Privacy Policy

Last Updated: February 16, 2026

At Darted ("we," "us," or "our"), we are committed to protecting your privacy and personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This Privacy Policy explains how we collect, use, store, and protect your personal information.

1. Data Controller

Darted is the data controller responsible for your personal data. You can contact us at:

Email: support@darted.fun
Address: support@darted.fun

2. Information We Collect

2.1 Information You Provide

We collect information you voluntarily provide when creating an account or using our Service:

• Account Information: Username, display name, email address, password (hashed), bio/description
• Notification Email: If you set a separate notification email, we store it alongside your login email
• Profile Content: Profile picture, banner image, art images you upload
• User-Generated Content: Cards you create, descriptions, and interactions (darts)
• X/Twitter Verification: If you request identity verification, we collect your X handle and a link to your verification post to confirm account ownership
• Push Notification Data: If you enable push notifications, we store a subscription endpoint and encryption keys to deliver notifications to your device
• Reports: If you report another account, we store your report reason and any details you provide for review

2.2 Automatically Collected Information

• Usage Data: Swipe history (how you interact with cards in the feed), search queries, and darts
• Device Information: Browser type, operating system, device identifiers
• Log Data: IP address, access times, error logs
• Cookies: Session cookies and persistent login cookies for authentication (see Section 6)

2.3 Security Data

• Login Attempts: IP addresses and timestamps of failed login attempts for security and rate limiting
• Known Devices: IP addresses and browser user agents of devices you log in from, used to detect new device logins and alert you by email
• Session Data: Session tokens and activity timestamps to manage your login sessions

3. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

• Contract Performance: To provide the Service you've requested (Art. 6(1)(b) GDPR)
• Consent: Where you've given explicit consent for specific processing activities (Art. 6(1)(a) GDPR)
• Legitimate Interests: To improve our Service, prevent fraud, and ensure security (Art. 6(1)(f) GDPR)
• Legal Obligations: To comply with applicable laws and regulations (Art. 6(1)(c) GDPR)

4. How We Use Your Information

We use your personal data for the following purposes:

• To create and manage your account
• To provide, maintain, and improve the Service
• To authenticate your identity and manage sessions
• To display your profile and content to other users
• To enable interactions with other users (darts, profile views)
• To send important notifications about your account or the Service
• To detect, prevent, and address security issues and fraud
• To comply with legal obligations
• To enforce our Terms of Service

5. Data Sharing and Disclosure

5.1 Public Information

Your profile information (username, bio, profile picture, banner, and art images) is publicly visible to other users of the Service.

5.2 We Do NOT Sell Your Data

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

5.3 Service Providers

We may share your data with trusted service providers who assist us in operating the Service, such as:

• Hosting providers
• Email service providers (for password resets and notifications)

These service providers are contractually obligated to protect your data and use it only for the purposes we specify.

5.4 Legal Requirements

We may disclose your information if required by law, court order, or to:

• Comply with legal obligations
• Protect our rights, property, or safety
• Prevent fraud or security threats
• Respond to valid requests from public authorities

6. Cookies and Tracking

6.1 Essential Cookies

We use essential cookies that are necessary for the Service to function:

• Session Cookies: To keep you logged in and manage your session (expires when browser closes or after inactivity)
• Remember Me Cookie: If you choose "Remember Me" at login, a persistent cookie is stored for up to 30 days so you stay logged in across browser sessions
• Cookie Consent: To remember your cookie preferences

These cookies are exempt from consent requirements under GDPR as they are strictly necessary for the Service.

6.2 Third-Party Services

We use Google reCAPTCHA during account registration to prevent automated abuse. When you register, data such as your IP address and browser behavior may be sent to Google for verification. Google's use of this data is governed by its Privacy Policy.

6.3 Your Cookie Choices

You can control cookies through your browser settings. However, disabling essential cookies may affect the functionality of the Service.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

• Account Data: Retained while your account is active. After you delete your account, data is kept for a 7-day grace period (during which you can restore it), then permanently deleted
• Login Attempt Data: Cleared after 15 minutes
• Session Data: Expires after inactivity (duration varies based on login method)
• Remember Me Tokens: Expire after 30 days
• Email Verification Links: Expire after 24 hours
• Password Reset Tokens: Expire after 1 hour
• Search History: Last 10 searches stored; you can clear them at any time
• Log Data: Retained for 90 days for security and debugging purposes

8. Your Rights Under GDPR

As an EU resident, you have the following rights regarding your personal data:

8.1 Right of Access (Art. 15 GDPR)

You have the right to request a copy of all personal data we hold about you.

8.2 Right to Rectification (Art. 16 GDPR)

You have the right to correct inaccurate or incomplete personal data.

8.3 Right to Erasure / "Right to be Forgotten" (Art. 17 GDPR)

You have the right to request deletion of your personal data. You can delete your account at any time through the Service or by contacting us.

8.4 Right to Data Portability (Art. 20 GDPR)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format (e.g., JSON). To request an export of your data, please contact us at support@darted.fun and we will provide it within 30 days.

8.5 Right to Restriction of Processing (Art. 18 GDPR)

You have the right to request that we limit how we use your data in certain circumstances.

8.6 Right to Object (Art. 21 GDPR)

You have the right to object to processing of your personal data based on legitimate interests.

8.7 Right to Withdraw Consent (Art. 7(3) GDPR)

Where processing is based on consent, you can withdraw your consent at any time.

8.8 How to Exercise Your Rights

To exercise any of these rights, please contact us at support@darted.fun. We will respond to your request within 30 days.

9. Right to Lodge a Complaint

You have the right to lodge a complaint with your local data protection authority if you believe we have violated your data protection rights. Contact information for EU data protection authorities can be found at: https://edpb.europa.eu

10. Data Security

We implement appropriate technical and organizational security measures to protect your personal data:

• Encryption: Passwords are hashed using bcrypt; security tokens are hashed using SHA-256; data transmission uses HTTPS
• Access Controls: Limited access to personal data on a need-to-know basis
• Rate Limiting: Protection against brute force attacks (max 5 login attempts per 15 minutes, plus rate limits on other actions)
• Session Management: Automatic session expiry after inactivity, with new device login alerts sent by email
• CSRF Protection: Cross-site request forgery tokens on all authenticated actions
• Image Safety: EXIF metadata is stripped from uploaded images to protect your location and device information

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

11. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where required by GDPR (Art. 33)
• Notify affected users without undue delay if the breach is likely to result in a high risk to their rights and freedoms (Art. 34), including a description of the nature of the breach, the likely consequences, and the measures taken or proposed to address it
• Maintain an internal record of all data breaches, including those that do not require notification

To report a suspected security vulnerability or data breach, please contact us immediately at support@darted.fun.

12. International Data Transfers

If we transfer your data outside the EU/EEA, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions confirming the recipient country provides adequate protection

12. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If we discover we have collected data from a child under 16, we will delete it immediately.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through a prominent notice on the Service. Your continued use of the Service after such notice constitutes acceptance of the updated Privacy Policy.

14. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

Email: support@darted.fun
Address: support@darted.fun

15. Data Protection Officer (DPO)

If required under GDPR, you can contact our Data Protection Officer at:

Email: support@darted.fun