Introduction
Knipsoft values your privacy. We process as little personal data as possible — only what is needed to make the app work and give you a good klaverjas experience.
This privacy policy describes which data we collect when you use Klaverjas HD or visit the website knippie.com, why we do so, how long we keep it, and which rights you have. We comply with the General Data Protection Regulation (GDPR) and the Dutch GDPR Implementation Act.
Questions after reading this document? Email support@knippie.com. We respond within 5 working days.
Who we are
The controller of your personal data is:
- Knipsoft
- Based in the Netherlands
- Chamber of Commerce (KvK) 54439108
- VAT NL001383841B13
- Email: support@knippie.com
Knipsoft is a one-person business run by Robin Knip, developer and owner of Klaverjas HD. There are no employees; all data processing is done by the owner.
What data we collect
We only collect data needed for the operation of the app and the website:
When using the app
| Data | When | Reason |
|---|---|---|
| Email address | At account registration | Sign-in, password recovery |
| Username | At account registration | Identification in multiplayer |
| Password (hashed) | At account registration | Account security |
| IP address | On every API call | Anti-abuse, rate limiting |
| Game statistics | While playing | Rating, achievements, high scores |
| Reputation ratings | After each table game | Fair multiplayer system |
| Chat & voice data | During multiplayer | Communication between players (not stored) |
| Purchase status | With a subscription | Activating features |
| Profile photo | Only if you set one yourself | Shown on your profile card in the app and in online games |
| Pseudonymous gameplay data + device identifier | Only with your consent (toggle in settings) | Training the neural AI brain and calibrating the rating |
| Chat message text + language code | When using AI chat replies (single-player) | Generating a reply via an external AI service (Google Gemini) |
Pseudonymous gameplay data to improve the AI (only with your consent)
If you switch on the setting "Help improve the AI (share anonymous games)" (off by default), we collect a technical record of some of your single-player games: the game variant and rules, the level, your rating, which AI brain was active and the model version, the starting position of the deal (a "seed") and your moves, and the final score. We attach an app-generated device identifier to this — no username, email address or account. We use it solely to train the neural AI brain and calibrate the rating. You can turn it off again at any time.
AI chat replies (Google Gemini)
When you type a chat message in a single-player game, we send only the text of your message and the language code via our server to Google (Gemini) to generate a virtual player's reply. We do not send a username or game ID. Google may process this (partly) outside the EU; that transfer is covered by the EU-US Data Privacy Framework (a European Commission adequacy decision). If the service doesn't respond, the app falls back to fixed, local replies. (The chat replies are AI-generated and can occasionally be odd.) See also Article 06.
When visiting knippie.com
- Anonymous visit statistics (pages, browser, no IP tracking)
- Technically necessary cookies for the CMS to function
No location data. No contact list. No device identifiers for ad networks. No data you did not enter yourself.
Why we collect data
We process your data on one of the following legal bases under the GDPR:
1. Performance of the contract
To deliver the app to you — account management, multiplayer functionality, subscription processing, support.
2. Legitimate interest
For anti-abuse (IP rate limiting), the reputation system, and error reports that help improve the app.
3. Legal obligation
For administrative obligations (bookkeeping for subscriptions, as required by the tax authorities).
4. Consent
For receiving optional email updates about new versions, and for sharing pseudonymous gameplay data to improve the AI (GDPR Art. 6(1)(a)). This is entirely voluntary; it does not happen without your explicit choice in the settings, and you can withdraw consent at any time by switching the option off.
How long we keep data
| Data | Retention period |
|---|---|
| Account data | As long as the account is active |
| Game statistics | As long as the account is active |
| Reputation ratings | 3 months, then automatically deleted |
| Chat & voice data | Not stored, relayed in real time |
| Error logs & reports | 30 days |
| Accounting data (invoices) | 7 years (legal term) |
| Support email correspondence | 2 years |
| Pseudonymous gameplay data (after consent) | For as long as needed to train and improve the AI; if you withdraw consent, collection stops immediately (already-collected games remain part of the training set) |
| Chat message text sent to AI service | Not stored by us; relayed to the external AI service (retention governed by the service, see Article 06) |
If you delete your account, all personal data is removed within 30 days, except data we are legally required to keep (such as invoices).
Who we share data with
We share your data only with the following parties, and only as far as necessary:
- Apple App Store / Google Play / Mac App Store / Microsoft Store — for processing purchases and subscriptions. They receive no game data, only purchase information.
- Hosting provider in the Netherlands — for running our servers. A data processing agreement has been concluded with them.
- Google (AI chat replies via Gemini) — when you type a chat message in a single-player game, we forward only the text of your message and the language code via our server to Google to generate a virtual reply. No username or game ID. Google may process this (partly) outside the EU; that transfer is covered by the EU-US Data Privacy Framework (a European Commission adequacy decision). If the service doesn't respond, the app falls back to fixed, local replies.
We never sell personal data to third parties. We do not share data with ad networks — our ads are contextual, not personalised.
Your rights (GDPR)
Under the GDPR you have the following rights:
- Right of access — request which data we hold about you
- Right to rectification — have incorrect data corrected
- Right to erasure — request deletion of your data ("right to be forgotten")
- Right to restriction — temporarily stop processing
- Right to data portability — receive data in a readable format
- Right to object — to processing based on legitimate interest
- Right to withdraw consent — where data is processed on the basis of consent
To exercise a right, email support@knippie.com with a brief description. We respond within 4 weeks.
Not satisfied with how we handle your data? You have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) via autoriteitpersoonsgegevens.nl.
Security
We take appropriate technical and organisational measures to protect your data:
- All communication between app and server uses TLS 1.3
- Passwords are stored with bcrypt hashing and a salt
- Servers are located in the Netherlands and protected with a firewall and intrusion detection
- Backups are encrypted and stored in a separate location
- Access to the production environment is limited to the developer himself
If, despite all measures, a data breach occurs that poses a high risk to your rights, we will inform you and the Dutch Data Protection Authority within 72 hours in accordance with the GDPR.
Changes
We may amend this privacy policy, for example if legislation changes or if we introduce new features. The latest version is always at knippie.com/privacy. For significant changes we inform active users by email or via a notification in the app.
Contact
Questions, complaints, or want to exercise a right?
- Email: support@knippie.com
- Knipsoft, the Netherlands
- KvK 54439108
— Robin Knip
Knipsoft