Privacy Policy

How GamersHell collects, uses, and protects your data. Written for clarity, not legalese. Your rights are explained in plain English in section 7.

Last updated: 2026-06-02

1. Who we are

GamersHell.com (the "Service") is operated by an independent team based in the Isle of Man, British Isles ("we", "us", "the operator"). For privacy enquiries, contact [email protected]. We do not maintain a Data Protection Officer because our processing does not meet the thresholds in Article 37 of the GDPR; the operator handles all data-subject requests directly.

The full registered postal address of the operator is available on written request. We are the data controller for any personal data described in this policy.

2. What data we collect

2.1 If you create an account

To register an account you must provide a username, an email address, and a password (which we store only as a salted hash, never in plaintext). You may optionally add a public profile bio. We do not require your real name, date of birth, address, payment information, or any other identifying detail. The Service is free; there is no payment processing.

2.2 If you submit content

If you submit a game review, rating, or leaderboard score while logged in, we store: the content of your review or score, the timestamp, the game it relates to, and your account's username (publicly attributed). Reviews and scores are public by design β€” that is the point of the leaderboard and review features.

2.3 If you simply browse the site

Browsing without an account does not require any personal data. Our server logs may temporarily record your IP address, browser type, and the pages you requested, for the purpose of operating the Service, detecting abuse, and producing aggregate analytics. These logs are not linked to any account and are retained for no longer than 30 days.

2.4 What we deliberately do not collect

We do not collect precise geolocation, do not use device fingerprinting, do not buy or sell mailing lists, do not run advertising trackers on the GamersHell site itself, and do not sell, rent, or share your data with marketing partners.

3. Cookies and local storage

GamersHell uses a small, named set of cookies and browser-local storage entries:

  • Session cookie (gh_session) β€” set when you log in, used to keep you logged in between page loads. HttpOnly, Secure, SameSite=Lax. Deleted when you log out.
  • CSRF token β€” short-lived, used to protect form submissions from cross-site request forgery.
  • Local storage entry (gh:played) β€” a list of game slugs you have already played in the current browser session, used so we don't double-count your plays toward the popularity counters. This is sessionStorage; it is cleared when you close the browser.

We do not use marketing cookies, advertising cookies, or third-party tracking cookies on the GamersHell pages themselves. See section 5 below for what happens inside embedded game iframes.

4. Analytics

We use Cloudflare Web Analytics to understand aggregate traffic patterns. Cloudflare Web Analytics does not use cookies and does not collect personal data β€” it counts page views server-side without identifying individual visitors. We do not use Google Analytics or any analytics service that profiles individual users. If we ever change analytics providers, we will update this policy and disclose the change on this page.

5. Third-party services and embedded games

Several third parties touch traffic on the Service. We list them transparently:

  • Cloudflare hosts the Service and provides DNS, CDN, and basic abuse protection. Cloudflare may process visitor IP addresses transiently for these purposes. Cloudflare is GDPR-compliant and acts as our processor.
  • Resend sends transactional email (for example, magic-link sign-in messages) on our behalf. We share only the email address required to deliver the message. Resend acts as our processor.
  • Game providers (GameMonetize, GameDistribution, GamePix, and similar) supply the actual games we embed as iframes. When you click "Play" on a game, that game loads inside an iframe served from the provider's domain. The provider may set its own cookies, including advertising cookies, and may show its own advertising inside the iframe. This advertising is outside GamersHell's control. We do not share your GamersHell account information with game providers; the iframe interaction is independent of your account. If you have concerns about a specific provider's data handling, please review their own privacy policy before playing.

6. How long we keep your data

If you have an account, we retain your account data (username, hashed password, email, profile bio, your reviews, your scores) for as long as the account remains active. If you delete your account, we delete the account record, your password hash, and your profile bio within 30 days; we anonymize your historical reviews and leaderboard scores so the public attribution shows "[deleted user]" rather than your username. Server logs are deleted after 30 days. Backups containing your data are deleted on a rolling 90-day cycle.

7. Your rights

Under the EU GDPR, the UK GDPR, and analogous Isle of Man data-protection law, you have the following rights regarding your personal data:

  • Access β€” request a copy of the personal data we hold about you
  • Rectification β€” correct inaccurate or incomplete data
  • Erasure ("right to be forgotten") β€” request that we delete your account and associated data
  • Portability β€” receive your data in a machine-readable format
  • Restriction β€” limit how we use your data while a complaint is being resolved
  • Objection β€” object to processing where we rely on legitimate interest
  • Complaint β€” lodge a complaint with the Isle of Man Information Commissioner (inforights.im) or with your local supervisory authority in the EU/UK

To exercise any of these rights, email [email protected]. We will respond within 30 days, as required by law. There is no fee for these requests.

8. Children

GamersHell is not directed at children under 13 (under United States COPPA) or under 16 (under EU GDPR Article 8 default for consent). We do not knowingly collect personal data from users in these age groups. If you are a parent or guardian and believe your child has created an account, please contact [email protected] and we will delete the account and associated data immediately.

9. International transfers

Our hosting and email providers operate globally. Your data may be processed in jurisdictions outside the European Economic Area or United Kingdom, including the United States. We rely on the standard contractual clauses approved by the European Commission for any such transfers, and on our providers' own GDPR-compliant data processing agreements.

10. Security

Passwords are stored as salted hashes using a modern key-derivation function (argon2id). Session cookies are HttpOnly and Secure. Traffic between your browser and our servers is encrypted with TLS. We restrict administrative access to the data layer and use logging to detect unauthorized access. No system is perfectly secure, but we take reasonable steps to protect your data.

11. Changes to this policy

If we change this policy, we will update the "Last updated" date at the top of this page and, for material changes (new types of data collected, new processors, changes affecting your rights), we will additionally notify account holders by email at least 14 days before the change takes effect. The current version of this policy is always the canonical version.

12. Contact

Any questions, requests, or concerns about this policy can be sent to [email protected]. We aim to respond within 3 working days and will reply to formal data-subject-rights requests within the 30-day legal window.