Privacy Policy
DuckDuckWord ("we," "us," or "our") is an independent word game website operated by its owners. You can contact us at duckduckword@pm.me.
This Privacy Policy explains what information we collect when you visit and play DuckDuckWord (available at duckduckword.com, the "Site"), how we use it, and what rights you have regarding that information.
Your Information
Information You Provide to Us
We do not currently require you to create an account or submit any personal information to play DuckDuckWord. If you contact us via email, we will receive whatever information you include in that message (including your name and email address).
Information Collected Automatically
When you visit our Site, certain technical information is automatically collected, which may include:
- Log data: Your browser type, operating system, referring website, and the date and time of your visit. IP addresses may appear in our hosting provider's request logs for operational purposes such as debugging and abuse prevention.
- Geolocation: We briefly process your IP address in memory to derive an approximate country; only the country code is retained in our database. Country is derived from your IP address using a locally-bundled IP geolocation database (DB-IP Country Lite, © DB-IP, licensed under CC-BY 4.0). The database is queried on our own server; your IP address is never sent to DB-IP or any other third party.
- Analytics data: We collect basic usage data internally (such as page visits and gameplay interactions) to understand how the Site is used and to improve it. This analysis is performed by us directly and does not involve sharing your data with any third-party analytics provider. If we introduce third-party analytics tools in the future, we will update this policy accordingly and disclose those providers here.
Information Stored on Your Device
We use browser local storage to save your game progress and settings on your device. This data stays on your device and is never transmitted to us or any third party. See the Local Storage section below for full details.
Information We Do Not Collect
We never receive or store the words you type as guesses. Guesses are validated locally in your browser using cryptographic hashes, and only the successful finds (e.g. "valid word found") are sent to our server for analytics.
Local Storage
We use browser local storage to remember your game progress between sessions and save your settings. Data stored in local storage stays on your device. It is not transmitted to us, and we do not use it to track you across other websites. You can clear local storage through your browser settings, though doing so will erase your saved game progress.
We do not store any analytics identifier on your device. To group related events from a single play session for analytics purposes, your browser generates a random session identifier in memory each time you load the puzzle. This identifier exists only until you reload the page, navigate away, or close the tab.
We do not currently use cookies. If we introduce cookies in the future, we will update this policy accordingly.
How We Use Your Information
We use the information described above only to:
- Operate and maintain the Site
- Understand how users interact with the game so we can improve it (using internally collected data only)
- Respond to questions or messages you send us
- Diagnose technical problems
We do not sell, rent, or share your personal information with third parties for their marketing purposes.
Third-Party Links
Our Site may contain links to external websites. We are not responsible for the privacy practices of those sites and encourage you to review their policies.
Children's Privacy
DuckDuckWord is not directed at children under the age of 16, and we do not knowingly collect personal information from anyone under 16. If you believe a child under 16 has provided us with personal information, please contact us at duckduckword@pm.me and we will promptly delete it.
Users in California (CCPA/CPRA)
If you are a California resident, you have the right to:
- Know what personal information we collect about you
- Request deletion of your personal information
- Not be discriminated against for exercising these rights
Because we collect minimal data and do not sell personal information, many CCPA provisions have limited applicability to our Site. However, you may contact us at any time at duckduckword@pm.me to request access to, correction of, or deletion of any personal data we hold about you.
Beyond California, similar rights may apply to residents of other US states with comprehensive privacy laws. Regardless of your location, you may contact us at duckduckword@pm.me to request access to, correction of, or deletion of any personal data we hold about you.
Users in the European Economic Area and United Kingdom (GDPR / UK GDPR)
If you are located in the EEA or the United Kingdom, our legal basis for processing your data is our legitimate interest in operating a functional, secure website.
Because we do not operate user accounts and do not store any persistent identifier that would let us link analytics events to an individual visitor, in most cases we are unable to identify you within the data we hold. You still have the right to access, correct, or delete personal data we hold about you, as well as the right to object to or restrict processing, and the right to data portability where applicable. To exercise these rights, contact us at duckduckword@pm.me. You also have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not handled your data in accordance with applicable law.
Our servers are currently hosted by Railway in the United States. For users accessing the Site from the EEA or United Kingdom, personal data is transferred to and processed in the United States. We rely on Standard Contractual Clauses (SCCs) as the legal basis for this transfer, as provided under Railway's Data Processing Agreement. If we add hosting regions in other jurisdictions in the future, we will update this policy.
Other Jurisdictions
If you are located outside the US, EEA, or UK, we aim to handle your data responsibly and in the spirit of applicable privacy principles. Regardless of your location, you may contact us at duckduckword@pm.me to request access to, correction of, or deletion of any personal data we hold about you.
Data Retention
Data You Control
Game progress and settings are stored in your browser's local storage on your device. These persist until you clear your browser data, and we cannot access or delete them remotely.
Data We Retain
We store gameplay analytics events in our own database for up to 14 days in raw form, after which they are aggregated into anonymous daily statistics and the raw events are deleted. Anonymous aggregate statistics may be retained indefinitely.
Data Retained by Our Hosting Provider
Our hosting provider, Railway, retains standard request logs (IP address, User-Agent, referring URL, and timestamp) for up to 90 days. Retention and deletion of these logs is solely controlled by Railway.
Data Security
We take reasonable technical precautions to protect the information we collect, including using encrypted connections (HTTPS) for all data transmitted to and from the Site. However, no internet transmission is 100% secure, and we cannot guarantee absolute security.
Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page. If we make material changes, we will make reasonable efforts to notify users via a notice on the Site before the changes take effect. Continued use of the Site after changes are posted constitutes your acceptance of the revised policy.
Contact Us
If you have any questions about this Privacy Policy, please contact us at:
duckduckword@pm.me