Wordelly
Legal

Privacy Policy

Last updated: 1 April 2026

This policy explains what data Wordelly (wordleday.org) collects, why we collect it, and the choices you have about it. We believe privacy should be simple and honest.

Information we collect

When you create an account we collect your name, email address, and (if you sign in with Google) your profile picture. During gameplay we collect your guess history, solve times, and accuracy data to compute your cognitive profile. We do not collect payment card details. Those are handled directly by Paddle, our merchant of record.

How we use your information

  • To provide and improve the Wordelly service.
  • To compute and display your cognitive score and leaderboard ranking.
  • To send transactional emails (e.g. password reset, subscription confirmation). We do not send marketing emails without your explicit consent.
  • To diagnose technical issues and prevent abuse.

Data sharing

We do not sell your personal data. We share data only with the following sub-processors, each under strict data-processing agreements: Supabase / PostgreSQL (database hosting), Resend (transactional email), Paddle (payment processing, merchant of record), OpenAI (AI coach feature, anonymised profile metrics only).

Data retention

We retain your account data for as long as your account is active. If you delete your account, all personal data is permanently removed within 30 days. Anonymised, aggregated statistics (e.g. total games played site-wide) may be retained indefinitely.

Your rights

  • Access: request a copy of all data we hold about you.
  • Correction: ask us to correct inaccurate information.
  • Deletion: request deletion of your account and all associated data.
  • Portability: request your game data in a machine-readable format.
  • Objection: opt out of any processing based on our legitimate interests.

Cookies

We use session cookies to keep you signed in and preference cookies to remember your theme setting. See our Cookies policy for full details.

Security

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Passwords are hashed using bcrypt. We conduct regular security reviews. See our Security page for more details.

Contact

For any privacy-related request, email support@wordelly.com. We will respond within 5 business days.