Privacy Policy

Last updated: April 14, 2026

1. Data Controller

Komáromi Társasjáték Klub (hereinafter "KTK" or "we")
Website: ktklub.com
Email: info@ktklub.com

2. What Data We Collect

2.1 Registration & Profile

When you register, we collect: your nickname, email address, and password (stored only in hashed form using bcrypt). Optionally, you may provide: favorite games, a short profile bio, and a profile picture.

2.2 Table Reservation

When making a table reservation, we collect: your name, email address, reservation date and time, table type, and number of players.

2.3 Opponent Finder & D&D Sessions

When creating or joining a game request or D&D session, we collect: the game/campaign name, date, time, maximum number of players, and chat messages between participants. Chat messages are automatically deleted after the game/session date has passed.

2.4 Google Login

If you log in using Google, we receive from your Google account: your name, email address, and profile picture. This data is used solely to create and manage your account. We do not access any other data from your Google account. The login process uses Google's secure OAuth 2.0 protocol — we never see or store your Google password.

2.5 Mobile Application (NEXUS app)

When using the NEXUS mobile application, we collect and store the following data:

• Data stored on device: authentication token, user ID, nickname, email address, avatar URL, language preference, VP counter game data, Nexus Bird score, and user preferences (notifications, intro tips state). This data is stored exclusively on your device (SharedPreferences) and is automatically deleted when you uninstall the app.
• Push notifications: We use Firebase Cloud Messaging (Google) to send push notifications. We store a device identifier (FCM token) on our server. The FCM token contains no personal data — it is used solely to deliver notifications.
• Bug reports: If you submit a bug report from the app, we collect: your email address, the bug description, device type, Android version, and app version.
• Club chat & private messages: Club chat messages between registered members and private messages between friends are stored on our server.

2.6 Technical Data

We use only essential functional cookies (WordPress authentication cookies, language preferences via URL). We do not use tracking cookies, third-party analytics, or advertisements. The app contains no advertisements and uses no analytics SDKs.

3. Purpose of Data Processing

We process your data solely for the following purposes: managing your account and profile, facilitating table reservations, enabling opponent matching and D&D session finding, chat communication (club chat, game finder chat, D&D session chat, private messages), sending push and email notifications (verification, joins, chat messages, reminders, opening hours notice), displaying the Nexus Bird and 2048 leaderboards, managing votes and announcements, and securing the service (brute force protection, rate limiting).

4. Legal Basis

We process data based on your consent (Art. 6(1)(a) GDPR) — given at registration by accepting the privacy checkbox. You may withdraw your consent at any time by contacting us or deleting your account.

5. Data Sharing

We do not sell, rent, or share your personal data with any third parties. For push notifications we use Firebase Cloud Messaging (Google) — only a device identifier (FCM token) is forwarded to Google. When logging in via Google, your data is transferred directly between your browser/app and Google — we only receive basic profile information. Your nickname is visible to other members in game requests, D&D sessions, the club chat, and the Nexus Bird leaderboard. Email addresses are never displayed to other users.

5.1 Third-Party Services (SDKs)

The app and website use the following third-party services:

• Firebase Cloud Messaging (Google LLC): For sending push notifications. We forward only a device identifier (FCM token). Google Privacy Policy: https://policies.google.com/privacy
• Glide (Bumptech): For loading and caching images. Glide collects no personal data — it operates exclusively in device memory and cache.
• Retrofit / OkHttp (Square): For network communication with our server. These libraries do not collect or forward data to third parties.

Beyond these, we use no analytics, advertising, tracking or social media SDKs.

5.2 Data Transfers Outside the EEA

Firebase Cloud Messaging operates on Google LLC servers, which may be located in the United States or other countries outside the European Economic Area (EEA). Google ensures an adequate level of data protection under the EU–US Data Privacy Framework. All other personal data is stored exclusively on servers within the EEA.

6. Data Retention

• Account data: as long as your account is active.
• Table reservations: automatically deleted 7 days after the reservation date.
• Game requests and chat messages: automatically deleted 1 day after the game date.
• D&D sessions and chat messages: automatically deleted after the session date.
• Push notification tokens: as long as your account is active; the token becomes inactive after the app is uninstalled.
• Data stored on device: automatically deleted when the app is uninstalled.

You may request deletion of your account and all associated data at any time (see section 12).

7. Data Security

Passwords are hashed using bcrypt (never stored in readable form). Sessions are authenticated using tokens. Forms are protected with rate limiting (max 10 login attempts / 5 registrations per 15 minutes per IP address). CAPTCHA and nonce tokens are used for form validation. Data transfer is encrypted via HTTPS/SSL on both the website and the app.

8. Your Rights

Under the GDPR, you have the right to: access your data, rectify inaccurate data, erase your data, restrict processing, data portability, and object to processing. To exercise these rights, contact us at info@ktklub.com, or use the deletion options available in the app and on the website.

9. Cookies

We use only essential cookies: WordPress authentication cookie (for login sessions), language preference (via URL, not a cookie). We do not use any marketing, analytics, or tracking cookies. The app does not use cookies — data stored on the device is managed via the SharedPreferences mechanism.

10. Children's Policy

The app and website are not intended for children and are not directed at users under the age of 13. We do not knowingly collect personal data from children under 13. If we become aware that we have stored data from a person under 13, we will delete it without delay. If you believe we are storing your child's data, please contact us at info@ktklub.com.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes via email, a notice on the website, or an in-app notification.

12. Account & Data Deletion

You may request deletion of your account and all associated personal data in the following ways:

• By email: info@ktklub.com
• Via web form: https://ktklub.com/delete-account/

Within 30 days of receiving your request, we will permanently delete all of your personal data. Deletion includes: account information, profile data, avatar, table reservations, game requests, D&D sessions, chat messages (club chat, private messages, game finder chat), Nexus Bird and 2048 scores, voting history, and push notification tokens. Deletion is permanent and irreversible.

13. Contact

If you have questions about this privacy policy or your data, contact us at: info@ktklub.com

Effective: April 14, 2026

KTK Community Rules

Welcome to Komáromi Társasjáték Klub! To keep our community friendly and fun for everyone, please follow these rules. They apply to all features where you interact with other members — your profile, the club chat, the opponent finder, D&D sessions, and private messages.

1. Respectful Behaviour

Treat others the way you'd want to be treated. Discussion about games, strategies and club life is welcome — personal attacks, insults and bullying are not.

2. Profile Content

• Nickname: No vulgar, racist, sexual or otherwise offensive content. Impersonating another user or a real person is prohibited.
• Profile bio: No vulgar, hateful, sexually explicit or discriminatory text.
• Profile picture: No nudity, sexual, violent or otherwise inappropriate images. Photos of other people without their consent are not allowed.

3. Club Chat & Private Messages

• No vulgar, offensive, racist, sexist or hateful messages.
• No spam, repeated messages or advertising.
• Do not share other users' personal information (phone numbers, addresses, etc.).
• No threats, harassment or cyberbullying.
• Game finder chat messages are automatically deleted after the game date — the chat is intended for game coordination.

4. Opponent Finder & D&D Sessions

• Creating fake game requests or sessions to block spots is prohibited.
• If you cannot attend, cancel or leave the request/session so others can join.
• Treat fellow players with respect offline too — at the club and in tournaments.

5. Consequences of Violations

Rule violations may result in: a warning, a temporary or permanent chat ban, account suspension, or account deletion. The severity depends on the nature of the violation.

6. Reporting

If you see a message or profile that violates these rules, use the Report button in the chat, or contact us at info@ktklub.com.

7. Changes

We may update these rules from time to time. We will notify you of changes via email, a notice on the website, or an in-app notification.

Effective: April 14, 2026