Privacy Policy

Words uses essential cookies and short-lived Redis data to run gameplay, keep sessions working, enforce abuse limits, and support optional Discord sign-in.

Words does not use third-party analytics cookies. Operational logs and audit data are kept for security, moderation, and service health.

What we store for visitors and players

An encrypted session cookie so the app can recognize your current session.
A signed season cookie so the app can keep you on the current leaderboard season.
Secret-derived IP tokens and audit fingerprints for rate limiting, abuse prevention, and aggregate admin views. Raw IP addresses are not stored in Redis for these features.
Gameplay data such as submitted words, scores, leaderboard entries, request counters, and recent activity.

What we store if you sign in with Discord

Your provider user id, username, display name, avatar, and Discord role ids needed to operate your Words account.
Session-to-account links in Redis using encrypted values, plus hashed or fingerprinted identifiers where the app only needs stable internal references.
OAuth state values in hashed form before they are written to Redis.

How identifiers are handled

Raw session ids are stored in encrypted cookies and are hashed before being used in Redis key names.
Admin audit logs and abuse-tracking views use secret-derived fingerprints instead of exposing raw user ids, session ids, or IP addresses.
Words does not promise that every account field is hashed at rest, because some account details must be stored in readable form to support sign-in and account display.

Public content

If you type or submit a word, that word and its game activity may be shown publicly through the site, leaderboard pages, API responses, or live activity feeds.

If you do not want text to appear publicly, do not submit it.