Last updated 27 May 2026
GPTgame turns a sentence into a playable browser game. To do that, we handle some information about you: the account you sign in with, the prompts you type, the games you make, and a few technical signals we need to keep things running. This page lays out what we collect, why, who else touches it, and the choices you have.
GPTgame is operated from Finland and acts as the data controller for the personal data described here. Where this policy uses a term that carries legal weight, like "controller" or "personal data," we mean it the way the EU General Data Protection Regulation (the GDPR) defines it.
Here is the data that passes through GPTgame, grouped by where it comes from.
This is the part people ask about most, so it gets its own section.
When you generate a game, your prompt and the related game data are sent to Anthropic, whose Claude models do the planning and the code generation. The finished game is then loaded in a headless browser on our validator service, hosted on Fly.io, so we can confirm it actually runs before it reaches you. We do not use your prompts to train AI models, and we do not sell them. Anthropic processes them as our service provider under its own commercial terms.
One thing worth saying plainly: if your game is public, your prompt is public too. The next section covers what that means.
GPTgame is partly a public gallery, so some of what you make is visible to anyone, including people who never sign in.
On the free tier, every game you create is public. A public game page shows the title, the genre and art style, the controls, your username (linked to your profile), the play and like counts, any comments, and the game itself. It also shows the exact prompt you typed, under a heading that reads "The prompt that made this," with a box that invites visitors to remix that prompt into their own version. So treat a prompt for a public game like a caption you are publishing, not a private note.
Paid plans (Pro and Studio) let you mark a game unlisted or private. A private game is visible only to you. Your public profile page lists the public games tied to your account.
We use this information to generate and serve your games, to run your subscription and trial, to apply per-plan and anti-abuse limits, to display public games in galleries and search, to answer your support messages, and to keep the service secure and working. We also look at aggregated, de-identified usage to understand demand and decide what to build next.
Under the GDPR we rely on a few legal bases. Running your account, generating your games, and billing you are how we perform our contract with you. Rate-limiting, abuse prevention, security, and basic product analytics rest on our legitimate interest in keeping GPTgame usable and solvent. Where the law calls for consent, such as for certain cookies, we ask for it, and you can take it back. And we process data where we have a legal obligation, for instance keeping records for tax and accounting.
We do not sell your personal data, and we do not run third-party advertising or load ad-tracking scripts. GPTgame is paid for by subscriptions, and keeping it that way is how the incentives stay honest.
To run the service we rely on a short list of vendors, which the GDPR calls processors. Each one receives only the data its job needs:
We may also disclose data when the law requires it, to enforce our Terms, or to protect users and the service from harm.
Several of these vendors are based in the United States, so your data may be processed outside the European Economic Area. When that happens, we rely on the safeguards the GDPR provides, mainly the European Commission's Standard Contractual Clauses, so the protection travels with your data.
We keep your account data for as long as your account is open. The games you make stay up until you delete them or close your account; deleting a game removes it from our database and from storage. Operational logs, such as rate-limit counters and the cost records above, are kept for a limited period for security and accounting and then cleared. If you close your account, we delete or anonymise your personal data within a reasonable time, apart from anything we are legally required to keep or need to resolve a dispute.
If you are in the EU or the UK, the GDPR gives you rights over your data. You can ask us to:
To use any of these, email [email protected], and we will reply within the time the law allows, normally one month. You can also handle a lot yourself: edit your profile from your account, manage billing through the Stripe portal in your dashboard, and delete games from the dashboard.
If you think we have mishandled your data, you can complain to your local supervisory authority. In Finland that is the Office of the Data Protection Ombudsman (Tietosuojavaltuutettu).
California residents have comparable rights under the CCPA, including the right to know what we collect, to have it deleted, and to opt out of any "sale" of personal information. We do not sell personal information. Use the same email above to exercise these rights.
We keep cookies to what the service actually needs. Clerk sets cookies to keep you signed in. We set one signed cookie to carry the anonymous session ID that lets you make a game before you have an account, and to attach those games to you if you sign up. Stripe may set cookies during checkout to prevent fraud. We do not use advertising or cross-site tracking cookies.
GPTgame is not built for children under 13, and we do not knowingly collect their data. If you are under the age your country sets for digital consent, use GPTgame only with a parent or guardian involved. In Finland that age is 13.
We will update this page when our practices change and move the date at the top. If a change is significant, we will give signed-in users reasonable notice before it takes effect.
Questions about this policy or your data? Email [email protected].
