AppFreeGame

Privacy Policy

Last updated: April 25, 2026

1. Who we are

This Privacy Policy explains how Liew Kian Yang (“we”, “us”) collects, uses, and protects your personal data when you visit AppFreeGame at https://appfreegame.games (the “Site”) or use any of the games hosted on the Site (the “Service”).

If you have any questions about this policy or your data, contact us at [email protected].

2. What data we collect

We collect the following categories of data:

2.1 Data you provide

When you create an account on the Site, we ask you for:

  • Email address — used to identify your account, send password-reset emails, and contact you about important Service changes.
  • Password — stored only as a one-way salted hash in AWS Cognito; we never see or store your password in plain text.
  • Nickname — shown on the public leaderboard. Choose a nickname that does not identify you personally if you prefer to stay anonymous.

2.2 Data we generate from your activity

  • Game scores — when you complete a game while logged in, we store the score, difficulty, and timestamp. These are visible on the public leaderboard.
  • Game history — we keep a record of your completed games so we can compute your personal best.

2.3 Data collected automatically

  • Server logs — when you call our API (login, score submit, leaderboard read), our servers record the request URL, timestamp, your IP address, and your browser’s User-Agent string. These logs are kept for up to 30 days for security and debugging, then deleted.
  • Browser storage — we use IndexedDB and Service Worker caches in your browser to store game files (so you can play offline) and to queue scores you earn while offline. This data lives on your device and is not transmitted to us until you reconnect, log in, and submit it.
  • Cookies — see Section 5.

We do not knowingly collect any data outside what is described above. We do not collect biometric data, precise location, payment information, or any “special category” data under GDPR.

3. How we use your data

We use your data only for the following purposes:

  • Provide the Service — authenticate you, save your scores, show the leaderboard, and let you play offline. (Lawful basis under GDPR: performance of a contract.)
  • Keep the Service safe — detect cheating, abuse, and abnormal usage patterns. (Lawful basis: legitimate interest.)
  • Communicate with you — send password-reset emails, important security notices, and respond to your support requests. (Lawful basis: performance of a contract.)
  • Comply with legal obligations — for example, responding to a valid court order. (Lawful basis: legal obligation.)

We do not sell, rent, or trade your personal data. We do not use your data to train AI models, and we do not permit anyone else to scrape the Service for AI training (see our Terms of Service). We do not profile you for behavioural advertising beyond what Google AdSense does (see Section 4).

4. Third-party services

To deliver the Service we rely on the following third parties:

4.1 Amazon Web Services (AWS)

Our backend runs on AWS in the ap-southeast-1 (Singapore) region. AWS hosts your account credentials (Cognito), your scores (DynamoDB), and our application logs (CloudWatch). AWS is a data processor acting on our instructions. Their privacy notice is at aws.amazon.com/privacy.

4.2 Google AdSense

We display advertising on the Site through Google AdSense. Google and its advertising partners use cookies and similar technologies to serve ads based on your prior visits to the Site and other websites. Specifically:

  • Google uses the DoubleClick cookie to serve ads based on your visits to this and other sites.
  • You may opt out of personalised advertising by visiting Google Ads Settings.
  • You may also opt out of some third-party vendors’ cookies at www.aboutads.info/choices.
  • For users in the EEA, UK, and Switzerland, we display a consent banner that lets you accept or reject personalised advertising before any ad cookies are set.

Google’s privacy policy applies to how they handle data collected via AdSense: see policies.google.com/technologies/ads.

4.3 Hosting and CDN

The Site’s static files are served by Cloudflare Pages, which acts as a content delivery network. Cloudflare may log your IP address and the requested URL for security and performance purposes. See cloudflare.com/privacypolicy.

5. Cookies and similar technologies

We use the following types of storage in your browser:

  • Session cookies / tokens — to keep you signed in. Required to use the Service while logged in. Cleared when you sign out or when the token expires (usually 1 hour).
  • IndexedDB — to remember your preferences, queue scores while offline, and cache game files. Stays on your device until you clear your browser data.
  • Service Worker cache — to make the games playable offline. Same lifecycle as IndexedDB.
  • Advertising cookies (Google AdSense) — set by Google when ads are shown. See Section 4.2.

You can clear all of the above through your browser settings (often labelled “Clear site data”). Doing so will sign you out and remove cached games (you’ll need to be online again to reload them).

6. Data retention

  • Account data (email, hashed password, nickname): kept for as long as your account exists.
  • Scores and leaderboard entries: kept indefinitely while your account is active. We may anonymise old scores after 5 years.
  • Server logs: deleted after 30 days.
  • Browser-side storage (IndexedDB, caches): controlled by you; deleted when you clear browser data.

When you delete your account, we delete or anonymise all personal data associated with it within 30 days, except for data we are required by law to retain.

7. Your rights

Depending on where you live, you may have some or all of the following rights regarding your personal data:

  • Right to access — request a copy of the personal data we hold about you.
  • Right to rectification — ask us to correct inaccurate data.
  • Right to erasure — ask us to delete your account and personal data (“the right to be forgotten”).
  • Right to restrict processing — ask us to stop using your data while a complaint is being resolved.
  • Right to data portability — receive your data in a machine-readable format (JSON).
  • Right to object — object to processing based on legitimate interest.
  • Right to withdraw consent — where we rely on your consent (e.g. ad personalisation), you can withdraw it at any time.

If you are a resident of Malaysia, you also have rights under the Personal Data Protection Act 2010 (PDPA), including the right to access, correct, and limit the processing of your personal data.

To exercise any of these rights, email us at [email protected]. We will respond within 30 days. If you live in the EU/UK, you also have the right to complain to your local data protection authority.

California residents (CCPA/CPRA): you have the right to know, delete, correct, and opt out of any “sale” or “sharing” of your personal information. We do not sell or share your information for cross-context behavioural advertising beyond what is described in Section 4.2 (Google AdSense), and you may opt out of that there.

8. Children

The Service is not directed at children under 13 (or under 16 in the European Economic Area and the United Kingdom). We do not knowingly collect personal data from anyone in this age group. If you believe a child has created an account, please contact us at [email protected] and we will delete the account.

9. International data transfers

Our servers are located in Singapore (AWS ap-southeast-1). If you access the Service from outside that region, your data will be transferred across borders to be processed there. Where required, we rely on the European Commission’s Standard Contractual Clauses for transfers from the EEA, and on contractual safeguards equivalent to PDPA standards for transfers from Malaysia.

10. Security

We protect your data with industry-standard measures including TLS encryption in transit, encryption at rest in AWS, hashed passwords, short-lived authentication tokens, and rate limiting. No system is perfectly secure, but we follow reasonable safeguards and will notify you and the relevant authorities if a breach affecting your personal data occurs, in accordance with applicable law.

11. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page reflects the most recent change. If the changes are material, we will notify registered users by email. Continued use of the Service after the changes take effect means you accept the updated policy.

12. Contact

For privacy questions, requests to exercise your rights, or concerns about this policy, please email [email protected].

Postal address:
Liew Kian Yang
12-07, Stellar Suite, Jalan Puteri 4/7
Bandar Puteri Puchong
47100 Puchong, Selangor, Malaysia