Privacy Policy

Selskabslege is the controller for the personal data described here. For questions or to exercise your rights, contact us at jannikmariager@gmail.com.

Host account: when you sign in with Google we receive your name and email address.

Event content: what you enter yourself — e.g. guests' names, fun facts, and the questions and answers for the games.

Guests: guests do not sign in. They provide a chosen display name and their game answers/marks. We do not ask guests for an email or other identifiers.

Payment: purchases are handled by Stripe. We receive a payment confirmation but never store your card details.

Technical data: our hosting records standard log data (e.g. IP address and browser type) for security and operations.

We use the data to provide the service — create your event, generate the stories/games and run the game live. The legal basis is performance of our contract with you (GDPR Art. 6(1)(b)).

Analytics/statistics cookies are only used if you consent in the cookie banner (Art. 6(1)(a)). You can withdraw consent at any time.

We use necessary cookies to keep you signed in and to remember your game session. These are required for the service to work and don't need consent.

Specifically we use: a Supabase login cookie (keeps the host signed in, refreshed over time); a guest session (sl_player_<event>, so a guest can return to their game); and your cookie choice is stored locally in your browser (sl_cookie_consent). We currently use no analytics or marketing cookies.

Any analytics cookies are only set once you actively accept them. If you choose 'necessary only', we use no analytics or marketing cookies.

We never sell your data. We use trusted sub-processors to run the service: Supabase (database and auth), Vercel (hosting), Stripe (payments), Google (sign-in), and Anthropic and OpenAI to tailor game text.

For AI tailoring we only send the event content needed to write the story/game. Providers may not use your data to train their models.

Some providers (e.g. Anthropic and OpenAI) may process data in the USA. Transfers rely on the EU Commission's Standard Contractual Clauses (SCCs) and/or the EU-US Data Privacy Framework. The Supabase database is located in the EU.

We keep your event data for as long as your account is active or as needed to provide the service. You can ask us to delete your account and related data at any time.

You have the right to access, rectification, erasure, restriction, objection and data portability under GDPR. Write to jannikmariager@gmail.com and we'll help.

You may also lodge a complaint with the Danish Data Protection Agency (datatilsynet.dk) if you believe we handle your data incorrectly.

The service is intended for adults arranging parties. It is not directed at children, and we do not knowingly collect data about children.

We may update this policy. Material changes will be reflected in the date at the top. The current version always lives on this page.