Privacy Policy

Can You Games (canyougames.com) is built around a simple position: we do not need your personal data to run a game site, so we do not collect it. This policy explains what that means in practice — what stays on your device, what our hosting provider logs, what third-party services touch the site, and what your rights are under various privacy laws. The short version is that there is very little to explain, because very little data changes hands.

What we don’t collect

• We do not require an account, email address, or login.
• We do not collect names, addresses, or payment information.
• We do not sell or share any user data with third parties.
• We do not use fingerprinting, cross-site tracking, or behavioral profiling.
• We do not run advertising networks on the site.
• We do not embed social media widgets that track you across the web.

What stays on your device

Your game scores, theme preference, and play history are stored in your browser’s localStorage on your own device. This data never leaves your browser. It is never transmitted to our servers, never included in analytics, and never visible to anyone but you. If you clear your browser data or use private browsing mode, it is gone.

The specific keys we write to localStorage are:

• canyou_theme — your light or dark mode preference.
• canyou_scores_[gameId] — your score history for each individual game (e.g. canyou_scores_perfect-circle).
• canyou_last_played — the ID of the last game you played, used to restore your session on return visits.
• canyou_prefs — any other preferences you have set, such as reduced-motion mode.

None of these keys are read by the server. They exist entirely within your browser. You can inspect them yourself at any time using your browser’s developer tools under Application → Local Storage.

Server logs

Our hosting provider maintains standard web server access logs that include IP address, user agent string, requested URL, and timestamp. These logs are kept for approximately 14 days for abuse prevention and server health monitoring. They are not linked to any persistent identity, not used for behavioral analysis, and not shared with any third party except as required by law. We do not process or analyze these logs for user-level behavior.

Third-party services

The site is deployed on a CDN-backed hosting platform (currently Vercel) that handles edge caching, SSL termination, and DDoS mitigation. Their infrastructure sees the same access log data described above. Fonts used on the site are self-hosted — we do not load fonts from Google Fonts or any external font service, which means there are no third-party font requests that could be used for tracking. We do not load any analytics SDK, advertising SDK, or third-party JavaScript that profiles user behavior.

Cookies

We do not set advertising cookies. We do not use session cookies for authentication (there are no accounts). The site may set a minimal functional cookie or use localStorage as described above to remember your theme preference between visits. Here is the complete list of cookie-like storage:

• Theme preference — stored in localStorage, functional only, no expiry, no tracking purpose.
• Game scores — stored in localStorage per-game, never transmitted.

There are no third-party cookies. There are no persistent tracking cookies. You will not see a cookie consent banner on this site because there is nothing that requires one under GDPR or ePrivacy rules.

Privacy-respecting analytics

We do not currently run any analytics service on the site. If that changes, we will only use privacy-preserving, aggregate analytics tools — services like Plausible or Fathom that count page views without storing IP addresses, without setting cookies, and without cross-site tracking. Any future analytics implementation would be aggregate-only: we would know that a game was played 400 times on a given day, but not who played it or from where. We will update this page if and when analytics are added.

GDPR and EU users

The General Data Protection Regulation applies to the processing of personal data. Because we do not collect or process personal data in the GDPR sense, most of its provisions do not apply to your use of this site. We have no data to provide upon an access request, no data to delete upon a deletion request, and no data to port upon a portability request.

Your rights under GDPR in the context of this site:

• Access — there is nothing to access on our end. Your local data can be inspected via your browser’s developer tools.
• Deletion — clear your browser’s localStorage and site data.
• Portability — you can export your own localStorage data using browser developer tools.
• Complaint — if you believe we are handling data unlawfully, you have the right to lodge a complaint with your local data protection authority.

CCPA and California users

The California Consumer Privacy Act grants California residents rights over the sale and disclosure of their personal information. We do not sell personal data. We do not collect personal data. There is nothing to disclose, opt out of, or request deletion of on our end. If you believe this assessment is incorrect, contact us at [email protected].

Children’s privacy (COPPA)

Can You Games is safe for players of any age, including children under 13. Because we do not collect any personal information from any user, we cannot and do not collect personal information from children. The site complies with the Children’s Online Privacy Protection Act (COPPA) by design — there is no data collection mechanism, no account creation, and no targeted content based on user profiles.

Parents and educators can review what the site stores on a child’s device by opening the browser’s developer tools and navigating to Application → Local Storage. The entries will show only the score and preference data described above — nothing identifying.

Do Not Track

Some browsers send a “Do Not Track” signal with each request. We do not track any user regardless of whether this signal is sent, so the signal has no practical effect here. We honor the intent of Do Not Track by default, for all users, at all times.

Security

The site is served exclusively over HTTPS. There is no password database to breach because there are no user accounts. We rely on our hosting provider’s infrastructure security for server-level protection. If you discover a security vulnerability in the site — a content injection issue, an unintended data exposure, or anything similar — please report it to [email protected] with a description and reproduction steps. We take these reports seriously and will respond promptly.

International data transfer

Because we do not collect or store personal data on our servers, there is no international transfer of personal data to consider. The server access logs described above may be processed by our hosting provider’s infrastructure in various regions, but these do not constitute personal data as defined under GDPR or equivalent legislation.

Changes to this policy

If this policy changes materially, we will update the “last updated” date at the top of this page. Substantive changes — for example, if we add an analytics service or change hosting providers — will be noted explicitly here, not buried in fine print. We will not add user data collection without updating this page first.

Contact

Questions about this privacy policy? Email [email protected]. You can also visit our contact page for more detail on what kinds of messages we respond to and how quickly.