Privacy Policy

Last updated: June 2026 — Skyspire Innovations LLC

1. Who We Are and Who This Policy Applies To

Skyspire Innovations LLC ("we," "us," or "our") is a California limited liability company and the data controller for personal information collected through Energy Grid Architect at energygridarchitect.com. This Privacy Policy applies to all users of the Game worldwide, including residents of the European Union, United Kingdom, and California.

2. Information We Collect and Why

Account data
When you create an account, we collect your email address and a securely hashed password. We use your email to authenticate your account, restore your progress across devices, and contact you about important security matters. We never store your password in plain text — it is hashed using industry-standard cryptography and we cannot view it.

Display name
When you create an account, we automatically generate a unique display name for you — for example, "Solar Hawk 247." This name is composed of energy-themed words and a random number. It contains no personal information, cannot be traced back to your email address, and is the only name ever displayed publicly in connection with your game activity.

Game progress and rank data
We store your level completion records, star ratings, efficiency scores, budget usage, and rank title (Apprentice, Engineer, Architect, Grid Master, or Luminary). This data is linked to your account ID — not your email address — in our database. We use it to sync your progress across devices and to display your position on leaderboards.

Purchase data
When you buy a pack, Stripe processes the entire transaction. We receive only: (1) confirmation that a purchase was completed, and (2) the email address used at checkout. We never receive, store, process, or have access to your credit card number, bank details, billing address, or any other payment information. All payment data is handled exclusively by Stripe's PCI DSS Level 1 compliant systems.

Leaderboard data
When you complete a level while signed in, your efficiency score, budget used, display name, and rank title are submitted to the public leaderboard for that level. Your email address is never included in or visible on any leaderboard.

Server and error logs
Our hosting provider, Netlify, automatically records standard web server logs when you visit the Game. These logs include your IP address and browser type and are retained by Netlify on a rolling basis before deletion. We do not access these logs in the ordinary course of business — they exist solely for infrastructure security and diagnosis. If a technical error occurs in the game itself, basic diagnostic information (error type, browser) may be logged to help us identify and fix the issue. These error logs contain no personal information and are not linked to your account.

3. What We Do Not Collect or Do

• We do not collect your full name, phone number, physical address, date of birth, or any government-issued identification
• We do not use advertising trackers, analytics pixels, or third-party tracking scripts of any kind
• We do not display advertisements within the Game
• We do not sell, rent, trade, or share your personal data with any third party for marketing purposes
• We do not track your activity across other websites
• We do not access, store, or process your payment card information — ever
• We do not use your data for automated profiling or decision-making that has legal or similarly significant effects on you
• We do not share your email address with other players or display it publicly in any form

4. Do Not Track Signals

Some browsers offer a "Do Not Track" (DNT) setting that sends a signal to websites requesting that you not be tracked. We do not respond to DNT signals — but this is because we do not engage in cross-site tracking regardless of whether a DNT signal is present. You are not tracked across other websites whether or not you enable DNT.

5. How We Protect Your Data

6. Cookies and Local Storage

We do not use advertising cookies or tracking cookies of any kind.

The Game uses your browser's localStorage to save your game progress and display name locally on your device. This data stays on your device and is not transmitted to our servers unless you create an account, at which point it is synced to our secure cloud database.

When you sign in, Supabase sets a secure, encrypted session token in your browser's storage to keep you signed in between visits. This token contains no personal information.

The Game does not currently offer a sign-out feature. Your session remains active on that browser until the token naturally expires. If you share a device with others, we recommend using separate browser profiles to keep sessions separate. You can remove all locally stored game data at any time by clearing site data for energygridarchitect.com in your browser settings.

7. Public Leaderboard Information

The following information is publicly visible to anyone who views the leaderboard — including users who are not signed in:

• Your auto-generated display name (for example, "Solar Hawk 247") — never your email address
• Your rank title and rank badge
• Your efficiency score and budget used per completed level

Your email address is never displayed publicly under any circumstances. If you do not wish to appear on the leaderboard, you may play without creating an account or complete levels without being signed in.

8. How We Use Your Information

• To authenticate your account and maintain a secure session
• To sync your game progress and purchases across all your devices
• To verify purchases and permanently unlock paid content on your account
• To display your score and rank on leaderboards using your display name only
• To calculate and update your rank title as you earn stars
• To diagnose and resolve technical errors in the Game
• To respond to support requests, privacy inquiries, and legal requests

9. Legal Basis for Processing (GDPR)

For users in the European Union and United Kingdom, our legal bases for processing personal data are:

• Contract performance (Art. 6(1)(b)): Processing your email address and purchase data to deliver the service you requested and paid for
• Legitimate interests (Art. 6(1)(f)): Saving game progress, calculating leaderboard rankings, diagnosing technical errors, and protecting the security of our systems
• Consent (Art. 6(1)(a)): Displaying your score on the public leaderboard — you consent by completing a level while signed in, and you may withdraw consent at any time by not completing levels while signed in

10. Data Sharing and Third Parties

We share your data with third parties only to the extent necessary to operate the Game:

• Supabase — database and authentication provider. Stores your account data, progress, and leaderboard scores. Supabase is SOC 2 Type II certified and processes data under a data processing agreement.
• Stripe — payment processor. Receives your email address and payment details. PCI DSS Level 1 compliant.
• Netlify — website hosting provider. Automatically receives standard server logs (IP address, browser type) as part of normal web hosting operations. Netlify does not receive your account data, game progress, or purchase history.

We do not share your data with any other third parties. We do not use data brokers. We do not participate in advertising networks of any kind.

11. Your Rights

Depending on where you live, you have the following rights regarding your personal data. We will respond to all verified requests within 30 days at no charge:

• Right to access: Request a complete copy of all personal data we hold about you
• Right to correction: Request correction of inaccurate or incomplete data
• Right to deletion ("right to be forgotten"): Request deletion of your account and all associated personal data. We will process verified deletion requests within 30 days. Note: anonymized leaderboard entries (display name and score only) and purchase records required for tax compliance may be retained.
• Right to portability: Request your personal data in a structured, machine-readable format (JSON). We will fulfil portability requests within 30 days.
• Right to object: Object to our processing of your data based on legitimate interests
• Right to restriction: Request that we pause processing your data while a dispute is being resolved
• Right to withdraw consent: Withdraw your consent for leaderboard participation at any time by not completing levels while signed in

To exercise any of these rights, contact us at ega.privacy.skyspire@gmail.com. We will verify your identity before processing requests to protect the security of your account.

12. California Privacy Rights (CCPA / CPRA)

California residents have the following additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to know: The categories of personal information we collect (email address, game progress data, leaderboard data), the purposes for which we collect it, and whether it is sold or shared
• Right to delete: Request deletion of your personal information, subject to certain legal exceptions
• Right to correct: Request correction of inaccurate personal information we hold about you
• Right to opt out of sale or sharing: We do not sell or share your personal information with third parties for cross-context behavioral advertising. There is nothing to opt out of.
• Right to limit use of sensitive personal information: We do not collect sensitive personal information as defined by the CPRA.
• Right to non-discrimination: We will not discriminate against you in any way for exercising your CCPA or CPRA rights.

To submit a California privacy request, email ega.privacy.skyspire@gmail.com with "California Privacy Request" in the subject line. We will respond within 45 days.

13. Data Breach Notification

Despite our security measures, no system is entirely immune to compromise. In the event of a data breach affecting your personal information, we commit to:

• Containing and investigating the breach immediately upon discovery
• Notifying affected users within 72 hours of becoming aware, as required by GDPR Article 33
• Notifying the relevant supervisory authority within legally required timeframes
• Notifying affected California residents as required under California Civil Code § 1798.82
• Clearly communicating: what data was affected, when the incident occurred, what steps we are taking, and what you can do to protect yourself

Payment card information cannot be part of any breach involving our systems because we never possess it.

14. Data Retention

We retain your data only for as long as necessary for the purposes described in this policy:

• Account data: Retained while your account is active. Deleted within 30 days of a verified deletion request.
• Game progress: Retained while your account is active. Deleted along with your account upon request.
• Leaderboard entries: Your display name and score may remain on the leaderboard after account deletion, as they contain no personal information. Full removal is available upon request.
• Purchase records: Retained for up to 7 years as required for tax and financial compliance, even after account deletion. Only the minimum necessary data is retained for this purpose (amount, date, and item purchased).
• Server logs (Netlify): Retained by Netlify on a rolling basis per their own data retention policy.
• Session tokens: Expire automatically and are not retained after expiration.

15. Children's Privacy (COPPA)

Energy Grid Architect is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. By creating an account, users confirm they meet the minimum age requirement.

If we become aware that a child under 13 has provided us with personal information, we will delete it immediately. If you believe a child under 13 has created an account, please contact us at ega.privacy.skyspire@gmail.com and we will respond within 48 hours.

16. International Data Transfers

Your data may be processed and stored in the United States, where our service providers (Supabase, Netlify, and Stripe) operate. If you are located in the EU or UK, please be aware that the United States does not currently hold an adequacy decision from the European Commission. We ensure appropriate safeguards through our providers' Standard Contractual Clauses and applicable certifications.

17. Third-Party Service Privacy Policies

• Supabase — supabase.com/privacy
• Stripe — stripe.com/privacy
• Netlify — netlify.com/privacy

18. Updates to This Policy

We update this Privacy Policy when the Game's functionality changes in ways that affect how we handle personal data. The date of the most recent revision is shown at the top of this page. For significant changes, we will make reasonable efforts to notify users. Your continued use of the Game after an update is posted constitutes acceptance of the revised policy.

19. Contact, Complaints, and Data Controller

Data Controller: Skyspire Innovations LLC
California, United States

Privacy inquiries and data requests:
ega.privacy.skyspire@gmail.com
Response time: within 30 days

General and legal inquiries:
ega.legal.skyspire@gmail.com

If you believe we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with your local data protection authority. EU residents may contact their national supervisory authority. UK residents may contact the Information Commissioner's Office (ICO) at ico.org.uk.