Skip to content
PuzzleGenio - Free Puzzle Making Tools
PuzzleGenio

Privacy Policy

Last Updated: March 2026

Your Privacy Matters

PuzzleGenio is an online puzzle creation platform operated by an individual developer. We collect only what we need to provide our service, we never sell your data, and we give you full control over your information. This policy explains exactly what we collect, why, and how you can manage it.

What Data We Collect

Data You Provide Directly

Email Address

What we collect: Required for account registration.

Purpose: Account creation, login, password resets, and service notifications.

Password

What we collect: Required for email/password registration. Stored as a bcrypt hash โ€” we never store your plaintext password.

Purpose: Authenticating your login.

Nickname & Avatar

What we collect: Optional profile information you can set in account settings.

Purpose: Personalizing your profile display.

Puzzle Content

What we collect: Titles, word lists, configurations, and images when you create, save, or share puzzles.

Purpose: Saving, sharing, and displaying your puzzles.

Feedback & Comments

What we collect: Content you submit through our feedback form.

Purpose: Improving our tools based on your input.

Payment Information

What we collect: Processed entirely by Stripe. We never see or store your full card number.

Purpose: Processing premium feature purchases.

Data We Collect Automatically

IP Address

What we collect: Recorded at sign-in; stored as a SHA-256 hash for shared puzzles and AI usage logs.

Purpose: Security, rate limiting, and abuse prevention.

Device & Browser Information

What we collect: Browser type, operating system, and screen resolution via Google Analytics.

Purpose: Service optimization and ensuring cross-browser compatibility.

Usage Data

What we collect: Pages visited, puzzles generated, and features used via Google Analytics.

Purpose: Understanding how people use our tools to improve them.

Language Preference

What we collect: Detected from your browser settings.

Purpose: Serving content in your preferred language.

Data We Do NOT Collect

  • Phone numbers
  • Home or mailing addresses
  • Government-issued IDs
  • Biometric data
  • Precise location data

How We Use Your Data

We use your data only for the following purposes:

  • Providing and maintaining our puzzle creation service
  • Processing payments for premium features through Stripe
  • Sending service-related emails: password resets, daily challenges, and weekly digests (only if you opt in)
  • Improving our tools through anonymous usage analytics
  • Protecting the service from abuse through rate limiting and security monitoring

We do NOT use your data for automated profiling or training AI models. Ads displayed on our site are served by Google AdSense and may be personalized based on your browsing activity โ€” you can opt out via your Google Ad Settings.

Legal Basis for Processing (GDPR)

Under the EU General Data Protection Regulation (GDPR), we process your data based on the following legal grounds:

Contract (Art. 6(1)(b))

Account creation, login, payment processing, and core service delivery.

Consent (Art. 6(1)(a))

Marketing emails (daily challenge, weekly digest), analytics cookies (Google Analytics), and advertising cookies (Google AdSense). You can withdraw consent at any time.

Legitimate Interest (Art. 6(1)(f))

IP logging, rate limiting, and security monitoring to protect the service from abuse.

Legal Obligation (Art. 6(1)(c))

Retaining financial records (payment/order data) as required by tax regulations.

Third-Party Services

We use the following third-party services. Each processes data on our behalf:

Stripe

Payment Processing

Handles your payment details (card number, billing address). We never see or store your full card number โ€” we only receive a payment confirmation and transaction ID.

Privacy Policy โ†’

Google Analytics

Website Analytics

Collects anonymized usage data (pages visited, browser type, screen resolution). Only activated after you consent via our cookie banner for EU visitors. IP anonymization is enabled.

Privacy Policy โ†’

OpenAI

AI Puzzle Generation

Receives only the puzzle theme, difficulty, and word count you specify. Does NOT receive your email, account info, or personal data. Your inputs are not used to train AI models.

Privacy Policy โ†’

Resend

Transactional Email

Receives your email address to deliver service emails (password resets, daily challenges, weekly digests).

Privacy Policy โ†’

Vercel

Website Hosting

Our website is hosted on Vercel. HTTP requests and IP addresses are processed in server logs.

Privacy Policy โ†’

Cloudflare R2

Image Storage

Stores puzzle images you upload (jigsaw photos) and generated preview images for sharing.

Privacy Policy โ†’

Google / GitHub OAuth

Social Login

When you sign in via Google or GitHub, they share your email, name, and profile picture (only what you authorize) with us.

Privacy Policy โ†’

Google AdSense

Advertising

Displays ads on our site. Google may use cookies to serve ads based on your prior visits to our site or other websites. You can opt out of personalized advertising at Google Ad Settings (adssettings.google.com) or at www.aboutads.info.

Privacy Policy โ†’

We do not sell your data to data brokers. Advertising on our site is served solely through Google AdSense.

Data Storage and Security

Your data is stored on servers located in Singapore (Asia-Pacific). Our hosting provider (Vercel) may process requests through edge nodes globally, but persistent data resides in Singapore.

Security Measures

  • Passwords are hashed using bcrypt โ€” we never store plaintext passwords
  • Verification codes are hashed with SHA-256 before storage
  • IP addresses in logs are stored as irreversible SHA-256 hashes
  • All data in transit is encrypted via HTTPS
  • Rate limiting on authentication and API endpoints
  • Security headers (X-Frame-Options) to prevent clickjacking
  • Constant-time comparisons for tokens to prevent timing attacks
  • Payment data is handled entirely by Stripe โ€” card numbers never touch our servers

International Data Transfers

Our servers are in Singapore. If you are in the European Economic Area (EEA), UK, or Switzerland, your data is transferred outside the EEA. We protect these transfers through Standard Contractual Clauses (SCCs) approved by the European Commission. Our third-party providers (Stripe, Google, Vercel, Cloudflare) participate in the EU-U.S. Data Privacy Framework and/or maintain their own SCCs.

Cookies

We use the following cookies:

Strictly Necessary (No Consent Required)

  • Session cookies โ€” keep you logged in
  • CSRF token โ€” prevents cross-site request forgery attacks
  • Sidebar preference โ€” remembers layout state (7 days)

Analytics (Consent Required for EU Users)

  • Google Analytics (_ga, _ga_*) โ€” tracks anonymous usage patterns (up to 2 years)

Advertising (Consent Required for EU Users)

  • Google AdSense cookies โ€” used to serve and personalize ads based on your browsing activity. You can opt out at adssettings.google.com.

Local Storage (Not Cookies)

We also store data in your browser's local storage for puzzle configurations, UI preferences, and theme settings. This data never leaves your browser.

EU visitors can accept or reject non-essential cookies via our cookie consent banner. You can also clear cookies at any time through your browser settings.

Your Rights

For All Users

  • Access your data โ€” request a copy of all personal data we hold
  • Correct your data โ€” update inaccurate information
  • Delete your data โ€” request deletion of your account and all associated data
  • Export your data โ€” request a machine-readable copy
  • Opt out of emails โ€” click the unsubscribe link or adjust preferences
  • Withdraw consent โ€” for analytics cookies or marketing emails, at any time

Additional GDPR Rights (EEA, UK, Switzerland)

  • Restrict processing โ€” ask us to limit how we use your data
  • Object to processing โ€” object to processing based on legitimate interest
  • Data portability โ€” receive your data in a structured, machine-readable format
  • Lodge a complaint โ€” file a complaint with your local Data Protection Authority

How to Exercise Your Rights

Email us at [email protected] with your request. Include the email address associated with your account and specify which right you want to exercise. We will respond within 72 hours and fulfill your request within 30 days (GDPR) or 45 days (CCPA).

California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following rights under CCPA/CPRA:

  • Right to Know โ€” request what personal information we collect, use, and disclose
  • Right to Delete โ€” request deletion of your personal information
  • Right to Correct โ€” request correction of inaccurate information
  • Right to Opt Out of Sale/Sharing โ€” we do not sell your data. Google AdSense may constitute 'sharing' under CCPA; you can opt out of personalized ads at adssettings.google.com
  • Right to Non-Discrimination โ€” we will not treat you differently for exercising your rights

We do not sell your personal information. Google AdSense displays ads on our site and may use cookies for personalized advertising, which may constitute 'sharing' under CCPA. You can opt out of personalized ads at adssettings.google.com or through our cookie consent banner.

Data Retention

Active account data: As long as your account exists
Saved puzzles: As long as your account exists
Shared puzzles (not in gallery): 30 days, then auto-deleted
Payment and order records: Permanently retained for tax compliance
Verification codes: 24 hours, then expired
Google Analytics data: 14 months

When you request account deletion, we permanently delete your profile, saved puzzles, feedback, API keys, credits, and usage logs within 30 days. Payment records are anonymized but retained as required by law.

Children's Privacy

PuzzleGenio is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us at [email protected] and we will promptly delete it.

We Never

  • Sell your personal data to anyone
  • Share your data with data brokers
  • Use your puzzle content to train AI models
  • Send marketing emails unless you explicitly opt in
  • Store your plaintext password
  • Store your credit card number
  • Use your data for automated decisions that legally affect you
  • Collect data beyond what is described in this policy

Browser Extension

Our browser extension (PuzzleGenio - Daily Puzzles & Puzzle Maker) stores all data locally in your browser. It does not collect, transmit, or share any personal information. It requests only two permissions: contextMenus (for right-click puzzle creation) and storage (for saving game progress locally). No remote code is loaded or executed.

Data Breach Notification

In the event of a data breach, we will notify affected users by email within 72 hours and notify the relevant supervisory authority as required by GDPR. Our notification will include what happened, what data was affected, and what steps you can take.

Changes to This Policy

For significant changes (new data collection, new third-party services), we will notify registered users by email at least 14 days before changes take effect. For minor changes (clarifications, formatting), we will update this page without separate notification.

Contact Us

For privacy-related questions, concerns, or data requests, contact us at:

puzzlegenio.com[email protected]

Expected response time: within 72 hours.