20Tiles

Menu

Privacy Policy

Last Updated: March 2, 2026

Introduction

Welcome to 20Tiles, operated by Today Smart Solutions, LLC ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and game service at 20tiles.com.

Please read this Privacy Policy carefully. By accessing or using 20Tiles, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this policy, please do not use our service.

Information We Collect

1. Account Information

When you create an account, we collect:

  • Email address
  • Username and display name
  • Password (stored securely using industry-standard hashing)
  • Account creation date

2. Game Activity Data

To provide game features and track your progress, we collect:

  • Board state (tile placements on the grid)
  • Golden tile selection
  • Game scores and submission timestamps
  • Puzzle dates and completion status
  • Statistics (total games played, average score, current streak, best streak)
  • Leaderboard rankings

3. Social Data

When you use social features, we collect:

  • Friend/follow relationships and request status
  • Emoji reactions on friends' boards

4. Payment Information (Premium Users)

If you subscribe to 20Tiles Premium, payment processing is handled securely by Stripe. We do not store your full credit card information. We receive and store:

  • Subscription status and tier
  • Subscription start and expiration dates
  • Stripe customer and subscription IDs (for subscription management)

5. Technical Data

We automatically collect certain technical information for security and service operation:

  • IP address (used for rate limiting and bot detection)
  • Browser type and user agent (used for bot detection)
  • Timezone

6. Anonymous Play

You can play 20Tiles without providing an email address. Anonymous accounts are created automatically and allow full gameplay. For anonymous users, we collect game activity data as described above but no email address or personal identity information.

Anonymous accounts can be upgraded to registered accounts at any time by adding an email address and password.

How We Use Your Information

We use the information we collect to:

  • Provide and maintain the service: Save game progress, calculate scores, display leaderboards, and enable social features
  • Manage your account: Authenticate users, manage subscriptions, and provide account access across devices
  • Personalize experience: Remember your theme preferences, maintain game streaks, and show your statistics
  • Process payments: Handle premium subscriptions through our payment processor Stripe
  • Ensure security: Detect and prevent bots, abuse, and unauthorized access through rate limiting and bot detection
  • Display advertising: Show ads through Google AdSense to free-tier users (see Advertising section below)

What We Do Not Collect

We believe in minimal data collection. 20Tiles does not use:

  • Third-party analytics services (no Google Analytics, Segment, Mixpanel, etc.)
  • Behavioral tracking or movement monitoring
  • Device fingerprinting for advertising purposes
  • Marketing email campaigns (unless you opt in)

Advertising and Third-Party Services

Google AdSense

We use Google AdSense to display advertisements to free-tier users. Google uses cookies and similar technologies to serve ads based on your prior visits to our site and other sites. You may opt out of personalized advertising by visiting Google Ads Settings.

Premium subscribers do not see advertisements.

Stripe

Payment processing is handled by Stripe, Inc. When you subscribe to Premium, you provide your payment information directly to Stripe, subject to Stripe's Privacy Policy.

Supabase

Our database services are provided by Supabase. User data is stored securely with row-level security policies and is subject to Supabase's Privacy Policy.

Cookies and Local Storage

We use cookies and browser local storage for the following purposes:

Essential Cookies

  • Authentication cookies (HTTP-only session tokens to maintain your logged-in status)
  • CSRF protection tokens (to prevent cross-site request forgery)

Local Storage

  • Game state and preferences (theme selection, display settings)
  • Word dictionary cache (for offline word validation)

Advertising Cookies

Google AdSense uses cookies to deliver ads to free-tier users. You can control these through your browser settings or opt out via Google Ads Settings.

Data Retention

We retain your information for as long as necessary to provide the service:

  • Account data: Retained until you delete your account
  • Game history and scores: Retained as part of your account and leaderboard records
  • Payment records: Retained for 7 years for tax and legal compliance

When you delete your account, we remove or anonymize your personal information within 30 days, except where we are required by law to retain it longer.

Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your personal information (subject to legal obligations)
  • Portability: Receive your data in a structured, commonly used format
  • Objection: Object to processing of your information for certain purposes

To exercise these rights, you can:

  • Update your profile information in Account Settings
  • Delete your account through Account Settings
  • Contact us at privacy@20tiles.com

Data Security

We implement appropriate technical and organizational measures to protect your personal information:

  • Passwords are hashed using bcrypt with salting
  • Data transmission is secured using SSL/TLS encryption
  • Authentication uses HTTP-only cookies that are inaccessible to JavaScript
  • Database access is controlled by row-level security policies
  • Rate limiting protects against brute-force attacks
  • Payment information is processed through PCI-compliant Stripe

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

Children's Privacy

20Tiles is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us, and we will delete such information from our systems.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from the laws of your country. By using 20Tiles, you consent to the transfer of your information to these countries. We ensure that such transfers comply with applicable data protection laws and implement appropriate safeguards.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the updated Privacy Policy on this page
  • Updating the "Last Updated" date at the top

Your continued use of 20Tiles after changes are posted constitutes your acceptance of the updated Privacy Policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Company: Today Smart Solutions, LLC

Email: privacy@20tiles.com

Website: https://20tiles.com

We will respond to your inquiry within 30 days.

Additional Information for EU and California Residents

EU Residents (GDPR)

If you are located in the European Economic Area (EEA), the data controller of your personal information is Today Smart Solutions, LLC. The legal basis for processing your information includes:

  • Contractual necessity: To provide the service you have requested
  • Legitimate interests: To improve our service, prevent fraud, and ensure security
  • Consent: For advertising (where applicable)
  • Legal obligation: To comply with applicable laws and regulations

California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information held by us
  • Right to opt-out of sale of personal information (we do not sell your information)
  • Right to non-discrimination for exercising your privacy rights

To exercise these rights, please contact us using the information provided in the Contact Us section.