Privacy Policy
Introduction
This privacy policy took effect on 31 March 2026. It covers how our small research cell handles personal data. Three people run this project from a shared desk in a Galway business center. We audit digital math models in slots through raw data collection and script verification. No gambling happens here. We provide info only. Our email is [email protected]. Read on for details on data practices. This policy aligns with Irish and EU rules including GDPR. Questions go to our email.
We focus on transparency. Data comes from site visitors. Server logs capture basics. Contact forms yield more. Cookies track patterns. All serves our research. No sales or ads drive us. Our goal stays narrow: verify slot mechanics.
Personal Data We Collect
Personal data means info tied to you. We gather minimal amounts. IP addresses hit our servers first. Browser types and versions follow. Timestamps mark visits. Referrers show entry points. These build logs for site health. No names attach unless you give them. Email addresses arrive via contact form. You choose to send. We log queries there too. Device info like screen size enters through analytics scripts. Location derives from IP roughly. City level at most. Galway hosts us. We spot local traffic that way.
In research context we note interactions. Page views on slot pages count. Time spent reading matters. For example when reviewing Big bass splash mechanics our scripts flag dwell time. Scroll depth gauges interest. No unique IDs track across sessions without consent. First-party cookies hold session data only. Third-party none unless specified.
How We Collect Data
Collection starts automatic. Web servers log every request. Apache configs dump IPs, user agents, paths. Nginx mirrors that. We rotate logs daily. Scripts parse for anomalies. Contact page POSTs feed a queue. PHP handles validation. Emails route to data-logs. Google Analytics runs light. GA4 tags fire on key events. Consent banners prompt before. You opt-in or out. Form submissions require CAPTCHA. Bots stay out. No pixel tracking from others. Our domain owns all.
User actions trigger more. Clicks on links log client-side. JavaScript pushes to server. Errors report too. Console logs aggregate. Heatmaps run local. No upload without batching. We pull from CDN edges sometimes. Cloudflare proxies requests. Their edge logs feed back anonymized. Full chains trace issues. Setup keeps it simple. Three people manage manually mostly.
Why We Collect Data
Purposes stay tied to operations. Logs diagnose crashes. Traffic patterns shape content. Slot audit scripts need baselines. User queries inform updates. Emails spark research angles. Analytics spot popular models. Big Bass Splash draws views. That guides scripts. Security blocks bad actors. IPs flag floods. Compliance demands records. GDPR audits need proof. Retention justifies holds. Improvements loop from feedback. No marketing blasts. Research purity holds.
Each bit serves directly. IP for geo-blocks if needed. User agent for compatibility. Timestamps for peaks. Referrers cut spam. Emails answer facts. No profiling builds. Predictions skip. Aggregates rule reporting. Individual trails fade fast.
Data Sharing and Disclosure
We share nothing routinely. No vendors process personal data. Hosting stays in Ireland. AWS Dublin holds backups. Contracts ban subs. No ad networks link. Research partners absent. Three people access logs. SSH keys control. No cloud consoles shared. Law forces rare hands. Warrants hit us zero times. EU authorities get minimal on request. Anonymized stats post publicly sometimes. Raw dumps never. Your data stays boxed.
Business transfers skip. No sales planned. Merger ghosts unlikely. Email forwards only to team. CC none. Aggregates feed scripts. Inputs anonymize first. Outputs publish clean.
Cookies and Similar Tech
Cookies store small bits. Essentials run site. Session IDs keep carts if any. Preferences save dark mode. Analytics need consent. GA cookies track _ga, _gid. Lifespan 2 years max. Opt-out deletes. Local storage holds temp data. IndexedDB skips. No fingerprints build. Banner explains on load. EU cookie law binds. Ireland DPC oversees. List full here: essential - session_cookie (1h), pref_theme (1y); analytics - _ga (2y), _gid (24h). Delete via tools.
Pixel tags absent. Beacons minimal. ETags cache bust. No cross-site. Same-site strict. Secure flags on. HTTPOnly where fits. Scripts minified. No bloat.
Data Retention Periods
Logs purge after 30 days. Security holds 90. Contacts archive 2 years. Inactives drop sooner. GDPR Article 5 guides. Purpose limits time. Scripts archive aggregates forever. Raw trashes. Backups cycle monthly. Encrypted at rest. Deletion scripts run cron. Proof logs confirm wipes. Exceptions rare: disputes keep till close. Legal holds extend. You request erasure speeds it.
Periods match need. IP logs 30d for abuse. Emails 2y for follow-up. Analytics 26m standard. Exports on demand anonymize auto.
Your Rights Under GDPR
GDPR grants control. Access requests get data dumps. Rectify errors free. Erasure on demand bar exceptions. Objection stops processing. Portability exports JSON. Withdraw consent anytime. Team answers in 30 days. Free first copy. ID verifies light. Email suffices mostly. DPC complaints follow if unhappy. Rights apply EU residents. Others welcome too.
Exercise via [email protected]. Templates available homepage. Scripts automate most. Logs prove compliance. No denial rights abuse.