Privacy Policy
Effective date: January 1, 2025 · Applies to all mbpman games including ChromaClash
The short version: We collect only what we need to run the game — your username, game performance, and match history. We do not sell your data. We do not collect sensitive personal information.
1. Who we are
mbpman ("we", "our", "us") is an independent game developer that operates online games including ChromaClash, accessible at chromaclash.mbpman.net and via mobile apps on iOS and Android. Our contact for privacy matters is available at privacy@mbpman.net.
2. What information we collect
We collect the minimum information necessary to operate the game. This falls into two categories:
Information you provide when creating an account:
- Username — chosen by you, displayed to other players
- Email address — used only for account recovery; never displayed publicly
- Password — stored as a one-way cryptographic hash (we cannot read your password)
Information generated by playing:
- Game performance data — your ELO rating, wins, losses, and current streak
- Match history — date, opponent, scores, and match type for your last 50 matches
- In-game economy — coin balance, owned skins and boosters, active items
- Player interactions — friend relationships, direct messages between friends, and challenge history
- Play time usage — daily free play time consumed and any purchased play time remaining
- Session tokens — a secure random token stored in your browser to keep you logged in
Guest players (no account) have all game data stored locally in their browser. We do not transmit or store guest data on our servers.
3. What we do not collect
- Real name, address, or phone number
- Payment card details (handled entirely by Stripe — we never see your card number)
- Device identifiers, advertising IDs, or precise location
- Contacts, photos, or any data from outside the game
- Browsing history or data from other apps or websites
4. How we use your information
| Purpose | Data used |
|---|---|
| Running your game account and saving progress | Username, game stats, inventory, match history |
| Displaying leaderboards and match results to other players | Username and ELO rating only |
| Enabling friends and direct messaging features | Username, friend list, messages |
| Processing in-app purchases and subscriptions | User ID passed to Stripe; no card data |
| Account security and preventing abuse | Session tokens, login timestamps |
| Sending account recovery information if requested | Email address |
We do not use your data for advertising profiling, behavioural tracking, or any purpose beyond operating the game.
5. Third-party services
We use a small number of third-party services to operate the game. Each operates under its own privacy policy:
- Stripe — processes payments for coin packs and Premium subscriptions. Stripe receives your payment details directly; we only receive a confirmation of whether a payment succeeded. Stripe Privacy Policy
- Google AdSense / AdMob — serves rewarded video ads when you choose to watch one to earn coins. Google may use cookies or device identifiers for ad delivery. Google Privacy Policy
- RevenueCat — manages in-app purchase entitlements on iOS and Android. RevenueCat Privacy Policy
- Apple App Store / Google Play — if you download our mobile app, their platform privacy policies also apply
6. Data storage and security
Your account data is stored on a private server hosted in the United States. We apply standard security practices including encrypted connections (HTTPS/TLS), hashed passwords using scrypt with a random salt, and parameterised database queries to prevent injection attacks. No system is perfectly secure, and we cannot guarantee absolute security, but we take reasonable steps to protect your information.
Direct messages between players are stored on our server until deleted. We do not read message content except as required to investigate abuse reports.
7. Data retention
We retain account data for as long as your account is active. Match history is capped at your last 50 matches. If you delete your account, your personal data (username, email, game stats, messages, and match history) is permanently deleted from our servers within 30 days. Anonymised aggregate statistics (e.g. total matches played) may be retained indefinitely.
8. Your rights
You can request the following at any time by emailing privacy@mbpman.net:
- Access — a copy of the personal data we hold about you
- Correction — correction of inaccurate information
- Deletion — deletion of your account and all associated personal data
- Portability — your game data in a machine-readable format
We will respond to all requests within 30 days.
9. Children
Our games are intended for players aged 13 and older. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account, please contact us at privacy@mbpman.net and we will delete the account promptly.
10. Cookies and local storage
The web version of our games uses browser localStorage to store your session token and guest game state. This is not a tracking cookie — it contains only what is needed to keep you logged in and to save your progress between visits. We do not use third-party tracking cookies on our game pages. Third-party ad services (AdSense) may set their own cookies when you choose to watch an ad; you can opt out via Google Ad Settings.
11. Changes to this policy
We may update this privacy policy from time to time. When we do, we will update the effective date at the top of this page. Continued use of our games after any change constitutes acceptance of the updated policy. For significant changes, we will provide a notice within the game.
12. Contact us
For any privacy-related questions, data requests, or concerns, please contact us at privacy@mbpman.net.