Skip to content

Privacy Policy

Last updated: March 29, 2026

Overview

ChartWars ("we", "us") is a virtual stock market game for music. We collect minimal data necessary to provide the service. We do not sell your personal data to third parties.

Data We Collect

  • Account information: Username, email address, hashed password, timezone preference, and optional bio (we never store plain-text passwords)
  • Profile images: Uploaded avatars are stored on our servers as compressed WebP files (256x256). All metadata (EXIF, GPS, etc.) is stripped on upload. If no avatar is uploaded, we use Gravatar based on a hash of your email address
  • Trading activity: Buy/sell transactions, portfolio holdings, watchlists, limit orders, and achievement progress
  • Usage data: Page views, session data, and login streaks for site functionality
  • Login data: IP address hash (SHA-256, for rate limiting only — not stored in readable form)
  • Referral data: If you join via a referral link, we record which user referred you to credit their referral bonus

How We Use Your Data

  • Provide and maintain the ChartWars game experience
  • Calculate leaderboard rankings and achievement tracking
  • Display public profiles (username, bio, holdings, achievements)
  • Process referral bonuses between users
  • Prevent abuse (rate limiting, bot detection)
  • Generate weekly market recap content

Cookies

  • Session cookie: Required for authentication. HttpOnly, Secure (in production), SameSite=Lax
  • Timezone cookie (user_tz): Detects your browser timezone to display times correctly. 1-year duration
  • Referral cookie (cw_ref): Set when you visit via a referral link. 30-day duration, HttpOnly. Used only to credit the referrer when you register. Deleted after registration
  • Analytics cookies: Google Analytics (GA4) may set cookies if configured by the site administrator

Third-Party Services

  • Spotify: Album artwork and artist images are loaded from Spotify's CDN. Spotify players are embedded on song pages
  • YouTube: Music videos are embedded via YouTube's iframe player
  • Gravatar: If you have no custom avatar, your email hash is sent to Gravatar to retrieve your profile image
  • Google Fonts: Inter and JetBrains Mono fonts are loaded from Google's CDN
  • Data APIs: Song metadata is sourced from Billboard, Spotify, YouTube, Last.fm, Genius, Reddit, TikTok, and Google Trends APIs

Each third-party service has its own privacy policy. We do not control their data collection practices.

Social Sharing

When you share a page using the share buttons (Twitter/X, Reddit), you are redirected to those platforms. Your referral code may be appended to the shared URL. No data is sent to social platforms until you click a share button.

Public Information

Your username, bio, holdings, achievements, and trade history are visible on your public profile page. Your email address is never displayed publicly. Your portfolio value and rank are visible on the leaderboard.

Data Retention

Account data is retained as long as your account is active. If you declare bankruptcy, your trade history and achievements are permanently deleted. You may request full account deletion by contacting us.

Contact

For privacy inquiries, contact us through the site.

Terms of Service → About →