Overview
This privacy notice explains how IndieCrab processes personal data when you visit the website, register an account, sign in, manage projects, and use the developer log platform.
It supplements the existing 4 Hands Games privacy information and adds IndieCrab-specific processing details relevant to GDPR-oriented transparency.
4 Hands Games Privacy Policy
Controller Context
IndieCrab is operated in the context of 4 Hands Games by Oliver Bohnes.
For the main legal provider details and the broader controller context, please refer to the official imprint page:
4 Hands Games Imprint
Contact email for privacy-related requests: oliver@4handsgames.com
Categories Of Data
- Account data such as email address, name, account status, and plan assignment
- Authentication data such as email login tokens, session records, and linked Google identity metadata
- Project data such as project names, public project IDs, timezones, and API key metadata
- Technical and diagnostic data submitted through the logging API, including timestamps, type, message, stacktrace, and environment
- Optional extended diagnostic fields for higher plans, such as user reference identifiers, scene, panel, and device-related context
- Operational data such as request logs, security checks, and delivery/debug metadata needed to maintain the service
Purposes And Legal Bases
- Providing account registration, login, and project administration for the performance of a service relationship
- Sending one-time login and verification codes to secure access to the platform
- Operating project dashboards, log access, and plan-based usage controls
- Protecting the service against abuse, unauthorized access, or excessive usage based on legitimate interests in security and service integrity
- Maintaining billing, entitlement, and plan-management records where applicable
- Documenting legal obligations and compliance-related records where required
Authentication And Session Handling
IndieCrab currently supports passwordless email login and may support Google sign-in. Email login uses short-lived 6-digit verification codes. Successful verification creates a session record used to keep you signed in for the configured session lifetime.
Session cookies are used to keep authenticated users signed in and to protect access to the dashboard and settings area.
Project Logs And Developer Responsibility
IndieCrab stores project-related diagnostic events submitted by developers or their integrated game clients. These logs can contain technical and behavioral information about end users, depending on what the integrating developer chooses to send.
Developers using IndieCrab are responsible for ensuring that any player-related data submitted through the API is lawful, necessary, and properly disclosed in their own game or product privacy notices.
Recipients And Processors
Data may be processed through infrastructure and service providers needed for hosting, database operation, email delivery, and payment processing. Where external providers are used, access should be limited to what is necessary for operating the platform.
If Google sign-in or payment services such as PayPal are used, data will also be processed within those third-party ecosystems according to their respective privacy terms.
Storage Duration
- Account and entitlement records are kept as long as necessary to operate the service and document business relationships
- Email verification tokens are short-lived and automatically expire after a short period
- Session records are retained only as long as needed for authentication and security operations
- Raw logs follow plan-based retention windows, currently up to 7 days for FREE and up to 28 days for PRO
- Aggregated, technical, or legally required records may be retained longer where necessary for security, billing, or compliance reasons
Your Rights
Under applicable data protection law, you may have rights of access, rectification, erasure, restriction, objection, and data portability, subject to the legal conditions of the respective right.
You may also have the right to lodge a complaint with a competent supervisory authority.
Security Measures
IndieCrab uses controlled authentication flows, hashed token handling, restricted access paths, and separation between public web files and protected data storage areas. Additional technical and organizational measures should be reviewed continuously as the platform grows.
Important Note Before Production Use
This page now covers the IndieCrab-specific processing flows in a GDPR-oriented structure. Before public production launch, the legal contact and provider details shown on the linked 4 Hands Games legal pages should be verified to ensure they remain complete and current for the final operating setup.