Privacy Policy

1. Summary

GamesOMG ("we", "us", "our") operates the website at gamesomg.com. We collect very little personal data, we never sell it, and we don't use it to advertise to you. The site doesn't require an account, and the config generators run entirely in your browser — the settings you choose don't get sent to our servers unless you specifically click "Share" on a generated config.

This policy explains exactly what we collect, why, who we share it with, and your rights to access, correct, or delete it. If anything here is unclear, reach out.

2. Who we are

GamesOMG is operated by an independent team based in Virginia, United States. We can be reached for any privacy-related question at [email protected].

For California (CCPA) purposes, GamesOMG is the "business" that collects and processes personal information described in this policy. For EU/UK GDPR purposes, GamesOMG is the "data controller" for personal data described here.

3. What we collect

We collect three categories of information, depending on how you use the site:

A. Information you give us directly

• Contact email content. If you email [email protected], we receive whatever you send us — your email address, the message body, and any attachments.
• Shared config payloads. When you click "Share" on a generator, the settings you chose (e.g., "BabyMatureSpeedMultiplier=10") are sent to our server and stored against a short hash you can share with others. This payload contains no personal data — only your config choices. We also record the timestamp and a count of how many times that config gets loaded.

B. Information collected automatically

• Standard request logs (from Cloudflare, our hosting provider): IP address, user agent, requested URL, response code, timestamp. Used for security, abuse prevention, and basic uptime monitoring.
• Cookieless edge analytics (provided automatically by Cloudflare since our site is hosted on Cloudflare Pages): page views, country-level location, referrer, response codes — all measured server-side from request logs. No JavaScript runs on your device for this. No persistent identifier is set.
• Cookie-based analytics (Google Analytics 4, only if you consent): session events, page views, country/city-level location, anonymized IP, device type, broad demographics. We do not enable Google Signals or advertising integrations.

C. Information stored on your device (not sent to us)

• Your cookie consent choice — stored in browser localStorage as gamesomg_consent. Never sent to our server.
• In-progress generator settings — stored in browser localStorage so you don't lose your work on page reload. Stays on your device unless you click "Share."

4. Why we collect it

Under GDPR, every type of data collection needs a "lawful basis." Here are ours:

• Server logs and security data — Legitimate interest (preventing abuse, keeping the site online).
• Cookieless edge analytics (Cloudflare) — Legitimate interest (understanding which pages get used so we know what to build next; no personal data involved beyond what's needed to serve the page).
• Cookie-based analytics (GA4) — Consent (you opt in via the banner; if you don't, we don't load it).
• Shared config payloads — Consent (you actively click "Share" to send them) and legitimate interest (running the share feature).
• Email content you send us — Performance of a service (responding to your question).

5. How we collect it

• Directly from you — when you email us, click "Share" on a generator, or interact with the cookie banner.
• Automatically via your browser — request logs, analytics beacons.
• Stored on your device — localStorage and cookies (see the Cookie Policy for the full list).

6. Who we share it with

We don't sell personal data. We don't share it for advertising. The only parties that receive any of your data are the service providers we use to run the site, and only the minimum they need to do their job:

• Cloudflare (hosting + automatic edge analytics) — sees request logs as part of normal hosting operation. We use Cloudflare's built-in edge analytics, which run server-side; we do not run their separate JavaScript Web Analytics beacon. Cloudflare's privacy practices: cloudflare.com/privacypolicy.
• Google (Analytics) — receives GA4 analytics data only if you consent via the cookie banner. Google's privacy practices: policies.google.com/privacy.
• Email provider — emails you send to [email protected] are processed by our email provider for delivery and storage.

We may also disclose data if legally required (subpoena, court order, valid law-enforcement request) or if necessary to defend our legal rights. We do not voluntarily provide data to law enforcement without legal process.

7. How long we keep it

• Server access logs — typically 30 days, retained by Cloudflare.
• Cloudflare edge analytics — 6 months, aggregate only.
• Google Analytics — we have GA4 set to retain user-level and event-level data for the maximum 14 months; aggregate reports remain longer.
• Shared config payloads — retained indefinitely so shared links keep working. Contain no personal data. Can be deleted on request (see "Your rights").
• Contact emails — retained as long as the conversation thread is active, plus a reasonable archive period (typically 2 years) for reference. Deleted on request.
• Cookie consent record (localStorage on your device) — stays until you clear browser data or revoke consent.

8. How we protect it

We use industry-standard security practices: HTTPS for all connections, Cloudflare's network-level DDoS protection, principle-of-least-privilege access to backend systems, no storage of payment data (we don't process payments). Realistically, we are a small team — we don't claim to have enterprise-grade security infrastructure. If you have specific security concerns about your data, please don't send sensitive information through this site.

9. Your rights

Regardless of where you live, you can always:

• Email us at [email protected] to ask what we have on file, request a copy, request correction, or request deletion.
• Clear your browser data to remove localStorage and cookies from your device.
• Use the "Cookie Settings" link in the footer to revoke or change your analytics consent.

We aim to respond to requests within 30 days. If we can't (e.g., we can't verify your identity, or your request conflicts with legal obligations), we'll explain why.

10. California (CCPA / CPRA) rights

If you are a California resident, the California Consumer Privacy Act and California Privacy Rights Act give you additional rights:

• Right to know — what personal information we have about you, why we collected it, who we shared it with, and how long we keep it.
• Right to delete — request deletion of personal information we hold about you, subject to legal exceptions.
• Right to correct — request correction of inaccurate information.
• Right to opt out of sale/sharing — We do not sell or share personal information for cross-context behavioral advertising. But if you want to opt out of analytics anyway, use the Cookie Settings link or the GA4 opt-out methods in our Cookie Policy.
• Right to non-discrimination — we won't deny you service, charge different prices, or provide a lesser experience because you exercised your rights.
• Global Privacy Control (GPC) — if your browser sends a GPC signal, we honor it as an opt-out request for analytics consent.

To exercise any of these rights, email [email protected]. We may need to verify your identity (typically by confirming you control the email address you're contacting us from).

11. EU / UK (GDPR) rights

If you are in the European Union, European Economic Area, or United Kingdom, you have rights under GDPR and UK GDPR:

• Right of access — what data we hold and how it's processed.
• Right to rectification — correct inaccurate data.
• Right to erasure ("right to be forgotten") — delete your data, subject to legal exceptions.
• Right to restrict processing — limit how we use your data.
• Right to data portability — receive your data in a portable format.
• Right to object — object to processing based on legitimate interest.
• Right to withdraw consent — at any time, for any processing based on consent.
• Right to complain — to your local data protection authority (e.g., the ICO in the UK, the CNIL in France, the BfDI in Germany) if you think we've mishandled your data.

To exercise these rights, email [email protected].

12. Children's privacy

GamesOMG is intended for users aged 13 and over. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child under 13 has provided personal information to us, please email [email protected] and we will delete it.

Users between 13 and 17 should use the site with parental awareness and consent, per the Terms of Service.

13. International data transfers

GamesOMG is operated from the United States. Our service providers (Cloudflare, Google) operate globally. If you are accessing the site from outside the United States, your data may be transferred to and processed in the US or other countries.

For transfers from the EU/UK to the US, we rely on the Data Privacy Framework where applicable and standard contractual clauses where the framework does not apply. Cloudflare and Google publish their own transfer mechanisms in their privacy documentation.

14. Changes to this policy

If we materially change what we collect, how we process it, or who we share it with, we'll update the "Effective" date at the top of this page, and the cookie consent banner will re-prompt all users (so you can review your choices in light of the change). Minor updates (typo fixes, clarifications) won't trigger a re-prompt.

15. Contact

Privacy questions, data requests, complaints, anything else: [email protected].

Postal address: GamesOMG, Virginia, United States. (For formal legal correspondence, please email first so we can provide a specific delivery address.)

See also: Cookie Policy · Terms of Service · About