Privacy Policy

1. Data Controller

Komáromi Társasjáték Klub (hereinafter "KTK" or "we")
Website: ktklub.com
Email: info@ktklub.com

2. What Data We Collect

2.1 Registration & Profile

When you register, we collect: your nickname, email address, and password (stored only in hashed form using bcrypt). Optionally, you may provide: favorite games, a short profile bio, and a profile picture.

2.2 Table Reservation

When making a table reservation, we collect: your name, email address, reservation date and time, table type, and number of players.

2.3 Opponent Finder

When creating or joining a game request, we collect: the game name, date, time, maximum number of players, and chat messages between participants. Chat messages are automatically deleted after the game date has passed.

2.4 Google Login

If you log in using Google, we receive from your Google account: your name, email address, and profile picture. This data is used solely to create and manage your account on our site. We do not access any other data from your Google account. The login process uses Google's secure OAuth 2.0 protocol — we never see or store your Google password.

2.5 Technical Data

We use only essential functional cookies (WordPress authentication cookies, language preferences via URL). We do not use tracking cookies, third-party analytics, or advertisements.

3. Purpose of Data Processing

We process your data solely for the following purposes: managing your account and profile, facilitating table reservations, enabling opponent matching and in-chat communication, sending email notifications (verification, player join, chat messages, game reminders), and securing the website (brute force protection, rate limiting).

4. Legal Basis

We process data based on your consent (Art. 6(1)(a) GDPR) — given at registration by accepting the privacy checkbox. You may withdraw your consent at any time by contacting us or deleting your account.

5. Data Sharing

We do not sell, rent, or share your personal data with any third parties. When logging in via Google, your data is transferred directly between your browser and Google — we only receive basic profile information. Your nickname is visible to other members only when you join a game request. Email addresses are never displayed to other users.

6. Data Retention

Account data: retained as long as your account is active. Table reservations: automatically deleted 7 days after the reservation date. Game requests and chat messages: automatically deleted 1 day after the game date. You may request deletion of your account and all associated data at any time by contacting us at info@ktklub.com.

7. Data Security

Passwords are hashed using bcrypt (never stored in readable form). Sessions expire after 60 minutes of inactivity. Forms are protected with rate limiting (max 10 login attempts / 5 registrations per 15 minutes per IP address). CAPTCHA and nonce tokens are used for form validation. Data transfer is encrypted via HTTPS/SSL.

8. Your Rights

Under the GDPR, you have the right to: access your data, rectify inaccurate data, erase your data, restrict processing, data portability, and object to processing. To exercise these rights, contact us at info@ktklub.com.

9. Cookies

We use only essential cookies: WordPress authentication cookie (for login sessions), language preference (via URL, not a cookie). We do not use any marketing, analytics, or tracking cookies.

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes via email or a notice on the website.

11. Contact

If you have questions about this privacy policy or your data, contact us at: info@ktklub.com