Privacy Policy
Last updated: July 3, 2026
Overview
This site and the games published here (on the web, on itch.io, and on Steam) are operated by Sterling Long. This policy describes what data is collected when you browse the site, play the games, or use the multiplayer services, and how it is used. The short version: data is collected only to make the games and services work, it is never sold, and there is no third-party advertising or cross-site tracking.
Multiplayer & matchmaking
When you host or join an online match, the multiplayer service stores the room you created or joined (room name, join code, player display names you enter, and the game being played) and relays the technical handshake messages needed to establish a peer-to-peer connection between players. Those handshake messages include network addresses (IP addresses), which is inherent to how WebRTC peer-to-peer connections work. Handshake messages are deleted within about a minute; rooms are deleted shortly after they end.
If a direct connection between players is not possible, game traffic is forwarded through relay (TURN) servers we operate and through Cloudflare's relay service. Relays forward encrypted game traffic and log only technical session metadata (byte counts, timestamps) — never the content of your game session.
Connection quality telemetry
To find and fix connection problems, the games report anonymous technical telemetry about each connection attempt: whether it succeeded, how long it took, the connection method used (direct or relayed), the coarse browser/platform family (for example "chrome" or "ios"), and an anonymous session identifier. This telemetry contains no names, no precise device information, and is used solely for reliability engineering.
Bot protection (Cloudflare Turnstile)
The multiplayer services use Cloudflare Turnstile to verify that connection requests come from a real browser rather than an automated script. Turnstile runs invisibly (there is no puzzle to solve) and may process technical characteristics of your browser and network to make that determination. Cloudflare acts as a data processor for this feature; see the Cloudflare Turnstile Privacy Policy for details on what Cloudflare processes.
Steam
If you play a game purchased on Steam, the game verifies your ownership with Valve using a Steam session ticket, and your numeric SteamID is used to identify you in multiplayer sessions and telemetry. Valve's handling of your Steam account is governed by the Steam Privacy Policy. We never see your Steam password or payment details.
Anonymous device identifier
Web versions of the games store a randomly generated identifier in your browser's local storage. It links your multiplayer sessions together for abuse prevention and reliability metrics, and identifies nothing about you personally. Clearing your browser storage resets it.
Accounts, purchases & courses
If you create an account or purchase content, we store the account details you provide (email, display name) and your purchase and enrollment records. Payments are processed by Stripe — card details never touch our servers. Authentication and data storage are provided by Supabase.
Service providers
The services run on the following infrastructure providers, acting as processors:
- Vercel (website and API hosting)
- Supabase (database and authentication)
- Fly.io (multiplayer relay and signaling servers)
- Cloudflare (bot protection and connection relay)
- Stripe (payments)
- Valve / Steam (Steam builds only)
Retention & your choices
Multiplayer handshake data is deleted within minutes; rooms shortly after they end. Telemetry and relay usage metadata are kept only as long as needed for reliability and abuse analysis. Account data is kept while your account exists. To ask about, correct, or delete data associated with you, email ster@sterlinglong.me.
Changes
Material changes to this policy will be noted on the changelog with an updated date above.