Privacy Policy - Sudoku Tools

Last updated: April 2026

            The short version: we collect only what is needed to run the service.
            We do not sell your data, we do not use third-party tracking, and we
            never see your payment card details. You can delete your account and
            all associated data at any time.
        

Who we are

Sudoku Tools is operated by Cheltenham Systems. You can contact us at privacy@sudokutools.com for any privacy-related questions.

What we collect and why

Account information — when you register, we store your email address, display name, and a one-way hash of your password. We cannot recover your original password from what we store. This information is necessary to provide the service (lawful basis: contract performance).

Game activity — when you play, we record which puzzles you attempted, the moves you made, the time taken, and any mistakes. This is used to adapt puzzle difficulty to your level and to support course progress tracking (lawful basis: contract performance).

Difficulty profile — your current puzzle level preference is stored so the right difficulty is served each session.

Subscription information — if you subscribe, we store your Stripe customer ID and subscription ID. These are opaque references used to manage your subscription status. We never see or store your payment card number, billing address, or any other payment details — those are held exclusively by Stripe.

What we do not collect

Payment card numbers or billing addresses (handled entirely by Stripe)
Your real name, phone number, or postal address
Cookies — your login token is stored in your browser's localStorage, not as a cookie, so no cookie consent banner is needed
Third-party analytics or tracking scripts

IP addresses and server logs

We take a deliberately minimal approach to IP address logging:

Normal use generates no persistent IP record. Our application server logs do not record IP addresses for ordinary requests (logging in, fetching puzzles, recording game activity).

Apache access logs are cleansed automatically within 24 hours. Before the cleansing step runs, the raw log is briefly processed to extract aggregate totals only — the number of page views and the count of distinct visitor IP addresses for that day. These figures are stored as plain numbers (for example, "42 visitors"). No individual IP address is carried into the report, and the report cannot be used to identify or track any individual.

After this processing, entries for normal successful requests have their IP address replaced with 0.0.0.0. Entries associated with errors or suspicious requests (HTTP 4xx/5xx responses) retain the full IP address for security purposes.

Apache error logs retain IP addresses for up to 30 days. By definition, only error and suspicious activity appears in the error log — normal successful use does not generate error log entries.

Rate-limit violations — if automated abuse is detected (e.g. repeated login attempts), the source IP is recorded in our application log to support investigation.

Server logs are reviewed at least annually, and retained for no longer than 30 days. Log files are not world-readable.

The lawful basis for security logging is legitimate interest in protecting the service and its users from abuse.

Who we share data with

We share data with Stripe (our payment processor) solely for the purpose of processing subscription payments. Stripe receives your email address and is subject to its own privacy policy. We do not share your data with any other third parties.

How long we keep your data

Account data and game activity: retained while your account is active
Subscription records: retained for the duration of the subscription plus any period required for financial record-keeping
Server logs: 30 days, with access log IPs cleansed within 24 hours

Your rights

Under UK GDPR you have the right to:

Access the personal data we hold about you
Correct inaccurate data
Delete your account and all associated data — you can do this yourself at any time via the Account page. Deletion removes all rows associated with your account from our database atomically.
Portability — request a copy of your data in a machine-readable format
Object to processing based on legitimate interest

To exercise any of these rights, contact us at privacy@sudokutools.com. We will respond within 30 days.

Account deletion and payment data

Deleting your account via the Account page removes all data from our systems. If you have an active Stripe subscription, please cancel it before deleting your account, or contact us and we will cancel it on your behalf. Stripe retains transaction records independently in accordance with their own data retention policy.

Changes to this policy

If we make material changes to this policy, we will notify registered users by email before the changes take effect. The "last updated" date at the top of this page reflects the most recent revision.

Contact

For any privacy questions or to exercise your rights:
privacy@sudokutools.com