Privacy Policy
Version 2026-05-07 · Effective 2026-05-24
1. Who We Are
Boolip (“we”, “us”) operates the Boolip web and mobile application for AI-assisted casual game creation. This Policy explains what we collect, why, and your rights.
2. What We Collect
Account data.
Your email address, display name, avatar URL, and any profile information you provide. When you sign in with a third party (Google), we receive the basic profile fields that provider returns.
Content data.
The prompts you submit, the games you generate, the comments you post, the likes and saves you give, the people you follow, and the messages you send to other users.
Gameplay data.
Scores, play durations, completion status, and gauntlet progress. We collect this to power leaderboards, challenges, and your own statistics.
Moderation data.
We log every prompt you submit (including ones we block), the moderation decision, and the reasoning. We log every report you file or that is filed against your content. This data is used for safety, audit, and improving our filters.
Technical data.
IP address, user agent, device type, approximate region (derived from IP), referrer, and basic interaction telemetry (page views, generation latency). We use this for security, abuse prevention, and product analytics.
3. How We Use Your Data
- To provide and operate the Service (create your account, generate games, host content);
- To moderate content and enforce our Terms (pre- and post-generation filtering, reports);
- To prevent fraud, abuse, and unauthorized access (rate limits, anomaly detection);
- To communicate with you about your account, safety reports, or material policy changes;
- To improve the Service (which prompts succeed, which fail, what content moderation flags).
4. Third-Party Processors
We share specific data with the following processors strictly to operate the Service. Each processor is bound by its own data-processing agreement. The three AI processors (Anthropic, OpenAI, ElevenLabs) receive your prompt text when you tap Generate; everything else lives entirely on Boolip’s own infrastructure.
| Processor | Purpose | Data Shared |
|---|---|---|
| Anthropic (Claude AI) | Game logic + dialog generation | Prompt text, classification metadata |
| OpenAI (gpt-image-1) | Sprite + background image generation | Prompt-derived sprite descriptions |
| ElevenLabs | Sound effects + short music loops | Game-context audio prompts |
| Vercel | Hosting and CDN | Application traffic, request logs |
| Neon | PostgreSQL database | All persistent data |
| Upstash (Redis) | Rate limiting and caching | User IDs, transient counters |
| Google (Sign-in) | Authentication | OAuth profile (email, name, avatar) |
| Sentry | Error monitoring | Stack traces, request metadata |
We do not sell your personal data, and we do not share it with advertisers.
5. Where Your Data Lives
Our primary database (Neon) is hosted in EU regions. Generated game bundles and assets are stored in Vercel Blob (multi-region with EU presence). When you submit a prompt, the text is transmitted to Anthropic for processing — Anthropic’s service may process the data in regions outside the EEA. Where required, we rely on Standard Contractual Clauses or other lawful transfer mechanisms.
6. Retention
- Account data: while your account is active, plus up to 30 days after deletion request.
- Game bundles you publish: retained while published; soft-deleted on takedown and hard-deleted within 30 days.
- Rejected games: retained 90 days for appeal, then purged.
- Moderation logs and reports: retained 24 months for safety and audit.
- Server logs: retained up to 90 days for security and debugging.
7. Your Rights
Depending on where you live, you may have the right to access, correct, export, or delete your personal data, to object to processing, or to lodge a complaint with a supervisory authority. EU residents may exercise rights under the GDPR; California residents may exercise rights under the CCPA. To exercise any right, email privacy@plai.app. We respond within 30 days.
8. Cookies & Local Storage
We use a session cookie to keep you signed in and a small set of local-storage entries to remember UI preferences (theme, last-viewed feed position). We do not use third-party advertising cookies. We use first-party Vercel Analytics and Speed Insights to measure site performance; these do not identify you across sites.
9. Children’s Privacy
The Service is not directed at children under 13 (or under 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact privacy@plai.app and we will delete the data.
10. Security
We use industry-standard safeguards: encryption in transit (HTTPS/TLS), encryption at rest for our database, strong password hashing, principle-of-least-privilege internal access, automated security monitoring, and regular review of our infrastructure. No method of transmission or storage is 100% secure; we work to continuously improve.
11. Changes to This Policy
We may update this Policy. When we make material changes, we will revise the version string above and notify active users so you can review and re-accept where required.
12. Contact
Privacy questions or rights requests: privacy@plai.app.
