Legal

Privacy Policy

What Gridforged stores, why we need it, and how to get rid of it.

Last updated: 2026-05-18

Gridforged ("Gridforged", "we", "us") operates the website at gridforged.com and the Gridforged game client. This policy explains the limited personal data we collect when you sign in to a Gridforged account and how we handle it. By using the Gridforged sign-in flow you agree to the practices described here.

1. What we collect

We only collect what we need to operate accounts, matchmaking, and the leaderboard:

  • Sign-in provider identifier. A stable, opaque user ID issued by your chosen provider (Google, Apple, or Steam). For Google sign-in this is your Google Account's unique ID (sub claim).
  • Email address. Returned by your provider when you grant the email scope. Used for account/security contact and support-assisted account requests. We do not use email matching to merge accounts, and we do not send marketing email.
  • Display name and avatar URL. The basic profile data your provider exposes (profile scope for Google). Used to show your name in-game and on the leaderboard. You can override this with a Gridforged username at any time.
  • Gridforged profile data. Your in-game username, MMR, games played, and match history — generated by the game, not received from the provider.
  • Operational logs. IP address, user agent, and request timestamps, retained for a short window for abuse prevention and debugging.

We do not request, store, or transmit your provider password, contact list, calendar, drive contents, messages, or any other scope beyond openid, email, and profile (or the equivalent on Apple and Steam).

2. How we use Google user data

Gridforged's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We use Google account data only to authenticate you, create or open your Gridforged profile, and link multiple providers to a single profile when you ask us to.
  • We do not sell Google user data and we do not use it to serve ads.
  • We do not transfer Google user data to third parties except as needed to provide or improve the sign-in feature, comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to you.
  • We do not allow humans to read Google user data, except: (a) with your explicit consent, (b) for security purposes (e.g., investigating abuse), (c) to comply with applicable law, or (d) where the data is aggregated and used for internal operations in line with the policy.

3. How the data is used

  • Authentication. Confirm it's really you when you sign in and keep your session active.
  • Account linking. Connect Google, Apple, and Steam identities to the same Gridforged profile after you prove ownership by signing in with each provider.
  • Game state. Persist your profile, MMR, match history, and leaderboard standing.
  • Service health. Investigate bugs, prevent fraud, and enforce the Terms of Service.

We do not use your data for advertising, profiling, or sale to data brokers.

4. Where the data lives

Authentication is brokered by Google Firebase Authentication (project gridforged-game). Profile and match data live in databases operated by Gridforged on Google Cloud Platform (Cloud Run, Firestore, and related services) in US regions. These providers act as sub-processors under their own terms; we do not share your data with any other third party for their independent use.

5. Retention

  • Profile data is kept while your account exists. If you ask us to delete it, we remove your profile within 30 days, subject to backups that roll off within an additional 30 days.
  • Operational logs are retained for up to 90 days, then purged automatically.
  • Anonymized match history (no identifying provider data attached) may be retained indefinitely for game balancing and matchmaking statistics.

6. Your controls

  • Revoke Google access. You can also revoke Gridforged's access from your Google Account permissions page. This signs you out and prevents future Google sign-in until you re-grant access.
  • Access or delete your data. Email chase.c.cargill@gmail.com from the address tied to your account and we will verify the request, then export or delete your data within 30 days.
  • Correct your data. You can edit your in-game username directly. For other corrections, contact us at the email above.

7. Children

Gridforged is not directed to children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect data from them. If you believe a child has signed in, contact us and we will delete the account.

8. Security

We rely on Google Firebase Authentication and Google Cloud Platform for transport encryption (HTTPS), at-rest encryption, and access control. We do not store provider passwords. No system is perfect, so we cannot guarantee absolute security, but we will notify affected users without undue delay if a breach affects their data.

9. International users

Gridforged is operated from the United States. If you access the service from another region, your data is processed in the US under US law. By using the service you consent to that transfer.

10. Changes

We may update this policy as the game evolves. Material changes will be announced on the site and the "Last updated" date above will be bumped. Continued use after a change means you accept it.

11. Contact

Questions, requests, or complaints: chase.c.cargill@gmail.com.