Superglue
Legal

Privacy Policy

Last updated: 11 July 2026

1. Who we are

Superglue Games (playsuperglue.com) is operated by Munde Group Kft. (company no. 13-09-219738), registered at Váci út 49, VI. emelet, 1134 Budapest, Hungary. We are the data controller for personal data collected through this website.

Contact: contact@superglue.games

2. What data we collect

When you create an account. You can sign in with Google or with an email sign-in link. We store your email address, and — if you sign in with Google — your name and profile picture as provided by Google. We never see or store a password.

When you buy a game session. We store your email address, the game you bought, the session title and scheduled date you chose, and the amount paid. Your billing address, tax ID (if provided) and payment details are collected directly by Stripe during checkout; your card number never reaches our servers. See Stripe's Privacy Policy.

When you subscribe to a membership. We store your plan, your Stripe customer and subscription references, and a ledger of the game credits you receive and spend.

When a game session is started. We keep a record of each access code we issue — which game, when, and who requested it (your email address, or your Slack username if started from Slack). The code label, which can include your email address, is also sent to the game server that runs your session; all game servers are operated by us.

If you link Slack (Premium/Enterprise). We store your Slack workspace ID and name, and the Slack username and user ID of whoever runs the /superglue command.

If you request a hosted event (Enterprise). We store your preferred date and any notes you include with the request.

When you browse the site. We use PostHog (EU-hosted) for product analytics: page views, clicks and errors. For visitors who are not signed in, analytics data is kept only for the duration of your browser tab and no tracking cookies are set. When you sign in, analytics are linked to your account (see section 5).

Your IP address is used transiently for rate limiting (for example, on email sign-in requests) and is not stored in our database.

3. How we use your data

  • To deliver what you bought: creating game sessions, issuing access codes, sending the confirmation email with your join link, and managing your membership and credits (performance of a contract).
  • To send transactional email: order confirmations, sign-in links and session-related messages via Resend. We do not send marketing email.
  • To respond to you: support requests and hosted-event bookings (performance of a contract / legitimate interest).
  • To improve the product: understanding how the site is used through analytics (legitimate interest).
  • To prevent abuse and comply with the law: keeping records of issued codes and payments, including for tax and accounting purposes (legal obligation / legitimate interest).

We do not sell your personal data, and we do not share it with third parties for their own marketing.

4. Third-party services

The following service providers process data on our behalf:

Enterprise reporting is delivered through our own meeting-analysis product (teambuildingbot); your reporting page is provisioned by us and shared only with you.

Some providers (such as Railway and Stripe) are based in the United States. Where data leaves the EEA, transfers rely on safeguards such as the EU–US Data Privacy Framework or Standard Contractual Clauses.

5. Cookies and similar technologies

We keep this deliberately minimal. The site sets:

  • sg_user — keeps you signed in for 30 days (essential, set at sign-in).
  • sg_host — staff and game-host sign-in, 7 days (essential, staff only).
  • sg_oauth_state / sg_oauth_next — short-lived security cookies used only during Google sign-in (essential, deleted after ten minutes).

Analytics without tracking cookies. While you are not signed in, PostHog runs with session-only storage: nothing persists after you close the tab, and no analytics cookies are written. If you sign in, analytics switch to persistent first-party storage linked to your account so we can support you and understand how the product is used; this stops (and local analytics data is cleared) when you sign out.

Because we set no persistent tracking cookies for visitors, the site does not show a cookie banner. Essential sign-in cookies are exempt from consent requirements.

6. Data retention

Your account and its data are kept while the account exists. Payment and order records are retained as long as required by tax and accounting law. Records of issued game codes are kept for audit and abuse-prevention purposes. If you ask us to delete your account (see section 7), we remove your personal data except what we must keep to meet legal obligations.

7. Your rights

Under the General Data Protection Regulation (GDPR), you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict processing of your data
  • Data portability
  • Lodge a complaint with a supervisory authority (in Hungary: the NAIH, naih.hu)

To exercise any of these rights — including deleting your account — email contact@superglue.games. We respond within 30 days.

8. Data security

All traffic is encrypted (HTTPS). Session cookies are signed and inaccessible to scripts. Payment data is handled exclusively by Stripe, a PCI-DSS-compliant processor. Credentials used to operate game servers are stored encrypted. Access to customer data is limited to staff who need it.

9. Children

Superglue Games is a service for teams and workplaces and is not directed at children. We do not knowingly collect personal data from anyone under 16.

10. Changes to this policy

When we update this policy we update the “Last updated” date at the top of this page. If a change meaningfully affects how we handle your data, we will notify account holders by email.

11. Contact

Questions about this policy or our data practices: contact@superglue.games