Privacy Policy

Last updated: January 2026

TheBadGamer is committed to protecting your privacy. We collect only what we need to provide a great gaming platform and never sell your data.

What We Collect

  • Account information: email, username, display name, password hash
  • Profile data: avatar, bio, gaming preferences, linked accounts
  • Platform activity: games added, reviews written, forum posts, wiki edits
  • Usage data: pages visited, features used, device type, browser, IP address
  • Payment data: processed by Razorpay/Stripe — we never store card numbers

How We Use Your Data

  • Providing, operating, and improving the Platform
  • Personalizing your experience (recommendations, feed, notifications)
  • Processing payments and managing subscriptions
  • Sending transactional emails (password reset, account alerts)
  • Optional: weekly digest and feature update emails (opt-out anytime)
  • Analytics via Google Analytics 4 to understand feature usage

What We Never Do

  • We never sell your personal data to third parties
  • We never share your email with advertisers
  • We never show you ads based on your personal profile
  • We never use dark patterns to trick you into purchases

Data Sharing

  • Public profile data (username, level, reviews, wiki edits) is visible to all users by default
  • You can set your profile to private in Settings → Privacy
  • We share minimal data with payment processors (Razorpay, Stripe) for transactions only
  • We may disclose data when required by law or to prevent fraud

Cookies

  • Authentication cookies: required to keep you logged in
  • Preference cookies: dark mode, sidebar state, language
  • Analytics cookies: Google Analytics 4 (can be opted out in Settings)
  • We do not use advertising or tracking cookies

Your Rights

  • Access: request a copy of all data we hold about you
  • Correction: update incorrect information in Settings
  • Deletion: delete your account and all associated data permanently
  • Export: download your library, reviews, and wiki contributions
  • Opt-out: disable email notifications in Settings → Notifications

Data Retention

  • Active accounts: data retained indefinitely while account is active
  • Deleted accounts: personal data removed within 30 days; anonymized activity logs may be retained for analytics
  • Payment records: retained for 7 years for legal compliance

Security

  • Passwords are hashed using bcrypt (never stored in plain text)
  • All data transmitted over HTTPS with TLS encryption
  • Database access restricted to production servers only
  • Regular security audits and dependency updates
  • Report security vulnerabilities to: security@thebadgamer.in

Questions about your data? Contact us at privacy@thebadgamer.in or through our contact form.