Privacy Policy

This privacy notice explains how we process and protect your personal data on the Catan Board Generator (the "Service"). In line with the requirements of EU Regulation 2016/679 (the "GDPR") and equivalent local laws, we are committed to handling any personal data carefully, lawfully, and only for the purposes set out below.

The Catan Board Generator is the data controller for any personal data submitted through this site.

1. What we collect

• Technical data about your visit — IP address, approximate geographic location (country/region), browser type, device type, time of visit, pages requested, and referring URL. Standard server-log data.
• Information you submit voluntarily — name, email address, subject, and message body if you fill in the contact form.
• Aggregate usage data — frequency and pattern of feature use, e.g. how often the shuffle button is clicked, which mode is more popular. This is not tied to identifiable individuals.
• Cookies set by the site itself — only a CSRF token cookie (used for the contact form) and a cookie-consent record. See section 6 below.

We do not require an account, do not store generated boards in any database, and do not collect payment information. Generated boards live entirely in their URLs (the "seed" is encoded into the path).

2. Embedded content from other sites

Pages on this site may include embedded content (e.g. a font-hosting CDN, advertising scripts). Embedded content behaves exactly as if you had visited the providing site directly — it can collect data about you, set cookies, and monitor your interaction with that content according to its own privacy policy.

3. How we share data

We do not sell your personal data and do not share it with third parties for marketing purposes. We may share limited data with:

• Hosting and infrastructure providers — to operate the website (server logs).
• Email-delivery providers (e.g. Mailgun) — only when you submit the contact form, to deliver your message to us.
• Google AdSense — for advertising, see section 7.
• Authorities — when required to comply with applicable law.

4. How long we keep data

• Server logs: typically 30–90 days, then deleted or anonymised.
• Contact-form submissions: kept as long as needed to handle your enquiry, then archived or deleted.
• Cookie-consent records: stored in your browser for 90 days.

5. Your rights under GDPR

If your data is processed in connection with this Service, you can request:

• Access to the personal data we hold about you.
• Correction of inaccurate data.
• Deletion ("right to be forgotten").
• Restriction or objection to processing.
• A copy of your data in a portable format.
• To withdraw consent at any time.

You can also lodge a complaint with your local data-protection authority. To exercise any of these rights, use the contact form.

6. Cookies

We use a small number of cookies to make the Service work and to monetise it through advertising:

• Strictly necessary cookies — a CSRF-protection cookie and a cookie that records your consent choice (so we don't ask you again every visit). These are exempt from consent under EU rules.
• Advertising cookies — set by Google AdSense (see section 7) only after you give consent via the cookie banner.

You can clear or block cookies at any time through your browser settings. Most browsers (Chrome, Firefox, Safari, Edge) provide instructions in their Help menus. Blocking essential cookies may break form submissions.

7. Advertising (Google AdSense)

We display a small number of ad slots through Google AdSense to fund the running of the site. The AdSense script is loaded on every page from your first visit, and Google and its partners may use cookies and similar identifiers to serve personalised ads based on your prior visits to this site or other websites. The cookie banner records your preference but does not currently prevent AdSense from loading or personalising ads.

You can opt out of personalised advertising at Google Ads Settings — that opt-out applies to your Google account / browser regardless of any choice on this site. You can also block third-party cookies in your browser, or use a privacy-respecting browser such as Firefox or Brave that limits cross-site tracking by default. For more information about how Google uses information from sites that use its services, see Google's policies.

8. Analytics

We use Google Analytics 4 to understand which pages and modes of the generator are used most often. GA4 is loaded on every page with IP anonymisation enabled. We do not share GA4 data with advertisers outside Google's own ecosystem. To opt out of GA4 entirely, install the Google Analytics opt-out browser add-on.

9. Children

The Service is suitable for all ages but is not directed at children under 13, and we do not knowingly collect personal data from anyone under 13. If you believe a child has submitted personal data through the contact form, contact us so we can delete it.

10. Security

We apply reasonable technical and organisational measures (TLS encryption, secure hosting, principle of least privilege) to protect personal data against accidental loss, destruction, or disclosure.

11. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top reflects the latest revision. Material changes will be highlighted on the home page for at least 7 days.

12. Contact

Questions about this privacy policy or your data? Reach us via the contact form. We aim to respond within 30 days, in line with GDPR timeframes.