Privacy Policy

Overview

Shmarcade is a static website that hosts browser-based games. We are committed to keeping things simple: no tracking, no analytics, no cookies, no user accounts.

Responsible party

Tobias Irmer
Geroweg 11
22453 Hamburg
Germany
Email: info@shmarcade.com

Data we collect

Server access logs

When you visit this website, your browser automatically transmits certain data to our web server. This includes:

• Your IP address
• Date and time of the request
• Browser type and version
• Operating system
• Referring URL

This data is processed based on Art. 6(1)(f) GDPR (legitimate interest in ensuring the secure operation of our website). Server logs are automatically deleted after 14 days and are not combined with other data sources.

Highscores

When you submit a highscore, your chosen player name, score, and game replay data are sent to our server and stored in a database. A one-way hash of your IP address is stored for rate limiting and abuse prevention — your actual IP address is never stored and cannot be recovered from the hash. Highscores are publicly visible on the leaderboard.

localStorage

Our games use your browser's localStorage to remember your player name. This data stays on your device and can be cleared through your browser settings.

Cookies

This website does not set cookies.

Analytics

We use GoatCounter, a privacy-friendly, open-source analytics tool that we self-host on our own server. GoatCounter does not use cookies, does not track you across sites, and does not collect personal data. It counts page views using a hash of your IP address and User-Agent, which is discarded after processing. No data is shared with third parties.

Third-party services

All fonts are self-hosted. Analytics are self-hosted. No advertising or social media integrations are used. No data is sent to third parties.

Data transfer to third countries

No personal data is transferred to countries outside the European Economic Area (EEA).

Your rights

Under the GDPR, you have the following rights:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)

You also have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

The competent supervisory authority is:
Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Ludwig-Erhard-Str 22, 20459 Hamburg

Last updated: April 2026