges CLP to both Chilean and international users; Dodo Payments Inc. remains as alternative Merchant of Record, pending KYC enablement) collects your card or payment-method data. We only store the transaction identifier, date, amount, plan, currency, status, and the last 4 digits of the card when the processor exposes them to us. We never store or see your full card number. 2.4 Usage and diagnostics. Anonymous or pseudonymized error and performance logs sent to Sentry and Axiom to detect failures and improve the Service. We also use Cloudflare Web Analytics to count aggregated pageviews (no cookies, no persistent identifiers, no individual profiling or cross-tracking across sessions). 2.4.1 Streaming quality telemetry. During each active session we collect anonymous numeric technical metrics tied to an internal session identifier: frames per second, drops, latency (RTT), bitrate, codec, resolution, connected viewer count, and duration. We do NOT collect video, audio, chat, viewer IP, name of the game you're streaming, or screen content. Sampling cadence is one snapshot per minute and the upload runs off the critical streaming path, with no perceptible impact. These metrics are kept for up to 90 days and are used to detect quality issues (microstutters, latency spikes, drops) and improve Service performance. Each viewer also reports equivalent metrics from the receiving side (received and displayed frames, decode time, RTT, jitter, packet loss) plus pre-bucketed cohort fields (device class, browser family, OS family, screen-resolution class). We do NOT send the raw User-Agent or exact screen resolution — only aggregated categories that do not allow individual fingerprinting. 2.5 Communications. If you contact us by email, we retain that exchange to provide support. 2.6 Viewer reports. When a viewer reports a room, we store the textual content of the report, the reported room and broadcaster, the reporting viewer (when authenticated), the date, the reporter's IP, and the review outcome. This data is used exclusively to evaluate the report and apply enforcement actions (clause 10.2 of the Terms), and is retained alongside the corresponding moderation action for audit purposes. We do NOT perform automatic screenshot capture or AI content analysis. 3. Legal basis We process your data under the following legal bases: - Contract performance: account, session and payment data needed to provide the Service. - Consent: marketing communications (only if you expressly accept) and non-essential cookies. - Legitimate interest: security, fraud prevention, and Service improvement through aggregated metrics. - Legal obligation: retention of tax documents for the period required by law. 4. Why we use your data - Provide the Service and keep you authenticated. - Establish peer-to-peer connections and select the TURN node by region. - Process payments and issue tax documents. - Send transactional emails (payment confirmation, trial expiry, renewal reminders, account closure). - Detect abuse, fraud and errors. - Comply with legal obligations when required. 5. Who we share data with We do not sell personal data. We share only with the following processors, under contract and on a minimum-necessary basis: - FLOW — primary payment processor (Chile, Santiago); charges CLP to Chilean and international users and issues Chilean SII tax invoices. - Dodo Payments Inc. — alternative international Merchant of Record (United States / global), pending KYC enablement. - Stack Auth Inc. — cloud identity provider (authentication, password hashing, account recovery) — United States / app.stack-auth.com. - Resend — transactional email delivery (US/EU). - Sentry — error diagnostics (US/EU). - Axiom — operational logs (US/EU). - Vultr (VPS provider) — main server and TURN node hosting (United States, Chile, and other countries depending on user region). - Cloudflare Inc. — DNS, CDN, network attack protection, captcha (Turnstile) and aggregated cookieless analytics (Web Analytics). US / global. - Competent authorities when a valid legal request exists. 6. International transfers Part of the processing takes place outside Chile. When we transfer data to countries without an equivalent protection level we apply standard contractual clauses or other guarantees recognized by applicable law. 7. Retention 7.1 Active account. We keep your data while your account is active. 7.2 Account closure — two-compartment process. When you close your account we do two distinct, separate things — it's important to understand them because they serve different purposes: (a) Operational database — immediate anonymization. In the database that LPT uses to run the product (login, rooms, in-flight payments, admin panel, etc.) we delete or anonymize personal data immediately: the email is replaced with a non-functional placeholder so the original is freed for future signups, the public nickname is released so another user can take it, external IDs (Stack Auth, payment processor) are unlinked, and fields such as IP, user-agent, date of birth and legal name are nulled. From that moment on, no module of the Service can display, search, or process those data — the account ceases to exist operationally. (b) Encrypted legal-defense archive — separate and retained up to 6 years. In parallel, we copy a snapshot of the account's personal data (historical email, used nicknames, declared date of birth, registration and last-access IPs, accepted Terms and Privacy versions, aggregated metrics of bans and reports received) into a SEPARATE archive, encrypted and isolated from the operational database. This archive is NOT available to any product flow — it is only accessed manually by authorized personnel under legal need: (i) Art. 6(1)(c) GDPR — legal obligation under Chile SII tax retention (6 years); (ii) Art. 6(1)(f) GDPR — legitimate interest in defending against later claims, chargebacks or investigations; (iii) Art. 17(3) GDPR exceptions to the right to be forgotten when a legal obligation coexists. After 6 years an automated job permanently deletes the archive. To request a copy after closure you must prove identity outside the Service (closing email + payment identifier or Stack Auth UID). 7.3 Why this distinction matters. The product's day-to-day operation works exclusively against the anonymized operational database; the legal-defense archive lives separately and is only touched on legal request. This simultaneously honors your right to be forgotten (Art. 17 GDPR) over the operational database, and our legal/tax obligations over the archive. 7.4 Tax documents. Accounting documents, invoices, and payment receipts are retained for the periods required by applicable law, regardless of account closure. 7.5 Operational logs. Operational and security logs (errors, access logs, moderation actions, login_audit) are retained for up to 90 days; after that period they are deleted or anonymized unless a valid legal request applies. 8. Your rights Under applicable law you may exercise the rights of: - Access: know what data we hold about you. - Rectification: correct inaccurate data. - Erasure: request deletion of your account and data. - Objection and restriction: object to certain processing. - Portability: receive your data in a structured format. - Withdraw consent at any time (without retroactive effect). To exercise them write to privacy@letsplaytogether.app from the email associated with your account. We will respond within 30 days. If you are not satisfied with our response you may complain to your country's supervisory authority (in Chile, the Consejo para la Transparencia; in the EU, your national data protection authority; in Brazil, the ANPD). 9. Minors The Service is not available to individuals under 18. We do not knowingly collect data from minors under that age. If we discover a minor under 18 has registered, we will close the account and delete the associated data (retaining only the minimum necessary to evidence closure against legal requests). Initial verification is carried out via self-declared date of birth at registration and age confirmation upon entering rooms; we may request additional documentary verification where reasonable suspicion exists. 10. Security We apply reasonable technical and organizational measures to protect your data: encryption in transit (TLS), hashed passwords, role-based access, access auditing, and environment segregation. No platform is invulnerable, so we cannot guarantee absolute security. 11. Changes We may update this policy. If the change is material we will notify you by email or within the Service at least 15 days in advance. 12. Contact Controller and de facto DPO: privacy@letsplaytogether.app.