Dice5
Play Now
Back to home

Legal

Privacy Policy

Last updated: April 27, 2026

1. Introduction

Welcome to Dice5 ("we", "us", "our"). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains what information we collect when you use our website, installable web app, or native mobile applications, how we use that information, who we share it with, and the rights you have over your data.

2. Data We Collect

2.1 Account & Identity Data

  • Email address (for sign-in and account recovery)
  • Display name / player name
  • Avatar selection or uploaded avatar image
  • Authentication tokens issued by our backend (stored locally on your device)
  • If you sign in with Google or Apple: the basic profile information that provider returns (email, name, profile picture)

2.2 Gameplay Data

  • Game scores, dice rolls, scorecard placements, and game outcomes
  • Replay sequences (recorded moves of your games)
  • Multiplayer session participation, tournament entries, ranked match history
  • Player progression: XP, levels, badges, prestige tier, owned cosmetics
  • Social interactions: friend connections, friend requests, in-game reactions
  • Virtual currency (D5 Coin) balance and transaction history

2.3 Technical Data

  • IP address (used for security, abuse detection, and approximate region)
  • Device type, operating system, app version
  • Crash logs and error reports (no personally identifying content)
  • Performance metrics (load times, network latency)

2.4 Communication Data

  • Bug reports and feedback you submit
  • Email correspondence with our support team

3. How We Use Your Data

  • Provide, operate, and maintain the game and your account
  • Save your progress, scores, and unlocked content across devices
  • Run multiplayer, tournament, ranked, and social features
  • Generate leaderboards, statistics, and seasonal rankings
  • Process in-app purchases and credit virtual currency
  • Detect and prevent cheating, fraud, abuse, and account compromise
  • Communicate important service updates, security alerts, and (with consent) marketing
  • Improve gameplay balance and user experience
  • Comply with legal obligations

4. Legal Basis (EU/EEA users)

Under the EU General Data Protection Regulation (GDPR), we rely on the following legal bases:

  • Contract — to provide the Service you signed up for (account, gameplay, purchases)
  • Legitimate interests — security, fraud prevention, basic analytics
  • Consent — optional analytics cookies, marketing emails (where applicable)
  • Legal obligation — tax records for purchases, responses to lawful requests

5. Third-Party Services & Data Sharing

We share data with the following service providers strictly to operate the Service. We do not sell your personal data.

  • Supabase — backend infrastructure (database, authentication, file storage, serverless functions). Hosts all gameplay and account data. Data centre region: EU.
  • ElevenLabs — text-to-speech generation for campaign character voices. Receives only the script text to synthesize, no player data.
  • Google — Sign in with Google (OAuth). Receives basic profile info only when you choose to authenticate via Google.
  • Apple — Sign in with Apple (OAuth, available in native iOS app). Receives basic profile info only when you choose to authenticate via Apple.
  • Apple App Store / Google Play — process in-app purchases on the respective native apps. Receipt validation data is shared back to us via RevenueCat.
  • RevenueCat — server-side validation of in-app purchase receipts and entitlement management on native mobile apps. Processes anonymized purchase identifiers.
  • Capgo (self-hosted) — over-the-air update delivery for the native mobile app's web bundle. Receives anonymized device update statistics only.
  • Resend — transactional email delivery (sign-in confirmations, password resets, account notifications) sent from notify.dicefive.com.
  • Cloudflare — content delivery, DDoS protection, and asset hosting.

6. Data Retention

We retain your data for as long as your account is active. When you delete your account:

  • Your profile is anonymized (display name replaced, email cleared, avatar removed)
  • Active sessions are revoked immediately
  • Personal contact data (email, communications) is deleted within 30 days
  • Gameplay history (game scores, multiplayer game records, tournament results, replays) is preserved in anonymized form only, so leaderboards, tournament brackets, and other players' game records remain intact
  • Purchase records are retained as long as required by accounting and tax law (typically 6 years)
  • Backups are purged according to our standard backup rotation (typically 30–90 days)

7. Your Rights

Depending on your jurisdiction (GDPR for EU/EEA, UK GDPR, California CCPA, and similar laws), you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and personal data (available in-app under Settings)
  • Object to or restrict certain processing
  • Request data portability (export of your data)
  • Withdraw consent at any time (where processing is based on consent)
  • Lodge a complaint with your local data protection authority

To exercise these rights, contact us at privacy@dicefive.com or use the in-app account deletion feature found in Settings.

8. Children's Privacy

Dice5 is not directed at children under 13 years of age, and we do not knowingly collect personal data from children under 13. If you believe a child has provided us personal data without parental consent, please contact us and we will delete the data.

9. Data Security

We use industry-standard security measures including encryption in transit (TLS), encryption at rest, row-level security policies on the database, and least-privilege access controls. However, no method of transmission or storage is 100% secure. Please use a strong, unique password and notify us immediately of any suspected unauthorized access.

10. International Data Transfers

Some of our service providers (e.g., ElevenLabs, RevenueCat) operate outside the EU/EEA. Where data is transferred outside the EU/EEA, we rely on Standard Contractual Clauses or equivalent safeguards approved by the European Commission.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Service. The "Last updated" date at the top reflects the most recent revision.

12. Contact Us

For any privacy-related questions, requests, or to exercise your rights, please contact us at privacy@dicefive.com.