Skip to content
lesurylesury

· Legal ·

Privacy Policy

Effective Date: March 31, 2026

At lesury, we believe the only thing that should stay after a party is the memories—not your data. This policy explains how we handle information when you use the lesury platform, including the Controller (phone), Host Display (TV), user accounts, and our website.

1. Information We Collect

Because lesury operates on a "Controller-to-Host" model and offers optional user accounts, the data we collect depends on how you use the platform:

  • Account Information: If you sign in using Google OAuth, we collect your email address and display name as provided by Google. We do not store passwords—authentication is handled entirely by Google.
  • Game Session Data: When a game session completes, we store a record including the game type, player count, final game state, and per-player results (player name, placement, and game statistics). If you are signed in, this data is linked to your account and visible on your profile page.
  • Transient Game Data: This includes nicknames, "Message" inputs (text, button presses, slider values), and sketches sent via the JSON protocol to progress the game state. These inputs are processed in real-time and are not stored after the session ends.
  • Technical Identifiers: We may collect temporary session IDs, IP addresses (to facilitate the socket connection), and basic device/browser metadata to ensure the game renders correctly on your specific phone or TV.
  • Leads & Feedback: If you submit your email through our newsletter or early access forms, or submit feedback via our contact form, we store that information for communication and product improvement purposes.
  • Anonymous Identifiers: If you interact with game "like" features without being signed in, we generate and store a random anonymous identifier in your browser's Local Storage. This token is used solely to track your likes and is not linked to any personal information.
  • Guest Play: You do not need to create an account or provide an email address to play as a guest joining a Host's room. Guests only generate transient game data.

2. Data Processing & The "Reducer" Logic

Our platform uses a Pure Reducer Architecture. This means:

  • Real-Time Processing: Your inputs are processed in real-time to update the game state.
  • Game Session Recording: When a game session completes, the final game state, player placements, and statistics are permanently stored in our database. If you are signed in, this data appears on your profile page.
  • In-Game Inputs: Individual in-game inputs (text answers, drawings, button presses) are processed in real-time and are not stored after the game session ends, unless they contribute to the final game state record.
  • No Cross-Site Tracking: We do not track your browsing activity across other websites. However, we do use analytics services within the lesury platform as described in Section 5.

3. How Your Information is Shared

  • The "Room" Environment: Any data you input into your Controller (that is not marked as "secret" by the game logic) will be broadcast to the Host Display. Be aware that anyone in the physical room or viewing a stream of the Host Display will see your submitted nickname and game content.
  • Service Providers: We share data with the following trusted third-party providers solely to operate and improve the platform: Google (authentication via OAuth), Supabase (database hosting and authentication infrastructure), Vercel (application hosting and performance analytics), Google Analytics (usage analytics), and Microsoft Clarity (session recordings and heatmaps). These services are bound by their own privacy policies and data protection agreements.
  • No Third-Party Sales: We do not sell, rent, or trade your personal data or game inputs to advertisers or data brokers.

4. Local Storage & Cookies

We use Local Storage, Session Storage, and cookies on your browser for the following functional purposes:

  • Authentication Cookies: HTTP-only session cookies managed by our authentication provider (Supabase) to keep you signed in.
  • Game Session Persistence: Session Storage stores your player ID, name, avatar icon, and color for the duration of a game room session. This prevents you from being kicked out if you accidentally refresh your browser.
  • Anonymous Likes Token: A random anonymous identifier stored in Local Storage to track your game likes if you are not signed in.
  • Liked Games List: A Local Storage record of which games you have liked.

These storage mechanisms are used solely for functional purposes. They are not used for advertising or cross-site tracking.

5. Analytics and Tracking

We use the following analytics services to understand how the platform is used and to improve the experience:

  • Google Analytics 4: Collects page views and custom events including room creation, game starts and completions, player joins, share actions, lead captures, and feedback submissions. Data is processed by Google in accordance with their privacy policy.
  • Microsoft Clarity: Records user sessions including mouse movements, clicks, scrolls, and page interactions. Generates heatmaps of user activity. This involves session replay technology. Data is processed by Microsoft in accordance with their privacy policy.
  • Vercel Analytics: Collects web performance metrics (Core Web Vitals) to monitor site speed and reliability.

You can limit analytics data collection by using browser privacy settings, enabling "Do Not Track," or using ad-blocking extensions.

6. Data Retention and Account Deletion

We retain different types of data for different periods:

  • Account Information: Retained as long as your account is active.
  • Game Session Data: Retained indefinitely to power your profile statistics and game history.
  • Leads & Feedback: Retained indefinitely for communication and product improvement.
  • Account Deletion: To request deletion of your account and all associated personal data, please use the contact form on our website. We will process deletion requests within 30 days, permanently removing your account information, game session history, and any associated data from our active databases.

7. Children's Privacy

lesury is intended for a general audience. Because we do not require Personal Identifiable Information (PII) like full names, addresses, or emails to join a game as a guest, we are designed to be globally privacy-friendly. However, users must be at least 13 years old (or the minimum age of digital consent in your jurisdiction, such as 16 in the EU) to create a registered account. We encourage parents to supervise children's play, as user-generated content (nicknames/text inputs) is instantly visible on the shared screen.

8. Security

We use industry-standard encryption (HTTPS/WSS) to protect the data traveling between your devices and our servers. Additional security measures include CSRF protection on all API routes, rate limiting on data submission endpoints, and Row Level Security on our database tables to ensure users can only access their own data. No system is 100% secure, and by using lesury you acknowledge the inherent risks of transmitting data over the internet.

9. Changes to This Policy

As we add new game modes or features to the lesury engine, we may update this policy. We will notify users of significant changes by updating the "Effective Date" at the top of this page.

10. Contact Us

If you have questions about this Privacy Policy, want to exercise your data rights, or need to request account deletion, please use the contact form available on our website.