Privacy Policy

This Privacy Policy explains what information Canavar Online ("we", "us", the "Service") collects, how we use it, and your rights. By using the Service you agree to this policy and our Terms of Service.

1. Who we are

Canavar Online is a free multiplayer arena game playable on the web and Android. Contact: canavaronlinecom@gmail.com.

2. Information we collect

We keep data collection to the minimum needed to run a multiplayer game:

• Account data: username, securely hashed password, optional email, optional bio. You may also play as a guest (anonymous), in which case we generate a random identifier instead of a password.
• Game data: level, experience points, match history, win/loss records, ELO rating, in-game currency, unlocked characters, selected character.
• Social data: friends list, incoming/outgoing friend requests, channel memberships, block list, match-mates you have recently played with.
• Chat messages: every chat message sent in channels or waiting rooms is stored for moderation purposes (see §5).
• IP address: the IP you connect from is recorded at each login for anti-abuse and ban evasion detection.
• Device / push data: Firebase Cloud Messaging token for push notifications, platform identifier (e.g. "android"). Used only to deliver game invites.
• Reports: if you report another user, we store the report (who, whom, reason, optional context) so admins can review it.
• Translation cache: when chat translation is enabled and a message is sent to a player whose translation language differs from yours, the message text is sent to OpenAI's translation API and the result is cached on our server (text + target language → translated text). The cache lets repeat phrases avoid additional API calls. See §6.
• Technical data: standard server logs (timestamps, request routing, error traces) — retained for a short period for debugging.

We do not collect: precise location, contacts, photos, SMS, call logs, browsing history, or any sensitive category defined by GDPR.

3. How we use your data

• Operate the game — authenticate you, match you with players, persist your stats and characters.
• Deliver social features — friends, channels, invites, online status, push notifications.
• Enforce fair play and safety — investigate reports, ban cheaters and harassers, detect ban evasion by IP.
• Improve the Service — aggregate analytics (never identifying individual users in reports).

We do not sell, rent, or trade your data. We do not run third-party ads or ad-tracking SDKs.

4. Legal basis (GDPR)

• Contract: most data is required to deliver the game you signed up for.
• Legitimate interest: IP logging, chat logging, and moderation data help us keep the community safe.
• Consent: push notifications are opt-in; you can disable them any time in Settings.

5. Chat logging and moderation

All chat messages in channels and waiting rooms are recorded with sender, recipient scope, and timestamp. These records are used exclusively for:

• Investigating user reports about harassment, cheating, or illegal content.
• Issuing warnings or bans to users who violate the Terms of Service.

Chat logs are not exposed to other players, sold, or shared with third parties. They are automatically deleted after 6 months unless attached to an open abuse case.

6. Third parties

We use the following processors:

• Google Firebase Cloud Messaging — delivers push notifications. Only your FCM token and the invite payload are sent. See Firebase's privacy policy.
• OpenAI (translation API) — when chat auto-translation is enabled, individual chat messages are sent to OpenAI to be translated into the recipient's language. We send only the message text and the target language code; we do not send your username, account ID, or any other identifier. OpenAI does not use API inputs to train its models per its API data policy. See OpenAI's API data usage policy. You can disable chat translation any time in Settings → Translation language.
• Our hosting provider — stores the database and serves game traffic. The hosting is located in the EU/US region.

7. Data retention

• Account data: kept as long as the account exists.
• Chat logs: 6 months.
• IP logs: 6 months.
• Reports: until resolved + 12 months for audit trail.
• FCM tokens: removed automatically when they become invalid.

8. Your rights

You can, at any time:

• Access the data we hold about you.
• Correct inaccurate data (username, bio, email via in-game settings).
• Delete your account — email us at canavaronlinecom@gmail.com from the address associated with your account. Within 30 days your account, stats, chat logs, and IP logs will be irreversibly deleted. Match participation records may be retained in anonymized form for leaderboards.
• Port your data — we will provide a JSON export on request.
• Object to specific processing (e.g. chat logging) — note that this may prevent you from using features requiring moderation.
• Lodge a complaint with your national data protection authority.

9. Children

The Service is not directed at children under 13. If you are under 13 (or under the age of digital consent in your country), do not create an account. If we learn we have collected data from a child under 13 without parental consent, we will delete it.

10. Security

Passwords are stored with per-user salt and modern key-derivation. Traffic between your device and our servers is encrypted (WSS/HTTPS). No system is 100% secure; we follow industry-standard practice and respond quickly to reports of vulnerabilities.

11. Changes to this policy

We will post material changes here and update the "Last updated" date. If changes are significant we will prompt you to re-accept the policy inside the app.