← Back to exhibitions

Privacy Policy

Last updated: March 4, 2026

1. Who we are
Controller: INSANITYDROP
Contact: hello@insanitydrop.com

2. Scope
This policy describes how personal data is processed when you use this website, including the interactive memory game and leaderboard features.

3. Data we process
We process data you provide directly and data generated by use of the service: account identifiers, email address, display name, gameplay events and scores, run metadata (mode/bracket/timing), archive items (including optional image snapshots), and technical request data needed for service security and operation.

4. Where data is processed
The website uses Supabase services for authentication, database, and server-side functions. Data is processed through those services to provide accounts, score submission, and leaderboard retrieval.

5. Purposes and legal bases
We process data to: operate core site/game functionality, authenticate users, prevent abuse, maintain rankings, and respond to user/legal requests. Depending on context, legal bases include contract performance, legitimate interests, legal obligations, and consent where required.

6. Cookies and local storage
The site uses browser storage and similar technologies for essential settings and gameplay state. See the Cookies Policy for details.

7. Sharing
We do not sell personal information for money. We share data with service providers/processors strictly as needed to operate the service (for example hosting/backend infrastructure), or when legally required.

8. Retention
We retain personal data only for as long as needed for the purposes above, including account continuity, leaderboard integrity, security, and legal compliance. We may delete or anonymize data when no longer needed.

9. Your privacy rights
Depending on your location, you may have rights to access, correction, deletion, portability, restriction, objection, and withdrawal of consent. You can submit requests via hello@insanitydrop.com. See Privacy Choices for additional California-style disclosures.

10. International transfers
If data is transferred across borders, we apply safeguards required by applicable law.

11. Children
The service is not directed to children under 13. If you believe a child under 13 submitted personal data, contact us and we will take appropriate action.

12. Security
We use reasonable technical and organizational measures to protect personal data. No system can be guaranteed fully secure.

13. Changes
We may update this policy. Material changes will be posted on this page with a revised date.