Privacy Policy

LudoKit (by Butterscotch Shenanigans) is a privacy-conscious project. We know that you're trusting us with your personal information as well as proprietary data from your games, and we'll do our best to warrant that trust.

Privacy Principles

We operate LudoKit ("the Service") under the following Privacy Principles:

  • Transparency. We'll do our best to tell you what data we're collecting and what we're using it for.
  • Minimal Data. We'll only obtain and store data when such data is needed for us to provide services to you.
  • Minimal Access. The LudoKit team will be able to access your data, but we'll only do so when necessary to operate LudoKit or to provide support to you. Similarly, we'll only use external data processors that abide by the same principle.
  • Private Ownership. Your data isn't our data. The service we provide to you is giving you a place to store certain kinds of data along with features to make that data useful for you. We won't sell your data, and will only share it under narrow circumstances.

Changes

We'll need to periodically update this Privacy Policy to accommodate changes to LudoKit and changes to legal frameworks related to privacy. The following are high-level summaries (without full details!) of the changes to this Privacy Policy over time and when they went into effect.

  • Version 0.2.0 (March 2, 2026). Added details relating to the new Credits feature. Updated details about how to see what data we have about you. Added a section on Information Security. General updates to reflect the many changes to LudoKit since the last Privacy Policy version.
  • Version 0.1.0 (Sept 10, 2025). Initial draft.

Children Under 13 to 16

LudoKit is offered and made available only to users meeting the minimum legal age to provide their own consent (e.g., at least 13 years of age in the US and at least 13 to 16 years of age in the EU, depending on the country). If you do not meet the minimum legal age please discontinue using the Service immediately, or if for any reason you do not agree with all of the terms and conditions contained in this Agreement please discontinue using the Service immediately.

By using or attempting to use the Service, you certify that you are at least the minimum age and meet any other eligibility requirements of the Service. If you are found to be under the minimum age, your account may be terminated without notice. Please contact us at privacy@ludokit.com if you believe your child has information stored on our Services.

Deletion and Retention

Data that has been deleted, either by you or by our automated systems, will be fully purged from all of our systems (including our backups) within 90 days of the original deletion request.

Why don't we delete that data instantly?

  • LudoKit stores important data on your behalf. In some cases it makes sense to give you a grace period to recover something you've deleted before we permanently, irrecoverably, delete it.
  • LudoKit stores data that its users depend on, and backups are an essential way to ensure we don't lose that data if something bad happens. Backups need to exist long enough that we have time to realize that something has gone wrong and then go through a recovery process. But removing specific data from backups isn't practical due to how they are managed and stored.
  • LudoKit stores technical logs and audit trails related to access and usage of its services. We need these for security, billing, to understand how LudoKit is being used, to provide support, and to help track down service outages and other issues. Like with backups, removing specific data from logs often isn't practical.

Throughout this document, when we refer to data being "deleted" we mean that it will be fully removed from our system, and any of our external Data Processor's systems, within our 90 day retention window.

Data Processors

We rely on trusted external parties to process and store data, as well as to perform certain operations like sending emails. These services only use your data on behalf of LudoKit, have limited ability to see such data without our permission, and are bound by their own strict privacy policies.

We select external parties who we believe are also respectful of your data as they process it on our behalf, however we cannot make any guarantees about what these external parties are doing.

These external parties include:

  • Fly.io hosts our main application servers. As such they have access to network data going into and out of LudoKit servers. This data is encrypted using TLS, so they have limited access to the contents of this data (in particular they can access your I.P. Address).
  • MongoDB Atlas hosts most of the text data that you store in LudoKit.
  • Cloudflare hosts certain kinds of data that you upload to LudoKit, including images and other files, and may perform some other tasks on LudoKit's behalf.
  • Sparkpost (now a part of Bird.com) sends emails on our behalf, including any emails sent by LudoKit to any of your addresses. Sparkpost also sends certain kinds of data back to LudoKit, such as notifications that messages sent to your email address were marked as spam, or bounced, or ran into other kinds of errors. We may also enable click- or open-tracking in the emails we send through Sparkpost, which we will only use (1) in the aggregate to allow us to discover issues, and (2) to automate tasks on your behalf (such as auto-removal from our newsletter for recipients who do not open it).
  • Google Workspace provides email and other services to LudoKit staff, so if you send an email to a LudoKit address it will ultimately be stored and managed there.

Your Data and what we do with it

We do not sell your Data

We use your data to provide services to you, and we will not sell it to anyone.

We only share your Data when we must

We only share your data with external parties under two scenarios:

  1. With trusted Data Processors when we need them to store or perform a task on your data on LudoKit's behalf.
  2. With governmental agencies when required by law.

We only view your Data when we must

All Data managed by LudoKit is technically viewable by LudoKit staff. That is necessary for us to provide support to you, provide LudoKit's functionality, evaluate security issues and Code of Conduct violations, and diagnose general issues with LudoKit.

We make the following commitments:

  • LudoKit will use strict access controls for staff, so that any given staff member will only have access to specific Data if that access is necessary for their role.
  • LudoKit will keep audit traces of staff access.
  • LudoKit staff will only be allowed to access LudoKit Data after they have signed internal Non-Disclosure agreements committing them to keeping anything they see secret.

Site Visitation Logs

When you visit LudoKit.com, your browser makes requests for pages, images, and other data from our servers. We log some data from those requests for security, billing, and to understand how our site and services are being used.

These logs may include your I.P. Address, LudoKit User ID, timestamps, language preferences, high-level information about your operating system and browser, and information about what you requested from LudoKit's servers.

We retain these logs for a maximum of 90 days.

Cookies

We store some information in your browser via Cookies and related technologies, to send to the LudoKit servers.

  • Your Session Token.. This is used to authenticate you when you are logged into LudoKit.
  • Policy and Site Version. We keep track of the most recent version of LudoKit and our various Policies (including this one) that you've seen, so that we can inform you when they have been updated.
  • Local Preferences. Most of your LudoKit preferences are stored remotely so that they can be accessed no matter where you are using LudoKit, but some settings options might be specific to each browser.

LudoKit Newsletter

You may sign up for the LudoKit newsletter to get announcements, previews of upcoming features, and other news.

Newsletter data includes the email address you subscribed with plus logs about which newsletters were sent to you and if you opened them.

You can unsubscribe from the newsletter at any time, which will trigger deletion of your email address and any other newsletter-related data we've stored for you.

We may automatically unsubscribe your address if it looks like you are not opening the emails we send to you, if you mark them as spam, if you block us as a sender, or if we have deliverability problems to your address.

Note that unsubscribing from the newsletter has no impact on your LudoKit account, and deleting a LudoKit account has no impact on your newsletter subscription, even if you used the same email to sign up for both. LudoKit accounts are managed separately from the newsletter.

Non-User Invite Data

When a LudoKit user sends an Org Invite to a non-user, they'll do so by providing us with the Invitee's email address. We store that email address for up to 14 days, during which the Invitee can accept that Invite. After that we delete all records of that Invite.

Non-User Game Credits

LudoKit has a Game Credits management system for keeping track of contributions to any Game using the system. Contributors can be added by email even if they do not have LudoKit accounts. We store the following data for non-LudoKit-User Game Credits:

  • Email. The email address used to add you to a Game's Credits. We use this to send you limited notifications about that Game Credit on behalf of the person who added you. If you do sign up for LudoKit, any Game Credits matching your LudoKit account email addresses will be claimed by that account. We do not use your Game Credit email address for any other purpose and do not make it visible to any LudoKit users.
  • Credits Name. Your name, as provided by the person who added you to their Game Credits, or inferred from your email address.
  • Credited Roles. Your roles for the Game you were credited in, according the people who added you to their Game Credits.

When your email is used to add you to a Game's Credits you'll receive a notification email from LudoKit that includes the email address of the person who added you, so that you can ask them to remove you or make changes to your name or roles.

To view, submit updates to, or delete your non-User Credit yourself you can create a LudoKit account using the same email address (or add that address to an existing LudoKit account) to claim those Credits and gain control over them.

Member Data

When you create a LudoKit account you'll be providing us with the following personal data:

  • LudoKit ID. This is a random identifier created by LudoKit when you create your account. We use this throughout LudoKit to associate data with your account.
  • Name. This could be your real name or an alias, we don't care! We'll use this when sending you any emails from LudoKit, to address you in support contexts, and we'll show this to your Organization teammates in LudoKit.
  • Email. We use email as our primary means of communicating with you about your account, and as the tool you use to prove your ownership of an account.
  • Avatar. You can optionally upload an avatar image, which will be visible throughout LudoKit.
  • Preferences. You'll be able to set a variety of preferences in your account related to how you appear in LudoKit, and how LudoKit looks and functions for you.
  • Organization Memberships. As you create and join Organizations in LudoKit, we'll keep track of those memberships and any per-Organization permissions, preferences, and settings.
  • Credits Name. LudoKit includes management for game credits, so it asks you for how you want to appear in any such credits. This is typically the name you use professionally.
  • Game Credits. Any Game Credits managed by LudoKit that you appear in will include your preferred name and credited roles, which can be different for each Game.

Organization Data

Organizations are autonomous entities in LudoKit. Therefore, we consider a given Organization's Data to be collectively owned by all current Admins of that Organization and do not consider it to be Personal Data.

Organization Admins are responsible for all Organization-related Data submitted to LudoKit, including by all non-Admin Members. All Organization Data is explicitly provided by its Admins and other Members, so we will not list it all out here.

Organization Data is private by default to non-Members. LudoKit provides role-based access to Organization Data, which can be used by Organization Admins and Managers to determine which Organization Members have the ability to see and/or update which Data.

Deleting your Data

You can delete your LudoKit account at any time by signing into LudoKit.com and scrolling to the bottom of your account details page. To prevent accidental Organization deletion, before you can delete your account you'll first be asked to either delete or add Admins to any Organizations of which you are the sole Admin.

When you delete your account, the following happens:

  • Your Member Data (name, email, avatar, etc) are deleted.
  • Your associated Organization Memberships are deleted.
  • Your associated Game Credits are deleted (meaning any Games relying on LudoKit to manage their credits will likely not list you in their Credits)
  • Your LudoKit User ID is added to a list of "deleted accounts" (since it is a random ID it is not personally identifiable) to ensure it does not accidentally get re-used.

However, there may be data related to things you were doing in your Organizations that will not be deleted, since that data is owned by the Organization. This includes audit logs, comments you've left, and the like. Basically any data your Organization will still need access to.

While such Data will not be deleted, they will have been anonymized to us (LudoKit) because they'll only be associated with the random User ID you were originally given. It will also have been partially anonymized to your Organizations: wherever your Name would have been shown to your Organization teammates they'll see something like "Deleted Account" and a generic avatar instead.

Updating your Data

You can update any Member Data that you have explicitly provided to us, such as your email addresses, name, avatar, and preferences, by logging into LudoKit.com and going to your account details page. Note that you can submit requests to change your name and roles for any Game Credits managed on LudoKit, but it will be up to the Game's developer/publisher/manager to make final decisions for if and how you are credited in that Game.

For your security and privacy, updating your data is self-service only and requires verifying your identity by logging in or by confirming receipt of messages to your verified email address. LudoKit staff will not update your data for you and will not bypass verification methods.

Organization Admins can update any Organization and Game data.

Downloading your Data

To see what data we have about you, visit the My Data page on LudoKit. For your privacy and security the only way you can request to see what data we have about you is via verified email: when you provide us with an email to check against our databases, we'll send an email to that same address detailing what data we have associated with it.

Deleting Organization and Game Data

Organization Admins can delete Game Data and even the entire Organization. LudoKit might include safety mechanisms to help prevent accidental deletion (or deletion by a rogue Admin), such as requiring confirmation from multiple Admins or other two-factor approaches.

Audit trails and billing information related to an Organization may remain accessible to LudoKit staff during the retention window to ensure any security or billing issues can be resolved.

Information Security

We take great effort to design our systems to prevent unauthorized access, alteration, disclosure, or destruction of your data. We also do our best to vet our data processors to ensure that they are taking sufficient security measures. However, no website or storage system is entirely secure and so we make no guarantees about the security of your data. Learn more about our security practices at LudoKit.com/security.

Contact

We've made every effort to be transparent and responsible, and to provide self-service mechanisms for you to manage your Data.

However, privacy is a complicated topic with lots of nuances, so if you need to reach out to us about something not covered in this document, to dispute something, or with questions, you can contact our Data Protection Officer at privacy@ludokit.com.