Privacy Policy
Last updated: March 2026
BlocksArena ("we", "us", "our") is committed to protecting your personal data. This policy explains what data we collect, why, and how we handle it in accordance with the EU General Data Protection Regulation (GDPR).
1. Data Controller
The data controller is Terminal43 SRL, based in Bucharest, Romania.
Contact: contact@terminal43.ro
2. Data We Collect
| Category | Examples | Source |
|---|---|---|
| Account data | Username, email, hashed password, age confirmation | Registration |
| Usage data | Projects created, levels completed, points earned | Platform activity |
| Technical data | Session cookies, CSRF tokens | Automatic (browser) |
We do not collect sensitive personal data, location data, or advertising identifiers.
3. Legal Basis for Processing
- Contract performance (Art. 6(1)(b)) — to provide our educational platform and services.
- Legitimate interest (Art. 6(1)(f)) — for platform security and service improvement.
- Consent (Art. 6(1)(a)) — for optional features requiring explicit consent.
4. How We Use Your Data
- Providing and maintaining the BlocksArena platform
- Managing your account and tracking learning progress
- Enabling sharing and collaboration features
- Ensuring platform security and preventing abuse
- Generating anonymized, aggregated statistics
5. Data Storage and Transfers
Your personal data is stored on servers operated by Hetzner Online GmbH, located in Germany and Finland. Both countries are within the European Economic Area (EEA), so no cross-border transfer outside the EEA occurs.
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Until you delete your account |
| Projects & progress | Retained with your account; deleted when account is deleted |
| Session data | Duration of session |
7. Your Rights Under GDPR
- Right of access (Art. 15) — request a copy of your personal data.
- Right to rectification (Art. 16) — correct inaccurate data.
- Right to erasure (Art. 17) — request deletion of your data.
- Right to restrict processing (Art. 18) — limit how we use your data.
- Right to data portability (Art. 20) — receive your data in a machine-readable format.
- Right to object (Art. 21) — object to processing based on legitimate interest.
- Right to withdraw consent (Art. 7(3)) — withdraw consent at any time.
To exercise any of these rights, email contact@terminal43.ro. We will respond within 30 days.
8. Children's Privacy
BlocksArena is designed for young learners. Users under 13 require parental or guardian consent. We collect only the minimum data necessary and do not use it for advertising or profiling.
9. Data Security
- Passwords stored using bcrypt hashing
- HTTPS encryption for all data in transit
- CSRF protection on all forms
- HTTPOnly, SameSite=Strict session cookies
- Rate limiting to prevent abuse
10. Third-Party Services
| Service | Purpose | Location |
|---|---|---|
| Hetzner | Server hosting | Germany, Finland (EEA) |
| Google Fonts | Typography | Global (Google LLC) |
| Tailwind CSS CDN | Styling | Global (CDN) |
We do not use analytics, advertising, or social media tracking services.
11. Supervisory Authority
If you believe your data protection rights have been violated, you have the right to lodge a complaint with:
B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, Bucharest, Romania
Website: www.dataprotection.ro
12. Contact
For any privacy-related questions: contact@terminal43.ro