Privacy Policy

1. Who is responsible for your information?

Agnibeena Entertainments is the controller of personal information used for the Service. This means we decide why and how that information is used.

Privacy contact: privacy@agnibeena.com

2. Scope of this Policy

This Policy applies to personal information handled through the Service. It does not control how independent third-party websites, public data sources, AI providers, payment providers, app stores or external services use information under their own privacy notices.

3. Information we collect

3.1 Account and profile information

• Username, display name and internal account identifier.
• Email address, verification status and account recovery information.
• Profile image or avatar where available.
• Account creation, update and account-status information.

3.2 Login and security information

• Password and recovery-code hashes. We do not store readable copies of passwords or recovery codes.
• Google account identifier, name, email address and profile image when you choose Google sign-in or connect Google to an account.
• Passkey public keys, credential identifiers, device or user-provided labels, backup status, creation date and last-used date.
• Session identifiers, sign-in time, last-active time, device or browser label, signed-in country code and last-active country code.
• Cloudflare Turnstile results and other security or rate-limit information used to detect bots and abuse.

We do not receive your Google password. We also do not receive or store the fingerprint, face scan, device PIN or other local biometric information used by your device to approve a passkey.

3.3 Game and multiplayer information

• Games played, game modes, room and match identifiers, opponents and timestamps.
• Moves, shots, actions, scores, timers, win/loss/draw results, forfeits, timeouts, disconnects and abandonment information.
• Ratings, leaderboard positions, personal bests and game-specific statistics.
• Saved replays and completed-match replay data.
• Room connection, reconnection and synchronisation events.

3.4 Graphden local, AI and cloud information

• Local projects, imported files and chart settings may be stored in your browser when you use local-only features.
• When you use AI extraction or AI Review, selected source text, extracted rows, evidence snippets, page numbers, source references, settings, job identifiers and usage/quota metadata may be processed by Agnibeena servers and infrastructure providers to produce the requested result.
• When you use cloud save, version history, review links or hosted publishing, project names, chart settings, imported project data, annotations, sources, methodology notes, version snapshots, share-link identifiers, sharing status and review comments may be stored by Agnibeena.
• AI job metadata may include input length, output row count, model identifier, prompt version, job status, error codes and timestamps. We aim not to store full private source text in normal diagnostic logs.

3.5 Technical and diagnostic information

• IP address and network information processed by Cloudflare and, where necessary, by our server for security and delivery.
• Browser, operating system, device class, language and approximate country information.
• Rendering availability, connection errors, performance events, game synchronisation results and crash or error details.
• Control mode, display mode and limited configuration information needed to troubleshoot the Service.

3.6 Communications

• Messages and information you send when requesting support, reporting a problem or making a privacy request.
• Email delivery and verification status for account-security messages.

4. How information is collected

• Directly from you when you create an account, choose a username, contact us or change account settings.
• Automatically when you use the website, sign in, play games or connect to multiplayer rooms.
• Directly when you choose to run Graphden AI extraction or review, save a Graphden project to the cloud, create a shared review link or post a review comment.
• From Google when you choose Google sign-in.
• From your browser or passkey provider when you register or use a passkey.
• From Cloudflare when it provides hosting, network, security, Workers, databases, Turnstile and AI infrastructure.

5. Why we use information and our lawful bases

Where UK or EU data-protection law applies, we use personal information under one or more lawful bases described below.

Our legitimate interests include operating a fair and reliable service, protecting accounts and users, preventing cheating and fraud, protecting Agnibeena’s platform, and understanding and fixing technical failures. We consider the impact on users before relying on legitimate interests.

6. Information visible to other users

Depending on the feature, the following may be public or visible to opponents and other users:

• Username, display name and avatar.
• Leaderboard position, rating, wins, losses, draws and selected personal records.
• Match participants, results, dates and replay information.
• Presence in a private room and actions taken during an online match.
• Graphden project content and project-owner display name when you create an enabled review or publish link.
• Review comments and commenter display names on a shared Graphden project.

Your email address, login methods, password or recovery hashes, passkey credentials and active-session details are not intended to be public. Do not use your real name as a username unless you are comfortable with it being visible to others.

7. Who processes or receives information?

We share information only where necessary to operate, secure or legally support the Service.

We do not sell personal information. We do not currently share personal information for targeted advertising.

8. Cookies, local storage and similar technologies

The Service uses cookies and browser storage that are necessary for sign-in, security, reconnecting to games and remembering settings. Current uses may include secure authentication cookies, Cloudflare security or challenge cookies, local storage for interface and Graphden local projects, temporary room or reconnect information, and short-lived verification or anti-abuse data.

Agnibeena does not currently use advertising cookies or third-party behavioural tracking. If non-essential analytics, advertising or marketing technologies are introduced, this Policy and any required consent controls will be updated first.

9. International processing

Cloudflare, Google, Resend and other service providers may process information in countries outside the country where you live. Where required, we rely on recognised legal safeguards, provider contractual commitments or other lawful transfer mechanisms.

10. How long we keep information

We keep personal information only for as long as reasonably necessary for the purposes described in this Policy, including security, dispute resolution and legal requirements. Retention depends on the type of information and how the feature is used.

• Account and profile information is normally kept while the account remains active and is deleted or anonymised following a valid deletion request, subject to limited exceptions.
• Active-session information is kept until the session is revoked, signed out or expires under the Service’s security settings.
• Verification, recovery, passkey challenge and rate-limit records are generally short-lived and removed or overwritten after use or expiry.
• Saved replays are kept until deleted, displaced by a feature limit, removed for maintenance or deleted with the account where technically possible.
• Graphden cloud projects, versions, share links and review comments are kept until you delete or disable them, feature limits remove older versions, the account is deleted, or retention is otherwise required for security or legal reasons.
• AI job metadata and technical diagnostic events are normally kept only as long as needed for quota, reliability, security and support. Privacy-safe daily aggregates may be kept longer for reliability trends.
• Match results, ratings and integrity records may be retained for as long as needed to maintain fair leaderboards, resolve disputes, prevent abuse or preserve completed-match history. They may be anonymised when an account is deleted.
• Support and privacy communications are kept for as long as needed to handle the request and maintain an appropriate record.

Backup copies may persist for a limited period before being overwritten. Anonymous or aggregated information that no longer identifies a person may be retained longer.

11. Security

We use reasonable technical and organisational measures designed to protect personal information. Measures used by the current Service include hashed passwords and recovery codes, passkeys, secure session controls, re-authentication for sensitive account changes, session review and revocation, rate limits, Cloudflare security services, Turnstile, restricted database access and server-side account authority.

No internet service can guarantee absolute security. Use a strong unique password, protect your recovery code and revoke unfamiliar sessions or passkeys promptly.

12. General audience and children

The Service is intended for a general audience and does not currently request a date of birth. We aim to minimise information collection and do not currently use personal information for targeted advertising.

A user who cannot legally manage an account or understand this Policy should use the Service with a parent or legal guardian. A parent or guardian who believes personal information has been provided inappropriately may contact privacy@agnibeena.com so that we can review and, where appropriate, delete or restrict it.

13. Your data-protection rights

Depending on where you live and the circumstances, you may have the right to request access, correction, deletion, restriction, objection, portability, withdrawal of consent and complaint to a data-protection authority.

To exercise a right, email privacy@agnibeena.com. We may ask for information reasonably necessary to verify identity and account ownership. Rights are not absolute and may be limited by law, security needs or the rights of others.

14. Account and project deletion

You may request account deletion by emailing privacy@agnibeena.com, preferably from the verified email connected to the account. We may require additional verification to prevent unauthorised deletion.

A valid deletion request may remove or anonymise account details, authentication methods, passkeys, active sessions, saved replays, Graphden cloud projects, project versions, share links, review comments and personal statistics. Limited match-integrity, security, legal or dispute records may be retained or anonymised where necessary.

Where available, you may also delete individual Graphden sources, extraction history, projects, versions, review links or published outputs through product controls.

15. Automated decisions and AI-assisted features

The Service may automatically apply game rules, timeouts, rate limits, security checks, room locks, result validation, AI quotas, extraction validation, duplicate detection, completeness checks and abuse-prevention controls. These actions support gameplay, security and product functionality and are not intended to make legal or similarly significant decisions about users.

AI-assisted Graphden output should be manually checked before reliance or publication.

16. Third-party links and services

The Service may link to external websites or use third-party sign-in and infrastructure. When you deliberately import a public URL or run a SPARQL query, your browser or our server may send requests to the selected external data provider, which may receive request metadata. Their independent processing is governed by their own privacy notices.

17. Changes to this Policy

We may update this Policy when features, providers, data uses or legal requirements change. The effective date at the beginning will show the latest version. Material changes may also be announced on the website or through an account notice.

This Policy should be reviewed before introducing advertising, non-essential analytics, payments, broader user chat, marketing emails, optional model training, hosted publishing analytics or new categories of personal information.