Skip to main content

Privacy Policy

Last Updated: December 04, 2025

1. Introduction

Welcome to PlayCrossword (the Service). PlayCrossword is developed and operated by Softlitude. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have. The Service is designed for a broad audience including individual users, educators, training teams, and corporate organizations.

2. Scope and Who Uses the Service

PlayCrossword is used by individuals and by organizations such as schools, training providers, HR and L&D teams, and businesses. We refer to all people who use the Service as users. Organizations may create or manage accounts for their members and set how those accounts are used. Where an organization acts as a controller of information, it is responsible for informing its members about how their data is used alongside this policy.

3. Information We Collect

  • Account information: Name, email address, and password if you sign up without a social login. Passwords are hashed before storage.
  • Google login: When you sign in with Google we request `openid`, `email`, and `profile` scopes.
  • Profile and content: Profile picture, crosswords you create, uploaded images, and any text you submit while using the Service.
  • Activity and usage: Game attempts, scores, time spent, progress, completion dates, and other usage metrics stored to provide the Service and to show progress or reports.
  • Local storage data: We use browser local storage to store the JWT and temporary state needed to keep the app functional in your browser. We do not use third-party tracking cookies.
  • Analytics data: We use Cloudflare Web Analytics to collect aggregated metrics such as page views and general region. Cloudflare may process request metadata at its edge for security purposes. We do not store or associate raw IP addresses with user accounts on our platform.

We do not collect device identifiers, or precise geolocation unless explicitly provided by a user. Students create their own accounts; teachers or administrators do not create student accounts on their behalf through our platform.

4. How We Use Information

• Create and manage your account and authenticate login sessions.

• Provide the core Service features: creating, sharing, and playing crosswords.

• Store and present gameplay progress, reports, and usage statistics.

• Send essential messages such as verification, password reset, billing notices, and service updates.

• Protect the Service and detect or prevent fraud and abuse.

• Improve the Service using aggregated analytics and performance metrics.

We do not sell personal data. We do not use Google user data for advertising or marketing. We will only share data with third parties where necessary to operate the Service, to comply with law, or with your explicit consent.

5. Use by Organizations

Organizations such as schools, companies, or training providers may use PlayCrossword to manage activities and learning for their members. When an organization configures or administers accounts, it may control settings, invite or remove members, and export organization level reports. We process data to support organization requests, and we do not access organizational content except as needed to provide support or maintenance, or when requested by the organization.

Organizations can request additional controls or data processing agreements for enterprise use. Contact [email protected] to discuss enterprise arrangements.

6. Third-Party Services

We use a small set of trusted third-party providers to run and secure the Service. These providers only receive the minimum data necessary to perform their functions and are bound by contractual confidentiality and security obligations.

  • Cloudflare for CDN, security, and aggregated analytics.
  • Hosting provider with servers located in Germany.
  • Email service provider for transactional and marketing emails when you opt in.
  • Google APIs for login.

7. Cloudflare Analytics

We use Cloudflare Web Analytics for privacy focused, aggregated metrics. Cloudflare does not require cookies for its analytics and its service is designed to minimize user fingerprint data. Cloudflare may process request metadata for security or DDoS protection. For details refer to Cloudflare's privacy documentation.

8. Authentication Tokens

When you sign in with Google or another OAuth provider we may store access and refresh tokens so the Service can perform authorized actions you request, such as creating an assignment on your behalf. Tokens are encrypted at rest and kept until you explicitly log out. We follow secure token handling practices and only request the minimum scopes required for the feature.

9. Payments and Billing

We offer paid plans. We use a trusted third-party payment processor to handle payments. Payment card details are not stored on our servers. We retain billing metadata such as invoices and plan records necessary to manage subscriptions.

10. Data Storage and Security

  • Primary servers are located in Germany.
  • Sensitive data including passwords and refresh tokens are hashed or encrypted.
  • All data in transit is encrypted using HTTPS.
  • We run regular security reviews and maintain an incident response plan.

11. Data Retention

We retain data only as long as needed to provide the Service or to meet legal obligations. Specific retention periods include:

  • Inactive accounts are deleted after 12 months of inactivity.
  • Activity and security logs are retained for up to 180 days for security and fraud detection.
  • When you delete your account, we begin a deletion process and fully remove account data after 30 days.

12. Your Rights and Choices

You may access or delete your account data. To delete your account, open: Profile...Delete Account.

For users in the European Economic Area and the United Kingdom, you have rights under data protection laws including the right to access, correct, restrict processing, and request deletion of personal data. To exercise these rights contact [email protected].

We do not provide automated account exports at this time. If you require a structured copy of your data, contact us and we will assist according to applicable law.

13. Children and Educational Use

PlayCrossword is designed for learners of all ages. Students under 13 (United States) or under 16 (EU/UK) may use the Service in one of two ways:

  • Through a teacher or school: Using a share link (recommended). No personal information is collected from the student in this case.
  • Individual account: A child may create an account with Google or email only with parental, guardian, or teacher supervision.

We do not knowingly collect personal information from children under 13 without parental or school consent where required by law.

Parents, guardians, or teachers can contact us at [email protected] at any time to review or delete a child’s information.

14. Compliance with Google API Policies

We follow Google API Services User Data Policy requirements. We only request Google scopes that are necessary for the Service features you enable. We do not use Google user data for ads or marketing.

15. Newsletter and Blog

If you sign up for updates on our blog we will store your email address to send newsletters and product updates. You can unsubscribe at any time using the link in the email.

16. Changes to this Policy

We may update this Privacy Policy to reflect legal, technical, or business changes. When we make material changes we will update this page and change the "Last Updated" date.

17. Contact Us

If you have questions or requests about this Privacy Policy or about your personal data, contact us at:

Email: [email protected]
Address: Softlitude, Tower 81, Executive Block, Civic Center, Gulberg Greens, Islamabad, Pakistan