Impostorplay
Sign in Create account
ES | EN

Legal documentation

Privacy policy

Last updated: March 1, 2026

Data controller

The controller of the personal data processed through Impostorplay is Carlos Benito Guerrero. For privacy matters, rights requests or questions about personal-data processing, you can contact info@impostorplay.com.

Data we process

  • Account and profile data: name, optional nickname, email address, hashed password, avatar and basic user preferences.
  • Authentication and security data: email-verification status, password-reset requests, two-factor secret when you enable it, trusted-device records if you request them, IP address, user agent and technical logs needed to detect abuse or incidents.
  • Gameplay and social data: games created, names introduced during matches, points, unlocked content, puzzle progress, friends, notifications and other data required to operate the platform.
  • Third-party login data: if you sign in with Google, we process the identifier and basic profile data that Google provides after your authorization.
  • Cookie and measurement preferences: if you interact with the cookie banner, we store the selected preference and, only if you consent, Google Tag Manager may activate measurement or advertising tags according to your selection.
  • Communications: messages you send us and the information strictly necessary to answer support, legal or moderation requests.

Purpose and legal basis

We process your data to create and manage your account, authenticate access, verify your email address, restore access if you forget your password, enable optional security features such as two-factor authentication, operate game and puzzle modes, maintain your points and unlocks, and provide the social features of the platform. These processing operations are generally based on the performance of the requested service.

We also process certain technical and security data to prevent fraud, investigate abuse, moderate the service, keep the platform available and comply with legal obligations. This processing is based on our legitimate interest in protecting the service and, where applicable, on the legal obligations that apply to us. Measurement and advertising tags based on Google Tag Manager are only activated if you give your consent through the cookie banner.

Retention

We keep your data while your account remains active and for the time needed to provide the service, resolve incidents, prevent abuse and comply with legal obligations. If you delete your account or request erasure, we will delete, block or anonymize the information that is no longer necessary, without prejudice to data that must be kept temporarily for legal, security or claims-related reasons.

Recipients and international transfers

We share data only with providers necessary to operate Impostorplay on our instructions, such as hosting, infrastructure, email-delivery, authentication or security providers. If you choose Google sign-in, Google will process the data involved in that authentication flow under its own terms. If you consent to analytics or advertising cookies, Google services linked through Google Tag Manager may also receive technical browsing and event data according to the tags activated and your consent settings.

If any provider involves an international transfer of personal data outside the European Economic Area, we will use the safeguards required by applicable law, such as standard contractual clauses or any other valid transfer mechanism at that time.

User rights

You may exercise your rights of access, rectification, erasure, objection, restriction of processing, portability and, where applicable, withdrawal of consent by writing to info@impostorplay.com from the email address linked to your account or otherwise proving your identity sufficiently. We will respond within a maximum period of one month. If you believe your rights have not been properly handled, you may lodge a complaint with the Spanish Data Protection Authority (AEPD) or with the supervisory authority that applies to you.

Automated decisions

Impostorplay does not make solely automated decisions that produce legal effects or similarly significant effects on users based only on their personal data.

Information security

We apply reasonable security measures appropriate to the nature of the service, such as password hashing, access controls and mechanisms designed to detect suspicious activity. No environment can be guaranteed to be completely invulnerable, so you should also protect your credentials and devices.

Minors

Impostorplay is not designed to knowingly collect data from children under 14 years of age without the authorization required by law. If we detect an account that should not have been created, we may suspend it and delete the related personal data.