Privacy Policy

1. Introduction

ANKT SERVICES, a French simplified joint-stock company (Société par Actions Simplifiée - SAS) registered under SIREN 843902156, with its registered office at 38 Rue de l'Amiral Mouchez, 75014 Paris, France ("Company", "we", "us", "our"), is committed to protecting and respecting your privacy.

This Privacy Policy explains how we collect, use, disclose, retain, and safeguard your personal data when you use the Dark Squares application, website, and related services (collectively, the "Service"). This policy also describes your rights under the General Data Protection Regulation (GDPR), the French Data Protection Act (Loi Informatique et Libertés), and other applicable data protection laws.

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our policies and practices, please do not use the Service.

2. Data Controller

For the purposes of the GDPR and applicable data protection laws, the data controller responsible for your personal data is:

If you have any questions about this Privacy Policy or our data practices, please contact us using the information above.

3. Categories of Personal Data We Collect

We collect and process the following categories of personal data:

3.1 Information You Provide Directly

• Account Information: Email address, password (encrypted), full name (optional), and profile picture (optional) when you create an account
• Profile Information: Display name, preferences, and settings you choose to configure
• Payment Information: When you subscribe to our Pro plan, payment details are collected and processed by our payment processor Stripe. We receive only limited payment information (last four digits of your card, card type, expiration date, and billing address) and do not store complete payment card details
• Communications: Information you provide when you contact us for support, including your email address and the content of your messages
• Voice Data: If you use voice input features, audio recordings are processed to convert speech to text. Depending on your settings, this processing may occur locally on your device or through third-party services

3.2 Information Collected Automatically

• Usage Data: Information about how you use the Service, including exercise completions, game history, move sequences, puzzle solutions, achievement progress, and performance statistics
• Device Information: Device type, operating system, browser type and version, screen resolution, and device identifiers
• Log Data: IP address, access times, pages viewed, time spent on pages, and referring URLs
• Location Data: General geographic location derived from your IP address (country/region level only)

3.3 Information from Third Parties

• OAuth Providers: If you sign in using Google or other OAuth providers, we receive your name, email address, and profile picture from that provider
• Payment Processor: Stripe provides us with information about your subscription status, payment history, and billing information

4. Legal Basis for Processing

We process your personal data on the following legal bases under Article 6 of the GDPR:

4.1 Performance of Contract (Article 6(1)(b))

Processing necessary for the performance of our contract with you, including:

• Creating and managing your account
• Providing the Service and its features
• Processing subscriptions and payments
• Tracking your progress and statistics
• Providing customer support

4.2 Legitimate Interests (Article 6(1)(f))

Processing necessary for our legitimate interests, provided these are not overridden by your rights:

• Improving and optimizing the Service
• Analyzing usage patterns and trends
• Ensuring the security of the Service
• Preventing fraud and abuse
• Displaying leaderboards and competitive features

4.3 Consent (Article 6(1)(a))

Processing based on your explicit consent, which you may withdraw at any time:

• Sending marketing communications and newsletters
• Processing voice recordings through cloud services
• Displaying your username on public leaderboards

4.4 Legal Obligation (Article 6(1)(c))

Processing necessary to comply with legal obligations, such as tax and accounting requirements, responding to lawful requests from authorities, and maintaining records as required by law.

5. Purposes of Processing

We use your personal data for the following purposes:

5.1 Service Provision

• Creating, maintaining, and securing your account
• Providing access to training exercises, games, and features
• Tracking your progress, statistics, achievements, and streaks
• Synchronizing your data across devices
• Processing and managing subscriptions
• Providing personalized training recommendations

5.2 Communication

• Responding to your inquiries and support requests
• Sending service-related notifications (e.g., account verification, password reset, subscription updates)
• Sending promotional communications (with your consent)
• Notifying you of changes to the Service or our policies

5.3 Improvement and Analytics

• Analyzing usage patterns to improve the Service
• Conducting research and development
• Testing new features and functionality
• Monitoring and improving Service performance

5.4 Security and Compliance

• Detecting and preventing fraud, abuse, and security incidents
• Enforcing our Terms and Conditions
• Complying with legal obligations
• Protecting our rights and the rights of others

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data. We may share your data in the following circumstances:

6.1 Service Providers

We share data with trusted third-party service providers who assist us in operating the Service:

• Supabase, Inc.: Authentication and database hosting (data stored in EU region)
• Stripe, Inc.: Payment processing (PCI-DSS compliant)
• Vercel, Inc.: Website hosting and content delivery
• Google LLC: OAuth authentication (if you choose to sign in with Google)
• Groq, Inc. / Deepgram, Inc. / OpenAI, LLC: Voice recognition and AI services (optional, based on your settings)

These providers are contractually bound to protect your data and may only use it for the specific services they provide to us.

6.2 Public Features

If you participate in public features of the Service, certain information may be visible to other users:

• Your display name on leaderboards
• Your level and achievement badges
• Your ranking position

You can control your visibility in public features through your account settings.

6.3 Legal Requirements

We may disclose your data if required to do so by law or in response to:

• Valid legal processes (court orders, subpoenas)
• Requests from law enforcement or government authorities
• Protection of our rights, property, or safety, or that of our users or the public
• Investigation of potential violations of our Terms

6.4 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your personal data may be transferred to the acquiring entity. We will notify you of any such change and any choices you may have regarding your data.

7. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, where some of our service providers are located.

When we transfer data outside the EEA, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs): We use EU-approved standard contractual clauses with our service providers
• Adequacy Decisions: Some transfers are to countries with EU adequacy decisions
• Data Processing Agreements: All processors are bound by data processing agreements that comply with GDPR requirements

You may request a copy of the safeguards in place by contacting us at support@darksquares.net.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

• Account Data: Retained for the duration of your account plus 30 days after deletion request
• Usage and Progress Data: Retained for the duration of your account
• Payment Records: Retained for 10 years to comply with tax and accounting obligations
• Support Communications: Retained for 3 years after resolution
• Log Data: Retained for 90 days
• Voice Recordings: Processed in real-time and not stored, unless you use local processing mode

After the retention period expires, we will securely delete or anonymize your data. Anonymized data may be retained indefinitely for statistical and research purposes.

9. Your Rights Under GDPR

Under the GDPR and applicable data protection laws, you have the following rights regarding your personal data:

9.1 Right of Access (Article 15)

You have the right to obtain confirmation of whether we process your personal data and to request a copy of that data. You can access much of your data directly through your account settings.

9.2 Right to Rectification (Article 16)

You have the right to request correction of inaccurate personal data and to have incomplete data completed. You can update most of your data directly in your account settings.

9.3 Right to Erasure (Article 17)

You have the right to request deletion of your personal data in certain circumstances, including when the data is no longer necessary for the purposes for which it was collected, when you withdraw consent, or when you object to processing. This right may be limited where we have a legal obligation to retain data.

9.4 Right to Restriction of Processing (Article 18)

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or when you have objected to processing.

9.5 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller. This applies to data you provided to us and that we process based on consent or contract.

9.6 Right to Object (Article 21)

You have the right to object to processing based on legitimate interests at any time. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms. You have an absolute right to object to direct marketing.

9.7 Right to Withdraw Consent

Where we rely on consent to process your data, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

9.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority. In France, this is the Commission Nationale de l'Informatique et des Libertés (CNIL):

9.9 Exercising Your Rights

To exercise any of these rights, please contact us at support@darksquares.net. We will respond to your request within one month. This period may be extended by two additional months for complex requests, in which case we will inform you of the extension.

10. Cookies and Similar Technologies

10.1 Types of Cookies We Use

We use only essential cookies necessary for the operation of the Service:

• Authentication Cookies: To maintain your logged-in session
• Security Cookies: To protect against cross-site request forgery (CSRF)
• Preference Cookies: To remember your settings (stored in localStorage)

10.2 Third-Party Cookies

We do not use third-party advertising or tracking cookies. Our service providers (Stripe, Supabase) may set cookies necessary for their services to function.

10.3 Local Storage

We use browser localStorage to store your preferences and settings locally on your device. This data is not transmitted to our servers unless you have an account and choose to sync your settings.

10.4 Managing Cookies

You can configure your browser to refuse cookies or alert you when cookies are being sent. However, disabling cookies may prevent some features of the Service from functioning properly.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

• Encryption: All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption
• Password Security: Passwords are hashed using industry-standard algorithms (bcrypt) and never stored in plain text
• Access Controls: Access to personal data is restricted to authorized personnel on a need-to-know basis
• Infrastructure Security: Our infrastructure providers maintain SOC 2 Type II compliance and implement comprehensive security controls
• Regular Audits: We conduct regular security assessments and penetration testing
• Incident Response: We maintain incident response procedures to address security breaches promptly

While we implement robust security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your data to the best of our ability.

12. Children's Privacy

The Service is not intended for children under the age of thirteen (13). We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at support@darksquares.net.

For users between 13 and 16 years of age, parental or guardian consent is required for the collection and processing of personal data. By allowing a minor to use the Service, the parent or guardian agrees to these privacy practices on behalf of the minor.

If we become aware that we have collected personal data from a child under 13 without parental consent, we will take steps to delete that information as quickly as possible.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last updated" date at the top of this policy
• Post a notice on the Service
• Send you an email notification (if you have an account)

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

15. Related Documents

This Privacy Policy should be read in conjunction with our Terms and Conditions and General Terms of Service.