Privacy Policy
Effective Date: March 5, 2026 — Version 1.1
This Privacy Policy describes how Puppet Dev Studios LLC ("we", "us", "our"), the operator of Blackjack Attack, collects, uses, and protects your information when you use our service.
1. Information We Collect
Account Information
- Username — chosen at signup, displayed publicly in games
- Email address — for password-based accounts and account recovery
- Phone number — for phone-based authentication via SMS
- OAuth profile data — provider ID and email from Google or Discord when you sign in with those services
Usage Data
- Game statistics (matches played, wins, losses, streaks)
- Login events (timestamp, auth method, IP address, user agent)
- Chat messages sent to other players
- Currency transactions and purchase history
- TOS acceptance records (version, timestamp, IP address, method)
Payment Data
- Blockchain wallet addresses used for USDC deposits and withdrawals
- Transaction hashes and amounts on Solana and Base networks
- We do not store private keys or seed phrases
2. How We Use Your Information
- To create and manage your account
- To authenticate you and maintain your session
- To process game matches and track statistics
- To process cryptocurrency deposits and withdrawals
- To enable social features (friends, chat, challenges)
- To prevent fraud, cheating, and abuse
- To comply with legal requirements
3. Third-Party Services
We use the following third-party services that may process your data:
| Service |
Purpose |
Data Shared |
| Twilio |
SMS verification |
Phone number |
| Google OAuth |
Sign in with Google |
OAuth tokens, profile info |
| Discord OAuth |
Sign in with Discord |
OAuth tokens, profile info |
| SendGrid |
Email delivery |
Email address, username |
| Solana & Base RPCs |
Blockchain transactions |
Wallet addresses, transaction data |
| Microsoft Clarity |
Analytics & session replay (opt-in) |
Anonymized interaction data, session recordings |
4. Cookies and Sessions
- We use a single httpOnly session cookie (
bja_session) to maintain your login session.
- This cookie is essential for authentication and cannot be disabled while using the service.
- We do not use advertising cookies. Analytics cookies (Microsoft Clarity) are only loaded with your opt-in consent.
5. Data Retention
- Account data is retained as long as your account is active.
- Deleted accounts have personal data removed, but anonymized game statistics may be retained.
- Login events and TOS acceptance records are retained for legal compliance.
- Chat messages may be retained for moderation purposes.
6. Data Security
- Passwords are hashed using bcrypt with salt rounds.
- Sessions use cryptographically signed JWT tokens in httpOnly cookies.
- Database connections use encrypted transport (SSL/TLS).
- We follow industry-standard security practices, but no system is perfectly secure.
7. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access — Request a copy of your personal data
- Correction — Request correction of inaccurate data
- Deletion — Request deletion of your account and personal data
- Portability — Request your data in a portable format
California Residents (CCPA)
If you are a California resident, you have the right to know what personal information we collect, request its deletion, and opt out of its sale. We do not sell your personal information.
8. Children's Privacy
Blackjack Attack is not intended for anyone under the age of 18. We do not knowingly collect information from minors. If we learn we have collected data from a person under 18, we will delete it promptly.
9. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the effective date. Material changes will be communicated through the service.
10. Contact
For privacy-related questions or to exercise your rights, contact us at [email protected].
← Back to Blackjack Attack