GameShelf Legal

Privacy Policy

Last updated: March 7, 2026

1. Who We Are

GameShelf is operated by an individual developer under the pseudonym wolfort, based in Poland.

For privacy questions or data subject requests, contact: help@gameshelf.me.

2. Scope

This policy explains how we collect, use, store, and protect personal data when you use GameShelf web features and the Gameshelf Tracker for Windows desktop app, including account registration, game library management, social features, optional analytics, and desktop session sync.

3. Data We Process

Depending on how you use the service, we may process:

  • Account data: username, email address, password hash, account role, email verification status.
  • Security/session data: authentication cookies, refresh tokens (hashed in storage), login/session metadata.
  • Profile data: display name, bio, avatar URL, timezone, UI and privacy preferences.
  • Library and play data: game status, ratings, reviews, ownership details, playthrough logs, activity entries.
  • Social data: follower/following relationships, notifications, public profile counters and activity feed elements.
  • Technical/log data: IP address, user agent, request path and response status for service security and diagnostics.
  • Cookie/consent data: your analytics consent choice and related preference cookie/local storage value.
  • Captcha verification data: token and related request data needed to validate anti-bot checks.
  • Desktop tracker session data: igdbId, executableName (filename only), platform, optional windowTitleContains token, startedAt, endedAt, and idempotency key.
  • Desktop local app data: mapping and preference files, plus a local unsent-session queue stored on your own device until synced.

Gameshelf Tracker is built with data minimization. It does not collect full executable paths, full window title history, full process list history, keystrokes, screenshots, clipboard data, browser history, or unrelated personal files.

4. Why We Process Data (Purposes)

  • To create and maintain your account.
  • To authenticate sessions and secure access.
  • To provide game tracking, logging, and social features.
  • To detect mapped desktop game sessions and sync confirmed play sessions to your account.
  • To send operational emails, including verification.
  • To prevent abuse, spam, and unauthorized access.
  • To operate and improve service performance and reliability.
  • To measure website usage through optional analytics, only when consent is granted.

5. Legal Bases (GDPR)

  • Article 6(1)(b) GDPR: performance of a contract (account and core service functionality).
  • Article 6(1)(f) GDPR: legitimate interests (security, fraud prevention, service integrity, diagnostics).
  • Article 6(1)(a) GDPR: consent (optional analytics cookies and related analytics processing).
  • Article 6(1)(c) GDPR: compliance with legal obligations, where applicable.

6. Cookies and Similar Technologies

GameShelf uses essential cookies required for authentication and session continuity. Optional analytics cookies are disabled by default and are activated only if you accept them.

You can read more in our Cookie Policy and change your choice in the cookie banner when presented.

7. Third-Party Services and Recipients

We may share limited data with processors or service providers needed to run the platform, including:

  • Cloudflare Turnstile (captcha/anti-bot verification).
  • Google Analytics (only if analytics consent is granted).
  • Email infrastructure providers (verification and operational email delivery).
  • Game metadata providers such as IGDB for game information lookup.
  • Hosting and infrastructure providers used to run GameShelf systems.
  • Microsoft Store platform services for Store-distributed desktop app delivery and update handling.

Where relevant in the interface, we provide source attribution for game metadata (for example, IGDB.com) in line with applicable provider terms.

8. International Transfers

Some service providers may process data outside the EEA. Where that happens, we rely on appropriate safeguards under GDPR, such as contractual safeguards or other valid transfer mechanisms.

9. Data Retention

We retain data for no longer than necessary for the purposes described above, including:

  • Account and profile data: while your account remains active and as needed for service operation and security records.
  • Authentication/session data: short-lived authentication cookie data and refresh-session data according to session/security design.
  • Game, social, and activity data: while your account is active, unless deletion is requested and legally permissible.
  • Consent preference data: retained to remember your cookie choice and apply it consistently.
  • Logs and diagnostics: retained for security, abuse prevention, and troubleshooting for a limited operational period.
  • Desktop local queue data (`ingest-queue.db`): kept until sync succeeds, dropped on permanent validation failures, or removed after max retries.
  • Desktop local mapping/preferences data (`game-mappings.json`, `user-preferences.json`): kept until you edit/remove data or uninstall app data.

We periodically review retention practices and may update this policy as retention windows evolve.

10. Public Profile and Social Visibility

GameShelf includes social and community features. Depending on your settings and feature behavior, parts of your profile and activity may be visible to other users. Review privacy settings in your account to control social visibility where options are available.

11. Your Rights Under GDPR

You may request, where applicable:

  • Access to your personal data.
  • Rectification of inaccurate data.
  • Erasure of data.
  • Restriction of processing.
  • Data portability.
  • Objection to certain processing.
  • Withdrawal of consent at any time for consent-based processing.

To exercise rights, email help@gameshelf.me. You also have the right to lodge a complaint with your competent supervisory authority, including in Poland.

12. Automated Decision-Making

GameShelf does not use solely automated decision-making that produces legal effects or similarly significant effects on users.

13. Security

We implement technical and organizational safeguards appropriate to platform risk, including access controls, token and cookie security, and protective measures designed to reduce unauthorized access and abuse.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When material changes are made, we will publish an updated version and revise the "Last updated" date.

15. Contact

Privacy contact: help@gameshelf.me

This contact channel also applies to Gameshelf Tracker for Windows privacy and data subject requests.

Related legal pages: Terms of Service and Cookie Policy.