Privacy Policy
This policy explains which personal data Gallows Road processes, why it is processed, and which choices you have.
Last updated: June 10, 2026
Controller
The controller responsible for this website and the game service is Fabian Koder, Bloch-Bauer-Promenade 4/32, 1100 Vienna, Austria.
Gallows Road is operated as a browser-based social deduction game by North Kettle Studios.
Data we process
When you use the game, we process the lobby code, lobby settings, player display name, seat state, game actions, chat messages, connection state, and technical request data needed to operate the room.
If account features are available and you create an account, we process the account information you provide, such as email address, display name, authentication provider, sign-in state, privacy-policy acceptance version, and acceptance timestamp. General account data such as your display name is treated as account data regardless of whether you sign in with email and password or through an OAuth provider.
Email/password account records are stored in Cloudflare D1. Password credentials are protected by Better Auth's password hashing, and account tokens stored in D1, including OAuth provider tokens where used, are encrypted at rest.
We do not intentionally ask for special categories of personal data. Please do not enter sensitive personal information in display names or chat messages.
Purposes and legal basis
We process game, lobby, local reconnection, and account data to provide the service, keep rooms synchronized, recover active seats, authenticate account users, send account emails, and make public and private lobbies work. The legal basis is performance of a contract or steps requested before entering into a contract.
Technical logs, rate-limiting data, abuse-prevention data, and error-monitoring data are processed to protect the service, diagnose errors, prevent spam and abuse, secure accounts, and maintain reliability. The legal basis is our legitimate interest in operating a secure and reliable service.
Privacy-policy acceptance records are processed to document that an account user accepted the policy version shown during sign-up. The legal basis is compliance with legal obligations and our legitimate interest in proving consent or notice where required.
Optional browser analytics, including product events linked to an anonymous analytics ID and masked session recordings, are processed with your consent and help us understand aggregate product usage, improve the game experience, and debug usability issues. Server-side aggregate lobby and game analytics that do not create a user profile are processed on the basis of our legitimate interest in understanding service reliability and improving gameplay.
Local storage and analytics
The web app uses local storage to remember active game-room connection state, seat recovery data, and your analytics consent choice. This helps you reconnect and prevents the consent banner from appearing after you have made a choice.
Optional analytics store an anonymous analytics identifier in local storage only if you consent. You can clear your browser storage at any time, but this may remove saved game-room state.
If you consent to analytics, PostHog session recording may record how you interact with the site so we can find usability problems. Chat text and form inputs are masked before recording, but you should still avoid entering sensitive information.
Service providers
The service is hosted on Cloudflare infrastructure, including Pages, Workers, Durable Objects, D1, image delivery, request logging, rate limiting, and related security and delivery services. Cloudflare may process data in the EU, the United States, and other locations under its data-processing terms and transfer safeguards. See Cloudflare's Data Processing Addendum and Privacy Policy.
We use PostHog through our first-party analytics proxy. If analytics is enabled and you consent, PostHog processes browser analytics such as page views, product events, anonymous analytics identifiers, session identifiers, and masked session recordings. We may also send server-side aggregate lobby and game events to PostHog without creating a user profile, so we can understand whether the service works reliably and which game flows need improvement. We use the PostHog EU Cloud; limited transfers outside the EU may still occur under PostHog's data-processing terms and transfer safeguards. See PostHog's Data Processing Agreement and Privacy Policy.
We use Sentry for error monitoring and diagnostics. Error reports are configured without default personal-data collection, but they may include request IDs, Cloudflare Ray IDs, route patterns, lobby IDs, lobby codes, game IDs, environment, release, stack traces, and error details needed to debug failures. Sentry may process data in the EU, the United States, and other locations under its data-processing terms and transfer safeguards. See Sentry's Data Processing Addendum and Privacy Policy.
Account and communication features may use Resend for transactional email and the selected sign-in provider, such as Google, Discord, or Apple. Account data for these features is stored in Cloudflare D1; password credentials are protected by password hashing, and account tokens stored in D1 are encrypted at rest. These providers may process data in the EU, the United States, and other countries. Where data is transferred internationally, we rely on the provider's applicable data-processing terms, adequacy decisions, standard contractual clauses, or equivalent transfer safeguards. See Resend's Data Processing Addendum and Privacy Policy, plus the privacy policies for Google, Discord, and Apple.
Retention
Public lobby directory records are removed when an empty lobby expires. Per-lobby room storage, including lobby metadata, player rows, seat tokens, game snapshots, event logs, and retained lobby chat, is deleted when the room is empty and its reconnection or cleanup grace period has elapsed.
Lobby chat is retained only inside the room storage. The room keeps up to 500 recent lobby-chat messages and replays up to 200 recent messages to reconnecting players before the room storage is deleted.
Finished-game snapshots and event logs may remain available for replay while the room storage still exists. They are removed with the room storage when the empty-room deletion criteria are met.
Account records are kept while the account exists. After account deletion, identifiable account data is kept for up to one month for recovery and then deleted or anonymized unless a longer period is required for legal claims, security, or accounting. Session cookies and server sessions expire automatically after a limited time or when you sign out; cached account JWTs in browser storage are short-lived and are removed on sign-out or failed authorization. Email verification and password-reset tokens are kept until they expire or are used. Privacy-policy acceptance records are kept while the account exists and, where needed, for a reasonable limitation period to prove notice or consent.
Sentry error-monitoring events and Resend transactional-email records are kept for 30 days. PostHog session recordings are kept for 30 days, and PostHog product-analytics events are kept for one year. Withdrawal of analytics consent stops future consent-based analytics processing in this browser; identifiable historical analytics data can be deleted on request. In general, identifiable data can be deleted on request unless we need to keep it for legal claims, security, accounting, or another legal obligation.
Your rights
Depending on the applicable law, you may request access, correction, deletion, restriction, portability, or objection to processing of your personal data, including processing based on legitimate interests. Where processing is based on consent, you may withdraw consent at any time with future effect. We may need information that lets us verify and locate your data before completing a request.
Send privacy requests to the contact address below. You may also lodge a complaint with a data protection authority. In Austria, the supervisory authority is the Austrian Data Protection Authority (https://www.dsb.gv.at/).
Your choices
You can see your current analytics consent status and withdraw consent at any time in the privacy center. Withdrawal applies to future analytics processing in this browser. You can also contact us to request deletion of identifiable historical analytics data.
Contact
For privacy questions or requests, contact the controller using the details below.
Fabian KoderBloch-Bauer-Promenade 4/32
1100 Vienna, Austria
contact@kdr.ai